103 Basic network concepts

www.huawei.com
Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved.
Basic Network Concepts

Foreword
 To understand security technologies, you first need to learn about basic
network concepts, such as basic communication principles, network
components, and common network protocols. With knowledge of these
basic concepts, you can better understand network security threats and
deploy security defense policies.

Objectives
 Upon completion of this course, you will be able to:
 Describe the working principles of TCP/IP protocols.
 Describe the working principles of common protocols.
 Describe possible security threats to common protocols.

Contents
1. TCP/IP Architecture
2. Common Network Protocols

Architecture of a Typical Campus Network
Core layer
Aggregation
layer
Access layer
Egress zone
…

OSI Model
 Objectives
 Design principles
 Advantages

7 Layers of the OSI Model
Provides communications
between applications.
Processes data formats and
encrypts data.
Application layer
Presentation layer
Session layer
Transport layer
Network layer
Data Link layer
Physical layer 1
2
3
4
5
6
7
Establishes, maintains, and
manages sessions.
Establishes E2E connections for
hosts.
Performs addressing and
routing.
Provides media access and
link management.
Transmits bit streams.
APDU
PPDU
SPDU
Segment
Packet
Frame
Bit
Top
three
layers
Bottom
four
layers

Peer Layer Communications
 Each layer uses the services provided by the lower layer to communicate with the
peer layer.
Host A Host B
APDU
PPDU
SPDU
Segment
Packet
Frame
Bit
Application
layer
Presentation
layer
Session layer
Transport
layer
Network layer
Data Link
layer
Physical layer
Application
layer
Presentation
layer
Session layer
Transport
layer
Network layer
Data Link
layer
Physical layer

Mapping Between TCP/IP and OSI
 The TCP/IP protocol stack has a simple hierarchical design and a clear mapping relationship
with the OSI model.
OSI TCP/IP
Physical layer
Data Link layer
Network layer
Transport layer
Session layer
Presentation layer
Application layer
Network access layer
Internet layer
Transport layer
Application layer

Functions of Each Layer of the TCP/IP
Provides network interfaces for
applications.
Establishes E2E connections for
hosts.
Performs addressing and
routing.
Performs physical media
access.
HTTP, Telnet, FTP, TFTP, and DNS
Network
access layer
Internet layer
Transport layer
Application
layer
Ethernet, 802.3, PPP, HDLC, and FR
TCP/UDP
IP
ICMP & IGMP
ARP & RARP

Encapsulation and Decapsulation Processes of
the TCP/IP
User data
App
TCP
IP
Eth
1010101101010100101010001110
Encapsulation Decapsulation
Sender Recipient
IP
User data
User data
User data
App
App
App
TCP
TCP
Network access
layer
Internet layer
Transport
layer
Application
layer
Network access
layer
Internet
layer
Transport
layer
Application
layer

Quintuple
SNMP
FTP
HTTP Telnet SMTP DNS TFTP
TCP UDP
IP packet
Quintuple
80
20/21 23 25 53 69 161
 Source IP address + destination IP address + protocol +
source port + destination port

Contents
 Network Layer Protocols
 Transport Layer Protocols
 Application Layer Protocols

Common Network Protocols
ICMP
OSPF/RIP
NMS NetStream
ARP
SNMP
PC 1 PC 2

Overview of ARP
 Before sending a data packet to Host C, Host A needs to obtain the MAC
address of Host C.
10.0.0.1/24
00-01-02-03-04-AA
10.0.0.3/24
00-01-02-03-04-CC
192.168.1.2/24
00-01-02-03-04-BB
Host A Host C

ARP Request
Host A
192.168.1.2/24
00-01-02-03-04-BB
Host C
Host B
10.0.0.3/24
00-01-02-03-04-CC
10.0.0.1/24
00-01-02-03-04-AA
Source MAC address:
00-01-02-03-04-AA
Destination MAC address:
FF-FF-FF-FF-FF-FF
ARP
Destination IP address: 10.0.0.3
Source IP address: 10.0.0.1
Destination MAC address: 00-00-00-00-00-00
Source MAC address: 00-01-02-03-04-AA
Operation type: Request
ETH_II FCS

ARP Reply (1)
Host A
192.168.1.2/24
00-01-02-03-04-BB
Host C
Host B
10.0.0.3/24
00-01-02-03-04-CC
10.0.0.1/24
00-01-02-03-04-AA
Host C>arp -a
Internet address Physical address Type
10.0.0.1 00-01-02-03-04-AA Dynamic

ARP Reply (2)
Host B
Source MAC address: 00-01-02-03-04-CC
Operation type: Reply
Host A
192.168.1.2/24
00-01-02-03-04-BB
Host C
10.0.0.3/24
00-01-02-03-04-CC
10.0.0.1/24
00-01-02-03-04-AA
Source MAC address:
00-01-02-03-04-CC
00-01-02-03-04-AA
ARP
ETH_II FCS

Gratuitous ARP
 Gratuitous ARP can be used to detect whether IP addresses conflict.
Host A
10.0.0.1/24
00-01-02-03-04-AA
Destination MAC address: 00-00-00-00-00-00
Source MAC address:
00-01-02-03-04-AA
FF-FF-FF-FF-FF-FF
ARP
ETH_II FCS

Introduction to ICMP
 ICMP is used to transmit error, control, and query messages.
Message
Return Message
Host A

ICMP Application: Ping (1)
Router A Router B
192.168.1.1/24 192.168.1.2/24
<Router A>ping ?
STRING<1-255> IP address or hostname of a remote system
-a Select source IP address, the default is the IP address of the
output interface
-c Specify the number of echo requests to be sent, the default is
5
-d Specify the SO_DEBUG option on the socket being used
-f Set Don't Fragment flag in packet (IPv4-only)
-h Specify TTL value for echo requests to be sent, the default is
255
-i Select the interface sending packets
…

ICMP Application: Ping (2)
[Router A]ping 192.168.1.2
PING 192.168.1.2 : 56 data bytes, press CTRL_C to break
Reply from 192.168.1.2 : bytes=56 Sequence=1 ttl=255 time=340 ms
--- 192.168.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/88/340 ms

ICMP Application: Tracert (1)
Host A Host B
Router A Router C
Router B
10.0.0.2/24
20.0.0.2/24
30.0.0.2/24
<Router A>tracert ?
STRING<1-255> IP address or hostname of a remote system
-a Set source IP address, the default is the IP address of the
output interface
-f First time to live, the default is 1
-m Max time to live, the default is 30
-name Display the host name of the router on each hop
-p Destination UDP port number, the default is 33434
-q Number of probe packets, the default is 3
-s Specify the length of the packets to be sent. The default
length is 12 bytes
…

ICMP Application: Tracert (2)
 The Tracert command displays each hop that packets pass through during
network transmission.
<Router A>tracert 30.0.0.2
Tracert to 30.0.0.2(30.0.0.2), max hops:30, packet length:40, press CTRL_C to
break
1 10.0.0.2 130 ms 50 ms 40 ms
2 20.0.0.2 80 ms 60 ms 80 ms
3 30.0.0.2 80 ms 60 ms 70 ms
Host A Host B
Router A Router C
Router B
10.0.0.2/24
20.0.0.2/24
30.0.0.2/24

Routing Protocol Overview
 Routing is the most basic element in a data communications network. It is
the process of selecting paths on a network through which packets are
sent from a source to a destination.
Routing protocols
PC 1 PC 2

Introduction to OSPF
 No loop
 Fast convergence
 Good scalability
 Supporting authentication
Site B
Site A
Site C
OSPF
RTB
RTA
RTC
OSPF
OSPF

Introduction to SNMP
 SNMP is used to transmit management information between the network management
system (NMS) and managed devices.
NMS
SNMP

SNMP Architecture
 SNMP includes the NMS, agent, and MIB.
 An agent is a process performed on the managed devices.
 A MIB is a database that contains variables maintained by managed devices.
Agent
MIB
SNMP
Execute
Notify
Managed device
NMS

Enterprise Network O&M
 Understand the traffic trend of all branches
and identify the devices and branches that
need expansion.
 Analyze the distribution of branch traffic
identify the value points for capacity
expansion.
 Rank changes in branch traffic and allocate
existing network resources accordingly.
HQ
Branch 1
Branch 2
IT engineer: Branch 1 has exhausted its
bandwidth on the XYZ port. We need to
purchase a new device to expand the
network capacity.
Supervisor: Are you sure we need to
expand the capacity? Is the network fully
optimized or is the service application
developing rapidly?
IT engineer: I have detailed network
application development reports for
each branch ...

NTA Concept and Functions
 Basic concept
 The eSight Network Traffic Analyzer (NTA) is a software-only solution. No hardware probe is
required, and no additional investment is needed. The NetFlow, NetStream, and sFlow protocols are
used to collect and analyze common IP packets, provide a customer analysis report, and monitor
network-wide traffic in real time. This is a powerful tool for enterprise O&M management.
 Functions
 The eSight NTA provides a convenient way to monitor and analyze networks. By using the IP
network traffic information provided by network devices that support NetFlow, NetStream, and
sFlow, the eSight NTA analyzes network-wide traffic, provides traffic analysis reports, and displays
traffic analysis results in various charts. This helps users learn about network-wide traffic, including
the traffic distribution, and detect abnormal network traffic.

NetStream Overview
 NetStream is a Huawei-patented technology used to collect and distribute statistics about network
traffic. The NDE sends the obtained statistics to the NSC for further processing, and sends the statistics
to the NDA for analysis. The results of the analysis provide a basis for network accounting and planning.
NDE
NDE
NSC
NSC
NDA
NetStream stream

Contents
 Network Layer Protocols
 Transport Layer Protocols
 Application Layer Protocols

Establishing TCP Connections
 Three-way handshake
Client Server

Disconnecting TCP Connections
 4-way handshake
Client Server

Contents
 Network Layer Protocols
 Transport Layer Protocols
 Application Layer Protocols

Common Application Layer Protocols
FTP server
Mail server
Web server
DNS server
PC

How DNS Works
 Domain name resolution is performed by a dedicated domain name system (DNS). The DNS involves the following
types of servers:
 Root server
 Top-level domain name server
 Recursive server
 Cache server
Client Cache server
I'd like to visit www.huawei.com.
The IP address of www.huawei.com. is
Z.Z.Z.Z.
I don't know
about this. I
have to ask the
experts.
Root server
Top-level domain
name server
Recursive server

What is the IP address corresponding to
www.huawei.com?
The IP address of the .huawei.com DNS
server is Y.Y.Y.Y.


IP:X.X.X.X
IP:Y.Y.Y.Y
Client Cache server
I'd like to visit www.huawei.com again.
The IP address of www.huawei.com. is
Z.Z.Z.Z.
I remember it
this time.
First access
Second access

How FTP Works
 FTP provides an effective way to upload and download files between a server and a client.
 When used to transmit data, FTP establishes a control connection and a data connection between the
server and the client..
User User interface
Process control
Data transmission
process
File system
Process control
Data transmission
process
File system
Client Server
Control connection
Data connection

FTP Transmission Mode (1)
 FTP supports two modes: active mode and passive mode. In active mode, which is used by
default, the client sets up the control connection and the server sets up the data connection.
In passive mode, the client sets up both connections. Users can switch the mode through
commands.
 FTP connection setup in active mode:
Temporary port
Temporary port
Port 21
Port 20
Control connection
Data connection
FTP Client FTP Server

FTP Transmission Mode (2)
 FTP connection setup in passive mode:
Temporary port
Temporary port
Port 21
Temporary port
Control connection
Data connection
FTP Client FTP Server

HTTP/HTTPS: Basic Components of a Web
Application
 The web is built on a client-server architecture and relies on three essential technologies:
 Using Hypertext Markup Language (HTML), used to describe a file
 Using Uniform Resource Locator (URL), used to specify the file location
 Using Hypertext Transfer Protocol (HTTP), used for client-server communication
Server
Client
Access URL:
www.huawei.com
HTTP/HTTPS
HTML file
The URL specifies the server file.
Displays on the client.

How HTTP Works
 HTTP is a stateless protocol that uses a request-response method for communication.
 HTTP has two types of packets:
 Request packet: sent from the client to the server.
 Response packet: returned from the server to the client.
①
②
③
④
⑤
⑥
Hi.
What can I do for you?
I need the XXX file.
GET /http://class/xxxx HTTP/1.1
Do you have a key?
Yes, &……%@ (#
OK. This is the file you want.
HTTP/1.1 200 OK

SMTP, POP3, IMAP: How Mail Is Sent and
Received
 SMTP defines how PCs send mail to an SMTP server and how mail is transferred between SMTP servers.
 Post Office Protocol 3 (POP3) and Internet Mail Access Protocol (IMAP) specify how PCs manage and download mail
on the mail server through client software.
 SMTP and POP3 (or IMAP) are deployed on the mail server by an administrator, and mail client software (such as
Microsoft Outlook or Foxmail) is installed on a user's PC.

Quiz
1. Which of the following is not in the TCP/IP model?
A. Data link layer
B. Transport layer
C. Session layer
D. Application layer
2. Which of the following packets is the first packet of the TCP three-way
handshake?
A. SYN+ACK
B. SYN
C. ACK
D. FIN

Summary
 TCP/IP Architecture
 Common Network Protocols

Thank You
www.huawei.com

103 Basic network concepts

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to 103 Basic network concepts

Similar to 103 Basic network concepts (20)

More from SsendiSamuel

More from SsendiSamuel (10)

Recently uploaded

Recently uploaded (20)

103 Basic network concepts