Networking ppt


Published on

a brief idea about network administration

Published in: Education, Technology, Business
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Transmitter: modem
    Transmission system: public telephone network
    Receiver: modem
    Destination: server
  • Transmitter: modem
    Transmission system: public telephone network
    Receiver: modem
    Destination: server
  • Network - A group of computers connected together in a way that allows information to be exchanged between the computers.
    Node - Anything that is connected to the network. While a node is typically a computer, it can also be something like a printer or CD-ROM tower.
    Segment - Any portion of a network that is separated, by a switch, bridge or router, from other parts of the network.
    Backbone - The main cabling of a network that all of the segments connect to. Typically, the backbone is capable of carrying more information than the individual segments. For example, each segment may have a transfer rate of 10 Mbps (megabits per second: 1 million bits a second), while the backbone may operate at 100 Mbps.
    Topology - The way that each node is physically connected to the network.
  • Similar to a bus network, rings have nodes daisy chained, but the end of the network in a ring topology comes back around to the first node, creating a complete circuit. Each node takes a turn sending and receiving information through the use of a token. The token along with any data is sent from the first node to the second node which extracts the data addressed to it and adds any data it wishes to send. Then second node passes the token and data to the third node, etc. until ti comes back around to the first node again. Only the node with the token is allowed to send data . All other nodes must wait for the token to come to them.
  • A hub does not perform any type of filtering or routing of the data. A hub is a junction that joins all the different nodes together.
  • CAT 5 is currently under consideration to be incorporated into the Gigabit Ethernet specification for short distance wiring. While longer connections using Gigabit Ethernet use optical fiber, the goal is to leverage the CAT 5 twisted-pair wiring most organizations already have in place for connections out to the desktop.
  • Use of optical fibers over ;
    Optical fiber (or "fiber optic") refers to the medium and the technology associated with the transmission of information as light pulses along a glass or plastic wire or fiber. Optical fiber carries much more information than conventional copper wire and is in general not subject to electromagnetic interference and the need to retransmit signals. Most telephone company long-distance lines are now of optical fiber.
    Transmission on optical fiber wire requires repeater at distance intervals. The glass fiber requires more protection within an outer cable than copper. For these reasons and because the installation of any new wiring is labor-intensive, few communities yet have optical fiber wires or cables from the phone company's branch office to local customers (known as local loop).
    single mode fiber fiber is used for longer distances; multimode fiber fiber is used for shorter distances.
  • Multimode has a larger core than single mode optical fiber
  • In wireless LAN (WLAN) technology, 802.11 refers to a family of specifications developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). There are three specifications in the family: 802.11, 802.11a, and 802.11b.
    All three of the above mentioned specifications use CSMA/CD carrier sense multiple access with collision detection (CSMA/CD)as the path sharing protocol. If a source station has a data packet to send, the station checks the system to see if the path medium is busy. If the medium is not busy, the packet is sent; if the medium is busy, the station waits until the first moment that the medium becomes clear. Testing is done repeatedly by the source via a short test message called RTS (ready to send). The data packet is not transmitted until the destination station returns a confirmation message called CTS (clear to send). If two stations send at exactly the same time, CSMA/CD prevents the loss of data that might otherwise occur and provides a system for retrying.
    The 802.11 and 802.11b specifications apply to wireless Ethernet LANs, and operate at frequencies in the 2.4-GHz region of the radio spectrum. Data speeds are generally 1 Mbps or 2 Mbps for 802.11, and 5.5 Mbps or 11 Mbps for 802.11b, although speeds up to about 20 Mbps are realizable with 802.11b. The 802.11b standard is backward compatible with 802.11. The modulation used in 802.11 has historically been phase-shift keying (PSK). The modulation method selected for 802.11b is known as CCK (complementary code keying), which allows higher data speeds and is less susceptible to multipath-propagation interference.
    The 802.11a specification applies to wireless ATM systems and operates at radio frequencies between 5 GHz and 6 GHz. A modulation scheme known as OFDM (orthogonal frequency-division multiplexing) makes possible data speeds as high as 54 Mbps, but most commonly, communications takes place at 6 Mbps, 12 Mbps, or 24 Mbps.
  • Nowadays you see hubs with switches; but basically the hub is the place where data comes together while the switch determines how and where data is forwarded from the place where data comes together.
  • bridge
    In telecommunication networks, a bridge is a product that connects a local area network (LAN) to another local area network that uses the same protocol (for example, Ethernet or token ring). You can envision a bridge as being a device that decides whether a message from you to someone else is going to the local area network in your building or to someone on the local area network in the building across the street. A bridge examines each message on a LAN, "passing" those known to be within the same LAN, and forwarding those known to be on the other interconnected LAN (or LANs).
    In bridging networks, computer or node addresses have no specific relationship to location. For this reason, messages are sent out to every address on the network and accepted only by the intended destination node. Bridges learn which addresses are on which network and develop a learning table so that subsequent messages can be forwarded to the right network.
    Bridging networks are generally always interconnected local area networks since broadcasting every message to all possible destinations would flood a larger network with unnecessary traffic. For this reason, router networks such as the Internet use a scheme that assigns addresses to nodes so that a message or packet can be forwarded only in one general direction rather than forwarded in all directions.
    A bridge works at the data-link (physical network) level of a network, copying a data frame from one network to the next network along the communications path.
    A bridge is sometimes combined with a router in a product called a brouter.
  • The range for WAN transmission will vary: 56 Kb/s to 1.544 Mb/s
  • It is use to guide product implementors so that their products will consistently work with other products.
  • OSI divides telecommunication into seven layers. The layers are in two groups. The upper four layers are used whenever a message passes from or to a user.
    The lowest three layers (Up to network layer) are used when any message passes through the host computer.
    Message intended for this computer pass to the upper layers.
    Message destined for some other host are not passed up to the upper layers but are forwarded to another host.
    Physical layer: Bit stream through network at electrical/mechanical level
  • Also see ‘DNS and BIND’ Chapter 1
  • Networking ppt

    1. 1. SKILLS FOR INDIA Overview of Networking
    2. 2. Basics of Networking An overview of computer networking which introduces many key concepts and terminology. Sets the stage for future topics. 2
    3. 3. A network consists of 2 or more computers connected together, and they can communicate and share resources (e.g. information) 3
    4. 4.  Communications – activity associated with distributing or exchanging information  Telecommunications – technology of communications at a distance that permits information to be created any where and used everywhere with little delay  A network is a way to get “stuff” between 2 or more “things”  Examples: Mail, phone system, conversations, railroad system, highways and roads 4
    5. 5.      Must have a message Message must have a transmitter Message must have a medium Message must be understood Message must have some level of security Destination System Source System Source  Transmitter  Transmission  Receiver  Destination 1 2 Workstation/PC 3 Medium 4 5 Workstation/PC 5
    6. 6. Essentials for Network 1. 2. 3. 4. 5. 6. Text input information Input data digital bit stream Transmitted analog signal Received analog signal Output data digital bit stream Text output information 6
    7. 7. General Architecture of Computer Networks External nodes (or stations) Cloud Internal nodes (swithing devices) 7
    8. 8. A typical network 8
    9. 9. Document Amendment History Document Amendment History S.No Description Author Version Date 1 2 3 4 5 6 7 8 9
    10. 10. T H A N K Y O U. . . All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise, without written permission of the owner. 10
    11. 11. SKILLS FOR INDIA Topologies
    12. 12. Bus Topology  Bus: each node is daisy-chained (connected one right after the other) along the same backbone. Information sent from a node travels along the backbone until it reaches its destination node. Each end of a bus network must be terminated with a resistor to keep the 12
    13. 13. Ring Topology  Similar to a bus network, rings have nodes daisy chained, but the end of the network in a ring topology comes back around to the first node, creating a complete circuit. Each node takes a turn sending and receiving information through the use of a token. The token along with any data is sent from the first node to the second node which extracts the data addressed to it and adds any data it wishes to send. Then second node passes the token and data to the third node, etc. until it comes back around to the first node again. Only the node with the token is allowed to send data . All other nodes must wait for the token to come to them. 13
    14. 14. Star Topology  In a star network, each node is connected to a central device called a hub. The hub takes a signal that comes from any node and passes it along to all the other nodes in the network  A hub does not perform any type of filtering or routing of the data  A hub is a junction that joins all the different nodes together 14
    15. 15. Star-Bus Topology  Prob. Most common topology used today. Combines elements of the star and bus topologies to create a versatile network environment  Nodes in particular areas are connected to hubs (and create star topology), and hubs are connected together along the network backbone (like a bus network)  Often you have stars nested within stars 15
    16. 16. Mesh Topology  It is also called a point-to-point topology  Each device is connected directly to all other network devices  It provides fault tolerance  It is only found in wide area networks 16
    17. 17. Other network topologies       Some basic network topologies not previously mentioned: One-to-one Hierarchical Hybrid Client-server Multiple nodes 17
    18. 18. Document Amendment History Document Amendment History S.No Description Author Version Date 1 2 3 4 5 6 7 8 18
    19. 19. T H A N K Y O U. . . All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise, without written permission of the owner. 19
    20. 20. SKILLS FOR INDIA Types of Network
    21. 21. Network configuration  Classification based on how computers behave in a network  Two classifications are  Peer-to-Peer network  Server based network 21
    22. 22. Peer-to-Peer network       Nodes provide and request services User in each node administers resources No extra investment Easy to setup Very weak security Additional load on nodes 22
    23. 23. Server based network      Designated computer to administer Resources centralized Supports larger networks Strong security Expensive 23
    24. 24.  Advantages of peer-to-peer networks: Low cost Simple to configure User has full accessibility of the computer  Disadvantages of peer-to-peer networks: May have duplication in resources Difficult to uphold security policy Difficult to handle uneven loading  Where peer-to-peer network is appropriate: 10 or less users No specialized services required Security is not an issue Only limited growth in the foreseeable future 24
    25. 25. Clients and Servers  Network Clients (Workstation) Workstation Computers that request network resources or services Network Servers Computers that manage and provide network resources and services to clients Usually have more processing power, memory and hard disk space than clients Run Network Operating System that can manage not only data, but also users, groups, security, and applications on the network Servers often have a more stringent requirement on its performance and reliability 25
    26. 26.  Advantages of client/server networks Facilitate resource sharing – centrally administrate and control Facilitate system backup and improve fault tolerance Enhance security – only administrator can have access to Server Support more users – difficult to achieve with peer-to-peer networks  Disadvantages of client/server networks High cost for Servers Need expert to configure the network Introduce a single point of failure to the system 26
    27. 27. Document Amendment History Document Amendment History S.No Description Author Version Date 1 2 3 4 5 6 7 8 27
    28. 28. T H A N K Y O U. . . All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise, without written permission of the owner. 28
    29. 29. SKILLS FOR INDIA Networking Media and Components
    30. 30. Coaxial cable  Widely installed for use in business and corporation Ethernet and other types of LANs.  Consists of inter copper insulator covered by cladding material, and then covered by an outer jacket  Physical Descriptions:  Inner conductor is solid copper metal  Separated by insulating material  Outer conductor is braided shielded (ground)  Covered by sheath material 30
    31. 31.  Applications:  TV distribution (cable tv); long distance telephone transmission; short run computer system links  Local area networks  Transmission characteristics:  Can transmit analog and digital signals  Usable spectrum for analog signaling is about 400 Mhz  Amplifier needed for analog signals for less than 1 Km and less distance for higher frequency  Repeater needed for digital signals every Km or less distance for higher data rates  Operation of 100’s Mb/s over 1 Km 31
    32. 32. Twisted Pair Cables  Physical description:      Each wire with copper conductor Separately insulated wires Twisted together to reduce cross talk Often bundled into cables of two or four twisted pairs If enclosed in a sheath then is shielded twisted pair (STP) otherwise often for home usage unshielded twisted pair (UTP). Must be shield from voltage lines  Application:  Common in building for digital signaling used at speed of 10’s Mb/s (CAT3) and 100Mb/s (CAT5) over 100s meters.  Common for telephone interconnection at home and office buildings  Less expensive medium; limited in distance, bandwidth, and data rate 32
    33. 33. Categories of Twisted Pairs Cabling System Category Maximum data rate Usual application CAT 1 Less than 1 Mbps analog voice (plain old telephone service) Integrated Services Digital Network Basic Rate Interface in ISDN Doorbell wiring CAT 2 4 Mbps Mainly used in the IBM Cabling System for token ring networks CAT 3 16 Mbps Voice and data on 10BASE-T Ethernet (certify 16Mhz signal) CAT 4 20 Mbps Used in 16Mbps Token Ring Specs describe cable Material, type of Connectors, and Junction blocks to Conform to a category Otherwise not used much CAT 5 100 Mbps 100 Mbps TPDDI 155 Mbps asynchronous transfer mode (certify 100 Mhz signal) 33
    34. 34. Optical Fibers  Physical Description:  Glass or plastic core of optical fiber = 2to125 µm  Cladding is an insulating material  Jacket is a protective cover  Laser or light emitting diode provides transmission light source  Applications:  Long distance telecommunication  Greater capacity; 2 Gb/s over 10’s of Km  Smaller size and lighter weight  Lower attenuation (reduction in strength of signal)  Electromagnetic isolation – not effected by external electromagnetic environment. Aka more privacy  Greater repeater spacing – fewer repeaters, reduces line regeneration cost 34
    35. 35.  Multimode fiber is optical fiber that is designed to carry multiple light rays or modes concurrently, each at a slightly different reflection angle within the optical fiber core. used for relatively short distances because the modes tend to disperse over longer lengths (this is called modal dispersion)  For longer distances, single mode fiber (sometimes called monomode) fiber is used. In single mode fiber a single ray or mode of light act as a carrier 35
    36. 36. Wireless Transmission  Frequency range (line of sight):  26 GHz to 40 GHz: for microwave with highly directional beam as possible  30 MHz to 1 GHz: for omni directional applications  300MHz to 20000 GHz: for infrared spectrum; used for point to point and multiple point application (line of sight)  Physical applications:  Terrestrial microwave – long haul telecommunication service (alternative to coaxial or optical fiber)  Few amplifier and repeaters  Propagation via towers located without blockage from trees, etc (towers less than 60 miles apart) 36
    37. 37.  Satellite is a microwave relay station  Geostationary orbit (22,000 miles) and low orbit (12000 miles)  Satellite ground stations are aligned to the space satellite, establishes a link, broadcast at a specified frequency. Ground station normally operate at a number of frequencies – full duplex  Satellite space antenna is aligned to the ground station establishes a link and transmits at the specified frequency. Satellite are capable of transmitting at multiple frequencies simultaneously, full duplex.  To avoid satellites from interfering with each other, a 4 degree separation is required for 4/6 GHz band and 3 degree for 12/14 GHz band. Limited to 90 satellites  Disadvantage: not satellite repair capability; greater delay and attenuation problems 37
    38. 38. Wireless LAN  Wireless LAN  Hiper LAN (European standard; allow communication at up to 20 Mbps in 5 GHz range of the radio frequency (RF) spectrum  Hiper LAN/2 operate at about 54 Mbps in the same RF band 38
    39. 39. Document Amendment History Document Amendment History S.No Description Author Version Date 1 2 3 4 5 6 7 8 39
    40. 40. T H A N K Y O U. . . All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise, without written permission of the owner. 40
    41. 41. SKILLS FOR INDIA Network Components
    42. 42. Hubs  A hub is the place where data converges from one or more directions and is forwarded out in one or more directions.  Seen in local area networks 42
    43. 43. Gateways  A gateway is a network point that acts as an entrance to another network. On the internet, in terms of routing, the network consists of gateway nodes and host nodes  Host nodes are computer of network users and the computers that serve contents (such as Web pages)  Gateway nodes are computers that control traffic within your company’s network or at your local internet service provider (ISP) 43
    44. 44. Routers  A router is a device or a software in a computer that determines the next network point to which a packet should be forwarded toward its destination  Allow different networks to communicate with each other  A router creates and maintain a table of the available routes and their conditions and uses this information along with distance and cost algorithms to determine the best route for a given packet  A packet will travel through a number of network points with routers before arriving at its destination 44
    45. 45. Bridge  A bridge is a product that connects a local area network (LAN) to another local area network that uses the same protocol (for example, Ethernet or token ring)  A bridge examines each message on a LAN, "passing" those known to be within the same LAN, and forwarding those known to be on the other interconnected LAN (or LANs) 45
    46. 46. Differences  Bridge: device to interconnect two LANs that use the SAME logical link control protocol but may use different medium access control protocols  Router: device to interconnect SIMILAR networks, e.g. similar protocols and workstations and servers  Gateway: device to interconnect DISSIMILAR protocols and servers, and Macintosh and IBM LANs and equipment 46
    47. 47. Switches  Allow different nodes of a network to communicate directly with each other  Allow several users to send information over a network at the same time without slowing each other down 47
    48. 48. Document Amendment History Document Amendment History S.No Description Author Version Date 1 2 3 4 5 6 7 8 48
    49. 49. T H A N K Y O U. . . All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise, without written permission of the owner. 49
    50. 50. SKILLS FOR INDIA IEEE Standards
    51. 51. Introduction  IEEE 802 refers to a family of IEEE standards  Dealing with local area network and metropolitan area network  Restricted to networks carrying variable-size packets  Specified in IEEE 802 map to the lower two layers • Data link layer – LLC sub layer – MAC sub layer • Physical layer  The most widely used standards  The Ethernet family, Token Ring, Wireless LAN  Bridging and Virtual Bridged LANs  An individual Working Group provides the focus for each area 51
    52. 52. IEEE 802 Working Groups Active working groups 802.1 Inactive or disbanded working groups 802.2 Logical Link Control Working Group Group 802.3 Higher Layer LAN Protocols Working 802.4 Token Bus Working Group Ethernet Working Group 802.5 Token Ring Working Group 802.7 Broadband Area Network Working 802.11 Wireless LAN Working Group 802.15 Wireless Personal Area Network (WPAN) Working Group 802.16 Broadband Wireless Access Working Group Group 802.8 Fiber Optic TAG 802.9 Integrated Service LAN Working Group 802.17 Resilient Packet Ring Working Group 802.10 Security Working Group 802.18 Radio Regulatory TAG 802.12 Demand Priority Working Group 802.19 Coexistence TAG 802.14 Cable Modem Working Group 802.20 Mobile Broadband Wireless Access (MBWA) Working Group 802.21 Media Independent Handoff Working Group 52
    53. 53. 802.11 Wireless LAN Working Group  Types  Infrastructure based  Ad-hoc AP  Advantages  Flexible deployment  Minimal wiring difficulties  More robust against disasters (earthquake etc) AP wired network  Disadvantages  Low bandwidth compared to wired networks (1-10 Mbit/s)  Need to follow wireless spectrum regulations  Not support mobility AP: Access Point AP 53
    54. 54. 802.11 Wireless LAN Working Group 802.11 802.11 802.11a 802.11b Protocol Release date Op. Frequency Legacy 1997 2.5~2.5 GHz 802.11a 1999 802.11b 802.11g 802.11n Data rate (Max) 2 Mbit/s Range (indoor) Range (outdoor) 5.15~5.35/5.47~5.725 /5.725~5.875 GHz 54 Mbit/s ~25 m ~75 m 1999 2.4~2.5GHz 11 Mbit/s ~35 m ~100 m 802.11g 2003 2.4~2.5GHz 54 Mbit/s ~25 m ~75 m 802.11n 2007 2.4GHz or 5GHz 540 Mbit/s ~50 m ~125 m 54
    55. 55. 802.11n Working Group  What is the 802.11n?  Uses MIMO radio technology and OFDM as a basis  Anywhere from 100Mbps to 600Mbps depending on implementation  Support both 2.4 GHz and 5 GHz  Use multiple stream  802.11n increase transmission efficiency of MAC  Cutting guard band time in half  Reducing the number of pilot carrier, for data  Aggregating frames and bursting  Using a 40MHz instead of a 20MHz channel 30~50% => 70% 55
    56. 56. 802.11n Working Group Timeline Draft 1.0 failed IEEE meeting ballot IEEE record – 12,000 comments received Draft 2.0 is now required – Orlando March 2007 IEEE Meeting Pre-N certification program start March 2007 Result – expect ratification in early 2008 56
    57. 57. 802.15 Wireless Personal Area Network(WPAN) Working Groups summary 802.15 802.15.1 802.15.2 802.15.3  802.15.1 : WPAN/Bluetooth  802.15.2 : Coexistence Group 802.15.3a  802.15.3 : High Rate(HR) WPAN Group  802.15.3a : WPAN HR Alternative PHY Task Group  802.15.3b : MAC Amendment Task Group  802.15.4 : Low Rate(LW) WPAN Group(Zigbee)  802.15.4a : WPAN Low Rate Alternative PHY  802.15.4b : Revisions and Enhancements  UWB Forum 802.15.3b 802.15.4 802.15.4a 802.15.4b 57
    58. 58. 802.16 Broadband Wireless Access(BWA)  IEEE 802.16  Be was established by IEEE Standards Board in 1999, aims to prepare formal specifications for the global deployment of broadband Wireless Metropolitan Area Network.  A unit of the IEEE 802 LAN/MAN Standards Committee.  A related technology Mobile Broadband Wireless Access(MBWA) Mobile (Vehicular) WWAN (IMT-2000) cdma2000® 1xEV-DO, cdma2000® 1xEV-DV 2G/2.5G 802.16e Pedestrian (Nomadic) Cellular WCDMA HSDPA 802.15.1 (Bluetooth) 0.1 802.16a (WiMAX) 802.15.3a (UWB) 802.11 (WLAN) 1.0 3.1 10 100 58
    59. 59. 802.16 Broadband Wireless Access (BWA) 802.16 802.16.f 802.15.g 802.15.h 802.15.i 802.15.j 802.15.m 802.15.k  802.16f : Management Information Base  802.16g : Management Plane Procedures and Services  802.16h : Improved Coexistence Mechanisms for License-Exempt Operation  802.16i : Mobile Management Information Base  802.16j : Multihop Relay Specification  802.16k : Bridging of 802.16  802.16m : Advanced Air Interface. 59
    60. 60. Document Amendment History Document Amendment History S.No Description Author Version Date 1 2 3 4 5 6 7 8 60
    61. 61. T H A N K Y O U. . . All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise, without written permission of the owner. 61
    62. 62. SKILLS FOR INDIA Types of Network
    63. 63. Major Categories of Networks Local Area Network Metropolitan Area network Wide area network The internet Personal Area Network 63
    64. 64. Local Area Network A Local Area Network (LAN) is a relatively small network that is confined to a small geographic area, such as a single office or a building. Laptops, desktops, servers, printers, and other networked devices that make up a LAN are located relatively close to each other. A key characteristic is that all of the equipment that comprises a LAN, is owned by a single entity. 64
    65. 65. Metropolitan Area Network The term Metropolitan Area Network (MAN) is typically used to describe a network that spans a citywide area or a town. MANs are larger than traditional LANs and predominantly use high-speed media, such as fiber optic cable, for their backbones. MANs are common in organizations that need to connect several smaller facilities together for information sharing. This is often the case for hospitals that need to connect treatment facilities, outpatient facilities, doctor's offices, labs, and research offices for access to centralized patient and treatment information. MANs share many of the same security threats as LANs, but on a larger scale. The plight of an administrator in a central location granting access to countless offices that are scattered within a city is a difficult one that demands strict access control mechanisms to protect against unauthorized information access. 65
    66. 66. MAN Architecture 66
    67. 67. Wide Area Network A Wide Area Network (WAN) covers a significantly larger geographic area than LANs or MANs. A WAN uses public networks, telephone lines, and leased lines to tie together smaller networks such as LANs and MANs over a geographically dispersed area. Connecting devices in different geographic areas together for information sharing, WANs are an important piece of enterprise networks. For example, consider the VisaNet global network used by Visa International. The VisaNet network connects locations throughout 150 countries to validate and debit credit-card transactions at over 24 million locations. By providing security and simplicity over a standardbased WAN architecture, Visa International relies on their network infrastructure to provide reliable access to merchants who accept Visa credit cards for transactions. 67
    68. 68. WAN Architecture 68
    69. 69. Personal Area Network A more recent term used to describe a type of network is a Personal Area Network (PAN). PAN networks are usually wireless, established in an ondemand or ad-hoc fashion when needed to communicate between two or more devices. PAN networks can be used between devices owned by two different parties, or between two devices owned by one person, such as a PDA and a laptop or mobile phone. These networks are usually characterized as short-range, often limited to 10 meters or less in range. An example of a PAN technology is Bluetooth wireless networking. Bluetooth is designed as a cable-replacement technology, allowing users to discard the serial and USB cables used by many of today's peripheral devices and rely on a Bluetooth PAN for communication. Bluetooth PANs support up to 7 devices in a single network and can be used for proprietary protocols (such as PDA synchronization) or standards-based protocols, including Internet access over IP and the Bluetooth Network Encapsulation Protocol 69 (BNEP).
    70. 70. PAN Architecture 70
    71. 71. Data Communications Through WANs  WANs were developed to communicate over a large geographical area (e.g. lab-to-lab; city-to-city; east coast-to-west coast; North America-toSouth America etc)  WANs require the crossing of public right of ways (under control and regulations of the interstate commerce and institute of telephone and data communications established by the gov’t and international treaties).  WANs around the world relies on the infrastructure established by the telephone companies (“common carrier”) or public switched telephone network (PSTN)  WANs consists of a number of interconnected switching nodes (today = computers). Transmission signals are routed across the network automatically by software control to the specified destination. The purpose of these nodes are to route messages through switching facilities to move data from node to node to its destination 71
    72. 72.  WANs originally implemented circuit switching and packet switching technologies. Recently, frame relay and asynchronous transfer mode (ATM) networks have been implemented to achieve higher operating and processing speeds for the message  WAN are owned by the common carrier in the U.S. and government in most foreign countries  Interconnected devices, I.e. LANs or Personal Computers (PC) or Workstation or Servers can be (usually are) privately owned by companies 72
    73. 73. Document Amendment History Document Amendment History S.No Description Author Version Date 1 2 3 4 5 6 7 8 73
    74. 74. T H A N K Y O U. . . All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise, without written permission of the owner. 74
    75. 75. SKILLS FOR INDIA OSI Model
    76. 76. ISO/OSI Reference Model     Open Systems Interconnection No one really uses this in the real world. A reference model so others can develop detailed interfaces Value: The reference model defines 7 layers of functions that take place at each end of communication and with each layer adding its own set of special related functions  Flow of data through each layer at one 76
    77. 77. ISO/OSI Reference Model File Transfer, Email, Remote Login  ASCII Text, Sound (syntax layer)  Establish/manage connection  End-to-end control & error checking (ensure complete data transfer): TCP  Routing and Forwarding Address: IP  Two party communication: Ethernet  How to transmit signal; coding Hardware means of sending an receiving data on a carrier 77
    78. 78. Layer 1: Physical layer The physical layer defines electrical and physical specifications for devices. In particular, it defines the relationship between a device and a transmission medium, such as a copper or fiber optical cable. The major functions and services performed by the physical layer are: Establishment and termination of a connection to a communications medium Participation in the process whereby the communication resources are effectively shared among multiple users. For example, contention resolution and flow control 78
    79. 79. Modulation, or conversion between the representation of digital data in user equipment and the corresponding signals transmitted over a communications channel. These are signals operating over the physical cabling (such as copper and optical fiber) or over aradio link Parallel SCSI buses operate in this layer, although it must be remembered that the logical SCSI protocol is a transport layer protocol that runs over this bus. Various physical-layer Ethernet standards are also in this layer; Ethernet incorporates both this layer and the data link layer. The same applies to other local-area networks, such as token ring, FDDI, ITUT and IEEE 802.11, as well as personal area networks such as Bluetooth and IEEE 802.15.4. 79
    80. 80. Layer 2: Data link layer The data link layer provides the functional and procedural means to transfer data between network entities and to detect and possibly correct errors that may occur in the physical layer. Originally, this layer was intended for point-to-point and point-to-multipoint media, characteristic of wide area media in the telephone system. Local area network architecture, which included broadcast-capable multi access media, was developed independently of the ISO work in IEEE Project 802. IEEE work assumed sub-layering and management functions not required for WAN use. In modern practice, only error detection, not flow control using sliding window, is present in data link protocols such as Point-to-Point Protocol (PPP), and, on local area networks, the IEEE 802.2 LLC layer is not used for most protocols on the Ethernet, and on other local area networks, its flow control and acknowledgment mechanisms are rarely used. Sliding window flow control and acknowledgment is used at the transport layer by protocols such as TCP, but is still used in niches where X.25 offers performance advantages. 80
    81. 81. The ITU-T standard, which provides high-speed local area networking over existing wires (power lines, phone lines and coaxial cables), includes a complete data link layer which provides both error correction and flow control by means of a selective repeat Sliding Window Protocol. Both WAN and LAN service arrange bits, from the physical layer, into logical sequences called frames. Not all physical layer bits necessarily go into frames, as some of these bits are purely intended for physical layer functions. For example, every fifth bit of the FDDI bit stream is not used by the layer. 81
    82. 82. Layer 3: Network layer The network layer provides the functional and procedural means of transferring variable length data sequences from a source host on one network to a destination host on a different network (in contrast to the data link layer which connects hosts within the same network), while maintaining the quality of service requested by the transport layer. The network layer performs network routing functions, and might also perform fragmentation and reassembly, and report delivery errors. Routers operate at this layer, sending data throughout the extended network and making the Internet possible. This is a logical addressing scheme – values are chosen by the network engineer. The addressing scheme is not hierarchical. 82
    83. 83. Layer 3: Network layer The network layer may be divided into three sub layers: Sub network access – that considers protocols that deal with the interface to networks, such as X.25; Sub network-dependent convergence – when it is necessary to bring the level of a transit network up to the level of networks on either side Sub network-independent convergence – handles transfer across multiple networks 83
    84. 84. An example of this latter case is CLNP, or IPv6 ISO 8473. It manages the connectionless transfer of data one hop at a time, from end system to ingress router, router to router, and from egress router to destination end system. It is not responsible for reliable delivery to a next hop, but only for the detection of erroneous packets so they may be discarded. In this scheme, IPv4 and IPv6 would have to be classed with X.25 as subnet access protocols because they carry interface addresses rather than node addresses. A number of layer-management protocols, a function defined in the Management Annex, ISO 7498/4, belong to the network layer. These include routing protocols, multicast group management, network-layer information and error, and network-layer address assignment. It is the function of the payload that makes these belong to the network layer, not the protocol that carries 84
    85. 85. Layer 4: Transport layer The transport layer provides transparent transfer of data between end users, providing reliable data transfer services to the upper layers. The transport layer controls the reliability of a given link through flow control, segmentation/desegmentation, and error control. Some protocols are stateand connection-oriented. This means that the transport layer can keep track of the segments and retransmit those that fail. The transport layer also provides the acknowledgement of the successful data transmission and sends the next data if no errors occurred. 85
    86. 86. OSI defines five classes of connection-mode transport protocols ranging from class 0 (which is also known as TP0 and provides the least features) to class 4 (TP4, designed for less reliable networks, similar to the Internet). Class 0 contains no error recovery, and was designed for use on network layers that provide error-free connections. Class 4 is closest to TCP, although TCP contains functions, such as the graceful close, which OSI assigns to the session layer. Also, all OSI TP connection-mode protocol classes provide expedited data and preservation of record boundaries. Although not developed under the OSI Reference Model and not strictly conforming to the OSI definition of the transport layer, the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) of the Internet Protocol Suite are commonly categorized as layer-4 protocols within OSI. 86
    87. 87. Layer 5: Session layer The session layer controls the dialogues (connections) between computers. It establishes, manages and terminates the connections between the local and remote application. It provides for full-duplex, half-duplex, or simplex operation, and establishes checkpointing, adjournment, termination, and restart procedures. The OSI model made this layer responsible for graceful close of sessions, which is a property of the Transmission Control Protocol, and also for session check pointing and recovery, which is not usually used in the Internet Protocol Suite. The session layer is commonly implemented explicitly in application environments that use remote procedure calls. On this level, InterProcess_(computing) communication happen (SIGHUP, SIGKILL, End Process, etc.). 87
    88. 88. Layer 6: Presentation layer The presentation layer establishes context between application-layer entities, in which the higher-layer entities may use different syntax and semantics if the presentation service provides a mapping between them. If a mapping is available, presentation service data units are encapsulated into session protocol data units, and passed down the stack. This layer provides independence from data representation (e.g., encryption) by translating between application and network formats. The presentation layer transforms data into the form that the application accepts. This layer formats and encrypts data to be sent across a network. It is sometimes called the syntax layer. The original presentation structure used the basic encoding rules of Abstract Syntax Notation One (ASN.1), with capabilities such as converting an EBCDIC-coded text file to an ASCII-coded file, or serialization of objects and other data structures from and to XML. 88
    89. 89. Layer 7: Application layer The application layer is the OSI layer closest to the end user, which means that both the OSI application layer and the user interact directly with the software application. This layer interacts with software applications that implement a communicating component. Such application programs fall outside the scope of the OSI model. Application-layer functions typically include identifying communication partners, determining resource availability, and synchronizing communication. When identifying communication partners, the application layer determines the identity and availability of communication partners for an application with data to transmit. When determining resource availability, the application layer must decide whether sufficient network or the requested communication exist. In synchronizing communication, all communication between applications requires cooperation that is managed by the application layer. 89
    90. 90. Comparison with TCP/IP Model In the TCP/IP model of the Internet, protocols are deliberately not as rigidly designed into strict layers as in the OSI model. [10] RFC 3439 contains a section entitled "Layering considered harmful (section link here )." However, TCP/IP does recognize four broad layers of functionality which are derived from the operating scope of their contained protocols, namely the scope of the software application, the end-to-end transport connection, the internetworking range, and the scope of the direct links to other nodes on the local network. Even though the concept is different from the OSI model, these layers are nevertheless often compared with the OSI layering scheme in the following way: The Internet application layer includes the OSI application layer, presentation layer, and most of the session layer. Its end-to-end transport layer includes the graceful close function of the OSI session layer as well as the OSI transport layer. 90
    91. 91. The internetworking layer (Internet layer) is a subset of the OSI network layer (see above), while the link layer includes the OSI data link and physical layers, as well as parts of OSI's network layer. These comparisons are based on the original seven-layer protocol model as defined in ISO 7498, rather than refinements in such things as the internal organization of the network layer document. The presumably strict peer layering of the OSI model as it is usually described does not present contradictions in TCP/IP, as it is permissible that protocol usage does not follow the hierarchy implied in a layered model. Such examples exist in some routing protocols (e.g., OSPF), or in the description of tunneling protocols, which provide a link layer for an application, although the tunnel host protocol may well be a transport or even an application layer protocol in its own right. 91
    92. 92. Document Amendment History Document Amendment History S.No Description Author Version Date 1 2 3 4 5 6 7 8 92
    93. 93. T H A N K Y O U. . . All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise, without written permission of the owner. 93
    94. 94. SKILLS FOR INDIA Understanding Network Protocols
    95. 95. Protocols of Computer Communications and Networks  Protocol are used for communication between computers in different computer networks. Protocol achieves:  What is communicated between computers?  How it is communicated?  When it is communicated?  What conformance (bit sequence) between computers?  Key elements of a protocol are:  SYNTAC: Data format and signal levels  SEMANTICS: Control information for coordination and error handling  TIMING: Synchronization, speed matching, and sequencing  Examples of protocols:  WAN Protocol: TCP/IP 95
    96. 96. The Internet Protocol Suite and the OSI Reference Model 96
    97. 97. TCP The Transmission Control Protocol (TCP) is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol (IP), and therefore the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered delivery of a stream of bytes from a program on one computer to another program on another computer. TCP is the protocol used by major Internet applications such as the World Wide Web, email, remote administration and file transfer. Other applications, which do not require reliable data stream service, may use the User Datagram Protocol (UDP), which provides datagram service that emphasizes reduced latency over reliability. 97
    98. 98. User Datagram Protocol The User Datagram Protocol (UDP) is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagram, to other hosts on an Internet Protocol (IP) network without requiring prior communications to set up special transmission channels or data paths. The protocol was designed by David P. Reed in 1980 and formally defined in RFC 768 . UDP uses a simple transmission model without implicit handshaking dialogues for providing reliability, ordering, or data integrity. Thus, UDP provides an unreliable service and datagram may arrive out of order, appear duplicated, or go missing without notice. UDP assumes that error checking and correction is either not necessary or performed in the application, avoiding the overhead of such processing at the network interface level. Time-sensitive applications often use UDP because dropping packets is preferable to waiting for delayed packets, which may not be an option in a real-time system. 98
    99. 99. Internet Control Message Protocol The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite. It is chiefly used by the operating systems of networked computers to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP can also be used to relay query messages. It is assigned protocol number 1. ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications (with the exception of some diagnostic tools like ping and trace route). ICMP for Internet Protocol version 4 (IPv4) is also known as ICMPv4. IPv6 has a similar protocol, ICMPv6. 99
    100. 100. Hypertext Transfer Protocol Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web. Hypertext is a multi-linear set of objects, building a network by using logical links (the so-called hyperlinks) between the nodes (e.g. text or words). HTTP is the protocol to exchange or transfer hypertext. The standards development of HTTP was coordinated by the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C), culminating in the publication of a series of Requests for Comments (RFCs), most notably RFC 2616 (June 1999), which defines HTTP/1.1, the version of HTTP in common use. 100
    101. 101. Post Office Protocol In computing, the Post Office Protocol (POP) is an applicationlayer Internet standard protocol used by locale-mail clients to retrieve email from a remote server over a TCP/IP connection. POP and IMAP (Internet Message Access Protocol) are the two most prevalent Internet standard protocols for e-mail retrieval. Virtually all modern e-mail clients and servers support both. The POP protocol has been developed through several versions, with version 3 (POP3) being the current standard. Most webmail service providers such as Hotmail, Gmail and Yahoo! Mail also provide IMAP and POP3 service. 101
    102. 102. File Protocol Transfer File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet. It is often used to upload web pages and other documents from a private development machine to a public web-hosting server. FTP is built on a client-server architecture and uses separate control and data connections between the client and the server. FTP users may authenticate themselves using a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that hides (encrypts) the username and password, and encrypts the content, SSH File Transfer Protocol may be used. 102
    103. 103. Internet Message Control Protocol Internet message access protocol (IMAP) is one of the two most prevalent Internet standard protocols for email retrieval, the other being the Post Office Protocol (POP). Virtually all modern e-mail clients and mail servers support both protocols as a means of transferring e-mail messages from a server. The Internet Message Access Protocol (commonly known as IMAP) is an Application Layer Internet protocol that allows a client to access email on a remote mail server. The current version, IMAP version 4 revision 1 (IMAP4rev1), is defined by RFC 3501. An IMAP server typically listens on well-known port 143. IMAP over SSL (IMAPS) is assigned well-known port number 993. 103
    104. 104. IPX/SP X IPX/SPX is a routable protocol and can be used for small and large networks. It was created by Novell primarily for Novell NetWare networks, but is popular enough that it is used on products that are not from Novell. •NCP - NetWare Core Protocol provides for client/server interactions such as file and print sharing. It works at the application, presentation, and session levels. •SAP - Service Advertising Protocol packets are used by file and print servers to periodically advertise the address of the server and the services available. It works at the application, presentation, and session levels. 104
    105. 105. IPX/SP X •SPX - Sequenced Packet Exchange operates at the transport layer providing connection oriented communication on top of IPX. •IPX - Internetwork Packet Exchange supports the transport and network layers of the OSI network model. Provides for network addressing and routing. It provides fast, unreliable, communication with network nodes using a connection less datagram service. 105
    106. 106. Other Network Support  ODI - Open Data-link Interface operates at the data link layer allowing IPX to work with any network interface card  RIP - Routing Information Protocol is the default routing protocol for IPX/SPX networks which operates at the network layer. A distance-vector algorithm is used to calculate the best route for a packet  MHS - Message Handling Service by Novell is used for mail on Netware networks Network Level Protocols Application Presentation NCP SAP Session Transport Network Data Link IPX SPX NDIS/NIC drivers 106
    107. 107. NetBIOS NetBIOS is an acronym for Network Basic Input/Output System. It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. As strictly an API, NetBIOS is not a networking protocol. Older operating systems ran NetBIOS over IEEE 802.2 and IPX/SPX using the NetBIOS Frames (NBF) and NetBIOS (NBX) protocols, respectively. In modern networks, NetBIOS normally runs over TCP/IP via the NetBIOS over TCP/IP (NBT) protocol. This results in each computer in the network having both an IP address and a NetBIOS name corresponding to a (possibly different) host name. 107
    108. 108. NetBEUI (NetBIOS Extended User Interface NetBEUI (NetBIOS Extended User Interface) is a new, extended version of NetBIOS, the program that lets computers communicate within a local area network. NetBEUI formalizes the frame format (or arrangement of information in a data transmission) that was not specified as part of NetBIOS. NetBEUI was developed by IBM for its LAN Manager product and has been adopted by Microsoft for its Windows NT, LAN Manager, and Windows for Workgroups products. Hewlett-Packard and DEC use it in comparable products. NetBEUI is the best performance choice for communication within a single LAN. Because, like NetBIOS, it does not support the routing of messages to other networks, its interface must be adapted to other protocols such as Internetwork Packet Exchange or TCP/IP. A recommended method is to install both NetBEUI and TCP/IP in each computer and set the server up to use NetBEUI for communication within the LAN and TCP/IP for communication beyond the LAN. 108
    109. 109. Difference between NetBIOS & NetBEUI NetBIOS (Network Basic Input/Output System) isn't a network protocol. It's an API (applications programming interface) for File and Printer Sharing. NetBIOS names identify computers on the network. NetBIOS broadcasts locate computers and shared disks and folders on the network and allow them to appear in My Network Places and Network Neighborhood. NetBEUI (NetBIOS Extended User Interface) is a network protocol, like TCP/IP and IPX/SPX. All three protocols support file and printer sharing using the NetBIOS API. Nothing in Windows networking requires the NetBEUI protocol. All network functions are available using the TCP/IP and/or NW Link IPX/SPX protocols. NetBEUI is available as an un-supported protocol in Windows XP. 109
    110. 110. Apple Talk AppleTalk is a proprietary suite of networking protocols developed by Apple Inc. for their Mac computers. AppleTalk included a number of features that allowed local area networks to be connected with no prior setup or the need for a centralized router or server of any sort. Simply connecting together AppleTalk equipped systems would automatically assign addresses, update the distributed namespace, and configure any required inter-networking routing. It was a true plug-n-play system. AppleTalk was released for the original Macintosh in 1985, and was the primary protocol used by Apple machinery through the 1980s and 90s. Versions were also released for the IBM PC and compatibles, and the Apple IIGS. AppleTalk support was also available in most networked printers (especially laser printers), some file servers and a number of routers. Through this period, AppleTalk was, by far, the most popular networking system in the world. 110
    111. 111. Apple Talk..Continued The rise of TCP/IP during the 1990s led to a re-implementation of most of these types of support on that protocol, and AppleTalk became unsupported as of the release of Mac OS X v10.6 in 2009. Many of AppleTalk's more advanced auto-configuration features have since been introduced in Bonjour. 111
    112. 112. Associated TCP/IP Protocols & Services HTTP This protocol, the core of the World Wide Web, facilitates retrieval and transfer of hypertext (mixed media) documents. Stands for the HyperText Transfer protocol Telnet A remote terminal emulation protocol that enables clients to log on to remote hosts on the network. SNMP Used to remotely manage network devices. Stands for the Simple Network Management Protocol. DNS Provides meaningful names like for computers to replace numerical addresses like Stands for the Domain Name System. SLIP/ PPP SLIP (Serial Line Internet Protocol) and PPP (Point to Point Protocol) encapsulate the IP packets so that they can be sent over a dial up phone connection to an access provider’s modem. 112
    113. 113. Document Amendment History Document Amendment History S.No Description Author Version Date 1 2 3 4 5 6 7 8 113
    114. 114. T H A N K Y O U. . . All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise, without written permission of the owner. 114
    115. 115. SKILLS FOR INDIA IP Addressing
    116. 116. What is an IP address?      IP (Internet Protocol) address Device used by routers, to select best path from source to destination, across networks and internetworks Network layer address, consisting of NETWORK portion, and HOST portion Logical address, assigned in software by network administrator Part of a hierarchical ‘numbering scheme’ - unique, for reliable routing May be assigned to a host pc, or router port 116
    117. 117. Types of IP address  Static address  Dynamic address 117
    118. 118. Static IP address  Manually input by network administrator  Manageable for small networks  Requires careful checks to avoid duplication 118
    119. 119. Dynamic IP address Examples - BOOTP, DHCP  Assigned by server when host boots  Derived automatically from a range of addresses  Duration of ‘lease’ negotiated, then address released back to server 119
    120. 120. Class A IP address  1st octet = network address, octets 2-4 = host address  1st bits of 1st octet set to 0  up to (2^24 - 2) host addresses (16.8M) 121
    121. 121. Class A IP address 124. 224. 224.100 01111100 11100000 11100000 01100100 122
    122. 122. Class B IP address  1st 2 octets = network address, octets 3-4 = host address  1st 2 bits of 1st octet set to 10  up to (2^16 - 2) host addresses (65534) 123
    123. 123. Class B IP address 129. 224. 224. 100 10000001 11100000 11100000 01100100 124
    124. 124. Class C IP address  1st 3 octets = network address, octet 4 = host address  1st 3 bits of 1st octet set to 110  up to (2^8 - 2) host addresses (254) 125
    125. 125. Class C IP address 193. 224. 224. 100 11000001 11100000 11100000 01100100 126
    126. 126. IP addresses and routing  Routing tables  Identifying source and destination  IP packet routing 127
    127. 127. IP addresses and routing -Routing Tables  Created by router, held in memory, constantly updated  Based on cross-referencing  IP packet source address, and port on which received 128
    128. 128. IP addresses and routing Identifying source and destination  As part of a layer 3 packet, IP header contains source and destination address  Each address is 32 bits long, and unique to device or port  Router reads destination IP address, checks against routing tables 129
    129. 129. IP addresses and routing - IP packet routing  If destination address not on the same segment as receive port, router sends packet to correct port for routing to destination  If destination on same segment as receive port, packet not forwarded 130
    130. 130. Networks and subnets  Why subnet  Subnet mask  Restrictions on ‘borrowed’ bits 131
    131. 131. When an organization is granted a block of addresses, it can create subnets to meet its needs. The prefix length increases to define the subnet prefix length. Why subnet Reduce broadcast domain, improve network efficiency Why subnet Reduce broadcast domain, improve network efficiency 132
    132. 132. Subnet masks  Extend NETWORK portion, borrow from HOST portion  Allow external networks to route packets direct to subnet 133
    133. 133. SKILLS FOR INDIA IP Routing
    134. 134. Network Address Translation Network Address Translation or NAT Kinds of Network Address Translation Operation of Network Address Translation Security and Administration 135
    135. 135. IP Routing When we want to connect two or more networks using different n/w addresses then we have to use IP Routing technique. The router will be used to perform routing between the networks. A router will perform following functions for routing.  Path determination  Packet forwarding  Path determination The process of obtaining path in routing table is called path determination. There are three different methods to which router can learn path.  Automatic detection of directly connected n/w.  Static & Default routing  Dynamic routing 136
    136. 136. IP Routing  Packet forwarding It is a process that is by default enable in router. The router will perform packet forwarding only if route is available in the routing table. 137
    137. 137. Routing Process  The pc has a packet in which destination address is not same as the local n/w address.  The pc will send an ARP request for default gateway. The router will reply to the ARP address and inform its Mac address to pc.  The pc will encapsulate data, in which source IP is pc itself, destination IP is server, source Mac is pc’s LAN interface and destination Mac is router’s LAN interface. 138
    138. 138. Routing Process R1 S. MAC PC1 D. IP S. IP D. MAC R1 139
    139. 139. The router will receive the frame, store it into the buffer. When obtain packet from the frame then forward data according to the destination IP of packet. The router will obtain a route from routing table according to which next hop IP and interface is selected  According to the next hop, the packet will encapsulated with new frame and data is send to the output queue of the interface. 140
    140. 140. Static Routing In this routing, we have to use IP route commands through which we can specify routes for different networks. The administrator will analyze whole internetwork topology and then specify the route for each n/w that is not directly connected to the router. Steps to perform static routing Create a list of all n/w present in internetwork. Remove the n/w address from list, which is directly connected to n/w. Specify each route for each routing n/w by using IP route command. Router(config)#ip route <destination n/w> <mask> <next hop ip> Next hop IP it is the IP address of neighbor router that is directly connected our router. 141
    141. 141. Advantages of static routing (1) Fast and efficient. (2) More control over selected path. (3) Less overhead for router. (4) Bandwidth of interfaces is not consumed in routing updates. Disadvantages of static routing (1) More overheads on administrator. (2) Load balancing is not easily possible. (3) In case of topology change routing table has to be change manually. 142
    142. 142. Alternate command to specify static route Static route can also specify in following syntax: Old Router(config)#ip route Or Router(config)#ip route serial 0 143
    143. 143. Backup route or loading static route If more than one path are available from our router to destination then we can specify one route as primary and other route as backup route. Administrator Distance is used to specify one route as primary and other route as backup. Router will select lower AD route to forward the traffic. By default static route has AD value of 1. With backup path, we will specify higher AD so that this route will be used if primary route is unavailable. Protocols AD Directly Connected 0 Static 1 BGP 20 EIGRP 90 IGRP 100 OSPF 110 RIP 120 144
    144. 144. Syntax: To set backup path Router(config)#ip route <dest. n/w> <mask> <next hop> <AD> Default Routing Default routing means a route for any n/w. these routes are specify with the help of following syntax: Router(config)#ip route <next hop> Or <exit interface> To display routing table Router#sh ip route 145
    145. 145. To display routing table Router#sh ip route To display static routes only Router#sh ip route static S [1/0] via To display connected n/ws only Router#sh ip route connected To check all the interface of a router Router#sh interface brief 146
    146. 146. Dynamic Routing In dynamic routing, we will enable a routing protocol on router. This protocol will send its routing information to the neighbor router. The neighbors will analyze the information and write new routes to the routing table. The routers will pass routing information receive from one router to other router also. If there are more than one path available then routes are compared and best path is selected. Some examples of dynamic protocol are: RIP, IGRP, EIGRP, OSPF Types of Dynamic Routing Protocols According to the working there are two types of Dynamic Routing Protocols. (1) Distance Vector (2) Link State 147
    147. 147. Dynamic Routing According to the type of area in which protocol is used there are again two types of protocol: (1) Interior Routing Protocol (2) Exterior Routing Protocol Interior Routing Exterior Routing RIP BGP IGRP EXEIGRP EIGRP OSPF 148
    148. 148. Distance Vector Routing The Routing, which is based on two parameters, that is distance and direction is called Distance Vector Routing. The example of Distance Vector Routing is RIP & IGRP. Operation: (1) Each Router will send its directly connected information to the neighbor router. This information is send periodically to the neighbors. (2) The neighbor will receive routing updates and process the route according to following conditions:  If update of a new n/w is received then this information is stored in routing table.  If update of a route is received which is already present in routing table then route will be refresh that is route times is reset to zero. 149
    149. 149. Distance Vector Routing  If update is received for a route with lower metric then the route, which is already present in our routing table. The router will discard old route and write the new route in the routing table.  If update is received with higher metric then the route that is already present in routing table, in this case the new update will be discard.  A timer is associated with each route. The router will forward routing information on all interfaces and entire routing table is send to the neighbor. There are three types of timers associated with a route.  Route update timer It is the time after which the router will send periodic update to the neighbor. 150
    150. 150. Distance Vector Routing  Route invalid timer It is the time after which the route is declared invalid, if there are no updates for the route. Invalid route are not forwarded to neighbor routers but it is still used to forward the traffic.  Route flush timer It is the time after which route is removed from the routing table, if there are no updates about the router. 151
    151. 151. Metric of Dynamic Routing  Metric are the measuring unit to calculate the distance of destination n/w. A protocol may use a one or more than one at a time to calculate the distance. Different types of metric are:  Hop Count  Band Width  Load  Reliability  Delay  MTU 152
    152. 152. Hop Count It is the no. of Hops (Routers) a packet has to travel for a destination n/w. Bandwidth Bandwidth is the speed of link. The path with higher bandwidth is preferred to send the data. Load Load is the amount of traffic present in the interface. Paths with lower load and high throughput are used to send data. Reliability Reliability is up time of interface over a period of time. Delay Delay is the time period b/w a packet is sent and received by the destination 153
    153. 153. MTU Maximum Transmission Unit It is the maximum size of packet that can be sent in a frame mostly MTU is set to 1500. Problems of Distance Vector There are two main problems of distance vector routing •Bandwidth Consumption •Routing Loops Bandwidth Consumption The problem of accessive bandwidth consumption is solved out with the help of autonomous system. It exchanges b/w different routers. We can also perform route summarization to reduce the traffic. 154
    154. 154. Routing Loops It may occur b/w adjacent routers due to wrong routing information. Distance Vector routing is also called routing by Rumor. Due to this the packet may enter in the loop condition until their TTL is expired. Method to solve routing loops There are five different methods to solve or reduce the problem of routing loop. Maximum Hop Count Flash Updates/Triggered Updates Split Horizon Poison Reverse Hold Down 155
    155. 155. Maximum Hop Count This method limits the maximum no. of hops a packet can travel. This method does not solve loop problem. But it reduce the loop size in the n/w. Due to this method the end to end size of a n/w is also limited. Flash Updates/Triggered Updates In this method a partial update is send to the all neighbors as soon as there is topology change. The router, which receives flash updates, will also send the flash updates to the neighbor routers. Split Horizon Split Horizon states a route that update receive from an interface can not be send back to same interface. 156
    156. 156. Poison Reverse This method is the combination of split Horizon and Flash updates. It implements the rule that information received from the interface can not be sent back to the interface and in case of topology change flash updates will be send to the neighbor. Hold Down If a route changes frequently then the route is declared in Hold Down state and no updates are received until the Hold Down timer expires. 157
    157. 157. Routing Information Protocol Features of RIP:  Distance Vector  Open standard  Broadcast Updates (  Metric Hop Count Timers Update 30 sec Invalid 180 sec Hold 180 sec 158
    158. 158.  Loop Control  Split Horizon  Triggered Updates  Maximum Hop Count  Hold Down  Maximum Hop Count 15  Administrative Distance 120  Equal Path Cost Load Balancing  Maximum Load path 6  Default 4  Does not support VLSM  Does not support Autonomous system 159
    159. 159. Configuring RIP Router#conf ter Router(config)#router rip Router(config-router)#network <own net address> Router(config-router)#network <own net address> --------------------------Router(config-router)#exit Router(config-router)#network Router(config-router)#network Router(config-router)#network via 160
    160. 160. Configuring RIP 17 .5 .16.0 172 5. 2 R1 1 .1. 161
    161. 161. Display RIP Routers Router#sh ip route rip R [120/5] via 00:00:25 serial 1/0 RIP Dest. n/w mask AD Metric Next Hop Timer own Interface RIP advanced configuration Passive Interfaces An interface, which is not able to send routing updates but able to receive routing update only is called Passive Interface. We can declare an interface as passive with following commands: Router#conf ter Router(config)#router rip Router(config-router)#Passive-interface <type> <no> Router(config-router)#exit 162
    162. 162. Neighbor RIP  In RIP, by default routing updates are send to the address In some scenarios, it may be required to send routing updates as a unicast from router to another. In this case, we have to configure neighbor RIP.  For example: - in a Frame Relay n/w the broadcast update is discarded by the switches, so if we want to send RIP updates across the switches then we have to unicast updates using Neighbor RIP. 163
    163. 163. Unicast Frame Relay Cloud R1 R1 Router(config)#router rip Router(config-router)#neighbor neighbor R2 R2 Router(config)#router rip Router(config router)# 164
    164. 164. To change Administrative Distance Router(config)#router rip Router(config-router)#distance <value> Router(config-router)#exit 95 or 100 To configure Load Balance RIP is able to perform equal path cost Load Balancing. If multiple paths are available with equal Hop Count for the destination then RIP will balance load equally on all paths. Load Balancing is enabled by default 4 paths. We can change the no. of paths. It can use simultaneously by following command: Router(config)#router rip Router(config-router)#maximum-path <1-6> 165
    165. 165. To display RIP parameters Router#sh ip protocol Or Router#sh ip protocol RIP This command display following parameters: (i) RIP Timers (ii) RIP Version (iii) Route filtering (iv) Route redistribution (v) Interfaces on which update send (vi) And receive (vii) Advertise n/w (viii) Passive interface (ix) Neighbor RIP (x) Routing information sources (xi) Administrative Distance 166
    166. 166. RIP version 2 RIP version 2 supports following new features: Support VLSM (send mask in updates) Multicast updates using address Support authentication Commands to enable RIP version 2 We have to change RIP version 1 to RIP version 2. Rest all communication will remain same in RIP version 2. Router(config)#Router RIP Router(config-router)#version 2 Router(config-router)#exit 167
    167. 167. To debug RIP routing Router#debug ip rip To disable debug routing Router#no debug ip rip Or Router#no debug all Or Router#undebug all 168
    168. 168. Interior Gateway Routing Protocol Features:  Cisco proprietary  Distance vector  Timers Update 90 sec Invalid 270 sec Hold time 280 sec Flush 630 sec  Loop control All methods 169
    169. 169. Interior Gateway Routing Protocol Metric (24 bit composite)  Bandwidth (default)  Delay (default)  Load  Reliability  MTU 170
    170. 170. Interior Gateway Routing Protocol      Broadcast updates to address Unequal path cost load balancing Automatic route summarization Support AS Does not support VLSM 171
    171. 171. Configuring IGRP Router(config)#router igrp <as no>(1 – 65535) Router(config-router)#network <net address> Router(config-router)#network <net address> Router(config-router)#exit Configuring Bandwidth on Interface for IGRP By default the router will detect maximum speed of interface and use this value as the bandwidth metric for IGRP. But it may be possible that the interfaces and working at its maximum speed then we have to configure bandwidth on interface, so that IGRP is able to calculate correct method 172
    172. 172. Router(config)#interface <type> <no> Router(config-if)#bandwidth <value in kbps> Router(config-if)#exit Router(config)#interface serial 0 Router(config-if)#bandwidth 256 Router(config-if)#exit Configuring Unequal path cost load balancing To configure load balancing, we have to set two parameters (1) Maximum path (by default 4) (2) Variance (default 1) Maximum Path: - it is maximum no. of paths that can be used for load balancing simultaneously. 173
    173. 173. Variance: - it is the multiplier value to the least metric for a destination n/w up to which the load can be balanced. Router(config)#Router igrp <as no> Router(config-router)#variance <value> Router(config-router)#exit 174
    174. 174. Configuring IGRP Configuring following options in IGRP as same as in case of RIP:  Neighbor  Passive interface  Timer  Distance (AD)  Maximum path 175
    175. 175. Network Address Translation  RFC-1631  A short term solution to the problem of the depletion of IP addresses  Long term solution is IP v6 (or whatever is finally agreed on)  CIDR (Classless Inter Domain Routing ) is a possible short term solution  NAT is another  NAT is a way to conserve IP addresses  Hide a number of hosts behind a single IP address  Use: •, • or • for local networks 176
    176. 176. Translation Modes  Dynamic translation (IP masquerading)  Large number of internal users share a single external address  Static translation  A block external addresses are translated to a same size block of internal addresses  Load balancing translation  A single incoming IP address is distributed across a number of internal servers  Network redundancy translation  Multiple internet connections are attached to a NAT firewall that it chooses and uses based on bandwidth, congestion and availability 177
    177. 177. Dynamic Translation (IP Masquerading )  Also called Network Address and Port Translation (NAPT)  Individual hosts inside the Firewall are identified based on of each connection flowing through the firewall  Since a connection doesn’t exist until an internal host requests a connection through the firewall to an external host, and most Firewalls only open ports only for the addressed host only that host can route back into the internal network  IP Source routing could route back in; but, most Firewalls block incoming source routed packets  NAT only prevents external hosts from making connections to internal hosts.  Some protocols won’t work; protocols that rely on separate connections back into the local network  Theoretical max of 216 connections, actual is much less 178
    178. 178. Static Translation  Map a range of external address to the same size block of internal addresses  Firewall just does a simple translation of each address  Port forwarding - map a specific port to come through the Firewall rather than all ports; useful to expose a specific service on the internal network to the public network 179
    179. 179. Load Balancing  A firewall that will dynamically map a request to a pool of identical clone machines  often done for really busy web sites  each clone must have a way to notify the Firewall of its current load so the Fire wall can choose a target machine  or the firewall just uses a dispatching algorithm like round robin  Only works for stateless protocols (like HTTP) 180
    180. 180. Network Redundancy  Can be used to provide automatic fail-over of servers or load balancing  Firewall is connected to multiple ISP with a masquerade for each ISP and chooses which ISP to use based on client load  Kind of like reverse load balancing  A dead ISP will be treated as a fully loaded one and the client will be routed through another ISP 181
    181. 181. Problems with NAT Can’t be used with:  Protocols that require a separate back-channel  Protocols that encrypt TCP headers  Embed TCP address info  Specifically use original IP for some security reason 182
    182. 182. Working of NAT & PAT NAT Internet Switch 1080 1085 183
    183. 183. 1100 Port Translation 1024 1024 184
    184. 184. Static NAT This NAT is also used for servers. It provides port-based access to the servers with the help of NAT. Static NAT = Router Internet .1.5 200.1 Live Local 185
    185. 185. Port Base Static NAT This NAT is used for servers in which one Live IP is directly mapped to one Local IP. This NAT will forward on the traffic for the Live IP to the Local PC in the n/w. -> Router200.1.1.5:53 -> Internet Router Web DNS 186
    186. 186. Dynamic NAT using Pool Dynamic NAT is used for clients, which want to access Internet. The request from multiple client IPs are translated with the Live IP obtained from the Pool. It is also called Pool Based Dynamic NAT. Pool => – Internet Local address => 172.16.X.X Except => Pool allotted => – 15/28 Server Static => = Port Based Static NAT = = 187
    187. 187. Dynamic NAT using Pool Client Dynamic NAT Pool => – Local address => 172.16.0.X Except 188
    188. 188. Configuring NAT Router#conf ter Router(config)#int serial 0 Router(config-if)#ip nat outside Router(config-if)#int eth 0 Router(config-if)#ip nat inside Router(config-if)#exit Router(config)#ip nat inside source static Router(config)#ip nat inside source static tcp 80 80 Router(config)#ip nat inside source static udp 53 53 Router(config)#access-list 30 deny Router(config)#access-list 30 deny Router(config)#access-list 30 deny Router(config)#access-list 30 permit any Router(config)#ip nat pool abc netmask 189
    189. 189. Command for Basic NAT Router(config)#ip nat inside source list 30 interface serial 0 <exiting interface name> To display NAT translation Router#sh ip nat translations (after ping any address, it shows ping details) To clear IP NAT Translation Router#clear ip nat Translation * 190
    190. 190. Document Amendment History Document Amendment History S.No Description Author Version Date 1 2 3 4 5 6 7 8 191
    191. 191. T H A N K Y O U. . . All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise, without written permission of the owner. 192
    192. 192. SKILLS FOR INDIA Remote Access Mode
    193. 193. Remote Access Service Remote Access Services (RAS) refers to any combination of hardware and software to enable the remote access tools or information that typically reside on a network of IT devices. A RAS server is a specialized computer which aggregates multiple communication channels together. Because these channels are bidirectional, two models emerge: Multiple entities connecting to a single resource, and a single entity connecting to multiple resources. Both of these models are widely used. Both physical and virtual resources can be provided through a RAS server: centralized computing can provide multiple users access to a remote virtual operating system. Access Providers often use RAS servers to terminate physical connections to their customers, for example customers who get Internet through some form of modem. Originally coined by Microsoft when referring to their built-in NT remote access tools, RAS was a service provided by Windows NT which allows most of the services which would be available on a network to be accessed over a modem link. 194
    194. 194. The service includes support for dialup and logon, presents the same network interface as the normal network drivers (albeit slightly slower). It is not necessary to run Windows NT on the client - there are client versions for other Windows operating systems. A feature built into Windows NT enables users to log into an NTbased LAN using a modem, X.25 connection or WAN link. RAS works with several major network protocols, including TCP/IP, IPX, and NBF. To use RAS from a remote node, you need a RAS client program, which is built into most versions of Windows, or any PPP client software. For example, most remote control programs work with RAS. Starting in the mid-1990s, several manufacturers such as U.S. Robotics produced "modem terminal servers". Instead of having RS232ports, these would directly incorporate an analog modem. These devices were commonly used by Internet service providers to allow consumer dialup. Modern versions interface to an ISDN PRI instead of having analog modem ports. 195
    195. 195. Complete these steps to configure RAS on a Cisco ICM Logger. Select Start > Settings > Control Panel Double-click the Network Applet Select Services Double-click the Remote Access Service 196
    196. 196. Figure 1: Remote Access Setup 197
    197. 197. Click Configure. Figure 2: Configure Port Usage 198
    198. 198. Media Access Methods An access method is a set of rules governing how the network nodes share the transmission medium. The rules for sharing among computers are similar to the rules for sharing among humans in that they both boil down to a pair of fundamental philosophies:  first come, first served and  take turns. These philosophies are the principles defining the three most important types of media access methods: 199
    199. 199. Media Access Methods Contention. -(CSMA/CD Carrier Sense Multiple Access with Collision Detection,  -CSMA/CA Carrier Sense Multiple Access with Collision Avoidance)  Token passing.  Demand Priority. 200
    200. 200. Contention CSMA/CD Carrier Sense Multiple Access with Collision Detection IEEE 802.3 Ethernet LANs use the Carrier Sense Multiple Access with Collision detection(CSMA/CD) protocol to detect and handle collisions on the network. However, WLANs can’t use CSMA/CD because they can’t transmit and listen at the same time. CSMA/CA Carrier Sense Multiple Access with Collision Avoidance The IEEE 802.11b standard specifies the carrier sense multiple access with collision avoidance (CSMA/CA) protocol for WLANs. CSMA/CA tries to avoid collisions by using explicit packet acknowledgment. With CSMA/CA, an acknowledgment packet is sent by the receiving station to confirm it has received a data packet. If the transmitting station does not receive the acknowledgment, it assumes that a collision has occurred and transmits the data packet again. 201
    201. 201. Token passing IEEE 802.5 standard deals with Token Ring networks Token passing is implemented on a token-ring network. IEEE 802.5 Token Ring networks use a token-passing media access method. A token is a special packet that gives permission to a device to transmit data on to the network. When a device receives a token and transmits a frame, the frame is forwarded around the ring by all attached devices. When the frame reaches its destination, it is copied and processed by the receiving device and placed back on the ring. Before placing the frame back on the ring, the receiving device sets frame-status bits to indicate that the frame was received. The frame circles the ring until it returns to the original transmitting device. 202
    202. 202. Demand Priority Demand priority is an access method used with the new 100Mbps 100VG-AnyLAN standard. Although demand priority is officially considered a contention-based access method, demand priority is considerably different from the basic CSMA/CD Ethernet. In demand priority, network nodes are connected to hubs, and those hubs are connected to other hubs. Contention, therefore, occurs at the hub. (100VG-AnyLAN cables can actually send and receive data at the same time.) Demand priority provides a mechanism for prioritizing data types. If contention occurs, data with a higher priority takes precedence 203
    203. 203. Collision & Broadcast Domains MAC Address Contains 48-bit destination address field. Who is this frame for? 00-C0-F0-56-BD-97 “Hey Joe” 204
    204. 204. MAC Address How will all other NICs handle the frame? Drop it (in the “bit bucket”) 205
    205. 205. Special MAC Address Who is this frame for? FF-FF-FF-FF-FF-FF “Hey everybody” 206
    206. 206. Broadcast MAC Address FF-FF-FF-FF-FF-FF 48 bits, all 1s All NICs copy the frame & send it up the stack 207
    207. 207. Broadcast Frames Necessary for network function Used for finding services: “Hey, is there a server out there?” Advertising services: “Hey, I’m a printer you can use.” Some Layer 3 (Network Layer) protocols use broadcasts frequently: Appletalk IPX (older Novell protocol) Networks that use these protocols must be limited in size, or they will become saturated with broadcast frames. TCP/IP (a Layer 3 protocol) uses broadcasts sparingly. Therefore, networks that use TCP/IP can be made quite large without broadcast problems. (They “scale” well.) 208
    208. 208. Collision Domain Network region in which collisions are propagated. Repeaters and hubs propagate collisions. Bridges, switches and routers do not.
    209. 209. Reducing Collisions  Collision frequency can be kept low by breaking the network into segments bounded by:  bridges  switches  routers
    210. 210. Broadcast Domain Network region in which broadcast frames are propagated. Repeaters, hubs, bridges, & switches propagate broadcasts. Routers either do or don’t, depending on their configuration.
    211. 211. Reducing Broadcasts Broadcasts are necessary for network function. Some devices and protocols produce lots of broadcasts; avoid them. Broadcast frequency can be kept manageable by limiting the LAN size. LANs can then be cross-connected by routers to make a larger internetwork.
    212. 212. Shared Ethernet A single segment that is shared among all connected NICs. A single collision domain. A logical “bus” (may be a physical star). The segment includes repeaters and hubs. Sometimes called a “single flat Ethernet”.
    213. 213. Shared Ethernet Hub
    214. 214. Switched Ethernet Consists of a several segments, each of which is shared by NICs attached to it. The network is segmented into several collision domains. Bridges, switches, and routers create the segment and collision domain boundaries. Segments may contain hubs and repeaters.
    215. 215. Switched Ethernet Switch - 1 port per hub Hub Hub
    216. 216. Micro segmented Switched Ethernet Each user NIC is connected directly to a switch port. Provides one switched segment to each connected NIC. No sharing. No collisions.
    217. 217. Micro segmented Switched Ethernet Switch - 1 port per PC
    218. 218. Summary Term LAN Segment (Collision domain) Entire LAN (Broadcast domain) Internetwork (Group of LANs cross-connected by Routers) Includes Cable Repeaters Hubs Boundary Bridges Switches (Routers) Everything except Routers Edge of LAN Routers LANs & Routers Edge of Internetwork Example switch router switch
    219. 219. Identify the collision domains & broadcast domains switch hub hub
    220. 220. Identify the collision domains & broadcast domains hub hub
    221. 221. Identify the collision domains & broadcast domains switch hub
    222. 222. Identify the collision domains & broadcast domains: router switch Router connects separate networks. One broadcast domain per router interface.
    223. 223. Application First, complete Lab 7A Then, on a printed copy of the “Teaching Topology” (curriculum p7.5.5) Circle each collision domain - use a solid line. Circle each broadcast domain - use a dashed line.
    224. 224. Reminder Collisions spread throughout a LAN segment spread across hubs & repeaters are stopped by switches & bridges Broadcasts spread throughout an entire LAN spread across hubs, switches, bridges are stopped only by routers 225
    225. 225. LAN Switching Ethernet switches are used in LAN to create Ethernet n/ws. Switches forward the traffic on the basis of MAC address. Switches maintain a Mac Addresse table in which mac addresses and port no.s are used to perform switching decision. Working of bridge and switch is similar to each other. 226
    226. 226. Classification of switches Switches are classified according to the following criteria: Types of switches based on working (1) Store & Forward This switch receives entire frame then perform error checking and start forwarding data to the destination. (2) Cut through This switch starts forwarding frame as soon as first six bytes of the frame are received. (3) Fragment-free This switch receives 64 bytes of the frame, perform error checking and then start forwarding data. (4) Adaptive cut-through It changes its mode according the condition. If it see there are errors in many frames then it changes to Store & Forward mode from Cut through or Fragment-free. 227
    227. 227. Classification of switches Types of switches based on management (1) Manageable switches (2) Non-Manageable switches (3) Semi-Manageable switches Types of switches based on OSI layer (1) Layer 2 switches (only switching) (2) Layer 3 switches (switching & routing) Types of switches based on command mode (only in Cisco) (1) IOS based (2) CLI based Type of switches based on hierarchical model (1) Core layer switches (2) Distribution layer switches (3) Access layer switches 228
    228. 228. Basic Switch Administration IOS based switches are similar to the routers. We can perform following function on switches in a similar manner as performed on router. (1) Access switch using console (2) Commands to enter & exit from different mode (3) Commands to configure passwords (4) Manage configuration (5) Backup IOS and configuration (6) Configuring and resolving hostnames (7) Managing telnet (8) Configuring CDP (9) Configuring time clock (10) Configuring Banners (11) Command line shortcuts and editing shortcuts (12) Managing history (13) Configure logging (14) Boot system commands 229
    229. 229. Basic Switch Administration Following function and options are not similar in router and switch. (1) Default hostname is ‘Switch’ (2) Auxiliary port is not present (3) VTY ports are mostly 0 to 15 (4) By default interfaces are enabled (5) IP address cannot be assign to interfaces (6) Routing configuration mode is not present (7) Interface no. starts from 1 (8) Web access is by default enabled (9) Configuration registry is not present in similar manner (10) Flash memory may contain multiple files and startup-configuration is also saved in flash 230
    230. 230. Configuring IP and Gateway on switch We can configure IP address on switch for web access or telnet IP address is required for the administration of the switch. If we have to access switch from remote n/w then we will configure default gateway in addition to IP address. IP address is assigned to the logical interface of switch with following command:Switch(config)#interface vlan 1 Switch(config)#IP address <ip> <mask> Switch(config)#no sh Switch(config)#exit 231
    231. 231. Old Switches Switch(config)#ip address <ip> <mask> Switch(config)#exit Configuring Gateway Switch(config)#ip default-gateway <ip> Switch(config)#exit 232
    232. 232. Breaking Switch Password (1) Power off switch press mode button present in front of switch then power on the switch. (2) Keep mode button press until ‘Switch:’ prompt appears on console. (3) In switch monitor mode, type following commands: flash_init load_helper rename flash:config.text flash:<anyname> dir flash: boot (4) After booting switch will prompt to enter in initial configuration dialog. Enter ‘no’ here and type. Switch>enable Rename flash:<anyname> Flash:config.text Configure memory Change password and save config. Then copy run start_config. 233
    233. 233. Document Amendment History Document Amendment History S.No Description Author Version Date 1 2 3 4 5 6 7 8 234
    234. 234. T H A N K Y O U. . . All information, including graphical representations, etc provided in this presentation is for exclusive use of current Globsyn Skills students and faculty. No part of the document may be reproduced in any form or by any means, electronic or otherwise, without written permission of the owner. 235
    235. 235. SKILLS FOR INDIA Security Protocol
    236. 236. A security protocol (cryptographic protocol or encryption protocol) is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods. A protocol describes how the algorithms should be used. A sufficiently detailed protocol includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program. Cryptographic protocols are widely used for secure application-level data transport. A cryptographic protocol usually incorporates at least some of these aspects: Key agreement or establishment Entity authentication Symmetric encryption and message authentication material construction Secured application-level data transport Non-repudiation methods 237
    237. 237. Internet Key Exchange Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in the IPSec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509 certificates for authentication which are either pre-shared or distributed using DNS (preferably with DNSSEC), and a Diffie–Hellman key exchange to set up a shared session secret from which cryptographic keys are derived. In addition, a security policy for every peer which will connect must be manually maintained 238
    238. 238. IPsec Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating andencrypting each IP packet of a communication session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite. It can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (networkto-network), or between a security gateway and a host (network-to-host).[1] Some other Internet security systems in widespread use, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS) andSecure Shell (SSH), operate in the upper layers of the TCP/IP model. In the past, the use of TLS/SSL had to be designed into an application to protect the application protocols. In contrast, since day one, applications did not need to be specifically designed to use IPsec. 239
    239. 239. Hence, IPsec protects any application traffic across an IP network. This holds true now for SSL as well with the rise of SSL based VPN revolution with implementations like OpenVPN. IPsec originally was developed at the Naval Research Laboratory as part of a DARPA-sponsored research project. ESP was derived directly from the SP3D protocol, rather than being derived from the ISO Network-Layer Security Protocol (NLSP). The SP3D protocol specification was published by NIST, but designed by the Secure Data Network System project of the National Security Agency (NSA), IPsec AH is derived in part from previous IETF standards work for authentication of the Simple Network Management Protocol (SNMP). IPsec is officially specified by the Internet Engineering Task Force (IETF) in a series of Request for Comments documents addressing various components and extensions. It specifies the spelling of the protocol name to be IPsec 240
    240. 240. Kerberos (protocol) Kerberos is a computer network authentication protocol which works on the basis of "tickets" to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks. Kerberos builds on symmetric key cryptography and requires a trusted third party, and optionally may use public-key cryptography by utilizing asymmetric key cryptography during certain phases of authentication. Kerberos uses port 88 by default. "Kerberos" also refers to a suite of free software published by Massachusetts Institute of Technology (MIT) that implements the Kerberos protocol. 241
    241. 241. Point-to-point protocol In networking, the Point-to-Point Protocol (PPP) is a data link protocol commonly used in establishing a direct connection between two networking nodes. It can provide connection authentication, transmission encryption (using ECP, RFC 1968), and compression. PPP is used over many types of physical networks including serial cable, phone line, trunk line, cellular telephone, specialized radio links, and fiber optic links such as SONET. PPP is also used over Internet access connections (now marketed as "broadband"). Internet service providers (ISPs) have used PPP for customer dial-up access to the Internet, since IP packets cannot be transmitted over a modem line on their own, without some data link protocol. Two encapsulated forms of PPP, Point-toPoint Protocol over Ethernet (PPPoE) and Point-to-Point Protocol over ATM (PPPoA), are used most commonly by Internet Service Providers (ISPs) to establish a Digital Subscriber Line (DSL) Internet service connection with customers. 242
    242. 242. PPP is commonly used as a data link layer protocol for connection over synchronous and asynchronous circuits, where it has largely superseded the older Serial Line Internet Protocol (SLIP) and telephone company mandated standards (such as Link Access Protocol, Balanced (LAPB) in the X.25 protocol suite). PPP was designed to work with numerous network layer protocols, including Internet Protocol (IP), TRILL, Novell's Internetwork Packet Exchange (IPX), NBF and AppleTalk. 243