CCENT Notes Part-1

CCENT Notes

Part 1 – Networking Fundamentals

Ref : CCENT/CCNA ICND1 Official Exam Certification Guide, Second Editionby Wendell Odom

It is highly recommended that you read at least once the above study guide to make full use of this notes, it is expected that there may he minor errors in this notes, please always refer the study guide for accurate information.

(Jojo Jacob - CCENT)

TABLE OF CONTENTS

Chapter 2 - The TCP/IP and OSI Networking Models ........................................................ 3 Chapter 3 - Fundamentals of LANs ..................................................................................... 8 Chapter 4 - Fundamentals of WAN’s ................................................................................ 20 Chapter 5 - Fundamentals of IP Addressing and Routing ................................................. 29 Chapter 6 - Fundamentals of TCP/IP Transport, Applications and Security ..................... 41

2

Chapter 2 - The TCP/IP and OSI Networking Models

TCP/IP : Transmission Control Protocol/Internet ProtocolOSI : Open System Interconnection

RFC – Request for Comments

TCP/IP Architecture Layers

Application : HTTP, POP3, SMTPTransport : TCP, UDPInternet : IPNetwork Access : Ethernet, Frame Relay, PPP (WAN)

Application Layer : Provides interface between application software and the network, Provides network services to the applications.

Transport Layer : (TCP/UDP) Guarantees the delivery of data across the network. TCP uses the mechanism of acknowledgements to guaranty the transmission of data across the network.

Transport Layer header and its encapsulated data is called a SEGMENT

Internet Layer : (IP) defines the IP Addressing and Routing.(the process of how a router should forward or route data packets)

Internet Layer header and its encapsulated data, which includes Transport Layer, Application Layer header and any data is called IP Packet.

Network Access Layer : defines the protocols and hardwares required to deliver data across some physical network.

Internet Layer (IP) uses the service of the Network Access Layer (Ethernet) to deliver IP Packets over a physical network.

Network Access Layer’s encapsulated data are called FRAMES which includes network access layer (Ethernet, PPP) header, trailer and their encapsulated data.

IP uses network access layer protocols (Ethernet. PPP) to deliver packets to next router or host, in which IP packets will be encapsulated between Ethernet or PPP header and trailer for transmission over the physical medium as frames.

3

Ethernet header and trailer may be striped and IP Packet may be encapsulated with PPP header and trailer during transmission depending on the network access protocol between the routers in the network.

Same layer Interaction (different computers) : When a particular layer in one computer wants to communicate with the same layer in another computer, and this is done using headers which are transmitted between the computers.

Adjacent Layer Interaction (same computer) : In a single computer one layer provides services to a higher layer. The software or hardware that implements the higher layer requests the lower layer to perform the task needed.

Five Step Process of TCP/IP host sending data in a network.

Step 1 : application data with application layer header. http ok message returned in a http header followed by content of the web page.

Step 2 : encapsulate application layer data in a transport layer (tcp/udp) header

Step 3 : encapsulate the transport layer data in a internet (IP) layer header

Step 4 : encapsulate the data supplied by the internet layer into network access layer header and trailer.

Step 5 : transmit the bits, physical layer encodes the signal onto a medium to transmit the frames

Encapsulation : is the process of adding headers and trailers around data supplied by a higher level in the network model.

Decapsulation : is the process of stripping (removing) the header and trailer from an encapsulated data.

Networking Model defines a set of network layers and how they interact each other, two most important networking models are TCP/IP and OSI.

4

OSI Reference Model

OSI Layers TCP/IPApplication

ApplicationLayer 7

Presentation Layer 6Session Layer 5Transport Transport Layer 4Network Internet Layer 3Datalink

Network AccessLayer 2

Physical Layer 1

All People Seem to Need Data Processing (Layer 7 – Layer 1)

Layer 7 – Layer 5 focuses on applicationLayer 4 – Layer 1 focuses on end to end delivery of the data over the network

Application Layer : Interfaces between application software and network also includes authentication services.

Presentation Layer : Defines format and organization of data and includes encryption

Session Layer : Establishes and maintains end-to-end bi-directional flow between end points. Includes managing transaction flows.

Transport Layer : Provides a variety of services between two hosts, connection establishment and termination, flow control, error recovery, and segmentation of large block of data into smaller parts for transmission.

Network Layer : logical addressing, routing (forwarding) and path determination.

Datalink Layer : format the data into frames for transmission onto physical medium, defines the rule for, when the data can be send, defines the means by which to determine transmission errors (FCS : Frame Check Sequence).

Physical Layer : refers to standards for physical characteristics of the transmission medium, including connectors, pins, use of pins, electrical currents, encoding, light modulation, and rules for how to activate and deactivate the use of physical medium.

5

Layer Name Protocols and Specification DevicesApplication, Presentation, Session (Layer 7 – 5)

Telent, HTTP, FTP, SMTP, POP3, VoIP, SNMP

Firewall, Intrusion detection systems.

Transport (Layer 4) TCP, UDPNetwork (Layer 3) IP RoutersDataLink (Layer 2) Ethernet (IEEE 802.3),

HDLC, Frame Relay, PPPLan Switches, wireless access points, cable modem, dsl modem

Physical (Layer 1) RJ-45, EIA/TIA -232, V.35, Ethernet (IEEE 802.3)

Lan Hub, repeater

Benefits of Layered Protocol Specifications

Less Complex : Layered protocol network model breaks the functions and tasks of the networking into smaller chunks

Standard Interfaces : standard interfaces definition between the layers enables multiple vendors to develop products on specific layers

Easier to develop : reduced complexity mean easier program changes and faster product development

Easier to learn : easier to learn more details of a protocol specification

Multi-vendor interoperability : creating products meeting same networking standards means, computers and network gears from different vendors can work together

Modular engineering : vendors can concentrate on developing modular products in specific layers

A software or a hardware device in a layer does not have to worry, or can assume that the software and hardware devices in other layers will perform functions defined for that layer.

6

OSI EncapsulationOSI model uses PDU – Protocol Data Unit to refer to its encapsulated data in each layers.

L7PDU : Application(L7)H + Data L6PDU : Presentation(L6)H + Data L5PDU : Session(L5)H + Data L4PDU : Transport(L4)H + Data L3PDU : Network(L3)H + Data L2PDU : Data Link(L2)H + Data + L2T

L2PDU is transmitted into the physical link.

Please go to ……Do I know this Already –QUIZ. – Chapter 2. :- Page 18.

7

Chapter 3 - Fundamentals of LANs

Ethernet – refers to standards that define physical and data link layer for LAN.Variables for Ethernet Standards are : Speed, type of cable, length of cable etc.

IEEE – Institute of Electrical and Electronics Engineers

IEEE seperates the Ethernet Data link layer functions into two sub layers:802.3 Media Access Control (MAC) sublayer (Lower layer)802.2 Logical Link Control (LLC) sublayer (Higher Layer)

Common Name Speed Alternate Name IEEE Standard

Cable type, Maximum Length

Ethernet 10 Mbps 10BASE-T IEEE 802.3 Copper, 100 mFast Ethernet 100 Mbps 100BASE-TX IEEE 802.3u Copper, 100 mGigabit Ethernet 1000 Mbps 1000BASE-SX

1000BASE-LXIEEE 802.3z Fibre, 500 m (SX)

5 km (LX)Gigabit Ethernet 1000 Mbps 1000BASE-T IEEE 802.3ab Copper, 100 m

Alternate Name always list speed in MbpsT – in the alternate name means twisted pair (UTP)

Functions of LAN : File sharing, Printer sharing, File transfer and gaming

10BASE2 and 10BASE5 – early Ethernets, consisted of series of co-axial cables connecting computer and their NIC. Sending computer sends electrical signals through the bus (collection of cables forming electrical circuit).

CSMA/CD – Carries Sense Multiple Access with Collision Detection , ensures that only one devices sends traffic in Ethernet at one time. Avoids collision and takes action when collision occurs. Algorithm:-

A device that wants to send a frame waits until LAN is silent, ie no frame is currently being send, before attempting to send an electrical signal

If a collision still occurs, the devices that caused the collision wait a random amount of time and try again

CSMA/CD : Carrier Sense Multiple Access with Collision detection, a device access mechanism in which devices ready to transmit data first check the channel for a carrier. If no carrier is sensed for a specific period of time, a device can transmit. If two devices

8

transmit at once, a collision occurs and is detected by all colliding devices. This collision subsequently delays re-transmission from those devices for a random length of time.

10BASE2 – maximum cable length 185m10BASE5 – maximum cable length 500 m

Attenuation :- weakening of electrical signals as it traverse farther through a cable

Repeaters – connects multiple cable segments, receive electrical signal on one cable, interpret the bits as 1s and 0s and generates brand new, clean, strong electrical signal out the other cable. But does not interpret the meaning of the electrical signal (bits) and is a Layer 1 device.

Repeater does not simply amplify the signal, because amplifying the signal might also amplify any noise picked up along the way, but it re-generates brand new electrical signals.

Ethernet Hubs : hubs are essentially repeaters but with multiple physical ports, it re-generates the electrical signals that comes in one port and sends to every other ports and creates an electrical bus.

• Origianl Ethernet LANs created an electrical bus to which devices were connected• 10BASE5 and 10BASE2 repeaters extended the length of the LAN by cleaning up the

electrical signals and repeating it – a layer 1 function – without interpreting the meaning of the signals.

• Hubs are repeaters that provide a centralised connection point for the UTP, cabling, but still creates a single electrical bus shared by various devices, just like 10BASE2 and 10BASE5.

• Because collision could occur in any of these cases, Ethernet defines CSMA/CD algorithm, which tells devices how to avoid collision and also action to take when it occurs.

Ethernet UTP Cabling

10BASE-T (Ethernet) , 100BASE-T (fast Ethernet – FE) , 1000BASE-T (gigabit ether net – GE) use UTP (unshielded twisted pair) cabling

UTP cables – two pairs or four pairs of wires. RJ-45 connectors – connect to end points of utp cables and has pins (8) to which each of the coloured wires are connected to. RJ-45 connectors are inserted into RJ-45 ports in computers of switches.

RJ11 – commonly used for telephone cables in North America

9

RJ11 is a physical interface often used for terminating telephone wires. It is probably the most familiar of the registered jacks, being used for single line POTS telephone jacks in most homes across the world.

RJ14 is similar, but for two lines, and RJ25 is for three lines. RJ61 is a similar registered jack for four lines. The telephone line cord and its plug are more often a true RJ11 with only two conductors.

Phone generates analog signals at the rate of 0 – 4000 Hz, and the DSL modem uses frequencies higher than 4000 Hz, so that the phone and the DSL signals interfere very much, still need to use a filter.

The DSLAM directs (multiplexes) the analog voice signals – frequency range between 0 Hz and 4000 Hz, to a voice switch.

Two views of an RJ25 6P6C crimp-on style connector. .

RJ11 is a physical interface often used for terminating telephone wires. It is probably the most familiar of the registered jacks, being used for single line POTS telephone jacks in

10

http://en.wikipedia.org/wiki/Plain_old_telephone_service

http://en.wikipedia.org/wiki/Registered_jack

http://en.wikipedia.org/wiki/Telephone

http://en.wikipedia.org/wiki/Physical_interface

http://en.wikipedia.org/wiki/RJ61

http://en.wikipedia.org/wiki/Plain_old_telephone_service

http://en.wikipedia.org/wiki/Registered_jack

http://en.wikipedia.org/wiki/Telephone

http://en.wikipedia.org/wiki/Physical_interface

http://en.wikipedia.org/wiki/File:Rj11_connector.jpg

BS6312 431A plug; colloquially, a British Telecom plug. Used in NZ.

Cisco switches uses GBIC (gigabit interface converter) or Small form Pluggables (SFP) so that switch can use a variety of cable connectors, type of cabling and support different cable lengths.

Cisco switches can easily alternate between 1000BASE-T GBIC and 1000BASE-LX interface cards depending on the situations, like if the cabling need to cover a longer distance.

Twisted pair copper wire cancels out the magnetic field when transmitting electricity. By twisting together wires in the same pair, with the current running in opposite direction on each wire, the magnetic field created by one wire mostly cancels out the magnetic field created by the other wire.

Networking devices create an electric circuit using twisted wire pair and vary the signals as defined by the encoding scheme, to send bits over wire pair.

Encoding scheme defines how the electrical signal should vary, over time, to mean either a binary 0 or 1. Twisted Pair : Transmission medium consisting of two insulated wires, with wires twisted around each other in spiral. An electrical circuit flows over the wire pair, with the current in opposite direction on each wire, which significantly reduces the interfenece between two wires.

UTP Cabling Pinouts for 10BAST-T and 100BAST-TX

Telecommuncations Industry Association (TIA) and Electronics Industry Alliance (EIA) defines the standards for UTP cabling, colour coding for wires and standard pinouts on the cable.

Two EIA/TIA pinout standards are T568A and T568B.

T568A pinout standard

11

http://en.wikipedia.org/wiki/File:British_Telephone_connector.jpg

RJ-45 pair 3 3 2 1 1 2 4 4 pins 1 2 3 4 5 6 7 8

Pinouts1- G/W2- Green3- O/W4- Blue5- B/W6- Orange7- Brown/W8- Brown

Pair 1 Pair 2 Pair 3 Pair 4Blue/Blue W Orange W/ Orange Green W/Green Brown W / Brown

T568B pinout standardRJ-45 pair 2 2 3 1 1 3 4 4 pins 1 2 3 4 5 6 7 8

Pinouts1- O/W2- Orange3- G/W4- Blue5- B/W6- Green7- Brown/W8- Brown

Pair 1 Pair 2 Pair 3 Pair 4Blue/Blue W O W/Orange Green W/Green Brown W / Brown

Pinout : Documentation and Implementation of which wires inside a cable connect to each pin positions in side any connector

UTP cable requires two pairs of wire for 10BASE-T and 100BASE-TX and four pairs of wire for 1000BASE-T.

12

Ethernet NIC send data using the wire pair connected to Pins 1 and 2. (pair 3, T568A standard)

Ethernet NIC receives data using the wire pair connected to Pins 3 and 6. (pair 2, T568A standard)

Hubs and switches send data using the wire pair connected to Pins 3 and 6. (pair 2, T568A standard)

Hubs and switches receives data using the wire pair connected to Pins 1 and 2. (pair 3, T568 standard

Straight Through Cable : connects two devices (NIC and switch) which uses opposite pinout pairs to transmit and receive data.

Straight through cable connects wire at pin 1 on one end of the cable to pin 1 on other end of the cable, wire at pin 2 on one end of the cable to pin 2 on other end of the cable and so on.

But will not work for connecting two hubs/switches together as they use the same pins for send and receive.

A cable that swaps the wire pair in side the cable is called Cross over cable.

Cross over cable must be used to connect two switches as both the switches uses pair at pin 3,6 to transmit and pair at pins 1,2 to receive, the cable must swap or cross the pairs.

1 ---- 3 2 ---- 63 --- 16 --- 2

Devices on opposite end of the cable using same pair of pins to transmit need crossover cable, devices uses opposite pair of pins to transmit requires straight trough cables.

Crossover Cable : An Ethernet cable that swaps the wire pair used for transmission on one device to wire pair used for receiving on a device connected to the other end of the cable. In 10BSAE-T and 100BASE-TX networks, this cable swaps the wire pair at Pin 1,2 to Pins 3,6 on other end of the cable, and Pair at Pins 3,6 to Pins 1,2.

Straigh-through Cable : An Ethernet cable that connects wire on Pin 1 on one end of the cable to Pin 1 on other end of the cable, Pin 2 on one end to Pin 2 on other end and so on.

13

10BASE-T and 100BASE-TX pin pairs usedDevices that transmit on pin pair 1,2 and receives on 3,6

Devices that transmit on pin pair 3,6 and receives on 1,2

PC NICs HubsRouters SwitchesWireless Access Points (Ethernet Interface)Network Printers (directly connected to LAN)

1000BASE-T requires 4 wire pairs also gigabit Ethernet transmit and receives on each of the four wire pairs simultaneously.

1000BASE-T straight through cables connect wire at pin 1 to pin 1 , pin 2 – pin 2 and so on.

1000BASE-T crossover cable crosses wire pairs between pins (1,2 and 3,6) and (4,5 and 7,8).

Auto-mdix is a cisco switch feature that notices wrong cabling pinouts, and re-adjusts the switch’s logic and makes the cable work.

Hubs to Switches

Five steps of a hub creating electrical bus.

1. NIC sends a frame2. NIC loops the send frame to its receive pair internally on the card3. hub receives the electrical signals, interpret the signals as bits, so that it can clean up

and repeat as strong signals4. hubs internal wiring repeats the signal to all other ports, except the port the signals

was received from5. the hub repeats the signal to each receiver pair on all other devices

If two NIC send frames at same time, at step 4, the electrical signals would overlap, frames would collide, and either frames will be completely unintelligible, or full or errors.

CSMA/CD algorithm helps prevent the collision and also defines how to act when collision occurs, CSMA/CD algorithm work like this;

14

1. A device with a frame to send listens until Ethernet is not busy2. when the Ethernet is not busy sender(s) begin(s) sending the frame3. the sender(s) listen(s) to make sure that no collision occurred4. if a collision occurs the devices that had been sending, each send a jamming signal to

ensure that all stations recognizes the collision5. after the jamming is complete, each sender randomizes a timer and waits that long

before trying to resend the collided frame6. when each random timer expires, the process start from step 1

Using a hub with CSMA/CD causes performance problems;1. only one device can send at a given point in time 2. if a collision occurs, the sending devices waits for a ramdomized time before trying to

re-send the collided frame

For devices connected to a hub, only one device can send at any one instant in time. As a result the devices connected to a hub share the bandwidth available through the hub. The logic of waiting for the LAN to be silent before sending, means that a device either send or receive at a given point in time, but not both , and this is called half duplex.

Collision domain : defines the set of devices whose frame could collide. All devices on a 10BASE2 and 10BASE5 network and any network using a HUB are said to be in the same collision domain.

Hubs : A LAN device providing a centralized connection point for LAN cabling, repeating any received electrical signals out all other ports, thereby creating a logical bus. Hubs do not interpret the electrical signals as a frame of bits, so Hubs are considered to be Layer 1 devices.

Switches:

1. Interprets the bits in the received frame, so that they can typically send the frame out the required one port, rather than all other ports

2. If the switch needs to forward multiple frame out the same port, the switch buffers the frames in memory, sending one at a time and thereby avoiding collision.

A switch is considered to be a layer 2 device as it need to look at the Ethernet header for address.

Single devices connected to switch ports does not share the bandwidth, ie a switch with 100Mbps port, has 100Mbps for each port.

15

Shared Ethernet : Ethernet using a hub or the original co-axial cabling LAN were the LAN bandwidth is shared among the devices, as each device has to take turn in using the LAN, because of the CSMA/CD algorithm.

Switched Ethernet : LANs with switches does not have to share the bandwidth between devices connected to a port. Ie a switch with 100 Mbps port has 100Mbps for each port.

A hub with 24, 100Mbps devices connected to it all share a theoretical total bandwidth of 100Mbps. However a switch with 24, 100 Mbps devices connected to it, support 100 Mbps on each of the 24 ports, or 2400 Mbps (2.4 Gbps) theoretical maximum bandwidth.

LAN switches with only one devices cabled to each port, can completely eliminate collision, which allows the use of full-duplex operation. Full-duplex means the Ethernet cards can send and receive concurrently. When full-duplex is implemented CSMA/CD will be disabled on devices at both end of the cable. And performance will be doubled by allowing simultaneous transmission in both directions.

Full Duplex : Any communication in which two communicating devices can send and receive data concurrently is said to have full duplex communication. In Ethernet LAN full duplex is allowed when the CSMA/CD is disabled on both the communicating devices.

Half Duplex : Any communication in which only one device can send data at a time. In Ethernet LAN normal results of CSMA/CD that enforces the rule that only one device should send at any point in time.

Ethernet Data-Link Protocols

Ethernet data-link protocols (small set) is same and applies to almost all of the variations of Ethernet from 10BASE5 up through to 10 Gbps Ethernet.

Ethernet LAN addressing identifies either a individual device (unicast) or a group of devices in LAN (broadcast and multicast). Ethernet LAN address is 6 bytes (48 bits) long, usually written as set of 4 digit hex (12 hex digits) values separated by dots. 0000.OC12.3456

Unicast Ethernet address identifies a single LAN card.

Ethernet card manufactures encodes MAC address into the card, usually in a ROM chip, first half identifies the manufactures and is assigned by IEEE and is called Organizationally Unique Identifier (OUI), second half is a unique number assigned by the manufacture for each card. It is also called Burned in address (BIA) , also called uiversally administered address (UAA).

16

Structure of unicast Ethernet address

Organizationally Unique Vendor Assigned Identifier NIC Cards, Interfaces

Size in bits -----24 Bits------------ -----24 Bits--- --Size in Hex Digits -----6 Hex ------------ -----6 Hex --- --Example ---00 60 2F ------------ ---3A 07 BC-- --

Group address – represents more than one LAN interface cards:-

Broadcast addresses: represents all the devices on the LAN, and is represented by FFFF.FFFF.FFFF in hexadecimal notation.

Multicaset address – allows a subset of devices on the lan to communicate. When IP multicasts over an Ethernet, the multicast MAC address used by IP follows the format, 0105.5exx.xxxx where x can take any value.

LAN MAC Address terminologyLAN addressing term or feature DescriptionMAC Media Access Control 802.3 (Ethernet) defines the

MAC sublayer of the IEEE Ethernet.Ethernet Address,NIC Address,LAN address

Other terms for MAC address, and defines 6 bytes (48 bits) long address for LAN Interface cards.

Burned in address (BIA) 6 byte ling address assigned by the NIC vendorUnicast address MAC address representing a single LAN interfaceBroadcast address An address that means all devices that reside on this

LAN right nowMulticast address Implies to some subset of all the devices currently on

the Ethernet LAN

Ethernet Framing : Defines how a string of binary numbers are interpreted, it defines the meaning behind the bits that are transmitted across a network.

Ethernet Frame (IEEE 802.3 revised 1997).

Preamble SFD Destination Source Length/type Data and Pad FCS 7 1 6 6 2 46-1500 4 (Bytes)

17

IEEE 802.3 Ethernet header and trailer fieldsField Field Length DescriptionPreamble 7 SynchronizationStart frame delimiter (SFD)

1 Signifies the next byte begins the destination MAC field

Destination 6 Destination MACSource 6 Source MACLength 2 Length of the data field of the frame

(either length or type is present not both)Type 2 Type of protocol listed inside the frame

(either length or type is present not both)Data and pad 46-1500 Holds data from higher layer L3 PDU (generally)

mostly IP PacketFrame check sequence (FCS)

4 Provides a method for the receiving NIC to determine if the frame experienced transmission errors

The IEEE 802.3 specification limit the data portion of the 802.3 frame to maximum of 1500 Bytes. The data field was designed to hold the laye 3 IP Packet. The term Maximum Transmission Unit (MTU) refers to the maximum layer 3 packet that can be send over a medium. Because Layer 3 IP Packet resides inside the data portion of an Ethernet frame, 1500 bytes is the largest IP MTU that can be send over an Ethernet.

Layer 3 protocols like IBM SNA, Novel Netware, AppleTalk, TCP/IP could be transmitted over Ethernet LAN. (layer 2 ethernet frame).

Type field in the Ethernet frame header identifies the Layer 3 protocol used, eg . IP packet means 0800 (decimal 2048) value in the type field.

When length/type field in the Ethernet frame header is used to represent the length of entire Ethernet frame (hex value less than 0600 decimal 1536), in such cases Ethernet frame adds two additional headers after the 802.3 Ethernet header but before he L3 Header:-

1. an IEEE 802.2 Logical Link Control (LLC) header2. an IEEE subnetwork access protocoal (SNAP) header

LLC HeaderDSAP SSAP CTL 1 1 1 (Bytes)

18

SNAP HeaderOUI Type 3 2 (Bytes)

Preamble SFD Destination Source Length/type LLC Header SNAP Header Data and Pad FCS 7 1 6 6 2 3 5 46-1500 4 (Bytes

Length/Type field will have value less than 1536, meaning it represents the length of the entire Ethernet frame.

Protocol Type Field : A field in a LAN header that identifies the type of header that follows (Layer 3 PDU) the LAN header, Includes the DIX Ethernet Type Field, IEEE 802.2 DSAP field, and the SNAP protocol type field.

Error RecoveryEthernet Frame Check sequence is the only field in the Ethernet frame trailer, allows the devices receiving the frame to detect if the bits have changed during transmission.FCS error detection does not mean error recovery.

To detect an error the sending device calculates a complex mathematical function with the frame contents as input and puts the results into the frames 4 Bytes FCS field. The receiving device does the same math on the frame, if its calculation matches the FCS field in the frame, no errors occurred. If the results doesn’t match an error has occurred and the frame is discarded, Ethernet does not do any thing for error recovery, it takes no action for re-sending the frame, but is taken care by protocols like TCP.

1000BASE-T : A name for IEEE Gigabit Ethernet standard that uses four pair copper cabling, a speed of 1000 Mbps (1 Gbps) and a maximum cable length of 100 meters.

100BASE-TX : A name for the IEEE fast Ethernet standard that uses two pair copper cabling, a speed of 100 Mbps and a maximum cable length of 100 meters

10BASE –T : The 10 Mbps baseband Ethernet specification using two pairs of twisted pair cabling. (Category 3,4, or 5). One pair transmit and other pair receives data.10BASE T which is part of the IEEE 802.3 specification, has a distance limit of approximately 100 meters.


19

Chapter 4 - Fundamentals of WAN’s

WAN physical and data-link standards and protocols define how to network between devices that are far apart in some cases thousands of miles.

OSI Layer 1 – for Point to Point WANs

Point to Point WAN is a type of WAN for connecting remote sites.

Service Providers (Telcos) provide leased line for companies to have WAN connectivity.

Point to Point WAN connection is also called leases circuit and leased line as the line is exclusively available for the devices at the either end of the connection to send and receive data at any time they want.

Ethernet switches has many different types of interfaces, but all the interfaces are some form of Ethernet. Routers provide capability to connect many different types of layer 1 and layer 2 technologies and is used commonly when a LAN is connected to a WAN.

CO – central office where telco locates devices that creates its own network.

Point to Point Leased line components

R1----CSU/DSU--------WAN Switch TELCO WAN Switch--------CSU/DSU-----R2 NETWORK

| | (demar)

R1, R2 – routesCSU/DSU – external Channel Service Unit / Data Service UnitWAN switches in the CORouters are connected to CSU/DSU using short cables (max 50ft).A much longer cable connects CSU/DSU to WAN switch in the CORouters and CSU/DSU are CPE (customer premises equipments)

Demarcation point (demar) defines the boundaries of responsibilities between telco and company (customer) in a PPP Wan.

20

WAN Cabling Standards

Point to Point WAN uses synchronous point to point serial link interface on its routers.

Synchronous serial interface in cisco routers uses physical connector types such as 60 – Pin D-shell connector.

CSU/DSU end of the cable uses physical connector standards such as EIA/TIA-232 , EIA/TIA-449, V.35, X.21, EIA-350

Many of the pins in the above connectors are used for control functions, a few are used for transmitting data, and some pins are used for clocking.

The cable between the CSU/DSU and the telco CO typically uses a RJ-48 connector.

When a router has an internally built CSU/DSU, physical line from telco CO is directly connected to a port in the router, typically to a RJ-48 port in the router serial interface card.

Clock Rate, Synchronization, DCE and DTE

Every WAN circuit provided by a service provider runs at one of many possible pre-defined speed. This speed is often referred to as clock rate, bandwidth or link speed.

To make a WAN link work, various devices need to synchronize their clock so that they run exactly at the same speed, this process is called synchronization.

Synchronous circuits imposes time ordering at the link’s sending and receiving ends.

Synchronization occurs between two CSU/DSU on a leased line, by having one CSU/DSU (the slave) adjust its clock to match the clock rate of the other CSU/DSU (the master). A networking device synchronizes its clock several times per second.

In practice clocking concept includes a hierarchy of different clock sources. The telco provides clocking information to the CSU/DSUs based on the transitions in the electrical signal on the circuit. The two CSU/DSUs then adjust their speeds to match the clocking signals from telco.The CSU/DSUs each supply clocking signals to the routers so that the routers simply react, sending and receiving data at the correct rate. So from the routers perspective, the CSU/DSU is considered to be clocking the link.

The device that provides clocking, typically CSU/DSU is considered to be Data Communication Equipment (DCE) and the device receiving clocking typically the router is considered to be Data Terminal Equipment (DTE).

DTE serial cables (for routers) and DCE serial cable (for CSU/DSU) exists.

21

WAN in the lab, Point to Point serial link, back to back serial connection can be built using two routers one acting as DTE and one as DCE and connected together using interconnected DTE and DCE serial cables and with a clock rate configuration command in the DCE router.

DTE cable, the cable that typically connects a router (dte) to a csu/dsu does not swap the transmit and receive pins, however a DCE cable does the swaping of the Transmit and receive pins. DTE Cable DCE Cable DTE CableR1 ------------------- CSU/DSU ---------------------------CSU/DSU--------------------R2

Link Speed offered by telco

PCM – Pulse code modulation – converts analogue signal to digital signaland according to this, 64,000 bits required to represent 1 sec voice and is the baseline transmission speed (64Kbps). Digital Signal Level 0 (DS0).

According to PCM voice analog signals are sampled 8000 times per sec, each sample requiring 8 bits, so 8000 * 8 = 64000 bits required to represent 1 sec voice.

The combination of multiple slower speed lines and channels into a faster speed lines or channel – for instance combining 24DS0 channels into a single DS1 (T1) line is called Time division multiplexing (TDM).

T1 and T3 are standards used in United StatesE1 and E3 are Japanese and European standards

WAN Speed summary DS0 64kbpsDS1 (T1) 1.544 Mbps (24 DS0s plus 8kbps overhead)DS3 (T3) 44.736 Mbps (28 DS1s plus management overhead)E1 2.048 Mbps (32 DS0s)E3 34.064 Mbps (16 E1s plus management overhead)J1 (Y1) 2.048 Mbps (32 DS0s : Japanese standard)

Type of signalling (DS1, DS3 etc) and signalling specification define the electrical signals that encode binary 1 and 0 on the line.

22

OSI Layer 2 – for Point to Point WANs

Two most popular data link layer protocols used in Point to point links are High level data link control (HDLC), and Point to Point Protocol (PPP).

Main objective of HDLC data link layer is the delivery of the data across the link, error checking, and identification of data packet type in the frame.

Standard HDLC Frame 1 1 1 variable 4 (bytes)Flag Address Control Data FCS

Cisco proprietary HDLC Frame 1 1 1 2 variable 4 (bytes)Flag Address Control Type Data FCS

International Telecommunications Union (ITU) defined HDLCInternet Engineering Task Force (IETF) defined PPP

PPP works same as HDLC, framing is identical. PPP including the protocol type field, is used in a multi vendor router point to point serial link environment.

Pont to Point WAN:

Synchronous : the imposition of time ordering on a bit stream, practically a device tries to use the same speed as the other device on other end of the serial link, however by examining the transition between the voltage states on the link, a device can notice slight variation in the speed on each end and can adjust its speed accordingly.

Clock source : the device to which the other device on the link adjust their speed when using a synchronous link.

CSU/DSU: Channel service unit/ data service unit, connects the routher to the teleco network in a point to point serial link.

T1 : A line from telco that allows transmission of data at 1.544 Mbps E1 : Similar to T1, but used in Europe, at the rate of 2.048 Mbps and 32 64Kbps (DS0) channels

Point to Point Leased line (PPP) is also called : leased line, leased circuit, serial link, serial line, point-to-point link, and circuit.

23

Frame Relay and Packet Switching

In packet switching a physical WAN connectivity exists and a company can connect a large number of routers to the packet switching service, using a single serial link from each router to the packet switching service.

Two most commonly used Packet Switching services are Frame Relay and Asynchronous Transfer Mode (ATM).

For frame relay a leased line is installed from the router to nearby Frame Relay switch and is called access links and runs the same speed and same signalling standards as a point to point leased line.

DTE (DCE) (DCE) DTER1-----------------------Frame Frame---------------------------R2

Access link Relay Relay access link Switch Switch

Frame relay switch in the telco network examines the data frame sent by the router. Frame relay defines its own data link header and trailer, the header holds a field called Data Link Connection Identifier (DLCI), WAN switches forwards the frame based on the DLCI until it reaches the destination router.

Frame Relay header and trailer are defined by a protocol called Link Access Procedure Frame (LAPF).

Frame relay uses Frame Switching (Layer 2)as it switches (forwards) incoming frames to devices one by one based on the DLCI.

Packet Switching (Layer 3) is a more common term.

In Layer 2 Frame Relay,DCE – device providing service (Frame Relay Switch)DTE – device needing frame switching service (Router at customer site)

But from a Layer 1 perspective CSU/DSU provides clocking to the Router,CSU/DSU is still the DCE andRouter is still the DTE

24

The logical path a frame travels between each pair of routers is called a frame relay virtual circuit (VC). Typically a service provided pre-configure all the required details of a VC, and these VCs are called (permanent) PVC.

VCs share the access link, and frame relay network. Frame relay enable you to expand the WAN with only one access link, multiple VCs and less hard wares. (Eg. One central office router connecting to many branch office routers, CO Router will have just one access link and many VCs to all the branch routers in the Frame relay network).

CIR – committed information rate for a VC and it is like a minimum bandwidth, clock rate of a point-to-point circuit. CIR is offered by Service Providers as its customers will be competing each other for capacity in the providers network.

In frame relay The main Central Office Router can have one access link and multiple VCs connecting to more than one branch office DTEs.

Frame Relay Topology is…easier for the SP to implement, costs the provider less, and makes better use of the core of the service providers network.

Clocking: is the process of supplying a signal over a cable, either on a separate pin on a serial cable or as part of the signal transitions in the transmitted signal, so that the receiving device can keep synchronization with the sending device.

25

Typical Frame Relay Network with Three sites and Three Virtual Circuits

Define:Access links, back-to-back linking, clocking, DTE (layer 1), CSU/DSU, DCE (layer 1), DS0, DS1, Frame Relay, HDLC, leased line, packet switching, PPP, serial cable, synchronous, T1, virtual circuit.

Access Link : In Frame Relay the physical serial link that connects Frame Relay DTE device, usually a Router to a Frame Relay switch. The access link uses the same physical layer standard as do point-to-point leased lines.

Back-to-Back link : a serial link between two routers, created without CSU/DSUs, by connecting a DTE cable to one router and a DCE cable to another and connecting the two cables together. Typically used in Labs to create serial links without the expenses of an actual leased line from a telco.

Clocking : The process of supplying a signal over a cable, either on a separate pin on a serial cable, or as part of the signal transmission in the transmitted signal, so that the receiving device can keep synchronization with the sending device.

26

DTE Layer 1 : Data terminal equipment, From a layer 1 perspective DTE synchronizes its clock based on the clocking send by the DCE, from a packet (frame) switching perspective DTE is a device outside the Service Providers network, typically a router.

CSU/DSU : Channel Service Unit / Digital Service Unit. A device that understands the Layer 1 details of the serial link installed by a telco, and how to use a serial cable to communicate with networking equipments such as routers.

DCE Layer 1 : Data communications equipment, From a physical layer (1) perspective, the device providing clocking on a WAN link, typically a CSU/DSU, is the DCE. From a packet (frame) switching perspective the service providers switch (frame relay switch) to which the router might connect is considered the DCE.

DS0 : Digital signal level 0, a 64 Kbps line or channel, of a faster line, inside a telco whose origins are to support a single voice call using original voice PCM codec.

DS1 :Digital signal level 1, a 1.544 Mbps line from telco, with 24 DS0 channels or 64 Kbps each, plus an 8 kbps management and framing channel. Also called a T1.

Frame Relay : An international standard data link protocol, that defines the capabilities to create a frame (packet) switched, service allowing a DTE device typically a router to send data to many other devices using a single physical connection to the Frame relay service.

HDLC : High Level Data Link Control. A bit oriented synchronous data link layer protocol developed by the International Organization for Standards

Leased Line : A serial communication circuit between two end points, provided by some service provider, typically a telephone company or a telco.

Packet (Frame) Switching : A generic reference to network service, typically WAN services, in which the service examines the contents of the transmitted data, to make some type of forwarding decision. This term is mainly used in contrast with the WAN term circuit switching, in which the provider sets up a Layer 1 circuit between two devices, and the provider makes no attempt to interpret the meaning of the bits.

PPP : Point to Point protocol, a protocol that provides connectivity between router to router and host to network connection, over synchronous point to point and asynchronous point to point circuits.

Serial cable : A type of cable with many different styles of connectors used to connect a router to an external CSU/DSU on a leased line installation.

Synchronous : The imposition of time ordering on a bit stream. Particularly a device will try to use the same speed as the device on the other end of a serial link. However by

27

examining transitions between voltage states on the link, the device can notice slight variations in the speed on each end and adjust the speed accordingly.

T1 : A line from the telco that allows transmission of data at 1.544 Mbps, with the ability to treat the lines as 24 different 64 Kbps DS0 channels (plus 8kbps overhead).

Virtual Circuit : In packet (frame) switched services like Frame Relay, VC refers to the ability for two DTE device typically routers to send and receive data directly to each other, which supplies the same functions as a physical leased line, but doing so without a physical circuit. This term is meant as a contract with a leased line or leased circuit.


28

Chapter 5 - Fundamentals of IP Addressing and Routing

Routing: is the processing of forwarding the packet (L3 PDU)

Logical addressing: address that can be used regardless of the physical network used, providing each device at least one address, logical address enables rotting processing identify a packet’s source and destination.

Routing Protocol: a protocol that aids routers by dynamically learning about the group of addresses in the network, which in turn allows the routing process to work well.

Other utilities: DNS, DHCP, ARP, Ping

Path Selection :- Routing Protocol, some time refer to Routing (forwarding) processes

IP is a connectionless protocol, does not require overhead agreements or messages before sending a packet.

Routing (Forwarding) , Network Layer Interaction with Datalink Layer

Routing table contains network layer address groupings.

Network layer use data-link layer to send data over a physical network, packet encapsulated as frames.

Routing process forwards only the packet, end-to-end through the network, discarding data-link header and trailer along the way, and re-encapsulating as per the data link protocol used.

Address Resolution Protocol (ARP) is used to dynamically learn about the data-link address of a IP host connected to a LAN.

Process of routing forwards Layer 3 packets, L3 PDU, based on the destination layer 3 address in the packet.

Routing process uses data-link layer to encapsulates the layer 3 packet into layer 2 frames for transmission across each successive data link.

29

IP Packets and IP Header

IPv4 header in a packet is 20 bytes long and key fields are

1 8 16 24 31----------------------------------------------------------------------------------------------------| Version | Header | DS Field | Packet Length--------------------------- Length----------------------------------------------------------------------------------------------------- Identification-----------------------------Flag (3)- Fragment Offset (16)---------------------------------------------------------------------------------------------------------- Time to Live----Protocol------------- Header checksum-------------------------------------------------------------------------------------------------------------------------------- Source IP Address------------------------------------------------------------------------------------------------------- Destination IP Address-------------------------------------------------------------------------------------------------------

Version : Version of IP Protocol – most networks use IPV4 today

Header Length : IP Header length, defines IP header length including optional fields

DS Field : Differentiated services field. It is used for marking packets for the purpose of applying different Quality-of-service QoS levels to different packets.

Packet Length : Identified entire length of the packet including data.

Identification : Used by IP packet fragmentation process, all fragments of the original packets contain same identifier.

Flag : 3 bit flag used by IP fragmentation process

Fragment Offset : A number used to help hosts reassemble fragmented packets into the original large packet

TTL (1 Byte) – time to live, value used to prevent routing loops

Protocol (1 Byte) – idetnfity contents of data portion of the IP packet, Protocol 6 implies that a TCP header is the first thing in the IP Packet data field

Header checksum for FCS

Source IP Address (4 Bytes) : 32 bits IP Address of the sender of the packet

30

Destination IP Address (4 Bytes) : 32 bit IP address of the intended recipient of the packet

Network Layer (Layer 3) Addressing

Layer 3 addresses are designed to allow logical grouping of addresses.

A network or subnet is represented by a ip address which implies a group of ip addresses.

The end goal for a routing protocol is to fill the routing table with all know destination groups and with the best route to reach each group.

Routers build their routing table entries dynamically using a routing protocol.

Routing protocol learns the locations of the groups and advertise the group so the routers can fill their routing table.A routing protocol learns the route and put those routes in a routing table.Routed protocol defines the type of packet forwarded or routed through a network.

IP packets are routed in a network, so IP would be the routed protocol, If the routers used the Routing Information Protocol to learn about the routes then RIP would be the Routing protocol.

IP is a routed protocol, and RIP- routing information protocol is routing protocol.

IP AddressingAny device that can send and receive IP packets is called an IP host.

32 bit IP address is represented in dotted decimal, and has 4 octets. Each octect has a range 0 – 255 inclusive

IP address not of the PC but of the NIC.

IP Address Groups – IP Networks : (two statements about how ip expects ip addresses to be grouped into networks or subnets)• All IP addresses in the same group must not be separated by a router.• IP address separated by a router must be in different groups

IP routing relies IP addresses in the same group (network, subnet) to be in the same general location.

31

Classes of IP networks

IP defines three different network classes of addresses used by individual host – addresses called unicast addresses , Class A, B and C, TCP/IP uses Class D for multicast and class E for experimental addresses.

Size of Network and Host part of the IP addresses with no subnettingNetwork class Network bytes Host bytes Number of addressesA 1 (8 bits) 3 (24 bits) 2 (raised 24) - 2B 2 (16 bits) 2 (16 bits) 2 (raised 16) – 2C 3 (24 bits) 1 (8 bits) 2 (raised 8) – 2

Network number (group address) has all binary zeros in the host part of the number.A network number with all binary 1s in the host part is called network broadcast or direct broadcast address, any packet send to this address will be forwarded to all devices in that network.

Internet corporation for assigned network number (ICANN) is in charge of universal ip address assignment formally was done by IANA, the internet assigned numbers authority.

All possible valid network numbersclass First octet range Valid network

numberstotal number for this class of networks

Total number of hosts per network

A 1 -126 1.0.0.0 to126.0.0.0

2 (raised 7) – 2 (126) 2 (raised 24 ) -216, 777, 214

B 128 - 191 128.0.0.0 to191.255.0.0

2 (raised 14) 16,384 2 (raised 16) – 265, 534

C 192 – 223 192.0.0.0 to223.255.255.0

2 (raised 21) 2, 097, 152

2 (raised 8) – 2254

List of all possible valid network numbers….reference table for the number of network, size of the network part, size of the host part, for Class A,B and C ip networks.

Class A Class B Class CFirst Octect range 1 to 126 128 - 191 192 – 223Valid Network Numbers 1.0.0.0 to

126.0.0.0128.0.0.0191.255.0.0

192.0.0.0 to223.255.255.0

Number of networks in this Class 2 ^ 7 – 2= 128

2 ^ 14 = 16,384

2 ^ 21=2,097,152

Number of hosts per network 2 ^ 24 – 2 = 16,777,214

2 ^ 16 – 2 = 65,534

2 ^ 8 – 2 = 254

Size of network part of the address (bytes)

1 2 3

32

Size of hosts part of the address (bytes)

3 2 1

^ raised to

(why it is 7,14, and 21 network bits on CLASS A,B and C networks : explained)

CLASS A (7 Network Bits)0 N N N N N N N H H H H H H H H H H H H H H H H H H H H H H H H1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 CLASS B (6 + 8 = 14 Network Bits)1 0 N N N N N N H H H H H H H H H H H H H H H H H H H H H H H H1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 CLASS C (5 + 16 = 21 Network Bits)1 1 0 N N N N N H H H H H H H H H H H H H H H H H H H H H H H H1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8

Class A , B and C network, network and host parts and default maskClass of Address

Size of network part of address in bits

Size of host part of address in bits

Default mask for each class of network

A 8 24 255.0.0.0.B 16 16 255.255.0.0C 24 8 255.255.255.0

Subnets

Subnetting: the process of sub dividing the class A, B or C network into smaller groups is called subnetting.

When subnetting a third part of an IP address appears between the network and host parts of the ip address – namely the subnet part of the ip address. This part is created by stealing or borrowing bits from the host part of the ip address. The size of the network part of the address never shrinks.

33

Adders format when Subnetting is used. (Classful)----8--- ----------(24 – X) ----------- -----X------------------------------------------------------------------------------------------- Network Subnet Host CLASS A ----------------------------------------------------------------------------------

---------16------------ ----(16 – X) ----- ----X-------------------------------------------------------------------------------------- Network Subnet Host CLASS B ----------------------------------------------------------------------------------

-----------------24----------------- --(8 – X) - --X------------------------------------------------------------------------------------ Network Subnet Host CLASS C ----------------------------------------------------------------------------------

Classful addressing : refers to ip address with three parts, network part (confirming to the Class A, B and C) rules, subnet part and a host part.

Classless Addressing : Instead of three parts as in classful addressing, a classless address has two parts , the part on which routing is based, and the host part. The part on which routing is based is the combination of network and subnet parts from the classful addressing view, the first part is often called subnet part or sometimes the prefix.

32 – x x------------------------------------------------------------------------- Subnet , Prefix Host-------------------------------------------------------------------------

IP Routing

Host Routing : Hosts uses the following two step logic when choosing where to send a packet;(two step process of how hosts route packets)

If the destination ip address is in the same subnet as the host, it send the packet directly to the destination host.

If the destination ip address is not in the same subnet as the host, sends the packet to the default gateway (a routers Ethernet interface on the subnet).

34

A Routers uses the following logic when receiving a data link frame – a Frame that has an IP packet encapsulated in it.

(four step process of how hosts route packets)

Step 1 : Use the data link FCS field to ensure that the frame had no errors, if errors occurred discard the frame

Step 2 : Assuming the frame was not discarded in step 1, discard the old data link header and trailer leaving the IP Packet

Step 3 : Compare the IP packets destination IP address to the routing table and determine the route that matches the destination address. This route identifies the outgoing interface of the router and possibility the next hop router.

Step 4 : Encapsulate the IP packet in new data link header and trailer appropriate for the outgoing interface and forward the frame.

With these steps each router forwards the packet until it reaches its destination.

35

R1

R2

R3

PC1150.150.1.10

PC11150.150.1.11

Default Router150.150.1.4

Subnet: 150.150.1.0

150.150.1.4

A

S0

S1

E0

B

C

D

Subnet: 150.150.2.0

Subnet: 150.150.3.0

Subnet: 150.150.4.0

150.150.2.7

150.150.3.1

PC2150.150.4.10

R1 Routing TableSubnet Out Interface Next HOP IP Addr150.150.4.0 S0 150.150.2.7

R2 Routing TableSubnet Out Interface Next HOP IP Addr150.150.4.0 S1 150.150.3.1

R3 Routing TableSubnet Out Interface Next HOP IP Addr150.150.4.0 E0 N/A

Step A : PC1 sends a packet to its default gateway. PC1 builds an IP Packet with PC2’s ip address (150.150.4.10). PC1 needs to send the packet to R1 (PC1’s default gateway) because the destination address is on a different subnet. PC1 send the ip packet as Ethernet frame to R1’s MAC address over the Ethernet.

Step B : R1 processes the incoming frame and forwards to R2. R1 copies the frame of the Ethernet, checks the frame’s FCS and no errors have occurred. Discards the Ethernet header and trailer, R1 compares the destination address and finds a matching route (S0) from the routing table. R1 forwards the packet to outgoing interface S0 to next hop router R2, after encapsulating the packet in an HDLC frame.

Step C : R2 processes the incoming frame and forwards the packet to R3.R2 does the same steps as that of R1, checks the FCS of the HDLC frame, finds no errors, discards the HDLC header and trailer, finds a match from the routing table and determines the outgoing route as S1 and sends it to next hop address 150.150.3.1 (R3) after encapsulating the packet in a frame relay header.

Step D : R3 process the frame and forward the packet to PC2Like R1 and R2, R3 checks the FCS and finds no errors, discards the old data link header and trailer, R3’s routing table entry shows that the destination ip address is in the same

36

subnet as R3, and outgoing interface is R3’s Ethernet interface. R3 encapsulates the packet in Ethernet frame and forwards the frame to PC2’s to MAC address over Ethernet.

IP Routing Protocol

IP Routing protocols fills the routing table with valid, loop-free routes.

Goals of Routing Protocol…

• To dynamically learn and fill the routing table with routes to all the subnets in the network

• If more than one route to a subnet is available, place the best route in the routing table• To notice when the routes in the routing table are no longer valid and remove them

from the routing table• If a route is removed from the routing table, and another route through another

neighbouring router is available, add the route to the routing table• To add new routes, and replace lost routes, with best currently available route as soon

as possible. The time between loosing a route and finding a working replacement route is called convergence time

• To prevent routing loops

Routing protocols follow three general steps in advertising routes in a network…

Step 1 : Each router adds a route to its routing table for subnets directly connected to the router

Step 2 : Each router tells its neighbours about all the routes in its routing table, including directly connected routes and routes learned from other routers

Step 3 : After learning a new route from a neighbour, the router adds a route to its routing table, with the next hop router typically being the neighbour from which the route was learned

How each router learns its route to 150.150.4.0 (PC2’s subnet) From the above figure…..

Step A. R3 learns a route that refers to its own E0 interface because subnet 150.150.4.0 is directly connected

Step B. R3 sends a routing protocol message called a routing update to R2, causing R2 to learn about the subnet 150.150.4.0

Step C. R2 sends similar routing protocol message called a routing update to R1, causing R1 to learn about the subnet 150.150.4.0

37

Step D. R1’s route to 150.150.4.0 lists R2’s IP address as the next hop address, because R1 learned about the route from R2. The route also lists R1’s outgoing interface as S0 because R1 learned about the route from the update came through the interface S0.

Network Layer UtilitiesARP – Address Resolution Protocol – used to learn MAC address of other computers in the same LAN subnet.DNS – Domain Name System – used to learn IP address

DNS Name resolution : A pc learns IP address of the DNS server, either pre-configured or via DHCP, and sends a DNS request to resolve the name of the computer to communicate to its IP Address, and DNS server returns the IP address.

The ARP Process : Sending pc issues an ARP broadcast, an ARP broadcast is sent to an Ethernet broadcast address, so everyone on the LAN receives it, the host in the same LAN subnet with the IP address as in the ARP broadcast, will respond with its MAC address.

If both sending and destination hosts are in the subnet then ARP will be used to learn the MAC address of the destination host, other wise will be used to learn the MAC address of the default router where the IP packet will be forwarded by the host.

Any device that uses IP should retain, or cache, the information learned with ARP, placing the information in its ARP cache. Each time a host wants to send a packet encapsulated in Ethernet frame it checks its ARP cache, and uses the MAC address found there. If the correct information is not listed in the ARP cache, then the host uses ARP to discover the MAC address used by the particular IP address. Also a host learns ARP information when it receives an ARP as well.

Address Assignment and DHCP

DHCP defines the protocol used to allow computers to request a lease of an IP address.DHCP uses a server, with the server keeping a list of pools of IP addresses available on each subnet. DHCP clients can send DHCP server a message asking to borrow or lease an IP address. The server then suggests an IP address, if accepted the server notes that the address is no longer available for assignment to any other hosts.

DHCP supplies IP addresses to client, and it also supplies other information. For example hosts need to know their IP address, plus subnet mask to use, plus default gateway to use, as well as IP address of any DNS servers. In most networks today DHCP supplies all these facts to a typical end user host.

Typically a PC used as DHCP server in an enterprise network. Routers can also provider DHCP server functions, dynamically assigning IP addresses to host in a small or home

38

office environment, use DHCP client functions (router can act as DHCP clients as well) to dynamically lease IP address from an ISP.

4 typical DHCP messages to acquire an IP address

1. DHCP discover message (LAN Broadcast) (from DHCP Client) 2. DHCP offer message directed to client (From DHCP Server to broadcasting

Client)3. DHCP request message directed to server 4. DHCP acknowledgment with information (IP Address, Mask, Default Gateway

etc) directed to client

ICMP Echo and Ping command

Ping – (Packet Internet Groper) a tool for network connectivity testing, uses Internet Control Message Protocol (ICMP), sending a message called ICMP echo request to another ip address, the computer with that ip address replies with an ICMP echo reply.

ICMP just tests the IP connectivity, layer 1,2 and 3 of the OSI network model.

ARP : Address resolution protocol – an internet protocol used to map an ip address to a MAC address, defined in RFC 826.

Default Gateway/Default Router: On an IP host, the IP address of some router to which the host sends packets when the packets destination ip address is on a subnet other than the host’s local subnet.

DHCP : Dynamic Host Configuration Protocol. A protocol used by hosts to dynamically discover and lease an ip address, and learn the correct subnet mask, default gateway, DNS server ip address.

DNS : Domain Name System. An application layer protocol used throughout the internet for translating host names into their associated IP addresses.

Host part : a term used to describe part of an IPV4 address that is used to uniquely identify a host inside a subnet. Host part is identified by bits of value 0 in the subnet mask.

IP Address : In IP Version 4 (IPv4), a 32 bit address assigned to host using TCP/IP.Each address consists of a network number, optional subnetwork number, and host number. Network number and subnetwork number together are used for routing, and the host number is used to address an individual host within a network or subnetwork.

39

Logical Address : A generic reference to addresses as defined by layer 3 protocols, which do not have to be concerned with the physical details of the underlying physical media. Used mainly in contrast with the data link addresses which are physical addresses based on the physical medium used.

Network broadcast address : In IPv4 an a special address in each classful network that can be used to broadcast a packet to all hosts in the same classful network. Numerically the address has the same value as the network number in the network part and a value of 255 in all the host part.

Network Number / Network Address : A number that uses the same decimal notation as that of the IP address, but the number itself represents all the hosts in a single class A,B or C ip network.

Network Part : The portion of an IPv4 address, 1,2 or 3 octect/bytes long based on whether the address is in a Class A,B or C network.

Routing Table : A list of routes in a router, with each route listing the destination subnet and mask, router interface out which to forward the packets destined to that subnet, and as needed, the next hop routers IP address.

Subnet broadcast address : A special address in each subnet, specifically the largest numeric address in the subnet, designed so that the packets send to this address should be delivered to all hosts in that subnet.

Subnet number / Subnet Address : In IPv4 a dotted decimal number that represents all addresses in a single subnet. Numerically the smallest value in the range of number in a subnet, reserved so that it cannot be used as a unicast address by a host.

Subnet Part : In a subnetted IPv4 address, interpreted with classful addressing rules, one of the three parts of the structure of an IP address, with the subnet part uniquely identifying different subnets of a classful IP network.


40

Chapter 6 - Fundamentals of TCP/IP Transport, Applications and Security

Major functions of Layer 4 – Transport layer protocol are error recovery and flow control. Most data link protocols notice errors a process called error detection, but then discard frames that have errors. TCP provides for re-transmission (error recovery) and helps to avoid congestion (flow control).

TCP/IP Transport Layer Features, only the first item is supported by UDPFunction DescriptionMultiplexing using ports Functions that allows the receiving hosts to choose the

correct application for which the data is destined, based on the port number.

Error recovery (reliability) Process of numbering and acknowledging data with sequence and acknowledgement header fields.

Flow control using windowing

Process that uses window sizes to protect buffer space and routing devices.

Connection establishment and termination

Process used to initialize port number, sequence and acknowledgement header fields

Ordered data transfer and data segmentation

Continuous stream of bytes from an upper layer process that is ‘segmented’ for transmission and delivered to upper layer process at the receiving device, with the bytes in the same order.

TCP provides error recovery but to do so it consumes more bandwidth and use more processing cycles. UDP does not perform error recovery but it takes less bandwidth and uses fewer processing cycles.

41

TCP Header Fields0 16 31-----------------------------------------------------------------------------------------------------

Source Port (16) Destination Port (16)

Sequence Number (32)

Acknowledgment Number (32)

Header Reserved(6) Code Bits(6) Window (16)Length(4)

Checksum (16) Urgent (16)

Options (0 – 32 if any)

Data (varies)-----------------------------------------------------------------------------------------------------

Multiplexing using TCP port Numbers

TCP and UDP multiplexing enables the receiving computer to know which application to give the data to.

When two computers communicate between different applications, TCP and UDP segments use different destination port numbers so that the receiving computer knows which application to give the data to.

Multiplexing relies on a concept called sockets. A socket consists of three things:

• An IP Address• A transport protocol• A port number

For a webserver application the socket would be (10.1.1.2, TCP, Port 80) because, by default web servers use the well know port 80. When a client web browser connects to a web server it also uses a socket possibly like (10.1.1.1., TCP, Port 1030), client hosts typically allocate a unique ‘dynamic port numbers’ starting at 1024 because port number below 1024 are reserved for well known applications such as web server.

42

Multiplexing based on socket ensures that data is delivered to the correct application.Applications that provide services such as FTP, Telnet and web servers. Open a socket using well-known port and listen for connection requests.

| | || | || | 10.1.1.1, TCP,1030 -------------- 10.1.1.2, TCP,80| || 10.1.1.1,TCP,1028 ------------------------------- 10.1.1.2,TCP,20,100|10.1.1.1,UDP,1025 ----------------------------- 10.1.1.2,UDP,800

Connection between Sockets

AdApplicationPort 1025

Wire ApplicationPort 1028

WebBrowserPort 1030

UDP TCP

IP Address 10.1.1.1

AdApplicationPort 800

Wire ApplicationPort 20,100

WebBrowserPort 80

UDP TCP

IP Address 10.1.1.2

43

Popular applications and their well know ports

Port Number Protocol Application20 TCP FTP data21 TCP FTP control22 TCP SSH23 TCP Telnet25 TCP SMTP53 UDP,TCP DNS67,68 UDP DHCP69 UDP TFPT80 TCP HTTP(WWW)110 TCP POP3161 UDP SNMP443 TCP SSL16,384 - 32,767 UDP RTP based Voice (VoIP) and Video

Error Recovery (Reliability)

To accomplish reliability, TCP numbers data bytes using sequence and acknowledge fields in the TCP header. TCP achieves reliability in both directions, using sequence number field of one direction combined with the acknowledgement field in the opposite direction.

TCP Acknowledgement without errors

Web Server Web Client

1000 Bytes of data Sequence = 1000



No data Acknowledgement = 4000

The acknowledgement field in the TCP header sent by the web client (4000) implies the next byte to be received, this is called forward acknowledgment. The sequence number reflects the number of first byte in the segment. In this case each TCP segment is 1000 bytes long.

44

TCP Acknowledgement with errors



1000 Bytes of data Sequence = 2000 (***LOST***)





The second TCP segment was lost or is in error, web client’s reply has an acknowledgement field = 2000, implying that the web client is expecting byte 2000 next, TCP functions at the web server re-sends the second segment and waits for an ACK=4000.

Flow Control using Windowing

TCP implements flow control by taking advantage of Sequence and Acknowledgment fields in the TCP header, along with another field called the Window field. Window field implies the maximum number unacknowledged bytes that are allowed at any point in time. The window starts small and grows until error occurs, additionally actual Sequence and Acknowledgments numbers also grows, so it is called dynamic window, or sliding window. When the window is full, the sender does not send, and thereby controls the flow of data.

Receiver grants window to the sender, sender send until the window is full, waits for the acknowledgement, if no errors occurred, the receiver grants larger window.

45

TCP Windowing


ACK 1000 , Window 3000




ACK 4000 , Window 4000





Windowing does not require that sender stops sending in all cases. If an acknowledgement is received before the window is exhausted, a new window begins and sender continues sending data until the current window is exhausted. The term Positive Acknowledgement and Re-transmission [PAR] is sometimes used to describe error recovery and windowing process that TCP uses.

46

Connection establishment and termination

TCP connection establishment refers to the process of initialling sequence and acknowledgement fields and agreeing on the port numbers used.

TCP header has no single socket field, of the three parts of the socket, IP address is implied by the source and destination ip address in the ip header, TCP is implied by the protocol type field in the ip header and also because TCP header is in use. Only part of the socket that needs to be encoded in the TCP header are the port numbers.

TCP connection establishment – Three way connection establishment flow must be complete before data transfer can begin.

Web ServerWeb Client

SEQ = 1450, ACK=201SYN, ACK,, DPORT=1027, SPORT = 80

SEQ = 200SYN, DPORT = 80, SPORT = 1027

SEQ=201, ACK=1451ACK, DPORT=80, SPORT=1027

TCP signals connection establishment using two bits inside the flag field of the TCP header, called SYN and ACK flags.

SYN : Synchronize the Sequence numbersACK : Acknowledgment field is valid in this header

Acknowledgement field cannot be useful until the sequence field is initialized and continues to be set until the connection is terminated.

TCP Connection Termination : Four way termination flow uses an additional field called FIN bit (Finished), before sending the third TCP segment, PC on right notifies the application connection is coming down, it then waits for an acknowledge from the application before sending the third segment in the flow, in case the application takes some time to respond the second flow in the figure is send, acknowledging the PC on the left that it can take the connection down, otherwise the it will send the first segment repeatedly.

47

PC PC

ACK ACK = 1001

ACK, FIN SEQ = 1000

ACK, FIN ACK = 1001, SEQ = 1470

ACK ACK = 1471

TCP establishes and terminates connection between end-points whereas UDP does not.

Connection Oriented Protocol: A protocol that require exchange of messages before data transfer begins or that has a required pre-established correlation between two end-points.

Connectionless Protocol : A protocol that does not require exchange of messages before data transfer beings and that does not require a pre-established correlation between two end-points.

Data Segmentation and Ordered Data Transfer

MTU – Maximum Transmission Unit – maximum data (Layer 3 (IP) Packet) that can be sent inside a data link frame, mostly including Ethernet it is 1500 bytes.

TCP segments large amounts of application data into segments, typically into 1460 byte chunks (TCP and IP header are each 20 bytes).

TCP receiver does the ordered data transfer by reassembling the data into the original order.

UDP – User Datagram Protocol

UDP support data transfer and multiplexing using ports numbers, and has fewer bytes of overhead and less processing is required compared to TCP.

UDP is used by application such as VoIP , DNS, NFS etc, applications where loss of data is tolerant (VoIP) or they have some application mechanism to recover the lost data (DNS).

48

TCP and UDP headers

Source Port

Dest-Port

SeqNumber

Ack Number

Offset

Reserved

Flags Window Size

Check Sum

Urgent

Options

PAD

2 2 4 4 4bits 6bits 2 2 2 3 1

TCP Header

Source Port

Dest-Port

Length Checksum

2 2 2 2UDP Header

Notice no Sequence and Acknowledge fields in the UDP header. UDP does not require waiting on acknowledgments or holding the data in memory until it is acknowledged, this means UDP applications are not artificially slowed by the acknowledgment process, and memory is freed more quickly.

TCP Applications

VoIP : An application protocol passes voice traffic over data networks inside IP Packets.A generic Voice Adaptor (VA) converts analog voice signals from the normal telephone to an IP Packets and sends it over the internet from a home dsl line.

VoIP PacketIP UDP RTP Digital Voice Bits

A single VoIP call that passes over a WAN typically takes less than 30 kbps of bandwidth, but it has several other QoS demands on the network before the VoIP traffic will sound good…

Low Delay : VoIP requires a very low delay between sending phone and the receiving phone – typically less than 200 milliseconds (.2 seconds). This is much lower delay than what is required by a typical data application.

Lower Jitter : Jitter is the variation in delay. VoIP requires very low jitter as well, where as data applications can tolerate much higher jitter. For example the jitter for consecutive VoIP packets should not exceed 30 milliseconds (.03 seconds), or the quality degrades.

49

Loss : If a VoIP packet is lost during transmission, no attempt is made to recover the packet, as it will be useless by the time it is recovered because of the Delay and Jitter issues. Lost packets can sound like a break in the sound of the VoIP call.

Video over IP requires a lot more bandwidth in the range of 300-400 kbps to 3-10 Mbps per video.

Type of Applcation Bandwidth Delay Jitter LossVoIP Low Low Low LowTwo-way Video over IP (such as videoconfernceing)

Medium/High Low Low Low

One-way Video over IP (security camera)

Medium Medium Medium Low

Interactive Mission Critical data(web based payroll)

Medium Medium High High

Interactive Business Data(online chat with a co-worker)

Low/medium Medium High High

File Transfer(Backing up disk drive)

High High High High

Non Business(Browsing)

Medium High High High

To support QoS requirements of various applications, routers and switches can be configured with a wide variety of QoS tools.

50

The World Wide Web, HTTP and SSL.

DNS resolution and requesting a web page

Client PC64.100.1.1

2. dns name resolution request

3. dns name resolution reply

4. TCP Connection Setup

DNS Server192.31.7.1

Www.cisco.com Web Server

198.133.219 .25

1. Type URL http://www.cisco.com/go/prepcentreIP Header

Source 64.100.1.1Dest. 192.31.7.1

UDP HeaderSource port 1030

Dest. Port 53

DNS requestWhat is ip address of www.cisco.com

IP HeaderSource 192 .31.7.1Dest. 64.100 .1.1

UDP HeaderSource port 53Dest. Port 1030

IP Address is198.133.219.25

IP HeaderSource 64.100.1.1

Dest. 198.133.219.25

TCP HeaderSource port 1035

Dest. Port 80 SYN

Multiple HTTP get requests/responses

Www.cisco.com Web browserClient

HTTP GET (/go/ccna)User typed

Http://www.cisco.com/go/ccna

HTTP OK data: /go/ccna

HTTP GET /graphics/logo1.gif

HTTP OK data: log1.gif

HTTP GET /graphics/ad1.gif

HTTP OK data: ad1.gif

51

Network Security

Firewalls : Firewalls are mainly the best known security appliances, sitting between enterprise network and the dark cold internet. The firewall mainly looks at the transport layer port numbers and the application layer headers to prevent certain port and applications from getting packets into the enterprise.

Kind of security attacks…

Denial of service attacks : An attack whose purpose is to break things DoS attacks called Destroyers try to harm the hosts, erasing data and software. DoS attacks called Crashers cause harm by causing hosts to fail or causing the machine to no longer be able to connect to the network. Also DoS attacks called Flooders , flood the network with packets making the network unusable, preventing any useful communication with the server.

Reconnaissance attacks : This kind of attack may be disruptive as a side effect, but its goal is gathering information to perform an access attack. An example is learning IP address and then try to discover servers, that does not appear to require encryption to connect to the server.

Access Attacks : An attempt to steal data, typically for financial advantage, for a competitive advantage with another company, or even for international espionage.

Computer Viruses are just one tool that can be used to carry out any of these attacks.Virus Signature : Characteristics of viruses

Common Security Issues in an Enterprise

Access from the Wireless LAN : Wireless radio signals might leave the building, so an unsecured wireless LAN allows the user across the street in a coffee shop to access the enterprise network and rest of the devices in the enterprise network.

Infected Mobile Laptops : An employee connected an infected (from home) laptop to the enterprise network, causing the virus to spread to other vulnerable PCs.

Disgruntled Employees : An employee (who is planning to move to a new company) stealing the information from the network into portable devices.

Cisco uses the term Security in Depth to refer to a security design that includes security tools throughout the network, including features in routers and switches. Cisco also uses the term “Self Defending Network” to refer to automation in which network devices automatically react to network problems.

52

Network Admission Control (NAC) is a security tool, it prevents a computer from connecting to LAN until its virus definitions are updated, and with a requirement for a recent full virus scan, it also requires username and password before being able to send data in the LAN.

Tools used for an attack other than Viruses.

Scanners : sends connection requests to different TCP and UPD ports for different applications

Spyware : a virus that looks for private and sensitive information

Worm : A self propagating program that can replicate itself often casing DoS attacks on server and enterprise networks

Keystroke Logger : a virus that logs all keystrokes, or possibly just keystrokes from when secured sites are accessed.

Phishing : attackers sets up illegitimate website that looks like a bank or credit card company website, sends out emails with URL can tries to get sensitive information from the users.

Malware : refers to broad class of malicious viruses, including spyware.

Tools for In depth Security

Firewalls and Cisco Adaptive Security Appliance (ASA)

Firewall determines the allowed traffic versus the disallowed traffic based on their destination and source IP address, TCP and UDP port numbers, and application layer headers.

Demilitarized Zone (DMZ) LAN is a place to put devices that needs to be accessible from internet in an enterprise network.

Two allowed and one disallowed traffic in a network with a firewall….

1. A web client in side the network sending packets to a web server out side (internet)2. Allow web client outside (internet) send packets to web server in the DMZ 3. Disallow web client outside sending packets to web server in side the secured

network

Cisco Firewall were generally called PIX firewalls, but the newer models are called ASA.

53

Anti-x : The term Anti-x refers to the whole class of security tools to prevent various security problems, including the following…

Anti-virus, Anti-spyware, Anti-spam, Anti-phishing, URL filtering and EMAIL filtering.

Intrusion Detention System: IDS tools typically receive a copy of the packet through a monitoring port, IDS then rate and report on potential threats, and requests firewall or routers to take any preventative actions.

Intrusion Prevention System: The IPS tool often sit in the packets forwarding path, giving IPS the capability to perform the same functions as the IDS, but also to react and filter the traffic.

VPN

VPN makes the communication over the internet secure like a private leased line. VPNs authenticate VPN end points, meaning both the end points can be sure that the other end point of the VPN connection is legitimate. Additionally VPN uses encryption of the IP packets.

Two types of VPNs : Access VPN and sit-to-site intranet VPNs, Access VPNs support a home or small office user, with the remote office’s PC typically encrypting the packets.

Definitions

Anti-x : A term used by Cisco to refer to a variety of security tools, that help prevent various attacks, including anti-virus, anti-phishing and anti-spam.

Connection Establishment : The process by which a connection oriented protocol creates a connection. With TCP a connection is established by a three-way transmission of TCP segments.

Denial of Service (DoS) : A type of attack whose goal is to cause problems by preventing legitimate users from being able to access network services, thereby preventing the normal operation of the computers and the network.

Error detection : The process of discovering whether or not the data link frame was changed during transmission. The process typically uses Frame Check Sequence (FCS) field in the data link trailer.

Error Recovery : is the process of noticing when some transmitted data was not successfully received, and re-sending data until it is successfully received.

54

Firewall : a device that forwards data packets between a less secure and more secure parts of the network, applying rules that determine which packets are allowed to pass, and which are not.

Flow Control : The process of regulating the amount of data sent by a sending computer towards a receiving computer. Several flow control mechanisms exists including TCP flow control which uses Windowing.

Forward Acknowledgment : A process that used by protocols that uses error recovery in which the number that acknowledges the data, lists the next data that should be sent, not the last data that was successfully received.

HTTP : Hypertext Transfer Protocol, a protocol. A protocol used by web browsers and web servers to transfer files, such as text and graphic files.

Intrusion Detection System (IDS) : A security function that examines more complex traffic patterns against a list of both known attack signatures, and general characteristics of how an attack may be carried out, rating each perceived threat and reporting on each threat.

Intrusion Prevention System (IPS) : A security function that examines more complex traffic patterns against a list of both known attack signatures, and general characteristics of how an attack may be carried out, rating each perceived threat and reacting to prevent the more significant threats.

Ordered Data Transfer: A networking function included in the TCP, in which the protocol defines how a sending host should number the data transmitted, defines how a receiving device should re-order the data if it arrives out of sequence, and specifies to discard the data if it cannot be delivered in order.

Port : In TCP and UDP a number that is uniquely used to identify an application process that either sent (source port) or should receive (destination port) data. In LAN switching another term for switch interface.

Positive Acknowledgment and re-transmission (PAR): A generic reference to how error recovery works in most protocols including TCP, in which the receiver must send an acknowledgement that either implies that the data was (positive) received, or send an acknowledgment that implies that some data was lost, so the sender can resend the lost data.

Segment: In TCP a term used to describe TCP header and its encapsulated data, also called L4PDU. Also in TCP the process of accepting large chunk of data from the application layer and breaking it into smaller pieces that fit into a TCP segment. In Ethernet a segment is either a single Ethernet cable, or a single collision domain.

55

Sliding windows: For a protocol such as TCP, that allow the receiving device to dictate the amount of data the sender can send before receiving an acknowledgment – a concept called window – a reference to the fact that mechanism to grant future window is typically just a number that grows up words slowly after each acknowledgment, sliding up word.

URL : Universal Resource Locator. A standard for referring to any piece of information retrievable via a TCP/IP network. Eg. http://www.cisco.com/univercd is a URL that defines HTTP as the protocol, host name www.cisco.com and /univercd as the web page.

Virtual Private Network (VPN): The process of securing communication between two devices whose packets pass over some unsecured public network, typically the internet.VPN encrypt the packets so that the communication is private, and authenticate the identity of the end points.

VoIP : Voice over IP, the transport of voice traffic inside IP packets over an IP network.

Web server: Software that runs on some computer, that stores web pages, and sends those web pages to web clients on request.


56

http://www.cisco.com/

http://www.cisco.com/univercd

CCENT Notes Part-1

Documents

network application

application layer data

transport layer data

physical layer

presentation layer

datalink layer

application layer header

particular layer