ROUTING
A PROJECT REPORT SUBMITTED IN PARTIAL FULFILL MENT OF THE
REQUIREMENT FOR THE AWARD OF THREE YEAR DIPLOMAINComputer
Engineering
AMBEDKAR POLYTECHNICGOVERNMENT OF NCT OF DELHIBOARD OF TRAINING
AND TECHNICAL EDUCATIONDELHI: - 110092SESSION: 2012-2015
UNDER SUPERVISION OFSUBMITTED BY:Sh. H.S BhatiaPratiyush
Juyal(HOD OF C.E)BTE Roll No: - 325242
CERTIFICATE
This is to certify that ABHISHEK JHA, B.T.E. Roll No: 335265
student of Computer Engg. Third year (6th Semester), of Ambedkar
Polytechnic, Shakarpur worked on project OFFICE MANAGEMENT SYSTEM
From Dec 2014 to Feb 2015.He was regular in his work and devoted
around 10 Weeks for the project including analysis and design. He
has completed the project satisfactorily.This project has not been
submitted to any other university or institution for the award of
any degree.
Project GuideMr. H.S. Bhatia (HOD OF C.E)
ACKNOWLEDGEMENT
I take this opportunity to express my gratitude to my Project
Guide, Mr. DINESH GULATI for his unwavering encouragement and
support throughout this endeavor. His insight and expertise in this
field motivated and supported me during the duration of this
project. It is my privilege and honor to have worked under his
supervision. His invaluable guidance and helpful discussion in
every stage of this project really helped me in materialized this
project. Without his constructive direction and invaluable advice,
this work would not have been completed.I would also like to take
this opportunity to present my sincere regards to Mr. H.S Bhatia,
Head of the department (Computer Engineering) Ambedkar Polytechnic
Delhi: -110092, for the support provided by him during the entire
duration of diploma course and especially for this thesis. My
gratitude is also extended to all teaching and non-teaching staff
for their un- wavering encouragement and support in my pursuit for
academics.
ABHISHEK JHABTE ROLL NO: 335265AMBEDKAR POLYTECHNIC
ABSTRACT
TheAutomated Teller Machine ATM Banking Systemis a banking
application developed to perform different banking services through
the Automated Teller Machines. The all functions include the
regular transactions like cash deposits, cash withdrawals, balance
enquiry, balance statements, savings account, and current account;
change PIN Number, Credit card Withdrawals and so on. The
application design maintains the information of the accounts of
various customers including the information of the ATM cards, their
types Credit cards, Debit Cards and the transactions done by the
customers through the ATM machine centers with co-relation of the
Banking Services.The stored details also include the information of
the various centers in and around the ATM services, which help in
the relational maintenance of every transaction in the ATM Machine
by the customers with their concerned branch operations.
SELF DECLARATION OF STUDENT
This project is submitted as partial fulfillment of the
requirement of DIPLOMA IN COMPUTER ENGINEERING of AMBEDKAR
POLYTECHNIC SHAKARPUR NEW DELHI:-110092 affiliated to BTE DELHI,
under the guidance of Mr. H.S Bhatia, Head of Computer Engineering
Department, AMBEDKAR POLYTECHNIC, Shakarpur Delhi:-110092.I hereby
declare that present project report on OFFICE MANAGEMENT SYSTEM is
partially original and a bona fine work done by me and wherever the
matter has been replicated with or without modification the same
has been specially mentioned with the reasons for its usage.
ABHISHEK JHA BTE Roll No. 335265Computer EngineeringFinal Year
(2015)
PROJECT OVERVIEW
The basics of routing protocols. The differences between
link-state and distance vector routing protocols. The metrics used
by routing protocols to determine path selection. EIGRP Router
security Router backup
SOFTWARE AND HARDWARE REQUIREMENT
SOFTWARE REQUIREMENT:
OPERATING SYSTEM: MICROSOFT WINDOWS XP, VISTA,7,8.
SOFTWARE USED: CISCO PACKET TRACER.
HARDWARE REQURIMENT:
RAM: DDR2 1 GB
HARD DISK: 50GB
PROCESSOR: 1 GHZ
Software Description
CiscoPacket Traceris a network simulation program that allows
students to experiment with network behavior and ask what if
questions. As an integral part of the Networking Academy
comprehensive learning experience, Packet Tracer provides
simulation, visualization, authoring, assessment, and collaboration
capabilities and facilitates the teaching and learning of complex
technology concepts.Packet Tracer featuresA. The current version of
Packet Tracer supports an array of simulatedApplication Layer
protocols, as well as basic routing withRIP,OSPF, andEIGRP, to the
extents required by the currentCCNAcurriculum. While Packet Tracer
aims to provide a realistic simulation of functional networks, the
application itself utilizes only a small number of features found
within the actual hardware running a currentCisco IOSversion. Thus,
Packet Tracer is unsuitable for modeling production networks. With
the introduction of version 5.3, several new features were added,
includingBGP. BGP is not part of the CCNA curriculum, but part of
theCCNPcurriculum.
Packet Tracer 6.1.1 - New featuresStudent Version &
Instructor Version Now there are 2 versions of Packet
Tracer.Protocol ImprovementsPacket Tracer now models these new or
improved features: Netflow Zone-Based Policy Firewall for IPv6 AAA
Accounting Commands IPv6 CEF IPv6 IPSEC IPv6 over IPv4 GRE Tunnel
Protection Etherchannel Expansion (Layer 3) IOS 15 [15.0.2-SE4(ED)]
image support for 2960 OSPF - OSPFv3 Enhancements1. OSPF distance
command2. "ipv6 ospf neighbor [ipv6-add]" interface subcommand3.
"neighbor router-id" command4. "area [area] range" command5. ip
ospf network point-to-point (loopback interface only)6. "auto-cost
reference-bandwidth" EIGRP - EIGRPv6 Enhancements1. EIGRP distance
command2. "debug ip eigrp summary" commands3. EIGRPv6 across FR4.
EIGRP authentication commands RIP - RIPng Enhancements1.
Default-information originate for RIPng2. RIP distance command
update DHCP Enhancements1. DHCP for IPv62. show and clear ip dhcp
conflict3. DHCP snooping commands4. IPv4 Automatic Private IP
Addressing (APIPA)5. ipv6config /renew and /release on PC6. DHCPv6
commands for IOS 157. NDv6 Show Commands1. show ip route2. Show
ip/ipv6 route summary Simulation Mode1. Filter based on IPv4 and
IPv6 traffic2. Update PDU index in the PDU Window3. Expanded buffer
for PDUs.Packet Tracer 6.0 - New features IOS 15 HWIC-2T and
HWIC-8A modules 3 new cisco routers (Cisco 1941, Cisco 2901, Cisco
2911) HSRP support Activity Wizard and Variable Manager improvement
BGP configurations
Use in educationPacket Tracer is commonly used by Cisco
Networking Academy students working towards Cisco Certified Network
Associate (CCNA) certification. Due to functional limitations, it
is intended by Cisco to be used only as a learning aid, not a
replacement for Ciscoroutersandswitches. Packet Tracer can be used
to understand various concepts of networking with simulation, It
can be used to design a network by connecting various networking
devices and running various troubleshooting tests to check the
connectivity and communication between different networking
devices. Packet Tracer can be used to understand the use of
different networking devices appropriately and the difference in
their working. As it is costly to buy various networking equipment
while learning networking, Packet Tracer can be used to understand
computer networks.
Routing BasicsThis chapter introduces the underlying concepts
widely used in routing protocols. Topics summarized here include
routing protocol components and algorithms. In addition, the role
of routing protocols is briefly contrasted with the role of routed
or network protocols. Subsequent chapters in Part VII, "Routing
Protocols," address specific routing protocols in more detail,
while the network protocols that use routing protocols are
discussed in Part VI, "Network Protocols." What Is Routing? Routing
is the act of moving information across an internetwork from a
source to a destination. Along the way, at least one intermediate
node typically is encountered. Routing is often contrasted with
bridging, which might seem to accomplish precisely the same thing
to the casual observer. The primary difference between the two is
that bridging occurs at Layer 2 (the link layer) of the OSI
reference model, whereas routing occurs at Layer 3 (the network
layer). This distinction provides routing and bridging with
different information to use in the process of moving information
from source to destination, so the two functions accomplish their
tasks in different ways. The topic of routing has been covered in
computer science literature for more than two decades, but routing
achieved commercial popularity as late as the mid-1980s. The
primary reason for this time lag is that networks in the 1970s were
simple, homogeneous environments. Only relatively recently has
large-scale internetworking has become popular.Routing Components
Routing involves two basic activities: determining optimal routing
paths and transporting information groups (typically called
packets) through an internetwork. In the context of the routing
process, the latter of these is referred to as packet switching.
Although packet switching is relatively straightforward, path
determination can be very complex.
Path Determination Routing protocols use metrics to evaluate
what path will be the best for a packet to travel. A metric is a
standard of measurement, such as path bandwidth, that is used by
routing algorithms to determine the optimal path to a destination.
To aid the process of path determination, routing algorithms
initialize and maintain routing tables, which contain route
information. Route information varies depending on the routing
algorithm used. Routing algorithms fill routing tables with a
variety of information. Destination/next hop associations tell a
router that a particular destination can be reached optimally by
sending the packet to a particular router representing the "next
hop" on the way to the final destination. When a router receives an
incoming packet, it checks the destination address and attempts to
associate this address with a next hop.Design Goals Routing
algorithms often have one or more of the following design goals:
Optimality Simplicity and low overhead Robustness and stability
Rapid convergence Flexibility INTRODUCTION TO COMPUTER
NETWORKING:Computer networks were invented to connect computers
together to allow them to share resources such as files and
printers. Of course, networks have been around for quite some time.
Early network implementations were proprietary (because there was
nothing else). The networking capability was written into the
application (an accounting system for example), and the choice of
network protocol (communications software) and hardware was
hard-coded into the application package. But this created problems.
If the user or manufacturer wanted to change any of the networking
components, the core application had to be rewritten. When
networking really took off, it seemed that there was a protocol
flavor-of-the-month. Things were changing so fast that it became
impractical for application vendors to keep up. There had to be a
better way.In response to this problem, engineers developed the
open systems interconnect (OSI) layer model for networking. This
layered model allows the application (an accounting program,
editing application, etc.) to remain separate from the layers
below. This way, software protocols and hardware can be upgraded
without having to rewrite the overarching applications. The
application then interacts with the protocols through a software
interface called an application programming interface (API).
Standardization of the API allowed manufacturers to substitute
different technology at lower layers without having to overhaul
their applications.
Figure 1. Simplified layered model. .
The layered model in Figure 1 illustrates another fundamental
concept in networking. Note that the protocols are a separate layer
from the physical layer. This allows a given networking technology
such as Ethernet to be implemented over different physical media.
For example, users could implement Ethernet using unshielded
twisted pair (UTP) or optical fiber. In fact, these different
physical media types could be mixed within a network. The signals
riding on these different media types are Ethernet. The layered
approach to networking makes this possible.It also is possible to
select protocols independently from the physical hardware upon
which these protocols are transported. For example, both Ethernet
and Fiber Channel can be carried on fiber.There are many variations
of the OSI model. The most common has seven layers: physical, data
link, network, transport, session, presentation and application.
While it is not important to understand what all these layers do,
you should know that there are fundamental differences in how
network signals are moved, and that many of these differences
center on whether switching decisions are made at Layer 2 or Layer
3. It is not always possible to make a clear distinction between
the different layers. There are many excellent OSI model tutorials
available on the Internet.Network protocolsThe two dominant
networking technologies these days are Ethernet and Fiber Channel.
Ethernet, a packet-based networking technology, has by far the
largest technological deployment. Data from an application is sent
to the protocol layers. In these layers, the data is chopped up
into packets. Next, a destination address is put on the front of
the packet, and the packet is sent to the physical layer for
transportation on the network.
Figure 2. Simplified Ethernet packet.
Figure 2 shows a simplified Ethernet packet. Thousands of these
potential Ethernet packets are generated by a computer each second
and shipped across the network, each packet traveling
independently. The address on the packet allows the network to
route the packet to its destination. The protocol layer at the
destination computer is responsible for reassembling the packets in
the proper order and presenting the application with the original
data.Ethernet is used ubiquitously both for intranets (networks
that are local to a given facility), and on the Internet. The
Internet (capital I) is comprised of a large number of networks and
switching technology that allows computers to send data across the
country or around the world. While the switching and scope of these
networks is vastly different from that of an intranet, the basic
Ethernet packet remains unchanged. In fact, usually the same
Ethernet packet travels across a local intranet, through a gateway
computer and on to the Internet.
There are many different Ethernet topologies. Topology refers to
how computers in the network are connected together. The most
common topology is called hub-and-spoke, in which each computer has
a single, dedicated Ethernet connection to a central Ethernet
switch. Computer A is transferring files to Computer B it can do
this at full speed while Computer C is transferring files to
Computer D.A star network is easy to build and troubleshoot, and it
can provide high bandwidth to the desktop if it is designed
properly. But there are caveats. To get the maximum bandwidth
between devices connected to the network, the switch itself must
have the capacity to operate at double the bandwidth of the
individual connections to the computers. In our example, if this is
a 100Mb/s network, the switch must have at least 200Mb/s of
available bandwidth.Fiber Channel is a computer network that is
frequently confused with Ethernet. They are two separate and
incompatible technologies created to solve different problems. The
confusion arises because they both can run on the same physical
network. It looks as if you can just plug a Fiber Channel cable
into an Ethernet fiber switch. But this will not work. The two
networks use fundamentally different protocols or language to talk,
and they come from different origins. Fiber Channel was created to
connect computers to disk drives. In the early days of computing,
there were strict limits on how far the disk drive could be
physically located from the computer itself. Remember, CPUs sat in
one box, and storage sat in another box. As computers got faster,
they needed faster connections to the disk drives that served them.
Parallel connections to drives became the norm. But this too
reached a practical limit as the lengths of parallel cables started
to give rise to termination problems, RF crosstalk, and poor
frequency response. Computer designers needed a cable extender for
disk drives that could be easily supported on existing systems. At
this time, the Small Computer System Interface, or SCSI, was being
used for many high-performance drives. Network engineers went to
work designing a computer network that could transport SCSI
commands. They came up with Fiber Channel a network that
established virtual connections between devices, allowing the
robust transmission of SCSI commands across virtually unlimited
distances. Now, Fiber Channel is the predominant local network in
use for the connection of high-speed peripherals to
computers.CLASSIFICATION OF NETWORKING TECHNOLOGY:There are about
eight types of network which are used worldwide these days, both in
houses and commercially. These networks are used on the bases of
their scale and scope, historical reasons, preferences for
networking industries, and their design and implementation issues.
LAN and WAN are mostly known and used widely. LAN, local area
network was first invented for communication between two computers.
LAN operates through cables and network cards. Later WLAN, Wireless
local area network was formed through LAN concept, there are no
wires involved in communication between computers, and Wireless LAN
cards are required to connect to wireless network. LAN is the
original network out of which other networks are formed according
to requirements. They are as follow.LAN - Local Area Network WLAN -
Wireless Local Area Network WAN - Wide Area Network MAN -
Metropolitan Area Network SAN - Storage Area Network, It can also
refer with names like System Area Network, Server Area Network, or
sometimes Small Area Network CAN - Campus Area Network, Controller
Area Network, and often Cluster Area Network PAN - Personal Area
Network DAN - Desk Area Network LAN - Local Area Network LAN
connects networking devices with in short spam of area, i.e. small
offices, home, internet cafes etc. LAN uses TCP/IP network protocol
for communication between computers. It is often but not always
implemented as a single IP subnet. Since LAN is operated in short
area so it can be control and administrate by single person or
organization.WAN - Wide Area NetworkAs word Wide implies, WAN, wide
area network cover large distance for communication between
computers. The Internet itself is the biggest example of Wide area
network, WAN, which is covering the entire earth. WAN is
distributed collection of geographically LANs. A network connecting
device router connects LANs to WANs. WAN used network protocols
like ATM, X.25, and Frame Relay for long distance
connectivity.Wireless - Local Area Network A LAN, local area
network based on wireless network technology mostly referred as
Wi-Fi. Unlike LAN, in WLAN no wires are used, but radio signals are
the medium for communication. Wireless network cards are required
to be installed in the systems for accessing any wireless network
around. Mostly wireless cards connect to wireless routers for
communication among computers or accessing WAN, internet.MAN -
Metropolitan Area NetworkThis kind of network is not mostly used
but it has its own importance for some government bodies and
organizations on larger scale. MAN, metropolitan area network falls
in middle of LAN and WAN, It covers large span of physical area
than LAN but smaller than WAN, such as a city.CAN - Campus Area
NetworkNetworking spanning with multiple LANs but smaller than a
Metropolitan area network, MAN. This kind of network mostly used in
relatively large universities or local business offices and
buildings.SAN - Storage Area NetworkSAM technology is used for data
storage and it has no use for most of the organization but data
oriented organizations. Storage area network connects servers to
data storage devices by using Fiber channel technology. SAN -
System Area NetworkSAN, system area networks are also known as
cluster area network and it connects high performance computers
with high speed connections in cluster configurationNETWORK
ARCHITECTURE PLANNING:Network DesignThe experienced Tellabs
engineering staff, combined with world class Tools and processes,
offers end-to-end design expertise and helps to Eliminate costly
errors and redesigns. Utilizing the high-level design Produced in
the Network Architecture Service, Tellabs senior Engineers develop
a complete, implementation-ready engineering Design package
documenting the configuration parameters for Tell labs equipment at
specific sites. By partnering with Tellabs for your detailed
network design, you are able to take advantage of our expert
resources and produce a comprehensive design solution that achieves
your objectives while utilizing knowledge from past implementations
and industry Best practices. The Engineering Design Package
includes: Detailed fiber maps Detailed ring diagrams Fiber
characterization reports Optical power budgets Equipment elevations
Naming conventions (site names, node names, circuit IDs) IP
addressing for network management applications System installation
requirements System integration requirements Transponder placement
and configuration data Wavelength cross-connect and configuration
data L2 or L3 traffic parameters Detailed Network Management System
(NMS) information Progress reports and project documentation
Architecture and Design Services Portfolio
NETWORK ARCHITECTURE SERVICES:Network topology, traffic and
capacity patternsNetwork implementation outlineOutline of the
business and operational implicationsManagement reporting
packagesNetwork Design ServiceSystem commissioning dataDetailed
equipment lists and naming conventionsSystem installation
requirementsSystem integration requirementsAchieve Your
ObjectivesACHIEVE YOUR OBJECTIVES:Minimize cost of ownership
Maximize returns with minimalInvestmentsAccelerate time-to-market
Bypass the learning curve and speed up your ability to generate
revenueSustain competitive advantage ensure a cost-effective
foundation for daily operations that delivers superior performance
and intelligent growth.
FUNDAMENTALS OF INTERNETWIOKING:What Is an Internetwork?An
internetwork is a collection of individual networks, connected by
intermediate networking devices, that functions as a single large
network. Internetworking refers to the industry, products, and
procedures that meet the challenge of creating and administering
internetworks. Figure 1-1 illustrates some different kinds of
network technologies that can be interconnected by routers and
other networking devices to create an internetwork.Internetworking
ChallengesImplementing a functional internetwork is no simple task.
Many challenges must be faced, especially in the areas of
connectivity, reliability, network management, and flexibility.
Each area is key in establishing an efficient and effective
internetwork. The challenge when connecting various systems is to
support communication among disparate technologies. Different
sites, for example, may use different types of media operating at
varying speeds, or may even include different types of systems that
need to communicate. Because companies rely heavily on data
communication, internetworks must provide a certain level of
reliability. This is an unpredictable world; so many large
internetworks include redundancy to allow for communication even
when problems occur. Furthermore, network management must provide
centralized support and troubleshooting capabilities in an
internetwork. Configuration, security, performance, and other
issues must be adequately addressed for the internetwork to
function smoothly. Security within an internetwork is essential.
Many people think of network security from the perspective of
protecting the private network from outside attacks. However, it is
just as important to protect the network from internal attacks,
especially because most security breaches come from inside.
Networks must also be secured so that the internal network cannot
be used as a tool to attack other external sites. Early in the year
2000, many major web sites were the victims of distributed denial
of service (DDOS) attacks. These attacks were possible because a
great number of private networks currently connected with the
Internet were not properly secured. These private networks were
used as tools for the attackers.
Internetworking ChallengesImplementing a functional internetwork
is no simple task. Many challenges must be faced, especially in the
areas of connectivity, reliability, network management, and
flexibility. Each area is key in establishing an efficient and
effective internetwork. The challenge when connecting various
systems is to support communication among disparate technologies.
Different sites, for example, may use different types of media
operating at varying speeds, or may even include different types of
systems that need to communicate. Because companies rely heavily on
data communication, internetworks must provide a certain level of
reliability. This is an unpredictable world so many large
internetworks include redundancy to allow for communication even
when problems occur. Furthermore, network management must provide
centralized support and troubleshooting capabilities in an
internetwork. Configuration, security, performance, and other
issues must be adequately addressed for the internetwork to
function smoothly. Security within an internetwork is essential.
Many people think of network security from the perspective of
protecting the private network from outside attacks. However, it is
just as important to protect the network from internal attacks,
especially because most security breaches come from inside.
Networks must also be secured so that the internal network cannot
be used as a tool to attack other external sites. Early in the year
2000, many major web sites were the victims of distributed denial
of service (DDOS) attacks. These attacks were possible because a
great number of private networks currently connected with the
Internet were not properly secured. These private networks were
used as tools for the attackers. Because nothing in this world is
stagnant, internetworks must be flexible enough to change with new
demands.
Figure 1-1 Different Network Technologies Can Be Connected to
Create an Internetwork.
Open System Interconnection Reference Model.The Open System
Interconnection (OSI) reference model describes how information
from a software application in one computer moves through a network
medium to a software application in another computer. The OSI
reference model is a conceptual model composed of seven layers,
each specifying particular network functions. The model was
developed by the International Organization for Standardization
(ISO) in 1984, and it is now considered the primary architectural
model for intercomputer communications. The OSI model divides the
tasks involved with moving information between networked computers
into seven smaller, more manageable task groups. A task or group of
tasks is then assigned to each of the seven OSI layers. Each layer
is reasonably self-contained so that the tasks assigned to each
layer can be implemented independently. This enables the solutions
offered by one layer to be updated without adversely affecting the
other layers. The following list details the seven layers of the
Open System Interconnection (OSI) reference model:1. Layer
7Application2. Layer 6Presentation3. Layer 5Session4. Layer
4Transport5. Layer 3Network6. Layer 2Data link7. Layer
1Physical
Characteristics of the OSI LayersThe seven layers of the OSI
reference model can be divided into two categories: upper layers
and lower layers. The upper layers of the OSI model deal with
application issues and generally are implemented only in software.
The highest layer, the application layer, is closest to the end
user. Both users and application layer processes interact with
software applications that contain a communications component. The
term upper layer is sometimes used to refer to any layer above
another layer in the OSI model. The lower layers of the OSI model
handle data transport issues. The physical layer and the data link
layer are implemented in hardware and software. The lowest layer,
the physical layer, is closest to the physical network medium (the
network cabling, for example) and is responsible for actually
placing information on the medium.Figure 1-3 illustrates the
division between the upper and lower OSI layers.
Protocols:The OSI model provides a conceptual framework for
communication between computers, but the model itself is not a
method of communication. Actual communication is made possible by
using communication protocols. In the context of data networking, a
protocol is a formal set of rules and conventions that governs how
computers exchange information over a network medium. A protocol
implements the functions of one or more of the OSI layers.A wide
variety of communication protocols exist. Some of these protocols
include LAN protocols, WAN protocols, network protocols, and
routing protocols. LAN protocols operate at the physical and data
link layers of the OSI model and define communication over the
various LAN media. WAN protocols operate at the lowest three layers
of the OSI model and define communication over the various
wide-area media.Routing protocols are network layer protocols that
are responsible for exchanging information between routers so that
the routers can select the proper path for network traffic.
Finally, network protocols are the various upper-layer protocols
that exist in a given protocol suite. Many protocols rely on others
for operation. For example, many routing protocols use network
protocols to exchange information between routers. This concept of
building upon the layers already in existence is the foundation of
the OSI model.OSI Model and Communication Between
SystemsInformation being transferred from a software application in
one computer system to a software application in another must pass
through the OSI layers. For example, if a software application in
System A has information to transmit to a software application in
System B, the application program in System A will pass its
information to the application layer (Layer 7) of System A. The
application layer then passes the information to the presentation
layer (Layer 6), which relays the data to the session layer (Layer
5), and so on down to the physical layer (Layer 1). At the physical
layer, the information is placed on the physical network medium and
is sent across the medium to System B. The physical layer of System
B removes the information from the physical medium, and then its
physical layer passes the information up to the data link layer
(Layer 2), which passes it to the network layer (Layer 3), and so
on, until it reaches the application layer (Layer 7) of System B.
Finally, the application layer of System By passes the information
to the recipient application program to complete the communication
process.Interaction between OSI Model LayersA given layer in the
OSI model generally communicates with three other OSI layers: the
layer directly above it, the layer directly below it, and its peer
layer in other networked computer systems. The data link layer in
System A, for example, communicates with the network layer of
System A, the physical layer of System A, and the data link layer
in System B. Figure 1-4 illustrates this example.
OSI Model Layers and Information ExchangeThe seven OSI layers
use various forms of control information to communicate with their
peer layers in other computer systems. This control information
consists of specific requests and instructions that are exchanged
between peer OSI layers. Control information typically takes one of
two forms: headers and trailers. Headers are prepended to data that
has been passed down from upper layers. Trailers are appended to
data that has been passed down from upper layers. An OSI layer is
not required to attach a header or a trailer to data from upper
layers. Headers, trailers, and data are relative concepts,
depending on the layer that analyzes the information unit. At the
network layer, for example, an information unit consists of a Layer
3 header and data. At the data link layer, however, all the
information passed down by the network layer (the Layer 3 header
and the data) is treated as data. In other words, the data portion
of an information unit at a given OSI layer potentially can contain
headers, trailers, and data from all the higher layers. This is
known as encapsulation. Figure1-6 shows how the header and data
from one layer are encapsulated into the header of the next lowest
layer.
Information Exchange ProcessThe information exchange process
occurs between peer OSI layers. Each layer in the source system
adds control information to data, and each layer in the destination
system analyzes and removes the control information from that data.
If System A has data from a software application to send to System
B, the data is passed to the application layer. The application
layer in System A then communicates any control information
required by the application layer in System B by prepending a
header to the data. The resulting information unit (a header and
the data) is passed to the presentation layer, which prepends its
own header containing control information intended for the
presentation layer in System B. The information unit grows in size
as each layer prepends its own header (and, in some cases, a
trailer) that contains control information to be used by its peer
layer in System B. At the physical layer, the entire information
unit is placed onto the network medium. The physical layer in
System B receives the information unit and passes it to the data
link layer. The data link layer in System B then reads the control
information contained in the header prepended by the data link
layer in System A. The header is then removed, and the remainder of
the information unit is passed to the network layer. Each layer
performs the same actions: The layer reads the header from its peer
layer, strips it off, and passes the remaining information unit to
the next highest layer. After the application layer performs these
actions, the data is passed to the recipient software application
in System B, in exactly the form in which it was transmitted by the
application in System A.OSI Model Physical Layer:The physical layer
defines the electrical, mechanical, procedural, and functional
specifications for activating, maintaining, and deactivating the
physical link between communicating network systems. Physical layer
specifications define characteristics such as voltage levels,
timing of voltage changes, physical data rates, maximum
transmission distances, and physical connectors. Physical layer
implementations can be categorized as either LAN or WAN
specifications. Figure 1-7 illustrates some common LAN and WAN
physical layer implementations
OSI Model Data Link Layer: The data link layer provides reliable
transit of data across a physical network link. Different data link
layer specifications define different network and protocol
characteristics, including physical addressing, network topology,
error notification, sequencing of frames, and flow control.
Physical addressing (as opposed to network addressing) defines how
devices are addressed at the data link layer. Network topology
consists of the data link layer specifications that often define
how devices are to be physically connected, such as in a bus or a
ring topology. Error notification alerts upper-layer protocols that
a transmission error has occurred, and the sequencing of data
frames reorders frames that are transmitted out of sequence.
Finally, flow control moderates the transmission of data so that
the receiving device is not overwhelmed with more traffic than it
can handle at one time.The Institute of Electrical and Electronics
Engineers (IEEE) has subdivided the data link layer into two sub
layers: Logical Link Control (LLC) and Media Access Control (MAC).
Figure 1-8 illustrates the IEEE sub layers of the data link
layer.
The Logical Link Control (LLC) sub layer of the data link layer
manages communications between devices over a single link of a
network. LLC is defined in the IEEE 802.2 specification and
supports both connectionless and connection-oriented services used
by higher-layer protocols. IEEE 802.2 defines a number of fields in
data link layer frames that enable multiple higher-layer protocols
to share a single physical data link. OSI Model Network LayerThe
network layer defines the network address, which differs from the
MAC address. Some network layer implementations, such as the
Internet Protocol (IP), define network addresses in a way that
route selection can be determined systematically by comparing the
source network address with the destination network address and
applying the subnet mask. Because this layer defines the logical
network layout, routers can use this layer to determine how to
forward packets. Because of this, much of the design and
configuration work for internetworks happens at Layer 3, the
network layer.OSI Model Transport Layer: The transport layer
accepts data from the session layer and segments the data for
transport across the network. Generally, the transport layer is
responsible for making sure that the data is delivered error-free
and in the proper sequence. Flow control generally occurs at the
transport layer. Flow control manages data transmission between
devices so that the transmitting device does not send more data
than the receiving device can process. Multiplexing enables data
from several applications to be transmitted onto a single physical
link. Virtual circuits are established, maintained, and terminated
by the transport layer. Error checking involves creating various
mechanisms for detecting transmission errors, while error recovery
involves acting, such as requesting that data be retransmitted, to
resolve any errors that occur. The transport protocols used on the
Internet are TCP and UDP.OSI Model Session Layer: The session layer
establishes, manages, and terminates communication sessions.
Communication sessions consist of service requests and service
responses that occur between applications located in different
network devices. These requests and responses are coordinated by
protocols implemented at the session layer. Some examples of
session-layer implementations include Zone Information Protocol
(ZIP), the AppleTalk protocol that coordinates the name binding
process; and Session Control Protocol (SCP), the DECnet Phase IV
session layer protocol.OSI Model Presentation Layer: The
presentation layer provides a variety of coding and conversion
functions that are applied to application layer data. These
functions ensure that information sent from the application layer
of one system would be readable by the application layer of another
system. Some examples of presentation layer coding and conversion
schemes include common data representation formats, conversion of
character representation formats, common data compression schemes,
and common data encryption schemes. Common data representation
formats, or the use of standard image, sound, and video formats,
enable the interchange of application data between different types
of computer systems. Conversion schemes are used to exchange
information with systems by using different text and data
representations, such as EBCDIC and ASCII. Standard data
compression schemes enable data that is compressed at the source
device to be properly decompressed at the destination. Standard
data encryption schemes enable data encrypted at the source device
to be properly deciphered at the destination. Presentation layer
implementations are not typically associated with a particular
protocol stack. Some well-known standards for video include
QuickTime and Motion Picture Experts Group (MPEG).QuickTime is an
Apple Computer specification for video and audio, and MPEG is a
standard for video compression and coding. Among the well-known
graphic image formats are Graphics Interchange Format (GIF), Joint
Photographic Experts Group (JPEG), and Tagged Image File Format
(TIFF). GIF is a standard for compressing and coding graphic
images. JPEG is another compression and coding standard for graphic
images, and TIFF is a standard coding format for graphic images.OSI
Model Application Layer: The application layer is the OSI layer
closest to the end user, which means that both the OSI application
layer and the user interact directly with the software application.
This layer interacts with software applications that implement a
communicating component. Such application programs fall outside the
scope of the OSI model. Application layer functions typically
include identifying communication partners, determining resource
availability, and synchronizing communication. When identifying
communication partners, the application layer determines the
identity and availability of communication partners for an
application with data to transmit. When determining resource
availability, the application layer must decide whether sufficient
network resources for the requested communication exist. In
synchronizing communication, all communication between applications
requires cooperation that is managed by the application layer. Some
examples of application layer implementations include Telnet, File
Transfer Protocol (FTP), and Simple Mail Transfer Protocol
(SMTP).
Information Formats: The data and control information that is
transmitted through internetworks takes a variety of forms. The
terms used to refer to these information formats are not used
consistently in the internetworking industry but sometimes are used
interchangeably. Common information formats include frames,
packets, datagrams, segments, and messages, cells, and data units.
A frame is an information unit whose source and destination are
data link layer entities. A frame is composed of the data link
layer header (and possibly a trailer) and upper-layer data. The
header and trailer contain control information intended for the
data link layer entity in the destination system. Data from
upper-layer entities is encapsulated in the data link layer header
and trailer. Figure 1-9 illustrates the basic components of a data
link layer frame.
A packet is an information unit whose source and destination are
network layer entities. A packet is composed of the network layer
header (and possibly a trailer) and upper-layer data. The header
and trailer contain control information intended for the network
layer entity in the destination system. Data from upper-layer
entities is encapsulated in the network layer header and trailer.
Figure 1-10 illustrates the basic components of a network layer
packet.
The term datagram usually refers to an information unit whose
source and destination are network layer entities that use
connectionless network service. The term segment usually refers to
an information unit whose source and destination are transport
layer entities. A message is an information unit whose source and
destination entities exist above the network layer (often at the
application layer).A cell is an information unit of a fixed size
whose source and destination are data link layer entities. Cells
are used in switched environments, such as Asynchronous Transfer
Mode (ATM) and SwitchedMultimegabit Data Service (SMDS) networksA
cell is composed of the header and payload. The header contains
control information intended for the destination data link layer
entity and is typically 5 bytes long. The payload contains
upper-layer data that is encapsulated in the cell header and is
typically 48 bytes long. The length of the header and the payload
fields always are the same for each cell. Figure 1-11 depicts the
components of a typical cell.
Data unit is a generic term that refers to a variety of
information units. Some common data units are service data units
(SDUs), protocol data units, and bridge protocol data units
(BPDUs). SDUs are information units from upper-layer protocols that
define a service request to a lower-layer protocol. PDU is OSI
terminology for a packet. BPDUs are used by the spanning-tree
algorithm as hello messages.ISO Hierarchy of Networks: Large
networks typically are organized as hierarchies. A hierarchical
organization provides such advantages as ease of management,
flexibility, and a reduction in unnecessary traffic. Thus, the
International Organization for Standardization (ISO) has adopted a
number of terminology conventions for addressing network entities.
Key terms defined in this section include end system (ES),
intermediate system (IS), area, and autonomous system (AS). An ES
is a network device that does not perform routing or other traffic
forwarding functions. Typical ESs includes such devices as
terminals, personal computers, and printers. An IS is a network
device that performs routing or other traffic-forwarding functions.
Typical ISs include such devices as routers, switches, and bridges.
Two types of IS networks exist: intra domain IS and inter domain
IS. An intradomain IS communicates within a single autonomous
system, while an intradomain IS communicates within and between
autonomous systems. An area is a logical group of network segments
and their attached devices. Areas are subdivisions of autonomous
systems (ASs). An AS is a collection of networks under a common
administration that share a common routing strategy. Autonomous
systems are subdivided into areas, and an AS is sometimes called a
domain. Figure 1-12 illustrates a hierarchical network and its
components.
Connection-Oriented and Connectionless Network ServicesIn
general, transport protocols can be characterized as being either
connection-oriented or connectionless. Connection-oriented services
must first establish a connection with the desired service before
passing any data. A connectionless service can send the data
without any need to establish a connection first. In general,
connection-oriented services provide some level of delivery
guarantee, whereas connectionless services do not.
Connection-oriented service involves three phases: connection
establishment, data transfer, and connection termination.During
connection establishment, the end nodes may reserve resources for
the connection. The end nodes also may negotiate and establish
certain criteria for the transfer, such as a window size used inTCP
connections: This resource reservation is one of the things
exploited in some denial of service (DOS) attacks. An attacking
system will send many requests for establishing a connection but
then will never complete the connection. The attacked computer is
then left with resources allocated for many never-completed
connections. Then, when an end node tries to complete an actual
connection, there are not enough resources for the valid
connection. The data transfer phase occurs when the actual data is
transmitted over the connection. During data transfer, most
connection-oriented services will monitor for lost packets and
handle resending them. The protocol is generally also responsible
for putting the packets in the right sequence before passing the
data up the protocol stack. When the transfer of data is complete,
the end nodes terminate the connection and release resources
reserved for the connection. Connection-oriented network services
have more overhead than connectionless ones. Connection-oriented
services must negotiate a connection, transfer data, and tear down
the connection, whereas a connectionless transfer can simply send
the data without the added overhead of creating and tearing down a
connection. Each has its place in internetworks.
Internetwork AddressingInternetwork addresses identify devices
separately or as members of a group. Addressing schemes vary
depending on the protocol family and the OSI layer. Three types of
internetwork addresses are commonly used: data link layer
addresses, Media Access Control (MAC) addresses, and network layer
addresses.Data Link Layer AddressesA data link layer address
uniquely identifies each physical network connection of a network
device. Data-link addresses sometimes are referred to as physical
or hardware addresses. Data-link addresses usually exist within a
flat address space and have a pre-established and typically fixed
relationship to a specific device. End systems generally have only
one physical network connection and thus have only one data-link
address. Routers and other internetworking devices typically have
multiple physical network connections and therefore have multiple
data-link addresses. Figure 1-13 illustrates how each interface on
a device is uniquely identified by a data-link address.
MAC AddressesMedia Access Control (MAC) addresses consist of a
subset of data link layer addresses. MAC addresses identify network
entities in LANs that implement the IEEE MAC addresses of the data
link layer. As with most data-link addresses, MAC addresses are
unique for each LAN interface. Figure 1-14 illustrates the
relationship between MAC addresses, data-link addresses, and the
IEEE sub layers of the data link layer.
MAC addresses are 48 bits in length and are expressed as 12
hexadecimal digits. The first 6 hexadecimal digits, which are
administered by the IEEE, identify the manufacturer or vendor and
thus comprise the Organizationally Unique Identifier (OUI). The
last 6 hexadecimal digits comprise the interface serial number, or
another value administered by the specific vendor. MAC addresses
sometimes are called burned-in addresses (BIAs) because they are
burned into read-only memory (ROM) and are copied into
random-access memory (RAM) when the interface card initializes.
Figure 1-15 illustrates the
Mapping Addresses: Because internetworks generally use network
addresses to route traffic around the network, there is a need to
map network addresses to MAC addresses. When the network layer has
determined the destination stations network address, it must
forward the information over a physical network using a MAC
address. Different protocol suites use different methods to perform
this mapping, but the most popular is Address Resolution Protocol
(ARP). Different protocol suites use different methods for
determining the MAC address of a device. The following three
methods are used most often. Address Resolution Protocol (ARP) maps
network addresses to MAC addresses. The Hello protocol enables
network devices to learn the MAC addresses of other network
devices. MAC addresses either are embedded in the network layer
address or are generated by an algorithm. Address Resolution
Protocol (ARP) is the method used in the TCP/IP suite. When a
network device needs to send data to another device on the same
network, it knows the source and destination network addresses for
the data transfer. It must somehow map the destination address to a
MAC address before forwarding the data. First, the sending station
will check its ARP table to see if it has already discovered this
destination stations MAC address. If it has not, it will send a
broadcast on the network with the destination stations IP address
contained in the broadcast. Every station on the network receives
the broadcast and compares the embedded IP address to its own. Only
the station with the matching IP address replies to the sending
station with a packet containing the MAC address for the station.
The first station then adds this information to its ARP table for
future reference and proceeds to transfer the data. When the
destination device lies on a remote network, one beyond a router,
the process is the same except that the sending station sends the
ARP request for the MAC address of its default gateway. It then
forwards the information to that device. The default gateway will
then forward the information over whatever networks necessary to
deliver the packet to the network on which the destination device
resides. The router on the destination devices network then uses
ARP to obtain the MAC of the actual destination device and delivers
the packet.The Hello protocol is a network layer protocol that
enables network devices to identify one another and indicate that
they are still functional. When a new end system powers up, for
example, it broadcasts hello messages onto the network. Devices on
the network then return hello replies, and hello messages are also
sent at specific intervals to indicate that they are still
functional. Network devices can learn the MAC addresses of other
devices by examining Hello protocol packets. Three protocols use
predictable MAC addresses. In these protocol suites, MAC addresses
are predictable because the network layer either embeds the MAC
address in the network layer address or uses an algorithm to
determine the MAC address. The three protocols are Xerox Network
Systems (XNS), Novell Internetwork Packet Exchange (IPX), and DEC
net Phase IV.Network Layer Addresses: A network layer address
identifies an entity at the network layer of the OSI layers.
Network addresses usually exist within a hierarchical address space
and sometimes are called virtual or logical addresses. The
relationship between a network address and a device is logical and
unfixed; it typically is based either on physical network
characteristics (the device is on a particular network segment) or
on groupings that have no physical basis (the device is part of an
AppleTalk zone). End systems require one network layer address for
each network layer protocol that they support. (This assumes that
the device has only one physical network connection.) Routers and
other internetworking devices require one network layer address per
physical network connection for each network layer protocol
supported. For example, a router with three interfaces each running
AppleTalk, TCP/IP, and OSI must have three network layer addresses
for each interface. The router therefore has nine network layer
addresses. Figure 1-16 illustrates how each network interface must
be assigned a network address for each protocol supported.
Hierarchical versus Flat Address Space: Internetwork address
space typically takes one of two forms: hierarchical address space
or flat address space. A hierarchical address space is organized
into numerous subgroups, each successively narrowing an address
until it points to a single device (in a manner similar to street
addresses). A flat address space is organized into a single group
(in a manner similar to U.S. Social Security numbers).Hierarchical
addressing offers certain advantages over flat-addressing schemes.
Address sorting and recall is simplified using comparison
operations. For example, Ireland in a street address eliminates any
other country as a possible location. Figure 1-17 illustrates the
difference between hierarchical and flat address spaces.Address
Assignments: Addresses are assigned to devices as one of two types:
static and dynamic. Static addresses are assigned by a network
administrator according to a preconceived internetwork addressing
plan. A static address does not change until the network
administrator manually changes it. Dynamic addresses are obtained
by devices when they attach to a network, by means of some
protocol-specific process. A device using dynamic address often has
a different address each time that it connects to the network. Some
networks use a server to assign addresses. Server-assigned
addresses are recycled for reuse as devices disconnect. A device is
therefore likely to have a different address each time that it
connects to the network.Addresses versus Names: Internetwork
devices usually have both a name and an address associated with
them. Internetwork names typically are location-independent and
remain associated with a device wherever that device moves (for
example, from one building to another). Internetwork addresses
usually are location-dependent and change when a device is moved
(although MAC addresses are an exception to this rule). As with
network addresses being mapped to MAC addresses, names are usually
mapped to network addresses through some protocol. The Internet
uses Domain Name System (DNS) to map the name of a device to its IP
address. For example, its easier for you to remember www.cisco.com
instead of some IP address. Therefore, you type www.cisco.com into
your browser when you want to access Ciscos web site. Your computer
performs a DNS lookup of the IP address for Ciscos web server and
then communicates with it using the network address.
Standards Organizations:A wide variety of organizations
contribute to internetworking standards by providing forums for
discussion, turning informal discussion into formal specifications,
and proliferating specifications after they are standardized. Most
standards organizations create formal standards by using specific
processes: organizing ideas, discussing the approach, developing
draft standards, voting on all or certain aspects of the standards,
and then formally releasing the completed standard to the public.
Some of the best-known standards organizations that contribute to
internetworking standards include these: International Organization
for Standardization (ISO)ISO is an international standards
organization responsible for a wide range of standards, including
many that are relevant to networking. Its best-known contribution
is the development of the OSI reference model and the OSI protocol
suite. American National Standards Institute (ANSI)ANSI, which is
also a member of the ISO, is the coordinating body for voluntary
standards groups within the United States. ANSI developed the Fiber
Distributed Data Interface (FDDI) and other communications
standards. Electronic Industries Association (EIA)EIA specifies
electrical transmission standards, including those used in
networking. The EIA developed the widely used EIA/TIA-232 standard
(formerly known as RS-232). Institute of Electrical and Electronic
Engineers (IEEE)IEEE is a professional organization that defines
networking and other standards. The IEEE developed the widely used
LAN standardsIEEE 802.3 and IEEE 802.5 International
Telecommunication Union Telecommunication Standardization
Sector(ITU-T)Formerly called the Committee for International
Telegraph and Telephone (CCITT),ITU-T is now an international
organization that develops communication standards. The ITU-T
developed X.25 and other communications standards. Internet
Activities Board (IAB)IAB is a group of internetwork researchers
who discuss issues pertinent to the Internet and set Internet
policies through decisions and task forces.
NETWORK MANAGEMENTWhat Is Network Management?Network management
means different things to different people. In some cases, it
involves a solitary network consultant monitoring network activity
with an outdated protocol analyzer. In other cases, network
management involves a distributed database, auto polling of network
devices, and high-end workstations generating real-time graphical
views of network topology changes and traffic. In general, network
management is a service that employs a variety of tools,
applications, and devices to assist human network managers in
monitoring and maintaining networks.
A Historical PerspectiveThe early 1980s saw tremendous expansion
in the area of network deployment. As companies realized the cost
benefits and productivity gains created by network technology, they
began to add networks andexpand existing networks almost as rapidly
as new network technologies and products were introduced. By the
mid-1980s, certain companies were experiencing growing pains from
deploying many different (and sometimes incompatible) network
technologies.The problems associated with network expansion affect
both day-to-day network operation management and strategic network
growth planning. Each new network technology requires its own set
of experts. In the early 1980s, the staffing requirements alone for
managing large, heterogeneous networks created a crisis for many
organizations. An urgent need arose for automated network
management (including what is typically called network capacity
planning) integrated across diverse environments.Network Management
ArchitectureMost network management architectures use the same
basic structure and set of relationships. End Stations (managed
devices), such as computer systems and other network devices, run
software that enables them to send alerts when they recognize
problems (for example, when one or more User-determined thresholds
are exceeded) Upon receiving these alerts, management entities are
programmed to react by executing one, several, or a group of
actions, including operator notification, Event logging, system
shutdown, and automatic attempts at system repair. Management
entities also can poll end stations to check the values of certain
variables. Polling can be automatic or user-initiated, but agents
in the managed devices respond to all polls. Agents are software
modules that first compile information about the managed devices in
which they reside, then store this information in a management
database, and finally provide it (proactively or reactively) to
management Entities within network management systems (NMSs) via
network management protocol. Well-known network management
protocols include the Simple Network Management Protocol (SNMP) and
Common Management Information Protocol (CMIP). Management proxies
are entities that provide management information on behalf of other
entities. Figure 6-1 depicts typical network management
architecture.
Performance ManagementThe goal of performance management is to
measure and make available various aspects of network performance
so that internetwork performance can be maintained at an acceptable
level. Examples of Performance variables that might be provided
include network throughput, user response times, and line
utilization. Performance management involves three main steps.
First, performance data is gathered on variables of interest to
network administrators. Second, the data is analyzed to determine
normal (baseline) levels. Finally, appropriate performance
thresholds are determined for each important variable so that
exceeding these thresholds indicates a network problem worthy of
attention. Management entities continually monitor performance
variables. When a performance threshold is exceeded, an alert is
generated and sent to the network management system. Each of the
steps just described is part of the process to set up a reactive
system. When performance becomes unacceptable because of an
exceeded user-defined threshold, the system reacts by sending a
Message. Performance management also permits proactive methods: For
example, network simulation can be used to project how network
growth will affect performance metrics. Such simulation can alert
administrators to impending problems so that counteractive measures
can be taken.Configuration ManagementThe goal of configuration
management is to monitor network and system configuration
information so that the effects on network operation of various
versions of hardware and software elements can be tracked and
managed. Each network device has a variety of version information
associated with it. An engineering workstation, for example, may be
configured as follows: Operating system, Version 3.2 Ethernet
interface, Version 5.4 TCP/IP software, Version 2.0 NetWare
software, Version 4.1 NFS software, Version 5.1 Serial
communications controller, Version 1.1 X.25 software, Version 1.0
SNMP software, Version 3.1Configuration management subsystems store
this information in a database for easy access. When a problem
occurs, this database can be searched for clues that may help solve
the problem.Accounting ManagementThe goal of accounting management
is to measure network utilization parameters so that individual or
group uses on the network can be regulated appropriately. Such
regulation minimizes network problems (because network resources
can be apportioned based on resource capacities) and maximizes the
fairness of network access across all users. As with performance
management, the first step toward appropriate accounting management
is to measure utilization of all important network resources.
Analysis of the results provides insight into current usage
patterns, and usage quotas can be set at this point. Some
correction, of course, will be required to reach optimal access
practices. From this point, ongoing measurement of resource use can
yield billing information as well as information used to assess
continued fair and optimal resource utilization.Fault ManagementThe
goal of fault management is to detect, log, notify users of, and
(to the extent possible) automatically fix network problems to keep
the network running effectively. Because faults can cause downtime
or unacceptable network degradation, fault management is perhaps
the most widely implemented of the ISO network management elements.
Fault management involves first determining symptoms and isolating
the problem. Then the problem is fixed and the solution is tested
on all-important subsystems. Finally, the detection and resolution
of the problem is recorded.
Security ManagementThe goal of security management is to control
access to network resources according to local guidelines so that
the network cannot be sabotaged (intentionally or unintentionally)
and sensitive information cannot be accessed by those without
appropriate authorization. A security management subsystem, for
example, can monitor users logging on to a network resource and can
refuse access to those who enter inappropriate access codes.
Security management subsystems work by partitioning network
resources into authorized and unauthorized areas. For some users,
access to any network resource is inappropriate, mostly because
such users are usually company outsiders. For other (internal)
network users, access to information originating from a particular
department is inappropriate. Access to Human Resource files, for
example, is inappropriate for most users outside the Human
Resources department. Security management subsystems perform
several functions. They identify sensitive network resources
(including systems, files, and other entities) and determine
mappings between sensitive network resources and user sets. They
also monitor access points to sensitive network resources and log
inappropriate access to sensitive network resources.Internet
Protocol (IP)The Internet Protocol (IP) is a network-layer (Layer
3) protocol that contains addressing information and some control
information that enables packets to be routed. IP is documented in
RFC 791 and is the primary network-layer protocol in the Internet
protocol suite. Along with the Transmission Control Protocol (TCP),
IP represents the heart of the Internet protocols. IP has two
primary responsibilities: providing connectionless, best-effort
delivery of datagrams through an internetwork; and providing
fragmentation and reassembly of datagrams to support data links
with different maximum-transmission unit (MTU) sizes.The following
discussion describes the IP packet fields. Versionindicates the
version of IP currently used. IP Header Length (IHL)indicates the
datagram header length in 32-bit words. Type-of-ServiceSpecifies
how an upper-layer protocol would like a current datagram to be
handled, and assigns datagram various levels of importance. Total
Lengthspecifies the length, in bytes, of the entire IP packet,
including the data and header. Identificationcontains an integer
that identifies the current datagram. This field is used to help
piece together datagram fragments. Flagsconsist of a 3-bit field of
which the two low-order (least-significant) bits control
fragmentation. The low-order bit specifies whether the packet can
be fragmented. The middle bit specifies whether the packet is the
last fragment in a series of fragmented packets. The third
orHigh-order bit is not used. Fragment Offsetindicates the position
of the fragments data relative to the beginning of the data in the
original datagram, which allows the destination IP process to
properly reconstruct the original datagram. Time-to-Livemaintains a
counter that gradually decrements down to zero, at which point the
datagram is discarded. This keeps packets from looping endlessly.
ProtocolIndicates which upper-layer protocol receives incoming
packets after IP processing is complete. Header Checksumhelps
ensure IP header integrity. Source Addressspecifies the sending
node. Destination Addressspecifies the receiving node.
OptionsAllows IP to support various options, such as security.
DataContains upper-layer information.IP AddressingAs with any other
network-layer protocol, the IP addressing scheme is integral to the
process of routing IP datagram through an internetwork. Each IP
address has specific components and follows a basic format. These
IP addresses can be subdivided and used to create addresses for sub
networks, as discussed in more detail later in this chapter. Each
host on a TCP/IP network is assigned a unique 32-bit logical
address that is divided into two main parts: the network number and
the host number. The network number identifies a network and must
be assigned by the Internet Network Information Center (InterNIC)
if the network is to be part of the Internet. An Internet Service
Provider (ISP) can obtain blocks of network addresses from the
InterNIC and can itself assign address space as necessary. The host
number identifies a host on a network and is assigned by the local
network administrator
IP Address FormatThe 32-bit IP address is grouped eight bits at
a time, separated by dots, and represented in decimal format (known
as dotted decimal notation). Each bit in the octet has a binary
weight (128, 64, 32,16, 8, 4, 2, 1). The minimum value for an octet
is 0, and the maximum value for an octet is 255.
IP Address ClassesIP addressing supports five different address
classes: A, B,C, D, and E. Only classes A, B, and C are available
for commercial use. The left-most (high-order) bits indicate the
network class. Table 30-1 provides reference information about the
five IP address classes.
IP Subnet AddressingIP networks can be divided into smaller
networks called subnetworks (or subnets). Subnetting provides the
network administrator with several benefits, including extra
flexibility, more efficient use of network addresses, and the
capability to contain broadcast traffic (a broadcast will not cross
a router). Subnets are under local administration. As such, the
outside world sees an organization as a single network and has no
detailed knowledge of the organizations internal structure. A given
network address can be broken up into many subnetworks. For
example, 172.16.1.0, 172.16.2.0, 172.16.3.0, and 172.16.4.0 are all
subnets within network 171.16.0.0. (All 0s in the host portion of
an address specifies the entire network.)IP Subnet MaskA subnet
address is created by borrowing bits from the host field and
designating them as the subnet field. The number of borrowed bits
varies and is specified by the subnet mask. Subnet masks use the
same format and representation technique as IP addresses. The
subnet mask, however, has binary 1s in all bits specifying the
network and subnetwork fields, and binary 0s in all bits specifying
the host field. Subnet mask bits should come from the high-order
(left-most) bits of the host field, illustrates. Details of Class B
and C subnet mask types follow. Class A addresses are not discussed
in this chapter because they generally are subnetted on an 8-bit
boundary. Various types of subnet masks exist for Class B and C
subnets. The default subnet mask for a Class B address that has no
subnetting is 255.255.0.0, while the subnet mask for a Class B
address 171.16.0.0 that specifies eight bits of subnetting is
255.255.255.0. The reason for this is that eight bits of subnetting
or 28 2 (1 for the network address and 1 for the broadcast address)
= 254 subnets possible, with 28 2 = 254 hosts per subnet. The
subnet mask for a Class C address 192.168.2.0 that specifies five
bits of subnetting is 255.255.255.248.With five bits available for
subnetting, 25 2 = 30 subnets possible, with 23 2 = 6 hosts per
subnet. The reference charts shown in table 302 and table 303 can
be used when planning Class B and C networks to determine the
required number of subnets and hosts, and the appropriate subnet
mask.
How Subnet Masks are Used to Determine the Network NumberThe
router performs a set process to determine the network (or more
specifically, the subnetwork) address. First, the router extracts
the IP destination address from the incoming packet and retrieves
the internal subnet mask. It then performs a logical AND operation
to obtain the network number. This causes the host portion of the
IP destination address to be removed, while the destination network
number remains. The router then looks up the destination network
number and matches it with an outgoing interface. Finally, it
forwards the frame to the destination IP address. Specifics
regarding the logical AND operation are discussed in the following
section. Logical AND Operation Three basic rules govern logically
ANDing two binary numbers. First, 1 ANDed with 1 yield 1. Second, 1
ANDed with 0 yields 0. Finally, 0 ANDed with 0 yields 0. The truth
table provided in table 304 illustrates the rules for logical AND
operations
Two simple guidelines exist for remembering logical AND
operations: Logically ANDing a 1 with a 1 yields the original
value, and logically ANDing a 0 with any number yields 0. Figure
30-9 illustrates that when a logical AND of the destination IP
address and the subnet mask is performed, the subnetwork number
remains, which the router uses to forward the packet.INTERNET
ROUTINGInternet routing devices traditionally have been called
gateways. In todays terminology, however, the term gateway refers
specifically to a device that performs application-layer protocol
translation between devices. Interior gateways refer to devices
that perform these protocol functions between machines or networks
under the same administrative control or authority, such as a
corporations internal network. These are known as autonomous
systems. Exterior gateways perform protocol functions between
independent networks. Routers within the Internet are organized
hierarchically. Routers used for information exchange within
autonomous systems are called interior routers, which use a variety
of Interior Gateway Protocols (IGPs) to accomplish this purpose.
The Routing Information Protocol (RIP) is an example of an IGP.
Routers that move information between autonomous systems are called
exterior routers. These routers use an exterior gateway protocol to
exchange information between autonomous systems. The Border Gateway
Protocol (BGP) is an example of an exterior gateway protocol.IP
RoutingIP routing protocols are dynamic. Dynamic routing calls for
routes to be calculated automatically at regular intervals by
software in routing devices. This contrasts with static routing,
where routers are established by the network administrator and do
not change until the network administrator changes them. An IP
routing table, which consists of destination address/next hop
pairs, is used to enable dynamic routing. An entry in this table,
for example, would be interpreted as follows: to get to
network172.31.0.0, send the packet out Ethernet interface 0 (E0).IP
routing specifies that IP datagrams travel through internetworks
one hop at a time. The entire route is not known at the onset of
the journey, however. Instead, at each stop, the next destination
is calculated by matching the destination address within the
datagram with an entry in the current nodes routing table. Each
nodes involvement in the routing process is limited to forwarding
packets based on internal information. The nodes do not monitor
whether the packets get to their final destination, nor does IP
provide for error reporting back to the source when routing
anomalies occur. This task is left to another Internet protocol,
the Internet Control-Message Protocol (ICMP).
Enhanced Interior Gateway Routing ProtocolThe Enhanced Interior
Gateway Routing Protocol (EIGRP) represents an evolution from its
predecessor IGRP (Interior Gateway Routing Protocol). This
evolution resulted from changes in networking and the demands of
diverse, large-scale internetworks. EIGRP integrates the
capabilities of link-state protocols into distance vector
protocols. Additionally, EIGRP contains several important protocols
that greatly increase its operational efficiency relative to other
routing protocols. One of these protocols is the Diffusing update
algorithm (DUAL) developed at SRI International by Dr. J.J.
Garcia-Luna-Aceves. DUAL enables EIGRP routers to determine whether
a path advertised by a neighbor is looped or loop-free, and allows
a router running EIGRP to find alternate paths without waiting on
updates from other routers. EIGRP provides compatibility and
seamless interoperation with IGRP routers. An
automatic-redistribution mechanism allows IGRP routes to be
imported into EIGRP, and vice versa, so it is possible to add EIGRP
gradually into an existing IGRP network. Because the metrics for
both protocols are directly translatable, they are as easily
comparable as if they were routes that originated in their own
autonomous systems (ASs). In addition, EIGRP treats IGRP routes as
external routes and provides a way for the network administrator to
customize them. This chapter provides an overview of the basic
operations and protocol characteristics of EIGRP.EIGRP Capabilities
and AttributesKey capabilities that distinguish EIGRP from other
routing protocols include fast convergence, support for
variable-length subnet mask, support for partial updates, and
support for multiple network layer protocols. A router running
EIGRP stores all its neighbors routing tables so that it can
quickly adapt to alternate routes. If no appropriate route exists,
EIGRP queries its neighbors to discover an alternate route. These
queries propagate until an alternate route is found. Its support
for variable-length subnet masks permits routes to be automatically
summarized on a network number boundary. In addition, EIGRP can be
configured to summarize on any bit boundary at any interface. EIGRP
does not make periodic updates. Instead, it sends partial updates
only when the metric for a route changes. Propagation of partial
updates is automatically bounded so that only those routers that
need the information are updated. As a result of these two
capabilities, EIGRP consumes significantly less bandwidth than
IGRP. EIGRP includes support for AppleTalk, IP, and Novell NetWare.
The AppleTalk implementation redistributes routes learned from the
Routing Table Maintenance Protocol (RTMP). The IP implementation
redistributes routes learned from OSPF, Routing Information
Protocol (RIP), Intermediate System-to-Intermediate System (IS-IS),
Exterior Gateway Protocol (EGP), or Border Gateway Protocol (BGP).
The Novell implementation redistributes routes learned from Novell
RIP or Service Advertisement Protocol (SAP).Routing ConceptsEIGRP
relies on four fundamental concepts: neighbor tables, topology
tables, route states, and route tagging. Each of these is
summarized in the discussions that follow.Neighbor TablesWhen a
router discovers a new neighbor, it records the neighbors address
and interface as an entry in the neighbor table. One neighbor table
exists for each protocol-dependent module. When a neighbor sends a
hello packet, it advertises a hold time, which is the amount of
time that a router treats a neighbor as reachable and operational.
If a hello packet is not received within the hold time, the hold
time expires and DUAL is informed of the topology change. The
neighbor-table entry also includes information required by RTP.
Sequence numbers are employed to match acknowledgments with data
packets, and the last sequence number received from the neighbor is
recorded so that out-of-order packets can be detected. A
transmission list is used to queue packets for possible
retransmission on a per-neighbor basis. Round-trip timers are kept
in the neighbor-table entry to estimate an optimal retransmission
interval.Topology TablesThe topology table contains all
destinations advertised by neighboring routers. The
protocol-dependent modules populate the table, and the table is
acted on by the DUAL finite-state machine. Each entry in the
topology table includes the destination address and a list of
neighbors that have advertised the destination. For each neighbor,
the entry records the advertised metric, which the neighbor stores
in its routing table. An important rule that distance vector
protocols must follow is that if the neighbor advertises this
destination, it must use the route to forward packets. The metric
that the router uses to reach the destination is also associated
with the destination. The metric that the router uses in the
routing table, and to advertise to other routers, is the sum of the
best-advertised metric from all neighbors and the link cost to the
best neighbor.Route StatesA topology-table entry for a destination
can exist in one of two states: active or passive. A destination is
in the passive state when the router is not performing a
recomputation; it is in the active state when the router is
performing a recomputation. If feasible successors are always
available, a destination never has to go into the active state,
thereby avoiding a recomputation. A recomputation occurs when a
destination has no feasible successors. The router initiates the
recomputation by sending a query packet to each of its neighboring
routers. The neighboring router can send a reply packet, indicating
that it has a feasible successor for the destination, or it can
send a query packet, indicating that it is participating in the
recomputation. While a destination is in the active state, a router
cannot change the destinations routing-table information. After the
router has received a reply from each neighboring router, the
topology-table entry for the destination returns to the passive
state, and the router can select a successor.Route TaggingEIGRP
supports internal and external routes. Internal routes originate
within an EIGRP AS. Therefore, a directly attached network that is
configured to run EIGRP is considered an internal route and is
propagated with this information throughout the EIGRP AS. External
routes are learned by another routing protocol or reside in the
routing table as static routes. These routes are tagged
individually with the identity of their origin. External routes are
tagged with the following information: Router ID of the EIGRP
router that redistributed the route AS number of the destination
Configurable administrator tag ID of the external protocol Metric
from the external protocol Bit flags for default routingRoute
tagging allows the network administrator to customize routing and
maintain flexible policy controls. Route tagging is particularly
useful in transit ASs, where EIGRP typically interacts with an
interdomain routing protocol that implements more global policies,
resulting in a very scalable, policy-based routing.Cisco IOS Modes
of Operation The Cisco IOS software provides access to several
different command modes. Each command mode provides a different
group of related commands. For security purposes, the Cisco IOS
software provides two levels of access to commands: user and
privileged. The unprivileged user mode is called user EXEC mode.
The privileged mode is called privileged EXEC mode and requires a
password. The commands available in user EXEC mode are a subset of
the commands available in privileged EXEC mode. The following table
describes some of the most commonly used modes, how to enter the
modes, and the resulting prompts. The prompt helps you identify
which mode you are in and, therefore, which commands are available
to you
User EXEC Mode: When you are connected to the router, you are
started in user EXEC mode. The user EXEC commands are a subset of
the privileged EXEC commands. Privileged EXEC Mode: Privileged
commands include the following: Configure Changes the software
configuration. Debug Display process and hardware event messages.
Setup Enter configuration information at the prompts. Enter the
command disable to exit from the privileged EXEC mode and return to
user EXEC mode. Configuration Mode Configuration mode has a set of
submodes that you use for modifying interface settings, routing
protocol settings, line settings, and so forth. Use caution with
configuration mode because all changes you enter take effect
immediately. To enter configuration mode, enter the command
configure terminal and exit by pressing Ctrl-Z.
Note: Almost every configuration command also has a no form. In
general, use the no form to disable a feature or function. Use the
command without the keyword no to re-enable a disabled feature or
to enable a feature that is disabled by default. For example, IP
routing is enabled by default. To disable IP routing, enter the no
ip routing command and enter ip routing to re-enable it.Getting
Help In any command mode, you can get a list of available commands
by entering a question mark (?). Router>?To obtain a list of
commands that begin with a particular character sequence, type in
those characters followed immediately by the question mark (?).
Router#co?Configure connect copy To list keywords or arguments,
enter a question mark in place of a keyword or argument. Include a
space before the question mark. Router# configure ?Memory Configure
from NV memory network Configure from a TFTP network host terminal
Configure from the terminal you can also abbreviate commands and
keywords by entering just enough characters to make the command
unique from other commands. For example, you can abbreviate the
show command to sh.Configuration Files Any time you make changes to
the router configuration, you must save the changes to memory
because if you do not they will be lost if there is a system reload
or power outage. There are two types of configuration files: the
running (current operating) configuration and the startup
configuration. Use the following privileged mode commands to work
with configuration files. configure terminal modify the running
configuration manually from the terminal. show running-config
display the running configuration. show startup-config display the
startup configuration. copy running-config startup-config copy the
running configuration to the startup configuration. copy
startup-config running-config copy the startup configuration to the
running configuration. erase startup-config erase the
startup-configuration in NVRAM. copy tftp running-config load a
configuration file stored on a Trivial File Transfer Protocol
(TFTP) server into the running configuration. copy
running-configtftp store the running configuration on a TFTP
server. IP Address Configuration Take the following steps to
configure the IP address of an interface. Step 1: Enter privileged
EXEC mode: Router>enable password Step 2: Enter the configure
terminal command to enter global configuration mode. Router#config
terminal Step 3: Enter the interface type slot/port (for Cisco 7000
series) or interface type port (for Cisco 2500 series) to enter the
interface configuration mode. Example: Router (config)#interface
ethernet 0/1 Step 4: Enter the IP address and subnet mask of the
interface using the ip address ip address subnet mask command.
Example, Router (config-if)#ip address 192.168.10.1 255.255.255.0
Step 5: Exit the configuration mode by pressing Ctrl-Z
Router(config-if)#[Ctrl-Z]
Routing Protocol Configuration
EIGRP Step 1: Enter privileged EXEC mode: Router>enable
password Step 2: Enter the configure terminal command to enter
global configuration mode. Router#config terminal Step 3: Enter the
router eigrp command Router(config)#router eigrp Step 4: Add the
network number to use RIP and repeat this step for all the numbers.
Router(config-router)#network network-number Example:
Router(config-router)#network 192.168.10.0
Securing router with passwordSetting PasswordsThere are five
passwords youll need to secure your Cisco routers: console,
auxiliary, telnet (VTY), enable password, and enable secret. The
enable secret and enable password are the ones used to set the
password for securing privileged mode. Once the enable commands are
set, users will be prompted for a password. The other three are
used to configure a password when user mode is accessed through the
console port, through the auxiliary port, or via Telnet.Lets take a
look at each of these now.Enable PasswordsYou set the enable
passwords from glob