This course describes the basic networking elements and how they are used in practice. The course covers:
The evolution and principles of networking;
The basic notions used in this domain;
Types of equipment;
Description and general information of basic networking protocols.
The practical examples provide configuration commands, packet captures and a real feel of how to build a simple network
The course attendees will be encouraged to show their understanding by answering questions and debating the issues and solutions that they might have encountered when working with networks.
A healthy diet for your Java application Devoxx France.pdf
Basic networking course
1. 11
Click to edit the outline text format
− Second Outline Level
Third Outline Level
− Fourth Outline Level
Fifth Outline Level
Sixth Outline Level
Seventh Outline LevelClick to edit Master text styles
Basic Networking
Course
Cristina Pauna
2012
2. 2
Agenda
History of telecommunications
Basic telecommunication notions
OSI and TCP/IP models
MAC & VLAN Particularities
STP
ARP, RARP, InARP
ICMP
DHCP
Routing Table
Host Table
DNS
VRRP
IP Multicast & Anycast
3. 3
History of telecommunications
What was the first telecom system?
What was the first network?
How did the Internet appeared?
What is a RFC?
What does Ethernet mean?
4. 4
Basic telecommunication notions
What do datagram, encapsulation, fragmentation and
multiplexing mean?
What is the difference between port, protocol and
socket?
What is the difference between a host, hub, switch and
router?
What does a default gateway do?
What is the difference between LAN and VLAN
5. 5
OSI Model
Open System Interconnect reference model is a basic
architectural model that provides a common reference for
discussing communications
6. 6
TCP/IP Model
The layers of this model are not as rigidly defined as those from
OSI model
Each layer in the stack adds control information to ensure
properly delivery, called header
7. 7
TCP/IP Model
When encapsulating the information from the upper layer, the
previous header becomes data for the current layer
8. 8
Internet Protocol
It's a connectionless protocol
It relies on other layers to provide error detection and error
recovery for the data - only header checksum is done
It routes datagrams to remote hosts
It performs fragmentation an re-assembly of datagrams
10. 10
MAC & VLAN particularities
The MAC address is an unique identifier of network
interfaces used to communicate at physical level
If the multicast bit is set, the packet is sent to all nodes
in the subnet
The broadcast MAC address ff:ff:ff:ff:ff:ff is a reserved
L2 multicast address
11. 11
MAC & VLAN particularities
The Ethernet header has different formats, depending
on standard
Below is illustrated the Ethernet II frame containing the
destination and source MAC address and the type of
protocol
12. 12
MAC & VLAN particularities
A VLAN can include one or more ports
The IP assigned to a VLAN is not associated with any
particular physical port; the IP can be reached through
any of the VLAN ports
The mapping between a port and its mac is contained
in the MAC address table
13. 13
MAC & VLAN particularities
When a frame is received for a unknown MAC destination
address, the frame is flooded to the same VLAN except
for the ingress port
When the destination station replies, the relevant MAC
source address and ID are added to the table
The next time a frame is sent to that destination, it is
directly sent to the correspondent port
MACs usually have an aging time after which are
removed from the table, if they are unused for that
amount of time
14. 14
MAC & VLAN particularities
A physical port can belong to multiple VLANs
To differentiate to which VLAN a packet is destined,
an encapsulation dot1q is added to the packet at
source
This process is called VLAN tagging and it offers the
possibility to create different broadcast domains for
the same host.
15. 15
Spanning Tree Protocol
STP is useful to prevent broadcast storms
If there's a loop in the network and a broadcast packet is
sent, it will be replicated and multiplied infinitely
throughout the network
STP detects and eliminates logical loops in a bridged or
switched VLAN
When such a loop is detected some ports are shut down,
to stop receiving any potential flooding traffic
17. 17
Spanning Tree Protocol
It controls path redundancy by enabling only the most
efficient path
The collection of ports in one spanning tree instance is
called a group (STG) and each group is independent
Untagged ports can belong only to one STG while tagged
ports can belong to more than one STG
STP nodes communicate with each other using BPDU
(Bridge Protocol Data Unit) messages to gather
information about MAC, IP, priority, cost, etc
18. 18
ARP
The ARP table maps the IP address to the physical
network address (MAC)
On a host it can be displayed with the command arp -n
19. 19
ARP
On a router there's a distinctions between the MAC
addresses of the local interfaces and the MAC addresses
of remote interfaces
20. 20
ARP
The table is built dynamically through the following
process below
22. 22
ARP
Gratuitous ARP
– Is either a request that needs no reply, either a reply to
which no request was made
– Is useful to detect IP conflicts and to update other
machines' ARP table
– is usually sent when the interface comes up
23. 23
RARP
RARP is used by hosts (diskless workstations) to
dynamically find their IP when they only know their MAC
A server on the network has the mapping between IPs and
MACs and it replies to RARP requests if the mapping is
found in its database
On Linux, the mapping is held in file /etc/ethers
It uses the same packet format as ARP but with different
option codes: 3 (request reverse) and 4 (reply reverse)
The request is broadcasted and the reply unicasted
It is obsoleted by BootP and DHCP
24. 24
InARP
InARP is used to determine the IP of another node from its
MAC
The request (as well as the reply) is unicasted because
the MAC of the destination is known
A host that receives an InArp request assumes it is
destined for itself and it replies to the originator of the
request
InArp uses the same packet format as ARP but with option
codes 8 (Request) and 9 (Reply)
It is used in Frame Relay and ATM networks
25. 25
ICMP
It is part of IP protocol and it sends messages that perform
control, error reporting and informational functions for
TCP/IP
ICMP errors are directed to the source IP address of the
originating packet
ICMP messages are usually processed as a special case,
distinguished from normal IP processing, rather than
processed as a normal sub-protocol of IP
It operates based on a type and code in order to identify
the problem reported
26. 26
ICMP
Flow control: if datagrams come too fast to be processes
the destination host or an intermediate gateway sends an
ICMP Source Quench message back to the sender
Detecting unreachable destinations: when a destination is
unreachable, the system detecting the problem sends a
Destination Unreachable message to the datagram's
source
27. 27
ICMP
Checking remote hosts: an Echo Request is used to see if
a remote system's Internet Protocol is up and operational;
an Echo Reply is sent back by the receiving host
28. 28
ICMP
Redirecting routes: a gateway sends a Redirect Message
to tell a host to use another gateway, presumably because
is a better choice
This message can be used only when the source host is
on the same network as both gateways
Other types of control packets check time to live,
timestamp, IP header, etc
29. 29
The IP Address
An IP Address has a network part and a host part
The class is given by the first octets in the IP: the first
three classes A, B and C are used for addressing while
the last two classes D and E are reserved for multicast
and experimental purposes
30. 30
The IP Address
The standard structure of an IP address can be locally
modified by using host address bits as additional network
bits
This creates additional networks and reduces the number
of hosts
These newly designed network bits define a network
within a larger network and it is called a subnet
The number of bits used for defining the network are
called a subnet mask (ex: 10.1.1.1/24 means that 24 bits
are used for network and 8 are used for hosts
31. 31
The IP Address
An address with all host bits set to 0 is used to refer to the
whole subnet
An address that has all the host bits set to 1 is called a
broadcast address
A packet sent to a broadcast address will be sent to all the
nodes in the subnet
32. 32
DHCP
DHCP is used to assign an IP address to a host and to
configure various parameters
It is based on a client-server model
In order to have one server that responds to multiple
subnets, a relay agent can be configured on each subnet
33. 33
DHCP
An IP can be allocated through DHCP using three different
mechanisms:
– automatic allocation: assigns a permanent IP
– dynamic allocation: assigns an IP for a limited period
of time
– manual allocation: assigns an IP to a specific host
Binding refers to the collection of configuration
parameters which has to include at least an IP address
Lease refers to the amount of time for which a client can
use the assigned IP
35. 35
DHCP
A DHCP Client:
When it is initialized it sends a broadcast message to
discover the servers in the network
It waits for offers for some time and then chooses one that
suits it best
It broadcasts a request for the chosen address
After the acknowledgement is received it configures the IP
and sets the timers depending on the lease received
Before the lease expires it tries to extend its lease by
sending a renew message to the server which gave the
address
If the server fails to respond, it will broadcast a rebind
message, trying to reach any server
37. 37
DHCP
A DHCP Server:
Processes incoming DHCP messages from a client based
on the current state of the binding for that client
Does not have to reply to all request
Does not have to assign the address requested by a client
and it may choose to not allocate an address to a client
even if it has available addresses
Does not have to assign the client's address from the
same subnet as the relay if 'giaddr' is present
39. 39
DHCP
A relay agent receives a DHCP messages as a final destination
and then generate new messages as a result rather than simply
forwarding it
In case of the relay running on a router, it will accept packets
from network 0
A relay should be configurable and must be disabled by default
Servers to which the packets are relayed are configurable, as
well as the way of transmitting the packet (unicast or broadcast)
42. 42
Routing Table
Network devices make routing decisions based on the
local routing table which can be built by the system
administrator (static routes) or by routing protocols (RIP,
BGP, OSPF)
All the gateways that appear in a routing table are on
networks directly linked to the local system
A routing table does not contain end-to-end routes, it only
shows the next hop to a destination
In linux commands route -n or netstat -nr will display the
routing table
43. 43
Routing Table
For most hosts the routing decisions are:
– If the destination is on the local network, send the data
directly to it
– If the destination is on a remote network and a route to that
network exists, send it to the specified gateway
– If the destination is on a remote network and the routing
table has no entry, send it to the default gateway
44. 44
Routing Table
A router can cave multiple routes to the same destination,
that come from different sources
If there are more routes to the same destination, learned
by different protocols, they are more or less preferred
depending on the Administrative Distance
45. 45
Routing Table
To route a packet to the next-hop the following process is
followed:
– Search the destination IP in RTM
– If a route is not found, drop the packet
– If a route is found, retrieve the MAC of the next-hop
– If the MAC of next-hop is not in ARP, send ARP
request to resolve the address
– When the MAC of the next-hop is available, put the
MAC in the destination field at L2 and send the packet
to the correspondent physical port
48. 48
Routing Table
A destination can have multiple next-hops within the same
routing protocol thus creating multiple routes to the same
destination through a single protocol
The metric of a route refers to the value used by a routing
protocol to determine if a route is better than another
The best path goes into FIB (Forwarding Information
Base)
To filter the routes that go into the routing table, Route
policies can be defined to both remove or add routes to
the RTM
49. 49
Routing Table
An Autonomous System (AS) is a network or a group of
networks controlled by one or more administrators on
behalf of a single administrative entity
An AS has a clearly defined routing policy and it is
identified by an unique number (ASN)
An AS can be a university, a business enterprise or a
Internet provider
A routing policy refers to several rules that control the
routing behavior within the AS
50. 50
Routing Table
The dynamic protocols that are populating the routing
table are divided in four categories:
Distance vector:
– RIP: it determines the best route based on number of
hops to destination
– IGRP: it and supports multiple metric for each route,
like bandwidth, delay, load, MTU and reliability
Path vector:
– BGP: it makes routing decisions based on path,
network policies and/or rule-sets and it is used for
communication between Autonomous Systems
51. 51
Routing Table
Link-state:
– OSPF: constructs a topology map of the network
containing link-state information; the routing decision is
based on the destination IP in the packet
– IS-IS: it is similar to OSPF, but the routing decisions
are made at L2
Hybrid:
– EIGRP: it is based on IGRP but uses some non
distance-vector techniques to compute the best routes
such as discover adjacent routers using hello packets
52. 52
Host Table
It associates an IP address with host names
More than one name (aliases) can be defined for the same
IP
The host table is mainly used on systems that don't run
DNS
Even if DNS is used, a host table should be kept with the
localhost and essential gateways and servers in the
network, as a backup
By default, the host table is used first: if the needed IP is
found in the host table, then there is no need for a DNS
query
On UNIX systems the host table is kept in /etc/hosts
53. 53
DNS
Names are assigned to devices because they are easier
to remember and type correctly, compared to IP
addresses
DNS associates a domain name with the IP of networking
devices connected to the Internet
A DNS query can either a recursive or a non-recursive
query; DNS servers are not required to support recursive
queries
DNS is based on the notions of Local Server, Remote
Server and Authoritative Server
54. 54
DNS
An authoritative server is any server that is responsible for
maintaining accurate information about a domain
A server that is not authoritative caches the answers
received and can reply itself the next time a query is made
to the cached name
55. 55
DNS
In a recursive search the remote server follows the
pointers itself and returns a final answer to the local server
In a non-recursive query the remote server tells the local
server who to ask next; the local server must follow the
pointers itself
56. 56
DNS
At the top DNS has a root domain that is served by a
group of name servers called root servers
A new subdomain becomes available when pointers to the
servers for the new domain are placed in the domain
above
57. 57
DNS
The notions domain and subdomain are relative to its
position in the tree
Usually a default domain is defined for its subdomains
A zone contains all domain names from a certain point
downward in the domain tree except those which are
delegated to other zones
A zone can map exactly to a single domain, but could also
include only part of a domain, the rest of which could be
delegated to other name servers
60. 60
VRRP
VRRP specifies an election protocol that dynamically
assigns responsibility for a virtual router to one of the
VRRP routers on a LAN
The VRRP router controlling the address associated with a
virtual router is called the Master, and forwards packets
sent to this address
The election process provides dynamic fail over in the
forwarding responsibility should the Master become
unavailable
The advantage gained from using VRRP is a higher
availability default path without requiring configuration of
dynamic routing or router discovery protocols on every
end-host
61. 61
VRRP
The master sends VRRP Advertisements to notify the
backups that it is still up, and the configuration it has
62. 62
VRRP
Each router has a priority assigned from 1 to 255; the
VRRP router with the highest priority is elected master
VRRP is Address Owner if the router has the IP of the
physical interface; an address owner will always have
priority of 255
If the VRRP routers have the same priority, the one with
the biggest physical IP address is elected master
The backup VRRP does not forward packets; it only waits
in standby for VRRP advertisements
If the backup does not receive any advertisement in a
configurable amount of time, then it takes ownership and
becomes master
66. 66
IP Multicast
IP multicast transmits messages to multiple recipients at
the same time
Instead of sending individual packets to each destination, a
single packet is sent to a multicast group, which then
multiplies the packet and sends it to many receivers
It is similar to broadcasting in a subnet, except that
multicasting transmits to specific groups and broadcasting
transmits to all receivers on a network
It saves a considerable amount of bandwidth because it
transmits only one stream of data to the network
68. 68
IP Multicast
Protocols that are implemented for multicast are:
Internet Group Management Protocol (IGMP) – learns the
existence of host group members on directly attached
subnets
Protocol Independent Multicast (PIM) – provides one-to-
many and many-to-many distribution of data over a LAN,
WAN or the Internet
Distance Vector Multicast Routing Protocol (DVMRP) –
facilitates the transportation of IP Multicast packets among
networks; it generates a routing table with the multicast
group of which it knows the correspondent distances
69. 69
IP Multicast
The collection of receivers of multicast datagrams is called
a host group
Each host group uses a unique multicast address. To
reach all members of the group, a sender uses the
multicast address as the destination address of the
datagram
Receivers who are interested in receiving the data can
program their computers to listen for data that has these
addresses by joining to a group
70. 70
IP Multicast
An IP version 4 multicast address is a Class D address
(the high-order bits are 1110) from 224.0.0.0 to
239.255.255.255
Some multicast addresses are reserved for particular
purposes (well-known multicast addresses) such as
224.0.0.5 – all OSPF routers
Multicast routers do not forward datagrams with addresses
in range 224.0.0.1 to 224.0.0.255 because the time-to-live
(TTL) value for the packet is usually 1
71. 71
IP Multicast
The IP multicast MAC address prefix is always 01:00:5e,
which identifies the frame as a multicast frame, and the
next bit is always 0
The next 23 bits are populated with the 23 least significant
bits of the IPv4 multicast address
This means that 32 different addresses can be mapped to
the same MAC (Ex. 224.8.8.5 and 229.136.8.5 both have
the multicast MAC 01:00:05:08:08:05)
If two multicast streams share the same MAC in the
network, the filtering is done by the higher-level protocols
72. 72
Anycast
With anycast a datagram from a single sender is routed to
the topologically nearest node in a group of potential
receivers all identified by the same destination address
It is a one-to-one-of-many association
To distribute a service using anycast, the service is first
associated with an IP address called Service Address
The reachability to that address is advertised in a routing
system from multiple, independent service nodes
75. 75
Annex A - Answers to questions in this
presentation
1. What was he first telecom system?
R: Smoke and drum signals used since ancient times
2. What was the first network?
R: ARPANET was built in the 60's and initially had four nodes
connected. The first letters transmitted in 1969 were “lo” from “login”
from Los Angeles to Stanford. By 1981 ARPANET had 213 nodes and
it was formally closed in 1990
3. How did the Internet appeared?
R: ARPANET was split in two in 1983 and the term “Internet” was used
to refer to both networks.
4. What is a RFC?
R: A Request For Comments is a document published by IETF in which
are described methods and behaviors applicable to the working of the
Internet. The first RFC described
76. 76
Annex A - Answers to questions in this
presentation
5. What does Ethernet mean?
R: Ethernet is a family of network technologies for LAN that provides
services up to and including the data link layer as per the OSI model.
MAC addressing is one of the most known features of Ethernet.
6. What do datagram, encapsulation, fragmentation and
multiplexing mean?
R: A datagram is the packet format defined by Internet Protocol.
Encapsulation refers to the addition of delivery information (headers)
at each layer to the data received from the layer above. If a datagram is
too large to be processed by a device (exceeds MTU), the source of
the packet divides it into smaller fragments for transmission; this
process is called fragmentation. Multiplexing refers to delivering the
data to the correct software module within a host by using protocol and
port numbers.
77. 77
Annex A - Answers to questions in this
presentation
7. What is the difference between port, protocol and socket?
R: The notion port can refer to both a physical I/O entry (Ex: port 5/1)
or to an u nique number within a transport layer protocol that
identifies an application (Ex: DHCP uses ports 67 and 68). On Unix
systems port numbers for applications are defined in /etc/services file.
A protocol is a number used by Internet Protocol to identify transport
protocols such as ICMP (1), TCP(6) or UDP (17). The protocol
numbers can be seen in /etc/protocols file.
A socket is a combination of an IP address and a port number which
uniquely identifies a single network process within the entire Internet. A
pair of sockets – one for the sending and one for the receiving host –
defines the connection for connection-oriented protocols such as TCP
(Ex. 172.20.10.170.23 - telnet connection; 172.20.10.170.2233 –
dynamically assigned port number).
78. 78
Annex A - Answers to questions in this
presentation
8. What is the difference between a host, hub, switch and router?
R: A host is a computer connected to a network that can offer
information, services and and applications to users or other nodes on
the network.
A hub is a L1 device that floods an incoming packet to all ports except
the ingress port.
A switch bridges traffic within a subnet; it sends packets only to the
destination identified by the MAC address specified in the Ethernet
header. This is a L2 device
A router forwards traffic between networks using the IP address to
decide the destination thus being a L3 device.
9. What is a default gateway?
A gateway is router that serves as an access point to another network.
A host sends a packet to the default gateway when it does not have the
IP address of the destination in its routing table.
79. 79
Annex A - Answers to questions in this
presentation
10. What is the difference between LAN and VLAN
R: One of the main difference between the two is that a LAN is limited to
the physical location of the nodes in the network, while the VLAN can
have members in different physical locations and still be in the same
subnet. Also, by configuring more VLANs on a switch you can use one
physical device to act as more devices.
80. 80
Annex B – Details about DHCP
In init state the client broadcasts a DHCPDISCOVER message
on the local physical subnet
In selecting state the client waits for offers
In requesting state the client chose an offer and requests the
chosen IP
In bound state the client has an IP assigned and participates to
traffic
In renewing state the client tries to extend its lease from the
server who originally gave the IP
In rebinding state the client tries to extend its lease from any
server
In rebooting/ init-reboot state the client directly requests the IP
it was previously assigned
82. 82
Annex B – Details about DHCP
Example of tool: ISC dhclient
In order to keep track of leases across system reboots and
server restarts, dhclient keeps a list of leases it has been
assigned in the dhclient.leases file
On startup, after reading the dhclient.conf file, dhclient reads the
dhclient.leases file to refresh its memory about what leases it
has been assigned
When a new lease is acquired, it is appended to the end of the
dhclient.leases file
When all attempts to contact a DHCP server have failed, dhclient
will try to validate the static lease, and if it succeeds, will use that
lease until it is restarted
83. 83
Annex B – Details about DHCP
When receiving a discover message the server follows the
logic below
84. 84
Annex B – Details about DHCP
When receiving a request, the server either confirms the
binding with an ACK or retrieves it offer with an NAK
85. 85
Annex B – Details about DHCP
Example of tool: ISC dhcpd
On startup, dhcpd reads the dhcpd.conf file and stores a list of
available addresses on each subnet in memory
In order to keep track of leases across system reboots and
server restarts, dhcpd keeps a list of leases it has assigned in
the dhcpd.leases file
Whenever changes are made to the dhcpd.conf file, dhcpd must
be restarted
The names of the network interfaces on which dhcpd should
listen for broadcasts may be specified on the command line.
If no interface names are specified on the command line dhcpd
will identify all network interfaces which are up, eliminating non-
broadcast interfaces if possible, and listen for DHCP broadcasts
on each interface.
86. 86
Annex C – Details about DNS
BIND (Berkeley Internet Name Domain) is the most used
implementation of DNS on UNIX systems
It is divided in two components: a resolver (who asks
questions) and a name server (which responds to queries)
Traditionally, the resolver was a library of software
routines that was linked to any program that needed to
look up addresses
With BIND9 which resolves IPv6 addresses as well as
IPv4, a daemon resolver runs on the local host in
combination with a lightweight resolver library
87. 87
Annex C – Details about DNS
On older versions of BIND, the resolver routines are called
by the network process; BIND9 has a resolver daemon
that can be started with the command lwresd
A computer that does not run a local name server process
is called a resolver-only system; it relies only on other
systems for all name service answers
88. 88
Annex C – Details about DNS
Name servers fall in tree categories:
Primary:
– contains all data about a domain, being an authoritative
server
– the data is entered by the domain a build their
administrator
Secondary:
– transfers the entire domain database from the primary
server thus being an authoritative server
Cashing-only:
– the domain database is built only by caching the answers
from other name-servers thus being a non-authoritative
server
89. 89
Annex C – Details about DNS
The BIND server has several configuration files:
– named.boot: sets general parameters and points to the
sources of domain database information as primary
and secondary servers
– named.ca: points to the root domain servers
– named.local: used to locally resolve the loopback
address
– named.hosts: the zone file that maps host names to IP
addresses
– named.rev: the zone file for the reverse domain that
maps IP addresses to host names