Basic Networking

Copyright 2005 EMC Corporation. Do not Copy - All Rights Reserved.
Basic Network Environment
BNE Network Fundamentals
2005 EMC Corporation. All rights reserved.
Welcome to BNE Network Fundamentals. The AUDIO portion of this course is supplemental to the material and is not a replacement for the student notes accompanying this course. EMC recommends downloading the Student Resource Guide from the Supporting Materials tab, and reading the notes in their entirety.
Copyright 2005 EMC Corporation. All rights reserved. These materials may not be copied without EMC's written consent. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Celerra, CLARalert, CLARiiON, Connectrix, Dantz, Documentum, EMC, EMC2, HighRoad, Legato, Navisphere, PowerPath, ResourcePak, SnapView/IP, SRDF, Symmetrix, TimeFinder, VisualSAN, where information lives are registered trademarks. Access Logix, AutoAdvice, Automated Resource Manager, AutoSwap, AVALONidm, C-Clip, Celerra Replicator, Centera, CentraStar, CLARevent, CopyCross, CopyPoint, DatabaseXtender, Direct Matrix, Direct Matrix Architecture, EDM, E-Lab, EMC Automated Networked Storage, EMC ControlCenter, EMC Developers Program, EMC OnCourse, EMC Proven, EMC Snap, Enginuity, FarPoint, FLARE, GeoSpan, InfoMover, MirrorView, NetWin, OnAlert, OpenScale, Powerlink, PowerVolume, RepliCare, SafeLine, SAN Architect, SAN Copy, SAN Manager, SDMS, SnapSure, SnapView, StorageScope, SupportMate, SymmAPI, SymmEnabler, Symmetrix DMX, Universal Data Tone, VisualSRM are trademarks of EMC Corporation. All other trademarks used herein are the property of their respective owners.
BNE Network Fundamentals - 1
Course Objectives
Upon completion of this course, you will be able to: Identify the components of a typical customer network infrastructure List some of the organizations that create network standards Describe layered architectures using the OSI model Compare the OSI model to the ARPA (TCP/IP) model
Briefly describe the ARPA (TCP/IP) architecture and its layers Compare the ARPA (TCP/IP) and OSI architectures
This course will present the fundamental concepts of a networked environment.
Layered Architectures Separate Network Issues
Components in a network communicate with each other on varying levels, called layers. For networks to communicate with each other, common standards are required. Layered network architectures are used throughout many industries, including the storage industry that EMC leads. Network architectures are frameworks that are used to address the issues related to networking. These frameworks are designed to help us handle the process of networking in an organized manner. Since networking is a complex process, there are many issues to consider when networking with EMC (and other vendor) products. Throughout this course, network concepts will be related to a case study. The network infrastructure of a fictional EMC customer, the Training Corporation, will be used as an example.
Architecture Design
To simplify the complex task of networking, a networking architecture is used. The architecture is divided into layers. Each layer is responsible for handling one or more of the issues related to networking. There are several different architectures in use today. There is not a standard for the number of layers in any architecture. The organization that designs the architecture determines how many layers will be needed to handle networking issues. An example is the OSI 7-layer model vs. the ARPA (TCP/IP) 4-layer model. The same issues need to be addressed. They are divided differently among the layers, depending on the architecture. Network architectures provide the framework for building network solutions. Within this framework, standards can be created. Standards define the protocols at each layer of the network architectures.
Open System Protocols
Protocols may be proprietary (vendor specific) or open system (non-vendor specific). The use of open system protocols makes it possible for hardware and software from multiple vendors to communicate with each other. Network architectures provide the framework for building network solutions. Within this framework, standards can be created. Standards define the protocols at each layer of the network architectures. The standards organizations create and publish a variety of standards. For example, some of the Internet Society (ISOC) standards are contained in Request For Comments (RFC) documents. Not all RFCs are standards. Some are informational, contain details about experimental protocols, or describe current best practices. Here is a Uniform Resource Locator (URL) to one of the many RFC index and archive sites: http://www.rfc-editor.org/rfc.html Network architectures are frameworks that are used to address the issues related to networking. These frameworks are designed to handle the process of networking in an organized manner. Some of the organizations that have developed network architectures and standards include the International Organization for Standardization (ISO), International Business Machines (IBM), International Telecommunications Union - Telecommunications Sector (ITU-T), American National Standards Institute (ANSI), Institute of Electrical and Electronics Engineers (IEEE), and the Internet Society (ISOC).
Introducing the OSI Model
The Open Systems Interconnect (OSI) architecture is an internationally recognized model. In the OSI model, networking issues are divided among 7 layers. The architecture is not a standard; it is a framework with standard protocols at each layer. It is one of the most widely referenced models.
The architectural layers form a hierarchy and items are listed in order by rank. Higher layers depend upon services from lower layers and lower layers provide services for upper layers.
Although a layer sends information through lower layers of the local system, in many cases it appears to be communicating directly with the same layer on the destination system. For example, the Transport layer (OSI layer 4) on the source machine appears to be talking directly with Layer 4 of the destination machine. In reality, Layer 4 of the source machine communicates with Layer 4 of the destination machine by going through Layers 3-1 of its machine and Layers 1-3 of the destination machine.
Seven-Layer Architecture
A general knowledge of each layer's function will help you understand that the layers each handle a specific part of networking. Together, the layers are designed to provide a complete networking solution. In the OSI model, networking issues are divided among 7 layers. The model is a framework with standards (protocols) at each layer. The upper layers of the OSI model are the Application, Presentation, and Session layers. The middle and lower layers of the OSI model are the Transport, Network, Data Link, and Physical layers. The OSI layer names and numbers are shown here, along with two phrases to help you remember the layers and their order.
OSI Upper Layers
The upper layers of the OSI model are the Application, Presentation and Session layers. The highest layer in the model is the Application layer. This layer provides the application interface to the user. The Presentation layer is concerned with presentation of data to the user interface. Specifically, it is concerned with data conversion and security. The OSI model uses this layer for data encryption to prevent unauthorized access to data. It is encrypted on the source machine and decrypted by the destination machine at the presentation layer. For example, IBM devices might be using the EBCDIC (Extended Binary Coded Decimal Interchange Code) character set while your device uses the ASCII (American Standard Code for Information and Interchange) character set. When receiving, the presentation layer of your network device would convert EBCDIC characters to ASCII before passing them to the application layer. When transmitting, the presentation layer would convert the outgoing characters to EBCDIC. To provide a reliable messaging system, the Session layer is used to establish, monitor, and close sessions with another system. The Session layer function is similar to a telephone system. A telephone (or modem) must establish a session (phone call) before information (voice or modem data) can be transferred. At the end of the session, the telephone (or modem) hangs up (closes) the session.
OSI Middle and Lower Layers
The middle and lower layers of the OSI model are the Transport, Network, Data Link, and Physical layers. The Transport layer sends a reliable message stream between the local and remote systems. Messages are sent and acknowledged by the Transport layer, providing a guaranteed message delivery service to higher layers. NOTE: The Transport layer protocols of other network architectures may offer reliable (guaranteed) or unreliable (best effort) delivery services. In the networking context, a guaranteed delivery service means the message will be delivered or an error notification will be sent to the higher layers. The Network layer is involved in addressing and routing information between logical networks. It allows for building very large, interconnected network structures. The Network layer takes the messages created by the Transport layer and routes them through potentially complex networks from source to destination. The Training Corporation relies upon Network layer protocols to route information between network devices in the same building, within a country, and throughout the world. The Data Link layer encapsulates higher layer information in frames before the information is placed on the physical medium. There are two basic forms of encapsulation: asynchronous and synchronous.
The Physical layer specifies the medium used to relay the information from source to destination. There are several forms of physical medium, including wire (copper and fiber-optic) and non-wire (radio, microwave, infrared). Due to its relatively low cost, the Training Corporation network designers have chosen to use copper wire for most of the Local Area Network (LAN) connections, including connections to their NS600 units. Because of its high performance characteristics, fiber-optic cabling has been chosen for very high-speed LAN connections. Their Wide Area Network (WAN) service provider uses a combination of wire (fiber-optic) and non-wire (microwave) medium for connecting Training Corporation offices.
Introducing the ARPA Architecture
Knowledge of the Advanced Research Projects Agency (ARPA) architecture is critical to understanding virtually all customers' networked environments. This architecture will be the second example of a layered architecture. ARPA (TCP/IP) architecture is a very popular architecture, used by businesses and individuals alike. For example, connecting to the Internet from home (through a telephone modem, cable modem or other means) uses the ARPA architecture. It is sometimes called the ARPA architecture because it was developed through funding by the Advanced Research Projects Agency of the United States Department of Defense (USDoD). You may also see the acronym DARPA, meaning the Defense Advanced Research Projects Agency. Products that use the ARPA architecture are readily available. Many network hardware and software vendors, including EMC, support this architecture. By adhering to standard protocols at each layer of the architecture, products from different vendors can communicate with each other. Therefore, buyers may choose products from several vendors, connect them together, and communicate between them. Because of this interoperability, vendors compete for market share. Customers may benefit from purchasing network hardware and software based upon price and performance, not vendor name alone.
ARPA Layers
There are four layers in the ARPA architecture. They are called the Application, Transport, Network, and Network Interface layers. The Application layer is responsible for the user interface, data presentation and session control functions on a device within a network. The File Transfer Protocol (FTP), Network File Systems (NFS), and Simple Mail Transfer Protocol (SMTP) are examples of Application layer protocols. The Transport layer divides information from the Application layer into messages. At this layer, the Transmission Control Protocol (TCP) offers guaranteed delivery; the User Datagram Protocol (UDP) offers non-guaranteed ("best effort") delivery services. In some cases, the administrator may choose which protocol will be used. For example, version 3 of the Network File System (NFS) application layer protocol allows the use of either TCP or UDP in the transport layer. The Network layer accepts information from the Transport layer and creates packets for delivery to the destination. The Network layer is responsible for logical addressing and routing of messages from source to destination. While the source address must indicate a single device, the destination address may specify one or more devices to receive a packet. The Internet Protocol (IP) is used at this layer for addressing and routing. The Network Interface layer is the lowest layer in the ARPA model. It encapsulates packets received from the Network layer into frames to be transmitted over the physical medium of the network. For example, Ethernet transmitting over twisted pair cable is a typical Network Interface implementation.
Case Study
Some of the UNIX systems at the Training Corporation use NFS at the Application layer for requesting file services from their Celerra systems. UDP has been chosen for use at the Transport layer. The Internet Protocol addresses and routes packets at the Network layer. For LAN connections within a training center or corporate headquarters, Ethernet is used at the Network Interface layer.
ARPA and OSI Comparison
Whether using the ARPA or the OSI architecture, the same networking issues must be addressed. The difference between architectures is the way in which networking issues are divided among the layers. The ARPA (TCP/IP) architecture sometimes places the approximate functions of two or more OSI layers in a single ARPA layer. The graphic shown compares the OSI 7-layer model with the ARPA architecture. Some standards may be used by either architecture. Although the layer names may be different, the standard remains the same. For example, Ethernet may be used with either model. The ARPA (TCP/IP) architecture sometimes places the functions of two or more OSI layers in a single ARPA layer. The main function of a network is to allow devices to send packets of data to each other. Networking is a complex process. Layered architectures are used to make networking more manageable. Each layer is responsible for handling one or more issues related to networking. Protocols created by various standards organizations provide a way to communicate between devices. Network devices may adhere to proprietary or open-systems protocols. The OSI and ARPA networking models are examples of network architectures. Many organizations use the ARPA (TCP/IP) architecture for networking.
Bus Topology
There are many ways to connect networks. To establish a network, various devices are connected together. Network topologies describe the connectivity of the network. Network topologies include: bus, ring, star, and mesh. Probably the most common is the Star topology for use with Ethernet, Token Ring, or FDDI networks. We will describe each of these in the upcoming slides. In a bus topology, network nodes are connected to a common bus, often a coaxial cable. While popular in the past, bus topology is not used as frequently today. A terminator is required on each end of the cable segment. Terminators are required to prevent signal reflection (echo back in the other direction) when the signal reaches the end of the cable. Without terminators, the reflected signal will probably cause other signals to be distorted beyond recognition. One of the problems with bus topology is that a cable break or damage anywhere in the network segment will disrupt all communications on that segment. Missing terminators (one or both) will also prevent communication on the segment.
Ring Topology
In a ring topology, network nodes are connected in a ring configuration. The traffic passes sequentially through the devices on the network segment, always in the same direction. For example, information will be passed from device A to device B. Thus, if device B sends a message to device A, the information must travel through devices C, and D There are advantages to a ring topology over some other topologies such as the bus, especially when the ring topology is combined with the use of a token. There are no collisions and each of the nodes is given equal opportunity for bandwidth utilization. One of the problems with the ring topology is that a single station or cable failure can disrupt the entire network. Troubleshooting can be more difficult than some other topologies as it may be necessary to trace each cable to find a faulty connection.
Star Topology
In a star topology, network nodes are connected to a central point. The star topology is very popular today for Ethernet and Token Ring networks. A star topology provides a central wiring point for network connections. These connections may be made to a hub or switch. A single wire or network device failure should not disable the entire network segment. A disadvantage of the star topology is that it may require more cable than some other forms of network topology. The Training Corporation has selected Ethernet, utilizing twisted pair cabling for their offices. The Ethernet network devices are wired together in a Star topology using Ethernet Switches (interconnection devices to be discussed later). Troubleshooting is easier than for bus or ring topologies, as a single PC or faulty cable does not disrupt the entire network segment.
Mesh Topology
In a mesh topology, network devices are connected to multiple other network devices. The mesh topology has the advantage of providing multiple paths to other network devices. This prevents a single point of failure in the network. In other words, if a single device interface or network cable fails, the network device can reach its destination through another interface or cable. The mesh topology has the disadvantage of requiring more cables and network adapters than other forms of topology. This has the effect of increasing the complexity and cost of a network installation.
Coaxial Cable
There are a variety of wire and non-wire media available for networking today. Due to its relatively low cost, the Training Corporation uses wire-based media in their offices and classrooms. The Training Corporation uses wireless technology for pagers and messaging devices carried by some of its personnel. Coaxial cable is one of the earliest forms of Local Area Network cabling. Used in a bus topology, information is carried on a wire, called a conductor, in the center of the cable. The conductor is normally surrounded by insulation and one or two shields. The shield protects the center conductor from unwanted electrical signals, produced by other devices that could distort the signal on the center conductor. Finally, the shield is covered with a protective jacket, normally composed of Teflon or PolyVinylChloride (PVC).
Thick Coaxial cable
Although not frequently used today, early Ethernet networks used "thick" coaxial cable. It is approximately 0.4 inches in diameter. It is also very stiff and heavy compared to other forms of network cable. Terminators are required on both ends of a cable segment. The Specifications for the cable design were derived from the IEEE 10BASE5 standard. 10BASE5 can be interpreted as follows: the 10 refers to 10 Megabit speed, the BASE refers to baseband signaling, and the 5 refers to a maximum cable segment length of 500 meters.
The thick coaxial cable uses an N series connector for making physical connections to equipment. The cable must be cut at designated points and the connectors attached to the cable ends. An alternate method for making cable connections uses a vampire tap. Instead of cutting the cable, a small hole is drilled to the center conductor. The tap forces connectors through the cable insulation, making connections to the center conductor and shield of the cable.
Thin Coaxial Cable
Thin coaxial cable is also not as popular for Ethernet networks as it was a few years ago. It is approximately 0.25 inches in diameter. Terminators are required on both ends of a cable segment. Unlike the thick coaxial cable, it uses a British Naval Connector (BNC). The cable and connectors are shown here. The specifications for the cable design were derived from the IEEE 10BASE2 standard. 10BASE2 can be interpreted as follows: the 10 refers to 10 Megabit speed, the BASE refers to baseband signaling, and the 2 refers to a maximum cable length of 200 meters (actually 185 meters).
Twisted Pair Cabling
Twisted pair cables are used extensively for Ethernet Local Area Networks. A typical cable consists of four twisted pairs (eight wires) in an insulated jacket. Two wires (one pair) are twisted together to reduce cross-talk (induced signals from other wires). The specifications for the cable design are derived form the IEEE 10BASET and 100BASETX standard. 10BASET or 100BASETX can be interpreted as follows: the 10 refers to 10 Megabit speed or 100 refers to 100 Megabit speed, the BASE refers to baseband signaling, and the T or TX refer to twisted pair. The T or TX replace the cable segment length used in 10BASE5 and 10BASE2 because the cable segment was replaced with the hub and later the switch. Twisted pair cables are used to connect between a system and a network device such as a hub, switch or router. The two types of twisted pair cables are unshielded twisted pair (UTP) and shielded twisted pair (STP). Unshielded twisted pair (UTP) is the most commonly used. There are several categories of twisted pair cable. These categories of cable vary in characteristics that affect the distance, quality and speed of transmission. Higher category cables generally support higher transmission speeds than lower category number cables. In the past, shielded twisted pair (STP) cabling was used primarily for IBM and Token Ring networks. Shielding is used to prevent interference from outside signals. Various types of connectors have been used with this type of cabling.
Registered Jack (RJ) Connectors
UTP cable is frequently used for Ethernet connections. A Registered Jack (RJ) connector is normally used for making connections. The RJ-45 connector is used for Ethernet. There are 8 wires but only 4 wires (2 pairs) are used for most Ethernet connections. NOTE: RJ-11 is used for standard telephone connections and RJ-48 is sometimes used for wide area network connections. The pin/pair relations for RJ-45 are 1/2, 3/6, 4/5, 7/8. For example, the wires connected to pins 1 and 2 are twisted together, wires connected to pins 3 and 6 are twisted together.
Fiber-Optic Cabling
Fiber-optic cabling is increasing in popularity. The two basic forms of fiber-optic cabling are multi-mode and single-mode. The multi-mode fiber systems may use an LED (Light Emitting Diode) to generate light. The light pulses spread out as the pulse travels through the multi-mode cable. The light from an LED consists of a range of colors. Each color of light travels at a different speed through the cable causing the signal to become distorted over long distances. Single-mode fiber systems use lasers to generate light. The laser and single-mode cable combination permit signals to travel greater distances with less distortion than LED and multimode cable systems. An example of how light travels through single-mode cable is shown here. The fiber-optic core is the portion of the cable through which the light travels. The cladding surrounds the core. A protective outer jacket covers the core and cladding. Fiber-optic cables are normally specified with two numbers representing the core and cladding diameter in microns. The first number represents the core diameter and the second number represents the cladding diameter. For example, 62.5/125 multi-mode fiber is frequently used for Ethernet connections, 50/125 multi-mode fiber is frequently used for Fibre Channel (FC) connections, and 9 micron, single-mode fiber is used for the Symmetrix Remote Data Facility (SRDF) connections.
Advantages of fiber-optic medium include immunity to Electro-Magnetic Interference (EMI) which could case signal distortion. Fiber-optic cabling offers higher transmission speeds at greater distances than copper wire. Using fiber-optic cabling between buildings isolates their electrical systems, preventing ground loops. The reference point for signals is called ground. If multiple devices with different ground levels are connected, there is no longer a single reference point, causing signals to be interpreted unpredictably. The resulting condition is called a ground loop, causing unreliable communications. There is improved security since it is more difficult for someone to tap into your data than some other forms of cabling. Disadvantages of fiber-optic medium include cost and installation. Fiber-optic cabling is more expensive than other forms of network medium. The installation of fiber-optic cable is more difficult and therefore more expensive than some other forms of cabling. For example, attaching connectors to the ends of fiber-optic cable is a time-consuming process and may require specialized equipment.
Fiber-Optic Connectors
Several forms of fiber-optic connectors are used in the networking industry. Examples include LC, MT-RJ, ST, and SC connectors.
Bandwidth
It is useful to understand bandwidth before discussing signaling methods. Bandwidth is the information carrying capacity of a medium. With analog signaling, bandwidth is measured in frequency (e.g. Hertz, Kilohertz, Megahertz). The difference between the highest and lowest frequency supported is the bandwidth. Hertz represents the number of cycles that the analog signal completes per second. An example would be a signal that starts at 0 volts, goes to a positive voltage, drops to a negative voltage and returns to 0 volts again. For an example of analog bandwidth, consider a standard telephone connection. The lowest frequency available to telephone users is 300Hz. The highest frequency available to users is 3300Hz. By subtracting the lowest frequency (300Hz) from the highest frequency (3300Hz), the bandwidth of a standard phone line is calculated as 3000Hz.
Signaling
Bit Signaling Bandwidth is indicated as the number of bits per second that can be transmitted with digital signaling. Examples include bits per second (bps), Kilobits per second (Kbps), and Megabits per second (Mbps). Broadband Signaling With broadband signaling, transmissions normally travel as analog signals. There are separate inbound (receive) and outbound (transmit) channels. Cable modems for Internet Service Provider (ISP) connections are an example of broadband usage. With Broadband Signaling a "broad band" of frequencies are used. The bandwidth of the media is divided among channels. When analog signals travel long distances the signal will be weakened and distorted. Amplifiers are used to refresh the signal during transmission. Baseband Signaling With baseband signaling, the entire bandwidth of the media is used for a single channel. Ethernet transmissions on a coaxial cable are an example of baseband signaling. The Training Corporation uses Ethernet on twisted pair and fiber-optic cabling in its offices. Ethernet is an example of baseband signaling. The Celerra units connect to the corporation's network using Ethernet. Some of its employees access the corporate network using cable modems from home. Sharing the bandwidth of a single cable among multiple cable subscribers, cable modems are an example of broadband signaling.
Duplex Communications
The term duplex is used to describe the direction(s) of communication at a given time. Some devices can transmit and receive at the same time (Full Duplex). Other devices can do either, but only one at a time (Half Duplex). Full-duplex means that information can be sent and received at the same time. In other words, information can be leaving and entering the network interface simultaneously. Half-duplex means that information can be sent in either direction but only one direction at a time. In other words, the network device cannot send information while a message is being received. The transmission duplex used in the customer's network can have a dramatic affect on network performance. The network performance can affect the customer's perception of EMC equipment performance. Normally, EMC recommends the use of full-duplex transmission whenever possible.
Asynchronous and Synchronous
When information travels through a network, it is transmitted in one of two forms: asynchronous or synchronous. When using Asynchronous transmission, characters are transmitted one at a time. The character would be framed with a Start bit and a Stop bit. A parity bit may also be included. No clocking signals are required. In Synchronous Communications, multiple characters are sent at one time. The framing of the data is more complex than that of the Asynchronous communications. In addition, clocking is required for modems or whatever devices are used to forward the frames. With both Synchronous and Asynchronous communications, the transmitter must alert the receiver to the start and end of the transmission. With an Asynchronous transmission this is accomplished with simple start and stop bits. With a Synchronous transmission however, a more complex framing is used. The sender and receiver must agree on the transmission speed. For example, if the sender is transmitting at 9600 bits per second and the receiver is expecting 2400 bits per second, information will be lost. With asynchronous modems, the clocks are maintained independently. With synchronous communications there can be a separate clocking signal, or the clocking may be imbedded within the message. Another requirement of encapsulation is that the sender and receiver must agree on the maximum (and possibly, minimum) amount of information to be sent at a time. With Asynchronous communication, the number of bits in the character must be agreed upon. With Synchronous communications, the number of bytes in the frame must be specified.
Synchronous Frame Components
Indicates the start of the frame and may contain physical addressing and control information
Most frames have a header, data, and trailer. The header allows the receiver to recognize the start of the frame and may also contain physical addressing and control information. Data contains information received from the Network layer. The trailer allows the receiver to recognize the end of the frame. It may also contain information used for error detection. Each character is encapsulated (and synchronized) separately. Asynchronous transmissions are also known as "character framed data". It is sometimes abbreviated as async. The asynchronous transmission format includes a start bit, data bits, optional parity bit, and stop bit. A start bit is the header sent by the transmitter to notify the receiver of an incoming character, which is the start of the frame. The data is composed of 5 to 8 bits, representing a single character. When transmitting, these bits are received from the next higher layer. The number of data bits used depends on the character set being used. Examples of character sets include the 7-bit American Standard Code for Information Interchange (ASCII) or the 8-bit IBM Extended Binary Coded Decimal Interchange Code (EBCDIC). Both transmitter and receiver must be set to use the same number of data bits before transmission begins. 8 bit ASCII is commonly used. For example, when using terminal emulation, you might set up for 8 bit, parity none, and 1 stop bit. The stop bit (1, 1.5 or 2 - normally 1) is part of the trailer. It is sent by the transmitter to signal the end of the frame.
Parity Bit
The parity bit is optional. If used, it is part of the trailer. The data bits are used to calculate the parity value. When used, the most common choices are even or odd parity. For example, with even parity, the number of 1 bits in the data and parity fields must be an even number (0, 2, 4, 6, 8). Using even parity, if there are five bits whose value is 1 in the data field, the transmitter would send the parity bit with a value of 1 to create an even number (6) of 1 bits. The transmitter and receiver must be configured identically. The receiver accepts the incoming frame, calculates the parity bit value and compares the results with the received parity bit to see if any bits were changed during transmission. Using the previous example with even parity, if the receiver detects four 1 bits in the data field of the received character and the parity bit is set to 1, there is an odd number of 1 bits. The receiver knows that one or more bits in the data and parity fields were corrupted during transmission. Parity checking will not detect all bit errors. For example, if even parity has been specified and two bits are inverted during transmission, the number of 1 bits will still be an even number. The receiver will not detect the error.
Synchronous Transmission
Synchronous transmissions are also known as "message framed data". The data from the next higher layer (normally multiple bytes) is encapsulated using a header and trailer. Many synchronous frame formats have been defined by various organizations such as IBM, the IEEE, and the International Telecommunication Union (ITU). The example shown is IBM's Synchronous Data Link Control (SDLC) frame. The format includes an opening flag, address field, control field, data, a frame check sequence, and a closing flag. The opening flag is part of the header, sent by the transmitter to notify the receiver of an incoming frame. It is a single octet (byte). The binary bit pattern is 01111110 (7E hexadecimal). The address field is part of the header. The address identifies the destination address for this frame, which is called a Media Access Control (MAC) address. The control field is part of the header. It specifies other administrative information. The data field contains one or more octets of higher layer information. The frame check sequence (FCS) is part of the trailer and is used for error detection. It is often 16 bits in length. (Ethernet uses a 32-bit FCS.) The closing flag is identical to the opening flag. It is part of the header and is a single octet (byte). NOTE: The FCS in the synchronous frame performs the same basic function as the parity bit in the asynchronous frame. The transmitter calculates the FCS and appends it to the data field. The receiver also calculates the FCS and compares its results with the one received from the transmitter. If they do not match, one or more bits have been inverted during transmission. This is much more reliable than the parity used for async frames.
Asynchronous and Synchronous Clocking

Asynchronous Environment
No clock signal sent
Asynchronous The transmitter does not send a separate clock signal to the receiver for synchronizing communication in an asynchronous environment. The transmitter and receiver usually have crystal-controlled clocks and are very accurate, much like the quartz crystal used in many watches. The start and stop bits are used to synchronize the transmission. This means that the transmitter and receiver are resynchronized with each character. Even if transmit and receive clocks have a slightly different frequency, it will not affect the timing enough to corrupt this short frame. Synchronous A clock signal must be used for synchronizing communication between sender and receiver in a synchronous environment. The clock signal may be embedded within the data stream. An example of this would be Ethernet transmissions on a coaxial cable - there is no separate clock wire in the cable. The clock signal could be sent on a separate signal in a V.35 or RS-232 cable. These cables carry data, clock and control signals between two network devices. The receiver must be able to recognize the start of a transmission. The transmitter and receiver must agree on the maximum (and possibly minimum) amount of information to be sent at a time. For asynchronous transmission, each character is encapsulated, then transmitted separately. For synchronous transmission, data (usually multiple bytes) is encapsulated and synchronized.
LANs
The two basic categories of networks based upon geography are local area networks (LANs) and wide area networks (WANs). There is also a less frequently used category, called metropolitan area networks (MANs) that cover a geographic area somewhere between the size of LANs and WANs. LANs connect network devices in a small (local) geographical area. They are usually owned and controlled by a single company or some other organization. LAN transmission rates have increased over the years since they were introduced. For example, Ethernet originally had a 10 Megabits per second (Mbps) transmission rate. Later versions offered 100 Megabits per second, 1 Gigabit per second (Gbps), and 10 Gigabits per second transmission rates. Examples of LAN protocols include Ethernet and Token Ring.
WANs
WANs connect network devices over a potentially large geographical area such as from one city to another, from one part of a state/province to another, or between states, provinces or countries. WANs are usually owned by a service provider such as one of the major telecommunications carriers. Customers of these service providers lease bandwidth on their WANs. Currently, 56 Kbps is one of the slowest WAN service offerings. WAN speeds range from this lower offering to hundreds of megabits per second (Mbps). Examples of WAN protocols include Frame Relay, Asynchronous Transfer Mode (ATM) and X.25. Under certain conditions, ATM may also be used in a LAN environment. LANs are usually owned by a single organization. They connect network devices in relatively small geographical areas with fairly high transmission speeds. WANs are usually owned by a service provider that leases bandwidth to other organizations. They connect network devices across larger geographical areas than LANs, but usually at lower transmission speeds.
Ethernet Performance
There are at least two important issues that affect Ethernet performance, transmission speed and duplex. Early forms of Ethernet had a transmission speed (bit rate) of 10 Megabits per second (Mbps). In the quest for increased performance, other forms of Ethernet were developed: Fast Ethernet has a transmission rate of 100 Mbps and Gigabit Ethernet has a transmission rate of 1000 Mbps. Early forms of Ethernet used only half-duplex communication. Ethernet interfaces would support transmission in either direction but only one direction at a time. Later, Ethernet was upgraded to support full-duplex transmission.
Ethernet Cabling
Several forms of cabling have been used with Ethernet. Each type of cable varies in its maximum cable length and transmission speed. For coaxial cable, a network segment is defined as the cable between two network terminators. Terminators are required and installed on both ends of the coaxial cable. For twisted pair and fiber-optic cable, the maximum length is specified between devices such as a switch and an Ethernet device. Category 5 (Cat 5) Twisted Pair cable can be used as a substitute for Cat 3 cable, since it meets or exceeds Cat 3 cable requirements. Cat 3 cable does not meet or exceed Cat 5 bandwidth specifications, and should not be used as a substitute for Cat 5 cable in a 100 Mbps (or higher) environment.
Ethernet Transmission
Ethernet devices need some method for determining when it is safe to transmit on the physical media. Since Ethernet uses baseband signaling, only one transmission may be placed on a physical medium at a given time. Ethernet uses a method for media access known as Carrier Sense Multiple Access with Collision Detection (CSMA/CD). When an Ethernet interface needs to transmit, it listens for other traffic on the media. It is checking to see if another device has a carrier signal (transmission) on the medium at the moment. If no other transmission is detected, the interface begins its transmission. If two or more Ethernet interfaces listen, do not hear traffic and begin transmission at the same time, an Ethernet collision occurs. Because the nodes in this example are connected to a Hub, all nodes detect signals generated by all other nodes. These nodes are therefore all in the same Collision Domain. A collision domain is comprised of all nodes that will detect transmissions from all other nodes within the domain, regardless of the transmission type (unicast, broadcast, or multicast). Nodes on cable segments or hubs are always in the same collision domain. However, with Ethernet switches, each port is a unique collision domain. When an Ethernet collision occurs, all frames involved in the collision are corrupted. Ethernet devices that detect the collision send a jam signal, forcing the senders to cease transmission. The senders wait for a random amount of time before attempting retransmission.
Ethernet Addressing
Ethernet devices communicate with each other using a Media Access Control (MAC) address. The addresses are 48 bits (6 octets) in length, normally specified in hexadecimal format. NOTE: A source and destination MAC address are specified in the Ethernet frame header. The first half (24 bits) of the Ethernet address is assigned to the network device manufacturer. For example, if the Ethernet address is 08:00:02:38:0D:19, the first half (08:00:02) was assigned to 3Com Corporation. The manufacturer assigns the last half of the address. In this example, 38:0D:19 is the last half of the Ethernet address assigned to an individual Ethernet interface by 3Com Corporation.
Ethernet Frame Format
An Ethernet frame includes a header, data, and a trailer. The frame format used by Ethernet is shown here. The Ethernet frame format is similar but not identical to the IEEE 802.3 standard. A preamble normally precedes the Ethernet frame. The preamble contains 64 bits of alternating 1 and 0 bits, ending with two consecutive 1 bits. It is used to synchronize the receiver with the transmitter. The destination address field contains the 48-bit Ethernet address of the network station that is to receive the frame. The destinations for messages may be unicast, multicast, or broadcast. Typically, most messages are unicast. In this case, the destination is a single network device. Certain addressing rules allow multicast messages with Ethernet. If the least significant bit (lsb) of the first octet in the destination address is a 1 bit, the message is multicast. A subset (group) of Ethernet interfaces is defined as belonging to a multicast group. Only devices that are members of the group defined by the multicast address will examine the contents of the Ethernet frame. If all 48 bits in the destination address are 1 bits (hexadecimal FFFFFFFFFFFF), the message is broadcast. All network devices will examine the contents of the Ethernet frame. The Ethernet address of the network node that originated (sent) the frame is provided in the source address field. There are two interpretations for the 16-bit type and length field. If using the IEEE 802.3 format, these bits represent the length of the data field. In other words, these 16 bits represent the number of octets (bytes) in the data field.
If using the Ethernet format, this field indicates the type of information in the data field if using the Ethernet frame format. Examples of values for the Ethernet type field are shown here. These numbers are in hexadecimal format, indicated by the 0x prefix. The data field contains the data from the upper layers of the communications architecture. For Ethernet, the minimum length for this field is 46 octets. If there are less than 46 octets of data, the field must be padded with extra characters to achieve the minimum length. The maximum length is 1500 octets (bytes). This maximum value is known as the Maximum Transmission Units or MTU. The transmitting device calculates a 32-bit cyclic redundancy check (CRC) value for the Ethernet frame and places it in this field. The destination (receiving) network device also performs a CRC calculation and compares its results with the received CRC value. This field is used to determine whether or not the Ethernet frame was corrupted (altered) during transmission. Local Area Networks (LANs) connect network devices in a relatively small geographic area and are most often controlled by a single organization. Wide Area Networks (WANs) cover a larger geographic area than LANs and are usually controlled by a service provider. Coaxial cable, twisted-pair cable, fiber-optic cable, or non-wire media are used to connect these networks with each other. Ethernet is a popular LAN protocol that can send messages to a single network device (unicast), a pre-defined group of network devices (multicast) or all network devices (broadcast). Ethernet frames contain several fields with a minimum and maximum size for the data field.
Network Adapter Cards
A variety of network devices are used to create the network infrastructure. Understanding these devices is important when troubleshooting in a network environment. It is also important when communicating with customers who understand their network infrastructure. Network adapter cards are used to pass frames of information between the internal bus of a network-attached device and the network. Network adapter cards provide the physical connections between a network device's internal bus and external network cabling. They also convert between a parallel data format (where multiple bits may be transferred at one time) on a PC's internal bus and the serial format (one bit at a time) normally used on network cables. Network adapter cards convert electrical and/or light signals as appropriate for the networked device's internal and external connections. For example, the networked device's internal bus may use the peripheral component interconnect (PCI) electrical specifications, transferring data to and from the internal bus in 32 or 64 bit groups. The external signals might be serial, fiber-optic light impulses received through a fiber-optic connector. In the Ethernet environment, network adapter cards are generally called network interface cards (NICs). A transceiver is connected to the physical cable. The transceiver may be external to the network interface card (NIC) or it may be built onto the NIC. In the case of gigabit Ethernet interfaces, the equivalent of the transceiver is called a gigabit interface converter (GBIC). NOTE: External Ethernet transceivers are rarely used today. They are usually built into the NIC. Transceiver: A name given to the device that connects the network cable and the network interface internal components. It provides the electrical or light interface between the network device and the physical medium. The name is a combination of the words transmitter and receiver.
The network adapter may be implemented in different ways, depending on the product. As an example, some personal computers (PCs) require a separate network interface card (NIC) to be installed in an expansion slot for network connectivity. Other PCs integrate the network interface directly into the system board. Many newer Ethernet interfaces can determine the capabilities of the devices that are directly attached to them. Historically, Auto-Sensing, also called Auto-detection, was only able to detect the speed of the link. Auto-negotiation was developed later with the ability to also negotiate half or full duplex. Ethernet connections may not function properly when two auto negotiation devices try to determine each others capablilities. It is usually best to set specific parameters for both partners. Network interfaces have the following characteristics: a unique Media Access Control (MAC) address, half or full-duplex transmission, and one or more transmission rates such as 10/100 Mbps Ethernet interfaces. For best performance, use the highest reliable transmission rate and full-duplex communications wherever possible.
Network Device Drivers
Each NIC manufacturer designs and builds its network adapters in at least a slightly different way than its competitors. Although standard physical connectors will be used, the internal parts that comprise the intelligence of the adapter may be different. Regardless of the network adapter vendor, the upper layers of the network architecture must have a consistent interface to the lower layer hardware. Some method of linking the proprietary network adapter hardware with the standard upper layer protocols is needed.
Network Adapter Driver
The network adapter device driver is special software that performs the necessary conversion between the standard upper layer message format and the proprietary network adapter. It hides the hardware specifics from the upper layers, making it possible for the operating system to use any network adapter hardware (and its software driver) that conforms to the upper-layer format. The driver for a NIC may be obtained in several ways. The operating system release media may have the driver included on it. As an example, the Microsoft Operating System CD-ROM contains drivers for NICs from many network vendors. A diskette and/or CD-ROM containing the drivers may be shipped with the NIC. Finally, the NIC vendor probably distributes copies of the device drivers through a web site on the Internet.
Ethernet Hubs
With the increased popularity of twisted pair wiring, hubs were created for connectivity. Hubs provide a central connection point for network devices. Like Ethernet repeaters, the bandwidth of the network is shared between all devices connected to the hub. Hubs can be connected together, increasing the size of the LAN. The connection between hubs requires a special "cross-over" cable between two standard hub ports, or a special port on one of the hubs that crosses the transmit and receive signals for that port. Ethernet interfaces use Carrier Sense Multiple Access/Collision Detection (CSMA/CD) for determining when there is no traffic on the network. In a repeated network, only one Ethernet device can transmit at any given time. In the example shown, this means that only one Ethernet device in the entire building can transmit at a time.
Case Study
A single hub would not contain enough ports to connect all network devices in this multi-story Training Corporation building. Network technicians installed a separate Ethernet hub on each floor of the building. Ethernet cross-over cables were used between standard hub ports on each floor of the building. Remember, as you increase the number of nodes, the possibility of collisions and retransmissions increases.
Ethernet Bridges/Layer 2 Switches
Bridges and layer 2 switches work at the second (Data Link) layer of the OSI model and the Network Interface layer of the ARPA model. They contain multiple network interfaces. Because bridges and switches perform the same functions, the term "bridges" will be used to mean bridges or layer 2 switches unless there is a specific difference. Rather than simply amplifying signals that are received on its ports, bridges try to determine the location of destination devices and forward the frame to a port leading to the destination. This determination is based on the MAC address of the destination device. This can provide significant network performance improvements over repeater and hub usage. It is possible for multiple devices in the network to transmit simultaneously as long as they are connected to different bridge ports, because each port on a bridge is a separate collision domain. However, the ports are still in the same broadcast domain. Collision domain A collision domain is a single CSMA/CD network in which there will be a collision if two computers attached to the system transmit at the same time. Broadcast domain A logical area in a computer network where any computer connected to the computer network can directly transmit to any other in the domain without having to go through a routing device.
The main difference between a bridge and a switch is the hardware they use to perform their function. An Ethernet Bridge normally uses a general-purpose processor, made by a vendor such as Intel or Motorola, and special software designed to perform bridging tasks. An Ethernet switch performs its tasks using specialized hardware. Switches are often built using specialized components known as Application Specific Integrated Circuits (ASICs). Due to the specialized design of switch hardware, they usually have much higher performance than bridges examining and forwarding more frames per second. Switches often have more network interfaces than a bridge. Some bridges have only LAN interfaces while others have a combination of LAN and WAN interfaces.
Creating MAC Address Lists
The bridge keeps a list of MAC addresses that are connected through each of its ports. This list can be created manually by a network administrator however the bridge is normally configured to "learn" this information. When Ethernet frames are received, the source address and the port on which it was received are stored in a table for future use. The bridge learns the location of devices in this manner. Bridges can be helpful in reducing the overall network traffic when compared with repeaters and hubs. If the source and destination devices are located on the same interface, the bridge will discard the frame. If the source and destination devices are located on different interfaces, the bridge will forward the frame only on the appropriate port. NOTE: Broadcast messages are normally forwarded to all ports.
Bridge/Layer 2 Switch Options
Bridges frequently allow the use of half and/or full-duplex communication. This depends on the bridge's capabilities and the capabilities of devices connected to its interfaces. Some bridges will determine the transmission speed and duplex supported by the attached device and match its characteristics. This is called auto-negotiating.
Same IP Network
Since bridges operate at the Data Link (OSI) and Network Interface (ARPA) layer, they are not concerned with Network layer addresses such as those used by the Internet Protocol (IP). Therefore, all interfaces on the bridge are considered to be part of the same Network layer logical network. In the example shown, the Network layer considers all devices on both sides of the bridge to be part of the 192.10.5.0 network. Unnecessary network traffic could also occur if the destination address were unknown to the bridges. By default, a bridge passes incoming Ethernet frames if it does not know the location of the destination device. If it did not do this, information might be withheld from a valid destination. If there is a single bridge between two network segments, there is a single point of failure. In this case, a single failing bridge can prevent communication between the network segments.
Redundancy
Many network managers want to provide some redundancy in their bridged/switched network. Multiple bridges can be installed between network segments but active redundant paths are not allowed. Only one path can be forwarding frames at any given time. Activating or deactivating Bridge ports is controlled by the Spanning Tree Algorithm (STA). A spanning tree algorithm was developed to prevent loops in a multi-bridge environment. Ports will automatically be deactivated if there is a redundant path detected. If an active port subsequently fails, the deactivated redundant port will be re-activated. An STA frame is sent out periodically to automate this process. The IEEE 802.1D standard defines the STA process. If more than one bridge is active at the same time, a bridged loop is created. A broadcast message would be passed between the bridges indefinitely. This is known as a broadcast storm. In the example shown here, redundant bridges connect two Local Area Networks.
Hub Limitations
All ports on an Ethernet hub are part of the same LAN. In a TCP/IP environment, these ports are normally members of the same IP network. This creates some potential problems. If a network needs only a few connections and the hub has many ports, there is no way to use the empty ports for another LAN. If a machine needs to be moved to a different IP network, a network technician has to physically move the cabling from one hub to another. There can be significant time and travel costs associated with making the change. If network access for a device needs to be temporarily disabled, the network technician might have to physically remove the connection to the hub. Again, there are time and travel costs associated with disabling the port. NOTE: Some hubs also allow remote enabling and disabling of physical ports.
Layer 2 Switch characteristics
Some layer 2 switches overcome the limitations of hubs by allowing the use of VLANs. Ports on the layer 2 switch can be logically grouped together, forming a separate, Virtual Local Area Network (VLAN). Virtual local area networks (VLANs) help simplify network administration. Most layer 2 switches support LANs. They also provide flexibility in grouping ports, managing network connections, and network reconfiguration. Ports in a VLAN can be limited to only the number needed for a particular network. This allows unused ports to be used in other VLANs. Through software commands, additional ports can be added to an existing VLAN if further expansion is needed. If a machine needs to be moved to a different IP network, the port is reassigned to a different VLAN. There is no need for the physical movement of cables. The port is reassigned using software and a network administrator in a remote location can often make the change. Remotely changing a port's VLAN assignment can save significant time and travel expenses. If network access for a device needed to be temporarily disabled, no physical change is required. The port is disabled through software commands and can be made from a remote location, saving time and money. Disabling the port has the same effect as physically removing the cable from a hub. It cannot send or receive information.
Extending VLANs
Some vendors allow VLANs to extend between layer 2 switches, increasing their physical size and the number of devices in the VLAN. In this case, the layer 2 switches are connected together by some cabling. A separate physical link between switches might be dedicated to each shared VLAN. In this case, multiple shared VLANs could significantly reduce the number of switch ports available for individual network devices. It may be better to group traffic from multiple shared VLANs onto a single link between switches. This is especially true if the number of unused ports on the switches is limited. It might also be useful if some VLANs have only a limited amount of traffic, thereby wasting bandwidth on ports between switches by dedicating them to a single VLAN.
Ethernet Trunking
Ethernet trunking combines the traffic from multiple shared VLANs on a single link between switches. The IEEE 802.1Q standard specifies a method for trunking VLANs. Cisco Corporation developed a proprietary method it calls Port Trunking using Dynamic Trunking Protocol (DTP). Cisco also adapted its Dynamic ISL (DISL) protocol and turned it into Dynamic Trunking Protocol (DTP). DISL can negotiate ISL trunking on a link between two devices; DTP can, in addition, negotiate the type of trunking encapsulation (802.1Q or ISL) that will be used as well. This is an interesting feature as some Cisco devices support only ISL or 802.1Q, whereas some are able to run both. NOTE: Learn more about these protocols by visiting the website at: http://www.cisco.com/warp/public/473/27.html Some layer 2 switches offer the ability to create a logical link to a network device using two or more physical links. This is known as link aggregation. The switch and connected device must support link aggregation. The term link aggregation will be used to encompass all aggregation technologies. Some examples of these are EtherChannel and Link Aggregation Control Protocol (LACP). Using link aggregation, multiple physical links are treated as a single Ethernet connection by higher layer protocols. For example, the physical ports associated with the aggregated link would share a single Internet Protocol (IP) address.
Combined Bandwidth
The combined bandwidth of all ports in the aggregated link is available for data transfer. For example, if two 100 Mbps, full duplex Ethernet ports are associated with the aggregate link, the available bandwidth is approximately 200 Mbps in each direction. NOTE: Assuming that these are full-duplex Fast Ethernet ports with 100 Mbps per physical port in each direction, some network vendors would advertise this link as having 400 Mbps of bandwidth - 200 Mbps in each direction. If a single connection in the aggregate link (switch port, network device interface or the cabling between them) fails, the remaining port(s) in the logical grouping continues to transfer information. This avoids a single point of failure between the switch and network device. Cisco EtherChannel is an aggregation technology based on the grouping of several full-duplex 802.3 Ethernet links to provide fault-tolerant, high-speed links between switches, routers, and servers. Link Aggregation Control Protocol (LACP) is part of an IEEE specification (802.3ad) that also allows for the bundling of several physical ports to form a logical channel. Port Aggregation Protocol (PAgP) aids in the automatic creation of Fast EtherChannel links. The Celerra supports EtherChannel and LACP as two network high availability solutions.
Routers and Layer 3 Switches
Routers and layer 3 switches function at layer 3 (network layer) of the OSI model and the Network layer of the ARPA model. It is important to note that routers and layer 3 switches connect different logical networks. An example of two logical networks with a router between them is shown here. NOTE: Like bridges, routers frequently use general-purpose processors with specialized software. Layer 3 switches use specialized hardware (ASICs) and therefore have higher performance than routers. Routers and layer 3 switches perform the same basic function. Unless otherwise noted, the term "routers" will be used to indicate either device. If there is a single router/layer 3 switch between two network segments, there is a single point of failure. In this case, a single failing router/layer 3 switch can prevent communication between network segments. Many network managers want to provide some redundancy in their routed networks. Multiple routers/layer 3 switches can be installed between network segments. Unlike bridges, routers do not create broadcast storms because routers do not automatically forward broadcasts. Network performance may actually be improved by adding more than one router/layer 3 switch. When more than one router/layer 3 switch exist between source and destination, some network devices will send part of their traffic through one router and the remainder through another.
Sending Messages
When a network device needs to send a message to a device on a different network, it sends the message to a router/layer 3 switch and expects that device to forward the message. The device and routers/layer 3 switches use routing tables to determine how to forward information.
Routers vs. Layer 3 Switches
Although these devices perform the same basic functions, there are certain differences. For example, routers frequently use a general-purpose processor with special routing software. Layer 3 switches frequently use a special purpose processor with routing functions built into the hardware. The specially designed hardware uses Application Specific Integrated Circuits (ASICs). Due to this special hardware design, layer 3 switches often have much higher performance than routers, assuming that the router is a computer with routing functions. However there are specialized routers that have much better performance when designed to be only routers. NOTE: The layer 3 switches often have more interfaces than routers.
Multi-Layer Switches
Some network devices support functions at more than one layer of the OSI network architecture. For example, layer 2/3 switches support Ethernet switching and IP routing in the same device.
Gateways
The term gateway may be used in networking. Gateway may be used to describe devices that convert from one protocol to another, usually at higher layers. An example would be a device that converts from IBM's Lotus Notes mail to the Simple Mail Transfer Protocol (SMTP). NOTE: While the term gateway may be used for higher layer protocol translation, it may also be used interchangeably with the terms routers and layer 3 switches. When configuring network interfaces for TCP/IP with the Windows operating systems, Microsoft refers to the default layer 3 switch or router as the default gateway. Other vendors have used the term gateway in a similar manner. Network adapter cards are used to pass frames of information to and from the internal bus of the networked device and the network. Device drivers provide a link between the proprietary network adapter hardware and the standard upper layer protocols. Hubs, bridges, switches and routers, are network interconnection devices. VLANs help to simplify the management of the entire network.
Module Summary
In summary, an enterprise network may contain one or more network topologies such as star, ring, bus or mesh. There are several forms of wire and non-wire physical media. Forms of wire media include coaxial, twisted pair and fiber-optic cabling. Baseband signaling uses the entire bandwidth of a media for a single transmission. Network devices usually support half and/or full-duplex communications. As a general rule, use full-duplex communications whenever possible. Networks are usually defined as Local or Wide Area Networks. WANs usually have slower transmission rates than LANs. There are several network devices that work at various layers of the network architecture. These include NICs, bridges, routers and switches. In summary, the networking process, although complex, can be made more manageable by architectures that divide communication tasks among layers. The ARPA model is a popular network architecture. Protocols at each layer of the architecture specify the rules and procedures for a specific part of the communication process. Enterprise networks may contain one or more network topologies. The physical network medium may take many forms including copper wire, fiber-optic cable, and radio transmissions. Data link protocols, such as Ethernet, encapsulate higher layer data for transmission on the physical medium. Network devices usually support half-and/or full-duplex communication, but full-duplex is generally used whenever possible. Networks are usually defined as either Local or Wide Area Networks.
Course Summary
Key points covered in this course: The components of a typical customer network infrastructure Some of the organizations that create network standards Layered architectures using the OSI model Comparing the OSI model to the ARPA (TCP/IP) model.
Briefly described the ARPA (TCP/IP) architecture and its layers Compared the ARPA (TCP/IP) and OSI architectures
These are the key points covered in this training. Please take a moment to review them. This concludes the training. In order to receive credit for this course, please proceed to the Course Completion slide to update your transcript and access the Assessment.
BNE Network and Transport Layers
Welcome to BNE Network and Transport Layers. The AUDIO portion of this course is supplemental to the material and is not a replacement for the student notes accompanying this course.
EMC recommends downloading the Student Resource Guide from the Supporting Materials tab, and reading the notes in their entirety. Copyright 2005 EMC Corporation. All rights reserved. These materials may not be copied without EMC's written consent. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Celerra, CLARalert, CLARiiON, Connectrix, Dantz, Documentum, EMC, EMC2, HighRoad, Legato, Navisphere, PowerPath, ResourcePak, SnapView/IP, SRDF, Symmetrix, TimeFinder, VisualSAN, where information lives are registered trademarks. Access Logix, AutoAdvice, Automated Resource Manager, AutoSwap, AVALONidm, C-Clip, Celerra Replicator, Centera, CentraStar, CLARevent, CopyCross, CopyPoint, DatabaseXtender, Direct Matrix, Direct Matrix Architecture, EDM, E-Lab, EMC Automated Networked Storage, EMC ControlCenter, EMC Developers Program, EMC OnCourse, EMC Proven, EMC Snap, Enginuity, FarPoint, FLARE, GeoSpan, InfoMover, MirrorView, NetWin, OnAlert, OpenScale, Powerlink, PowerVolume, RepliCare, SafeLine, SAN Architect, SAN Copy, SAN Manager, SDMS, SnapSure, SnapView, StorageScope, SupportMate, SymmAPI, SymmEnabler, Symmetrix DMX, Universal Data Tone, VisualSRM are trademarks of EMC Corporation. All other trademarks used herein are the property of their respective owners.
BNE Network and Transport Layers - 1
Course Objectives
Upon completion of this course, you will be able to: Describe how networks are used for sharing resources Identify the purposes and associated protocols of specific ARPA layers Explain Internet Protocol routing and routing tables Identify other protocols related to the Network layer Define the term ports as it applies to the Transport layer
The objectives for this course are shown here. Please take a moment to read them.
Network Layer Description
The Network layer of the ARPA Architecture takes messages created by the Transport Layer and routes them through potentially complex networks from source to destination. This module will present the Internet Protocol (IP), the Internet Control Message Protocol (ICMP), and the Address Resolution Protocol (ARP) needed to perform Network layer functions. The Network layer accepts frames of information from the Network Interface layer and prepares it to be delivered to the Transport layer. In this lesson, we will discuss the functions and protocols needed to transfer information between these two layers. Information will pass through one or more networks between source and destination. The Network layer defines the addressing necessary for a message to traverse the networks. For example, the Internet provides an interconnection for many public and private networks. The Network layer protocol hides the details of the physical interfaces and cabling from the upper layers. This allows upper layer independence from lower layer hardware. For example, upper layer functions are not contingent on a particular LAN protocol such as Ethernet or Token Ring at the Network Interface layer. Logical addresses are used at the Network layer. A logical address is an address that is not hardware vendor specific. Physical addresses imply hardware dependence. For example, every Ethernet Network Interface Card (NIC) has its own unique physical (MAC) address. The Network layer routes messages received from upper layers between source and destination devices. When routing messages between network devices, a path is defined. If a component along the path fails, an alternate route may be available. The Network layer is responsible for keeping track of possible routes between source and destination.
Network Layer Protocols
Two Network layer protocols are defined in the ARPA architecture. They are the Internet Protocol (IP) and the Internet Control Message Protocol (ICMP). A third protocol known as the Address Resolution Protocol (ARP) maps the logical Internet address to a MAC address at the Network Interface layer. The Internet Protocol defines the rules and procedures for sending information between network devices. This is true whether the source and destination are located on the same or different networks. A companion protocol to IP is the Internet Control Message Protocol. It is used for sending administrative information between network devices. ARP maps a logical network layer address with a physical MAC address, bridging the Network Interface layer and the Network layer. ARP is not technically a Network layer protocol, but a Network Interface protocol. The Network layer and Network Interface layer need the services of ARP to associate IP addresses with MAC addresses. The Network layer provides hardware independence between the upper layers and the Network Interface layer of the ARPA architecture. The Internet Protocol (IP) uses logical addresses to route information between source and destination network devices. The Internet Control Message Protocol is a companion to IP that is used for passing administrative information on the network. The Address Resolution Protocol associates logical and physical network addresses.
Internet Protocol Overview
The Internet Protocol (IP) is used almost universally for communicating between network devices. Understanding the fundamental concepts of IP is critical to working within most customers' network environments. The Internet Protocol (IP) is designed for use with network devices in data communication networks. It provides for transmitting blocks of data called datagrams from source to destination.
IP Datagram: The basic unit of information for IP is called a datagram. An IP header that contains addressing plus other administrative information is added to higher layer data, forming a datagram. The datagram is sometimes called a packet. When transmitting, the IP datagram is passed to the Network Interface layer for delivery to the destination. When receiving, the Network layer accepts the datagram from the Network Interface layer, verifies that it is the intended recipient, removes its administrative header and passes the message to the Transport layer. This header contains addressing information and is used to route the packet from source to destination.
IP Version 6
0001020304050607080910111213141516171819202122232425262728293031 Version Traffic Class Payload Length Flow Label Next Header Source address ::: Destination address ::: Data ::: Hop Limit
(Internet Protocol Version 6) The next generation IP protocol. Started in 1991, the specification was completed in 1997 by the Internet Engineering Task Force (IETF). IPv6 is backward compatible with and is designed to fix the shortcomings of IPv4, such as data security and the maximum number of user addresses. IPv6 increases the address space from 32 to 128 bits, providing for an unlimited (for all intents and purposes) number of networks and systems. It also supports quality of service (QoS) parameters for real-time audio and video. Originally called "IP Next Generation" (IPng), IPv6 is expected to slowly replace IPv4, with the two existing side by side for many years. IPv6 was officially deployed in July 2004 when Internet Corporation for Assigned Names and Numbers (ICANN) added IPv6 records to its DNS root server for the .jp (Japan) and .kr (Korea) country codes.
Version. 4 bits. IPv6 version number. Traffic Class. 8 bits. Internet traffic priority delivery value. Flow Label. 20 bits. Used for specifying special router handling from source to destination(s) for a sequence of packets. Payload Length. 16 bits unsigned. Specifies the length of the data in the packet. When cleared to zero, the option is a hop-by-hop Jumbo payload. Next Header. 8 bits. Specifies the next encapsulated protocol. The values are compatible with those specified for the IPv4 protocol field. Hop Limit. 8 bits unsigned. For each router that forwards the packet, the hop limit is decremented by 1. When the hop limit field reaches zero, the packet is discarded. This replaces the TTL field in the IPv4 header that was originally intended to be used as a time based hop limit. Source address. 16 bytes. The IPv6 address of the sending node. Destination address. 16 bytes. The IPv6 address of the destination node.
IP Header
The normal IP header length is 20 bytes. The header will be longer than 20 bytes if options such as explicit routing information are specified. The IP header format, followed by higher layer data, is shown here. NOTE: For more detailed information on Internet Protocol, refer to Request For Comments (RFC) 791, available on the Internet at http://www.ietf.org/rfc.html.
Internet Protocol Addressing
At the Network layer, the IP address specifies a logical network number and one or more hosts within that network. Internet addresses are normally expressed in "dotted decimal" notation (a.b.c.d). Each IP address is 4 bytes (octets) for a total length of 32 bits. Numeric values for each byte range from 0-255 (decimal). There must be a source and a destination address. The source address represents a single device. The destination address may represent one or more devices to receive the packet. There are three types of destination addresses: they are unicast, multicast or broadcast. When a message is sent on the network, one of these three types of destination addresses is used. For a unicast address, the destination is a single network device. For a multicast address, the destination is a group of network devices. For a broadcast address, the destination is all devices on the network. NOTE: Ethernet supports all three destination types.
IP addresses can be divided into two major categories, public (globally unique) and private (enterprise unique). Public addresses are unique to an organization. No other organization in the world is authorized to use these addresses on the Internet. Private addresses must be unique within an enterprise network but can be duplicated by other enterprises. The Network Address Translation (NAT) is a means of transporting packets with private IP addresses through a public network. The packet from a device using a private IP address is intercepted before it reaches the Internet. A device with a public IP address takes the packet, uses its own public address as the source and sends the packet to the Internet. When a reply is made to this packet, the NAT device accepts the packet and forwards it to the original sender. For more information about private IP addresses read RFC 1918. It is available through a variety of RFC repositories including http://www.letf.org/rfc.html on the Internet. Regional Internet Registries (RIR) oversee the assignment of public IP addresses throughout the world. For example, the Asia Pacific Network Information Center (APNIC) oversees the assignment of IP addresses in Asia/Pacific region.
IP Network Classes
There are five classes of Internet addresses; Class A, B, C, D, and E. Only classes A-D are currently used; Class E is reserved. The network class is determined by examining the first octet (byte) of the IP address.
Class A
Class A networks are considered large networks because of the large groups of host numbers. A total of 127 Class "A" networks can be defined with 16,777,214 hosts per network (8 bits in the IP address for the network number, 24 bits for the host number). The first octet in the IP address ranges from 1 through 127. MORE: Remember that an IP address consists of a logical network number and a host number. As an example, for IP address 68.214.99.72, by default, the network portion is "68" and the host portion is "214.99.72". There is a way to change the default portions using netmasks, which will be described later. Class A IP address 127.0.0.1 is reserved for testing and local software applications. It is not assigned to a physical connection. This address is also known as localhost. Normally, all machines on a network have a localhost with this address. When a message is sent to this address, the message never leaves the network device. Instead, it is "looped back" internally as though the message had been received from another host.
Class B
Class B networks are considered medium networks. Class B networks can be defined with 65,534 hosts per network (16 bits for the network number, 16 bits per host number). The first octet in the IP address ranges from 128 through 191. As an example, for IP address 137.91.202.50, by default, the network portion is 137.91 and the host portion is 202.50.
Class C
Class C networks are considered small networks. Class C networks can be defined with 254 hosts per network (24 bits for the network number, 8 bits for the host number). The first octet in the IP address ranges from 192 through 223. As an example, for IP address 193.217.101.42, by default, the network portion is 193.217.101 and the host portion is 42.
Class D
Class D network numbers are used for multicasting when sending messages to a group of devices on the network. The first octet in the IP address ranges from 224 through 239. As an example, certain network devices send routing information throughout the network using multicast address 224.0.0.5. The Internet Protocol adds some administrative information (including logical addressing and routing) to data from higher layers in the architecture. This administrative information is contained in the IP header. The information is mandatory for moving information through the network from source to destination.
Binary/Decimal Number Conversion
Since there are only four network classes available for Internet addresses, other methods of designating network size must be used to gain efficient use of the remaining available addresses. In some cases, it may be desirable to convert between base numbering systems such as binary and decimal. Converting between binary and decimal may help in understanding subnet masks. An example of Internet address 128.10.2.3 (decimal) in both formats is shown here.
Binary to Decimal Steps
To find the decimal equivalent of the binary number, add the decimal value of each position where a "one" bit in the binary number is located. The chart shown displays the binary bit positions (powers of 2), binary value for each bit position, and the decimal equivalent of each bit position (decimal equiv.) In this example, we would add 128 + 64 + 32 + 8 + 1. Therefore, the decimal equivalent of 11101001(binary) is 233.
Subnets
A 32-bit IP address has a network number component and a host number component. This logical network number can be divided to create subnetworks (subnet). Using subnets, each IP address now consists of a network number, subnet number, and a host number. Subnets are used by organizations as a means for limiting broadcast messaging scope and improving network performance. Without subnetting, all devices in a logical network will receive all broadcast messages. By subdividing a logical network, broadcast messages are confined to a single subnet and not the entire network. As the number of devices in a logical network increases, so do the number of broadcast messages. This can negatively impact network performance, as each network device must process each broadcast message. Subnetting will control the distribution of broadcast messages and reduce the possibility of broadcast messages impacting performance. NOTE: Performance impacts are especially noticeable in WANs with limited bandwidth. As we decrease the number of bits from the default host portion of the IP address, we increase the number of possible subnets. However, decreasing the host portion of the IP address to create subnets, will decrease the number of hosts available per subnet.
Example: Assume that the Training Corporation has been assigned network number 128.221.0.0 by a public IP address registry. By default, 128.221 represents the network portion of the address. The possible host portion ranges from 0.1 through 255.254, giving the Training Corporation the possibility of 65,534 hosts in a single logical network. None of its facilities need more than 250 network devices. Without subnetting, over 65,000 host addresses would be unused on this class B network and the Training Corporation would need additional network assignments from the Internet registry. The Training Corporation decided to subdivide its 128.221 network by using the third octet of the IP address for the subnet number. Now only the fourth octet represents the host portion of the IP address. This provides 256 subnets (the 3rd byte in the address ranges from 0.255). Each subnet has a maximum of 254 available host addresses. Each facility would have its own subnetwork of the corporate network. The IP address would look like this: 128.221.(subnet#).(host#). For example, if the IP address of a network device is 128.221.113.24, this could be interpreted as the Training Corporation (128.221), subnet (113) in the training Corporation, and host (24) on subnet 113 in the Training Corporation.
Connecting Subnets
A network layer device is used to separate subnets. These devices are called Routers or Layer 3 Switches. In some cases, such as a Microsoft environment, they are called gateways. If a device in one subnet sends a message to a device in another subnet, the message must pass through one or more routers. NOTE: Although routers and layer 3 switches are different hardware devices, they perform the same basic functions. For this lesson, we will use the term router to represent either device.
Net masks
Because the number of bits representing the network, subnetwork, and host portions of the IP address can vary, some method of defining their length must be used. A 32-bit net mask value specifies which bits in the Internet address represent the network and subnetwork portion of the address and which bits represent the host (node) portion. Network devices sending messages will use the net mask to determine whether or not the intended destination resides on the same subnet. For example, when a source machine wants to send a message to a destination machine, the subnet mask determines if the destination machine is on the same logical subnet or if it resides on a different subnet. If it is on a different subnet, the message must pass through one or more routers between source and destination. The net mask is often specified in dotted decimal notation. Occasionally, a vendor will expect the net mask in hexadecimal format. Each IP address will have a net mask value associated with it.
Network Classes and Default Net masks
Bits whose value equals "1" represent the network and subnetwork portion of the Internet address. Bits whose value equals "0" represent the host portion of the address. The network classes and default net masks are shown here. The number of possible host addresses per network is two (2) raised to the number of bits in the host ID, subtracted by two. The calculation for the maximum number of hosts in a standard Class B network would look like the example shown here.
Default Class B Net mask
The table shown here displays the bit pattern for Class B address and net mask without subnetting. The network number is 128.221, there is no subnet, and the host number is 116.239. NOTE: Remember that an all "zero" bit pattern in the host ID is reserved for generic reference to the network. An all "one" bits pattern in the host ID is reserved as the Broadcast address. The second table shown here displays the bit pattern for a subnetted class B address and net mask with the 3rd byte used as the subnet number. The network number is 128.221, the subnet number is 116 and the host number is 239. NOTE: An entire octet does not need to be used to create the subnet number.
Net mask Characteristics
Net masks do not have to end on a byte boundary. In the upper example, the entire 3rd byte of the IP address was used for the subnet number. A part of the 3rd byte could have been used for the subnet. For example, we could have taken the first half of the 3rd byte for the subnet number. In the lower graphic, the IP address would have remained the same (128.221.116.239) but only the first half of the "116" would have represented the subnet number. The remaining half of the 3rd and all of the 4th byte would represent the host number. In this case, the subnet mask would have been 255.255.240.0 instead of 255.255.255.0. The 4 most significant bits in the 3rd byte of the net mask would have been "one" bits. The decimal-tobinary conversion can help with understanding the new net mask.
Route/No-Route Decision
A network device uses the netmask to make the route/no-route decision. Consider the following IP address example and its binary format. The source host compared its own network address with the destination host. If there is a "one" bit in the netmask, the corresponding source and destination bits must be compared. If any of these source and destination bits are different, the network devices are located on different networks. The number of unallocated network numbers has decreased significantly as companies and other organizations have increasingly applied for public IP addresses. Classless Inter-Domain Routing (CIDR) is an alternative approach to specifying IP addresses and net masks. Following is an example of how the addressing scheme for CIDR addresses and the addressing scheme for any Class address, such as Class B, are different; for example, IP address 168.214.151.90, Subnet mask 255.255.255.0, and CIDR 168.214.151.90/24. The IP address is followed by the number of "one" bits in a traditional net mask. In other words, the first three bytes (24 bits) of the IP address are considered the network and subnetwork portion of the address. All remaining bits (8, in this example) represent the host ID within the 168.214.151.0 network.
CIDR was developed to conserve IP addresses. In the traditional IP address class structure, many organizations were forced to purchase more addresses than they would ever need. Classless addresses allow the Internet registry to customize the assignment of addresses based on number of addresses needednot network class. This provides more control over the number of IP host addresses that are assigned to an organization. Some organizations do not need an entire network number. The Training Corporation has determined that it will need a maximum of 8,000 IP (host) addresses. This is far more than provided by a single Class C network but much less than a Class B network number provides. Assigning an entire Class B address (with a maximum of 65,534 host numbers) to the Training Corporation would leave over 57,000 host addresses unused. As an example, if the Training Corporation needs a maximum of 8,000 IP addresses, it might be assigned an IP network number of 128.221.160.0/19 using CIDR. This would allow a maximum of 8190 IP addresses, leaving only 190 IP addresses that might never be used, rather than over 57,000.
Setting IP Configurations
IP addresses, net masks and other configuration parameters may be manually assigned by a device administrator or automatically allocated. The Dynamic Host Configuration Protocol (DHCP) is an example of automatic parameter assignment. Depending on the operating system, an administrator may use a command line interface (CLI) or graphical user interface (GUI) to manually assign IP addresses, netmasks and other networkrelated parameters to each network device. If there are many network devices, this can be a time consuming process. Each parameter must be carefully entered. Mistakes, such as giving the same IP address to more than one network device, could affect that device or the entire network behavior.
Dynamic Host Configuration Protocol (DHCP)
DHCP works in a client/server environment. The DHCP client normally broadcasts a request to be given a configuration. The DHCP client "leases" an IP address for a certain amount of time. After half of the lease time has expired, the client automatically "renews the lease" if possible. The DHCP server is responsible for providing configuration data that may include some or all of the following information: a unique IP address, subnet mask, default gateway (IP router), DNS server address, WINS server address, and IP address of the DHCP server. Subnets can be used to make a network more efficient by dividing up a network. Net masks do not have to end on a byte boundary and are used to mask certain portions of IP addresses allowing for more efficient data delivery. Classless Internet addressing is a way to specify an IP address without using an entire network number. The number of bits in a network/subnetwork can be separated from the IP address with a forward slash to minimize the number of IP addresses that may never be used.
IP Routing Tables
Using TCP/IP, network devices can communicate with other devices on the same network or remote networks. To communicate with devices on remote networks, local devices must send their IP packets through one or more routers or Layer 3 Switches. Routing tables within each device are used when deciding which path the packet will travel. To send an IP packet from a source device to a destination device on another network through a router, the source device needs to know the route(s) available to get there. There may be more than one physical path to that destination; therefore, network devices using TCP/IP will have routing tables. Routers could also be called network gateways. Microsoft uses the term "default gateway" when configuring TCP/IP with its Windows operating systems. There are other kinds of gateways such as mail gateways that should not be confused with network gateways. A mail gateway is an intermediate device that is used to temporarily house the message during transmission between the sender and receiver.
The routing table contains a value to represent the relative distance or time to reach the destination. This could be a numeric hop count value or a cost value, based on additional information. Hop count values usually indicate the number of Routers or layer 3 switches through which the packet must pass to reach the destination. Cost count values usually represent a combination of the number of routers between source and destination and the transmission speeds of links between them. If there are multiple routing table entries with the same destination address, the one with the lowest number is considered to be a more efficient route. It is normally used to send packets to the destination rather than the entries with a higher number. There are times when it is helpful to view the routing tables for a particular network device. This is often true when troubleshooting network access problems. Depending on the software platform, routing tables can be viewed using a Command Line Interface (CLI) or a Graphical User Interface (GUI).
Static Entries
There are two basic types of routing table entries. The static routing table entry is used when the device administrator manually adds or deletes routing table entries. The dynamic routing table entries are derived from accepting advertisements from other network devices (usually Routers or Layer 3 Switches). In this context, advertisements are routing table entries distributed by network devices for inclusion in other devices routing tables. NOTE: A network device may have one or both types of entries in its routing table. With static routing table entries, the device administrator must make any additions, deletions, or modifications manually. This can be very time consuming, especially if the network topology changes frequently. Each device's routing table must be configured separately, making static entries undesirable for administrators with many devices to be managed. A static default route is sometimes added to the routing table, especially when there is only one router attached to the network. This tells the device that by default, all packets destined for other networks are to be sent through a particular router. The default route may appear as destination address 0.0.0.0 in the routing table with a metric of 1. The address of the router in the default routing table entry is what Microsoft calls the default gateway. Static routing table entries may be contained in a file that is read by the network device at startup time. The name and location of the file containing static routing entries will vary, depending on the operating system. Static routes can be added at any time but persistence at startup may be optional. Static entries may be created using a command line or GUI capability. The route command is used to create, modify and delete static routing table entries. It is available for most Microsoft and UNIX-based operating systems.
Dynamic Entries
With dynamic routing table entries, a network device's routing tables automatically change according to advertisements that it receives from other network devices. If the device is an end station (not capable of routing), it can only receive advertisements and update its routing tables. If the device is capable of forwarding packets from one network to another (i.e. a router), it can be told to send and/or receive advertisements. To compare this concept with human communications, receiving advertisements could be called listening while sending advertisements could be called talking. For autonomous networks, networks that are managed by a single organization, there are several protocols available for dynamic routing, two of the most popular are the Routing Information Protocol (RIP) and the Open Shortest Path First (OSPF) protocol. Each allows for sending and/or receiving of routing information. In the UNIX environment, an executable program called routed dynamically manages routing table entries using RIP only. Another application called gated is capable of dynamically managing routing table entries using both RIP and OSPF.
Routing Information Protocol (RIP)
RIP is an early protocol for dynamic routing table administration. RIP is a distance vector algorithm, meaning that it calculates the preferred path to the destination based on the number of routers between source and destination. If there are multiple paths from source to destination, the path with the least number of routers will be preferred. RIP uses hop count as the metric for routing table entries. Each router between the source and destination represents a hop. For example, in the RIP metric, a router is defined to be one hop from directly connected networks, two hops from networks that are reachable through one other router and so on. Hop counts do not necessarily represent the number of routers between source and destination devices. To give preference to a particular path, network administrators may alter the count.
Open Shortest Path First (OSPF)
OSPF is another protocol for dynamic routing table administration. OSPF is a link state algorithm, meaning that it calculates the preferred path to the destination based on the path speeds between source and destination. For example, it might be faster to send a packet through 3 routers with 100 Mbps paths between them rather than 2 routers with a 56Kbps path between them. A cost value is calculated to compare multiple paths for a destination. The network speeds and number of routers are used as cost factors. The preferred routing table entry is the one with the lowest cost value. The OSPF provides load balancing. If there are multiple paths of equal cost between source and destination, the traffic will be split equally among those paths. Network devices using TCP/IP have a routing table. The routing table contains entries that provide directions for sending an IP packet to its destination. Routing table entries list the destination, router (gateway), IP address and a value to determine the preferred path. The two basic types of routing table entries are static and dynamic.
Internet Control Message Protocol
There are several utilities and protocols that can be used to ensure the network remains connected and functioning properly. The Internet Control Message Protocol (ICMP) is a partner to IP that handles error and control messages. ICMP is used for notifying network devices of certain network-related conditions and for notifying network devices when the routing tables have changed. It is also utilized for testing and troubleshooting network connectivity. Each ICMP message consists of a type and a code. The message type is represented by a numeric value that indicates a general message category. The message code provides more detailed information about that message type. Not all types have multiple codes associated with them. NOTE: For more information on ICMP types and codes, refer to Request For Comments (RFC) 792, available on the Internet at http://www.ietf.org/rfc.html PING is a utility which verifies the physical connection between source and destination devices and all connections between them. It uses an ICMP "echo request" (from the source) and an ICMP "echo reply" (from the destination). As a matter of fact, derived from defense department jargon, ping is the term used to denote the sonar active pulse which will return from a target when trying to find an object while in a submarine. Each ICMP message consists of a type and code. The code provides more information about the message type. PING verifies the physical connection between source and destination devices and all connections between them.
Address Resolution Protocol
Before sending an IP packet to a destination, the lower layer address of the destination or device that routes packets to the destination must be known. Generally, two machines must know each others MAC address to communicate over the physical medium. The Address Resolution Protocol (ARP) associates the logical (IP) address with the physical (MAC) address. NOTE: Remember that MAC addresses are used by physical network interfaces. For example, a NIC uses an Ethernet address not an IP address. Direct Routing If the source and destination devices are connected to the same logical network, the source needs to know the MAC address for the destination network device. Indirect Routing If the source and destination devices are connected to different logical networks, the source needs to know the MAC address of a router that can forward the message to the destination. The IP to MAC address associations are contained in ARP table entries. Each network attached device has its own ARP table. An ARP table entry consists of an IP address, a MAC address and the ARP entry type. ARP entry types are either static (manually entered) or dynamic (learned through ARP requests).
ARP Table Entries
Static ARP table entries are created manually. A system manager must know the IP and MAC address to create this entry in the ARP table. Dynamic ARP table entries are created as needed. When an IP to MAC association does not exist in a source device's ARP table, the source device broadcasts an ARP request and waits for a reply. The ARP request includes the IP address of the destination network device. Normally, the only device to reply to this ARP request is the device with the assigned destination IP address. The destination responds with an ARP reply and the source updates its ARP table. The ARP reply contains the MAC address of the destination device. Example: A PC needs to issue a file open request to a corporate file server over an Ethernet LAN. If the PC does not have an ARP table entry for the server, it broadcasts an ARP request. The server responds with its MAC address and the PC updates its ARP table. The PC sends the file open request to the server in an Ethernet frame. The destination address in the frame is the MAC address from the ARP reply. The file server receives the request to open the file. The ARPA architecture uses the Address Resolution Protocol (ARP) to perform the IP-to-MAC mappings. These mappings are entries in an ARP table.
Transport Layer Function
This section will present the protocols used by the Transport Layer of the ARPA architecture. You will also learn the differences between these protocols and how port numbers at the Transport layer prevent different Application layer processes from accidentally receiving each other's data. The Transport layer offers services to the Application layer when a network device is sending and receiving data. The Transport layer serves as the intermediary between the Application layer (user interface services) and the Network layer (packet delivery services). A header, containing administrative information, is created by the Transport layer and used to provide its services to the Application layer. When a network device sends information, the Transport layer accepts Application layer data, adds a Transport layer header to it, and passes the resulting message to the Network layer. When a network device receives information, the Transport layer accepts the information received from the Network layer, removes the Transport layer header created by the sender and passes the higher layer information to the Application layer. The services provided by the Transport layer depend on the protocol that is used. Possible Transport layer services are acknowledged message delivery, message sequencing, and message flow control. Based on its service requirements, the Application layer sends its data to the appropriate Transport layer protocol. The Transport layer acknowledgement of message delivery is similar to certified mail services in many countries. The person sending a letter attaches the information necessary for acknowledgement of delivery to be returned.
When the letter is delivered, the recipient acknowledges delivery by signing a receipt form that is returned to the original sender. If the sending network device requests delivery acknowledgement and the recipient has a message for the original sender, the recipient may send the acknowledgement and message together. If the sending network device requests delivery acknowledgement and the recipient does not have a message for the original sender, the acknowledgement may be sent alone. If acknowledgement is not received within a designated amount of time after sending, the sender assumes that the message was not delivered. Normally, the sender will retransmit the information. Transport layer delivery without acknowledgement or "best effort" service is similar to first class postal services in many countries. The postal service attempts to deliver the letter but does not tell the sender whether or not the letter was actually delivered. Using the appropriate Transport layer protocol, the sender establishes a session with the receiver. A sequence number is added to each message. With sequenced delivery, the receiving Transport layer service can detect problems and take corrective action when messages are missing, duplicated, or received out of order. If there is no agreement between sender and receiver, it is possible for the sender to transmit more information than the receiver can accept and store. Using message flow control, the receiver tells the sender how much storage (usually memory buffer) it has available for messages from the sender. The Transport layer acts as the intermediary between the Application and Network layers of the ARPA architecture. The services provided by the Transport layer depend on the protocol being used. Transport layer services may include guaranteed delivery, message sequencing and/or flow control.
Transmission Control Protocol
Two protocols are used at the Transport layer. They are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). Each Transport layer protocol offers a predefined set of services. The Transmission Control Protocol (TCP) is connection based. Connection based means that a virtual session is established before information is sent between the source and destination. As data is received from the Application layer, TCP adds a header containing message delivery information. The combination of Application layer data and TCP header forms the Transport layer message. The message for TCP is called a segment. TCP provides a reliable transport mechanism, meaning it acknowledges the delivery of messages.
TCP Header
The header is normally 20 bytes in length but could be longer with options, such as maximum segment size. A checksum included in the header is used to check for bit corruption at the Transport layer. Each TCP segment contains sequencing information. If TCP receives a duplicate copy of a segment, it is discarded. Only the first copy of that segment is kept. NOTE: If a segment in the sequence is not received, the problem can be detected and the missing segment can be requested. Lower layer protocols, such as Ethernet, may also use some algorithm to check for bit corruption at that layer. TCP implements flow control using the Window Size field of the TCP header. Each of the partners in the virtual connection specifies the maximum number of bytes they will accept from the other. When system "A" sends data or acknowledgements to system "B", it tells system "B" how much buffer is available to accept new information (using the Window field). System "B" will adjust the amount of information it sends to system "A" accordingly. The Training Corporation uses the Simple Mail Transfer Protocol (SMTP), File Transfer Protocol (FTP), and Hyper Text Transfer Protocol (HTTP). All of these Application layer protocols use the services of TCP at the Transport layer to guarantee delivery of messages, handle flow control, and ensure proper message sequencing. Most users do not know that they are using TCP. Users do not receive a message informing them that this protocol is in use.
User Datagram Protocol
The User Datagram Protocol (UDP) is a relatively simple Transport layer protocol. It is not connection based, which means that a virtual session is not created before messages are sent between source and destination. UDP messages are sometimes called datagrams. The header is 8 bytes in length and the format is shown here. UDP does not acknowledge the delivery of Transport layer messages. UDP does not offer a message sequencing service. It does not create a relationship between the current message, the one before it, or the one following. UDP does not provide message flow control. Because UDP does not offer flow control, it is possible to send information faster than the receiver can accept it. This can result in messages being discarded by the receiver due to lack of buffer space. If the application layer requires guaranteed delivery, message sequencing, or flow control, the application layer must handle those functions itself. The Training Corporation uses the Network File Systems (NFS) protocol at the Application layer for sharing files among UNIX hosts. Version 2 of NFS required the use of UDP at the Transport layer. The Transport layer offers two protocols: TCP and UDP. TCP acknowledges the delivery of messages and keeps them in the original sequence. It also checks for missing messages and duplicate copies of messages. TCP implements flow control using the Window Size field of the TCP header. UDP is a relatively simple Transport layer protocol that does not support message acknowledgement, sequencing, or flow control.
Port Number Overview
An IP address alone is not sufficient to uniquely identify communications between two network devices. This lesson introduces a solution called socket addressing. The Transport layer uses the concept of a logical port number to deliver messages. A source and destination port number is specified in the TCP or UDP header. A port number is represented by a 16-bit integer. In the TCP or UDP header, a source and destination port number must be specified. The sender inputs the destination port number, telling the receiver which process is to receive this message. The sender also inputs the source port number, telling the receiving process which port should be used for replies to this message. Transport layer port numbers provide a way to make the initial request for a service on a remote host. They also identify communications with a remote system. They are used to uniquely identify services or processes on the systems. The port numbers are divided into Well Known Ports, Registered Ports and Dynamic Ports. Well Known Ports range from 0 to 1023 while Registered and Dynamic Ports range from 1024 to 65535. Some Well Known Ports are HTTP (port 80), SMTP (port 25), and FTP (ports 20 and 21). Most service-to-port number assignments are administered by a governing Internet committee and not by individual vendors. Port number assignments for UNIX, Microsoft and other operating systems should be consistent. For example, a web browser normally requests access to a web server by specifying service port 80 as the destination port in the TCP header, regardless of the vendor. For more information on specific port number assignments, refer to the Internet Assigned Numbers Authority (www.iana.org).
Port 0 is reserved. Ports 1 -1023 represent "well known services". They are used as the contact port when making the initial request for service. For example, E-mail is normally handled by the Simple Mail Transfer Protocol, port number 25. The reserved port numbers have not been defined for service or registered use by the standards body. They are simply reserved for future use. Port 1024 is reserved. Ports 1025 through 49151 are registered port numbers. They are typically the port numbers used when communication has been established between network devices.
Socket Addressing
The concept of socket addressing was introduced in Berkeley UNIX. The term "socket" is generally associated with the combination of an IP address (Network layer) and a port number (Transport layer). Socket addresses may be specified in more than one way. Shown here are two examples using port number 40727. Most operating systems will use one of these formats.
Network Problem Example
IP addresses alone will not uniquely identify the destination of messages. In this example, the same server provides file transfer and email services to clients. Without a Transport layer destination port number, the receiving network device cannot know which service the client is requesting. By using IP addresses at the Network layer and Port Numbers at the Transport layer (a socket address), communications between Application layer processes can be uniquely identified. In this example, the client uses the same destination IP address for file and E-mail services but adds the port number to identify which service receives a particular message. Port numbers provide a way to make a request for a service or communicate with a specific process on another network device. Port numbers are 16 bit integers. The TCP or UDP header includes source and destination port numbers. Socket addressing is generally defined as the combination of an IP address (Network layer) and a port number (Transport layer).
Summary
For the ARPA architecture, there are two Transport layer protocols: TCP and UDP. TCP is a guaranteed delivery service with flow control and acknowledgement capabilities. UDP is a nonguaranteed service with no flow control or acknowledgement capabilities. Port numbers are used to specify the service or application that is being addressed. In summary, network layer protocols specify addressing and routing schemes for getting higher layer messages to their destination. The Internet protocol is used almost universally for communicating between network devices. IP addresses are used to route IP packets from source to destination. Transport layer protocols may offer guaranteed delivery of higher layer data or provide simpler, non-guaranteed delivery service. IP addresses are used at the network layer and port numbers are used at the transport layer so that communications between application layer processes can be uniquely identified.
Course Summary
Key points covered in this course: How networks are used for sharing resources The purposes and associated protocols of specific ARPA layers Internet Protocol routing and routing tables Other protocols related to the Network layer The term ports as it applies to the Transport layer
BNE Application Layer and Troubleshooting
Welcome to BNE Application Layer and Troubleshooting. The AUDIO portion of this course is supplemental to the material and is not a replacement for the student notes accompanying this course. EMC recommends downloading the Student Resource Guide from the Supporting Materials tab, and reading the notes in their entirety.
Copyright 2005 EMC Corporation. All rights reserved. These materials may not be copied without EMC's written consent. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Celerra, CLARalert, CLARiiON, Connectrix, Dantz, Documentum, EMC, EMC2, HighRoad, Legato, Navisphere, PowerPath, ResourcePak, SnapView/IP, SRDF, Symmetrix, TimeFinder, VisualSAN, where information lives are registered trademarks. Access Logix, AutoAdvice, Automated Resource Manager, AutoSwap, AVALONidm, C-Clip, Celerra Replicator, Centera, CentraStar, CLARevent, CopyCross, CopyPoint, DatabaseXtender, Direct Matrix, Direct Matrix Architecture, EDM, E-Lab, EMC Automated Networked Storage, EMC ControlCenter, EMC Developers Program, EMC OnCourse, EMC Proven, EMC Snap, Enginuity, FarPoint, FLARE, GeoSpan, InfoMover, MirrorView, NetWin, OnAlert, OpenScale, Powerlink, PowerVolume, RepliCare, SafeLine, SAN Architect, SAN Copy, SAN Manager, SDMS, SnapSure, SnapView, StorageScope, SupportMate, SymmAPI, SymmEnabler, Symmetrix DMX, Universal Data Tone, VisualSRM are trademarks of EMC Corporation. All other trademarks used herein are the property of their respective owners.
BNE Application Layer and Troubleshooting - 1
Course Objectives
Upon completion of this course, you will be able to: Describe the function of the Application layer of the ARPA architecture List and describe several protocols used at the Application layer of the TCP/IP architecture for information access Identify network security issues List some of the ways to implement network security Identify basic network concepts that will help in recommending, installing, configuring, and troubleshooting network products in a customers environment.
2005 EMC Corporation. All rights reserved. BNE Application Layer and Troubleshooting - 2
Networking is an integral part of todays business environment. This course will present the fundamental concepts of a networked environment.
Web Browsers and HTTP
The Application layer is concerned with the interface between users and the system. Applications may be divided into several categories including content access, file transfer, virtual terminal services, network management and file access. Web Browsers using the Hyper Text Transfer Protocol (HTTP) are one of the most popular applications today. Web Browsers, such as Microsoft Internet Explorer and Netscape Navigator, provide an interface between the user and Web Servers. The Web Browsers and Web Servers operate in a client/server environment. The Web Server is a network-attached device that provides text and graphics for display on the browser (client). The server also accepts input from the Web Browser, allowing the user to interact with a Web site by performing such actions as answering questions and filling out forms. Web Browsers allow network users to retrieve text and graphics from many servers. The servers might be located within an organization's own networks or available through the Internet.
Some network devices, including bridges or layer 2 switches, and routers or layer 3 switches, can be managed using Web Browsers. The bridge/router/switch acts as a Web Server, providing content in the form of graphics, status and parameter settings. It also accepts commands to view and/or modify parameters and settings from the Web Browser. Many other devices, such as Fibre Channel switches, include a Web Server to allow network administrators to access the unit from a remote location. HTTP uses the guaranteed services of TCP at the Transport layer. By default, the Web Browser makes the initial request for an HTTP session by specifying port number 80 as the destination port in the TCP header. The HTTP server examines the destination port number in the request and executes the Web Server application. For security purposes, Web Servers can be modified to accept HTTP session requests on a port number other than port 80. However, the browser must know to specify a different port or it cannot access the Web Server. NOTE: Some, particularly older devices, may not have the capabilities to be managed by a Web Browser.
Case Study
The Training Corporation uses Web Browsers (and servers) in several ways. The corporation's Web Servers allow current and potential customers to view their course catalog, class schedule, and class locations. The Training Corporation also uses Web Browsers to provide maps to the training centers, along with recommended hotels, and restaurants and area attractions that are stored on the corporation's Web Servers. In the Training Corporation, customers can request attendance in classes and pay for the classes via credit card by using a Web Browser. Customers can also send questions to the sales staff. From their corporate headquarters in Atlanta, Georgia network administrators monitor and manage devices throughout the corporate network. This reduces the number of managers needed to control network operations and, therefore, lowers the total cost of ownership for the corporate network infrastructure.
File Transfer Protocol
The File Transfer Protocol (FTP) copies one or more files between network devices. Files may contain any combination of text and binary (executable programs or graphics) information. One of the network devices is the client that initiates FTP requests. The other device is the server, accepting and handling requests from the client. FTP uses the guaranteed delivery services of TCP at the Transport layer. By default, the client makes the initial request for an FTP session by specifying port number 21 as the destination port in the TCP header. The FTP server examines the destination port number in the request and executes the FTP server application. FTP can be used to retrieve (get) or send (put) one or more files at the same time on a remote network device. If copying multiple files, wild card characters may be used. For example, the command "get *.txt" would tell a UNIX system to retrieve all files that end with the ".txt" extension in the working directory of the remote machine. The network device that requests the file transfer is the client. The device responding to the request is the server. FTP uses the security system of the server to validate users, requiring a username and where required, a password. A special username, "anonymous," may be used and the requested password is usually the E-mail address of the client.
FTP Commands
cd to change directory on the remote machine close to terminate a connection with another computer delete to delete (remove) a file in the current remote directory (same as rm in UNIX) get help ls to copy one file from the remote machine to the local machine to request a list of all available FTP commands to list the names of the files in the current remote directory
mkdir to make a new directory within the current remote directory open put quit to open a connection with another computer to copy one file from the local machine to the remote machine to exit the FTP environment (same as bye)
A few of the commands that may be used with FTP are shown here. These are issued by the client. The Training Corporation uses FTP to update desktop computer software. Users periodically receive E-mail messages when new versions of application software are available. They download a copy of the setup program for the software update from one of the corporation's FTP servers, and execute the setup program.
Trivial File Transfer Protocol
The Trivial File Transfer Protocol (TFTP) copies one file at a time between source and destination network devices. Files may contain any combination of text and binary (executable programs or graphics) information. Some implementations require the user to specify whether the file contains text or binary information. TFTP uses the non-guaranteed delivery services of UDP at the Transport layer. UDP port 69 is used to request TFTP service. TFTP can be used to retrieve (get) or send (put) a file on a remote network device. TFTP and FTP offer "secure" and "non-secure" options. Most implementations use the secure option. These do not offer security from sniffing of the packets by hackers by any stretch of the imagination, but they provide a rudimentary access security to the file structure. Using this implementation, the server manager specifies a "top" directory for client access. This is not inherently an option of the protocol, but of the tool used to manage these file transfer protocols. The clients can access that directory and any of its subdirectories. File and folder permissions are based on the server's operating system file access system. In the UNIX environment, clients are given the "Other" permissions as opposed to "Owner" or "Group" permissions. TFTP has only two commands: "get" and "put". The client must specify the full path from the "top" directory on the server for the file that is to be sent or received.
Telnet and SSH Protocols
SSH Uses Port 22 Telnet
There are times when it is useful to access a network device remotely, as though we were accessing the device from a local terminal. Telnet provides a virtual terminal service that makes a network device appear to be directly connected to the remote device. Many products that must be managed, such as switches and storage products, offer the telnet interface to manage these products. Telnet uses the guaranteed delivery services of TCP at the Transport layer. The destination port number 23 is used to request a Telnet session. Telnet works in a client/server environment. The device that is acting as a local terminal (and initiates the Telnet session) is the Telnet client. The device that accepts the incoming Telnet request executes a Telnet server process. When a Telnet session is initiated, the client and server negotiate certain options such as the terminal type (e.g. Digital VT-100). Once the option negotiations are complete, the client's terminal appears to be directly connected to the remote device. The Telnet session is ended when either the client logs off the server, the server abruptly terminates the session, or the client abruptly terminates the session. The Training Corporation uses Telnet to remotely configure network devices. For example, the network manager in Atlanta can remotely enable and disable ports on a network switch in Seattle to modify network access. In the UNIX environment, the server process, usually called a daemon, is typically called telnetd. The Secure Shell (ssh) provides an encrypted virtual terminal session between a client and server. In many cases, this is preferred over Telnet due to security issues. Telnet is clear-text. Anytime you care about the fact that your user ID/password could be captured via packet sniffing/eavesdropping, you shouldn't be using telnet. TCP port 22 is used by ssh.
Simple Network Management Protocol
Networks are increasing in complexity. Equipment from multiple vendors is connected using multiple hardware platforms. Network managers need to manage many devices and many different networks from one location. The Simple Network Management Protocol (SNMP) provides the means for managing local and wide area network devices, regardless of the hardware or software platform. SNMP normally uses the non-guaranteed services of UDP at the Transport layer. There are 3 basic components to SNMP. They are the Manager, Agent, and the Management Information Base (MIB). There is more than one version of SNMP. The original version gained wide acceptance in the networking industry. Follow-on versions added more options and increased security. SNMP version 1 introduced the concept of SNMP communities. Network devices are divided into communities as a means of providing limited security. SNMP Managers include a community name when sending requests to Agents. If the Agent has not been configured to communicate with Managers in that community, the request is discarded. The default community name is Public. Some Agents can be configured to accept requests from only certain Managers using specific community names. Management Information Base (MIB) objects are organized with an inverted tree structure. Shown is a subset of the MIB version 2 tree. Objects have a name and a dotted notation to identify them. For example, the MIB object describing the physical location of a network device is called "sysLocation. The dotted notation representing this object is 1.3.6.1.2.1.1.4.
Manager and Agent Communications

PDU Type 0
Name
Description
get-request get-nextrequest set-request getresponse trap
Get one or more variables .(manager to element) Get next variable after one or more specified variables. (manager to element) Set one or more variables. (manager to element) Return value of one or More variables. (element to manager) Notify manager of an event. (element to manager)
The SNMP manager normally initiates all communications with the agent. The exception is a "trap" condition when the agent detects a predefined error or event. There are five types of messages exchanged in SNMP. They are referred to by Protocol Data Unit (PDU) type. Training Corporation network managers use SNMP for monitoring, configuring and managing network devices throughout their enterprise. From the corporate headquarters in Atlanta, Georgia the network administrators monitor the status of the network. Network devices with SNMP agents are configured to send trap messages to the management station in Atlanta if they encounter error conditions.
Network File Access and ARPA Layers
Network File Access provides for access to data across a network without the need for downloading files. Two popular network file access protocols are Network File System (NFS) and Common Internet File System (CIFS). NAS devices are designed to utilize network file access protocols to provide file sharing services to clients. Depending on the actual protocol, TCP or UDP may be used at the Transport layer. In network file access protocols, the contents of the server's file system/directory/folder and all sub-directories are available to the client. Here are some of the benefits that network file access provides to an organization. Peace of mind at a reasonable cost Supports Windows and UNIX operating systems, as well as any others that support CIFS or NFS Flexible growth potential without a lengthy acquisition process Sharable over multiple servers and applications NOTE: The goal of network file access protocols is to make a file system (UNIX) or directory/folder (Microsoft) on a file server appear to be located on the client machine.
Network File Systems (NFS)
NFS (Network File System) is a file sharing protocol that was originally developed by Sun Microsystems. It operates on a client/server basis and has been implemented by many vendors. NFS is especially popular in the UNIX environment. It allows a file server to share access to files among many client devices. For more information about NFS, access the URL HTTP://fressbsd.org/handbook/nfs.html. NFS performs its work by using Remote Procedure Calls (RPCs) between NFS clients and servers. RPCs contain file access requests and are sent from NFS clients to a server. They also contain the responses from the NFS server to the client. NFS has the flexibility to use either TCP or UDP at the Transport layer. The client and server must agree on which Transport layer protocol to use. NFS clients cannot access a NFS file system until it is exported. Exporting means that NFS clients will be allowed access to the file system. A file system is the structure used to organize disk space into directories and individual files. The file system contains information such as the names of files and directories, their sizes, and where the are located on the disk (see note). NFS allows users to share files without having to send copies to each other. Each user accesses the files as though they were located on a local disk in their office. Because the files are located on a central file server, the operator of the NFS server can perform backups on files for all of the users. NOTE: File and directory access restrictions apply to exported file systems. A system administrator on the NFS server specifies which NFS clients can access the files and directories on the exported file system.
Common Internet File System
The Common Internet File System (CIFS) is based on the Server Message Block (SMB) protocol, developed by IBM Corporation and implemented by Microsoft Corporation. It operates on a client/server basis and has been implemented by many vendors. CIFS allows a file server to share access to files among many client devices. CIFS allows multiple clients to access and update the same file, while preventing conflicts with sophisticated file-sharing and locking semantics. These mechanisms also permit aggressive caching and read-ahead/writebehind without loss of cache coherency. CIFS also supports fault tolerance in the face of network and server failures. The CIFS protocol has been tuned to run efficiently over slow dial-up lines. The effect is improved performance for the vast number of users who access the Internet using a modem. CIFS servers support both anonymous transfers and secure, authenticated access to named files. File and directory security policies are easy to administer. Microsoft CIFS servers are highly integrated with the operating system, tuned for maximum system performance, and easy to administer. File names can be in any character set, not just ones designed mainly for English or Western European languages. Users do not have to mount remote file systems, but can refer to them directly with globally significant names instead of ones that have only local significance.
There is also significant industry support for the CIFS protocol. Industry leaders AT&T, Data General, Digital Equipment, Intel, Intergraph, Network Appliance, and SCO are working actively with Microsoft in support of the CIFS initiative. CIFS is already widely supported in commercial software products such as AT&T Advanced Server for UNIX, Digital's PATHWORKS, HP Advanced Server 9000, IBM Warp Connect, IBM LAN Server, and Novell Enterprise Toolkit, among others. In addition, CIFS is the featured file and print-sharing protocol of Samba, a popular freeware network file system available for Linux and many UNIX platforms, OS/2, and VMS. The Training Corporation has configured their NAS systems as CIFS servers. Using CIFS, employees share access to valuable data including customer records. Their desktop computers are configured as CIFS clients and gain access to files and directories according to the permissions set by NAS administrators. Web Browsers are a popular way to access resources on the Internet or within an organization's networks. The HyperText Transfer Protocol (HTTP) is one of the protocols supported for web access. There are multiple protocols within the ARPA architecture. They include FTP, TFTP, Telnet, SNMP, NFS and CIFS.
Name Resolution Overview
Most people would rather access a network device by using a name rather than its IP address. Network devices access each other by addresses. For example, an Internet address, not a device name, is placed in an IP header. Name resolution is the process of acquiring the IP address associated with a network device name. Several forms of name resolution may be implemented in organizations. Network devices may use one or more of these forms. The common resolution methods are: Local host files, domain name system, and network information system. If using multiple name resolution schemes, the order in which the schemes are used may be specified. For example, some versions of the UNIX operating system can use the local hosts file, DNS and/or NIS.
Hosts File Name Resolution
An early form of name resolution uses a local "hosts" file on each network device. The text file contains one line for each name resolution. When a network device needs to convert a name to an IP address, it searches the "hosts" file for the name and uses the associated IP address. In the UNIX environment, the "/etc/hosts" file contains the name resolution database. A similar "hosts" file is available in the Microsoft environment. The file and its entries would look something like the example shown. The hosts file name resolution is locally managed on each device. The "hosts" file on each network device must be edited when a new device is added to the network. The same is true if a network device's name or its IP address is changed. NOTE: On a network with many devices, maintaining the "hosts" files becomes an overwhelming task.
Domain Name System
The Domain Name System (DNS) is a form of name resolution that uses a client/server approach. The first implementation of DNS server software was Jeeves, written by Paul Mockapetris. Kevin Dunlap later wrote an implementation for Berkeley University in California called BIND (Berkeley Internet Domain). BIND is the most widely used implementation of DNS. The responsibility for name resolution is divided among devices in a hierarchy structure. The entities responsible for name resolution are divided into domains. The top (highest) naming authority is the "root" domain. Under the root domain, there are multiple levels of sub-domains. You may be familiar with some of the sub-domains under the DNS root such as .com, .edu, .mil, .gov, .net, and other names. A Fully Qualified Domain Name (FQDN) consists of a network device name and the entire domain hierarchy to which it belongs. A period (.) is used to separate the names of the host and domains from each other. Each domain usually has the authority to manage name resolution within that domain, this is called the "zone of authority". Using the example, the "EMC" domain has authority to manage (and delegate) name resolution within its domain. Also in this example, the "EMC" domain might have delegated authority for some naming to the "isus" sub-domain.
There are multiple classifications for different types of devices using DNS such as master server, slave server, caching server, and client. The Master Server host maintains a master copy of the DNS database for a zone of authority. Changes to the database should be made here. The Master Server can distribute copies of its database to other servers or reply to client name resolution requests. The Slave Server host receives a copy of the Master Server's database. Its main purpose is to provide responses to client name resolution requests. A caching server provides name resolution for clients, but does not have a local database. If a caching server already knows the name resolution (available in local cache), it responds to the client without consulting a master or slave server. If a caching server does not have a resolution, it sends the request to a master or slave server. The caching server receives a response and stores it in local cache, then the resolution is sent to the client. The client is the consumer of the DNS service. It can send name resolution requests to the master, slave, or caching servers. To participate in a DNS domain, the DNS client may need to know its own DNS hostname (using the previous example, mailserver), the name of the domain to which it belongs (using the previous example, isus.emc.com), and the IP address of one or more DNS servers. There is a way for DNS clients to receive this information from another network device. For example, a dynamic host configuration protocol (DHCP) server may supply some of this information when the network device issues a DHCP request.
DNS Query Types
There are two types of DNS name resolution queries that might be made by a DNS server. They are known as recursive and iterative. In a recursive DNS name resolution query, the client makes a request to one server. If the server does not have the resolution, it will ask other servers and eventually return the resolution to the client. In an iterative DNS query, the client makes a request to a server. If the server does not have the resolution, it will reply with the address of another server who may have the answer. This process continues until a resolution is found or no resolution is available.
Network Information System
The Network Information System (NIS) is a protocol that provides for centralized administration of UNIX databases. One of those databases is used for name resolution. NIS is based on a client/server model. The NIS is a protocol that originated with Sun Microsystems. It was originally known as "yellow pages" (yp) but the name was changed due to copyright violations. Several vendors have implemented NIS (see note). The databases are called "maps". NIS is based on naming domains of authority with each domain responsible for the name/address database and handling name resolution requests. This protocol uses a client/server model. NIS uses a master server and slave server(s) to distribute information to clients. There are three components to the NIS client/server model: NIS Master, NIS Slave, and NIS Client. The NIS Master host contains the master copy of the NIS databases. Any changes to the NIS database should be made here. The NIS master distributes copies of its database to slave servers. The NIS Client is the consumer of the NIS service. Clients send name resolution requests to the NIS Master or Slave servers. Once initialized, NIS clients normally use a single NIS server for all requests. They can request name resolutions from the master or slave servers. Initially, the client will broadcast a ypbind request and wait for a server to respond. The IP address of the first server (master or slave) to respond is stored by the client and will be used as the target of future name resolution requests. The term ypbind is the name given to this process by Sun Microsystems. If the server that was discovered by the ypbind request becomes unavailable, the client will broadcast a ypbind again, trying to find another server that can handle name resolution requests. NOTE: Learn more about NIS by visiting : HTTP://www.freebsd.org/handbook/nis.html
Network Basic Input/Output System
NetBIOS is an acronym for Network Basic Input/Output System. The NetBIOS API allows applications on separate computers to communicate over a local area network. It provides services related to the session layer of the OSI model but is not routable and must be encapsulated within a protocol in order to be of use in a wide area network. NetBIOS makes wide use of broadcast messages, which accounts for its reputation as a chatty interface. The Network Basic Input/Output System (NetBIOS) uses a naming service developed by IBM. It has been used extensively in the Microsoft environment. NetBIOS can be used with multiple architectures such as ARPA (TCP/IP). Unlike some of the other name resolution techniques, NetBIOS offers host based and/or centralized database management. If local administration of NetBIOS resolution is desired, the "LMHOSTS" file is used. Similar to the UNIX "/etc/hosts" file for name resolution, this text file contains one line for each name and address pair. The location of the LMHOSTS file is dependent on the version of the Microsoft operating system that is using NetBIOS for name resolution.
Windows Internet Naming Service
Microsoft has provided a method for centrally administering NetBIOS names. The Windows Internet Naming Service (WINS) dynamically resolves NetBIOS names to IP addresses. Like DNS and NIS, WINS operates in a client/server environment. A WINS server not only resolves NetBIOS names to IP addresses - it dynamically "learns" the names and addresses of devices on the network. When a Microsoft WINS client initializes (startup), the client sends its proposed NetBIOS name to the WINS server. Assuming that the name is not in use by another network device, the WINS server stores that name and associated IP address in its database. The stored entry will be used to answer name resolution requests from WINS clients. If it is a unique name (i.e. no other clients or servers are already using that name), the WINS server approves the client's use of the name. Multiple WINS servers may be present in the customer's network. They can update each other as database entries are added, deleted, or modified to keep the databases consistent among the servers. Microsoft uses WINS and the Universal Naming Convention (UNC) with NetBIOS names extensively. The UNC precedes the NetBIOS name of a network device by two backslashes. Any exported file systems (UNIX) or shared folder (Microsoft) names are separated from the network device name by another backslash.
Concept Summary
Network devices may use a variety of naming systems such as a "hosts" file, DNS, NIS and WINS. The "hosts" file is locally managed on each network device. DNS and NIS (Domain Name System) are centrally managed. NetBIOS name resolution may be locally administered (local "LMHOSTS" file), centrally administered (using a WINS server), or both. NetBIOS names are limited to 15 characters transmitted using upper case alpha characters. Web Browsers and the HTTP are used for requesting and retrieving World Wide Web content. File transfer can be performed with FTP or TFTP. Each requires a different protocol at the Transport layer. Telnet and ssh allow users to be virtually connected to remote network devices. Network File Access provides for access to data across a network without the need for downloading files. The NFS and CIFS protocols enable network file access between file clients and file servers. Device name to IP address resolution may be performed using a local "hosts" file, DNS, NIS, or WINS.
Data Access through Networks
Before implementing effective network security, network managers must understand how an unauthorized user accesses information on a private network. This module will present some forms of unauthorized access to network devices and ways to safeguard against them. Security models, encryption methods, and tunneling options will be explained. Addressing network security issues can be expensive and time-consuming but is essential to maintaining the availability and integrity of information. Access to data through a network may offer a strategic advantage over competitors. For example, sharing customer information among departments of a company could result in better service and increased customer satisfaction. Anything that compromises data access is potentially devastating. All forms of compromised data involve network security.
Data Vulnerability
Data can be deleted without being physically present at the data source. For example, a network "hacker" might access the device containing data and delete this valuable information. If a "hacker" can disrupt network access to data, many people may be affected. While the data is not permanently lost, the temporary loss can be costly. For example, imagine how the New York Stock Exchange would be affected if someone could block orders to buy or sell stock through the network. Some data is especially valuable because it contains trade secrets, competitive information or intellectual property. A hacker might copy this valuable data while authorized users are accessing it through the network. Incorrect data can potentially be worse than no data. A hacker might corrupt data at its source or while the data is traveling through a network.
Network Security
In a networked environment, network security is an important part of the overall security for information. Allowing access to the appropriate people and organizations while preventing access for others is the ultimate goal of network security. When some form of network security is employed, access to information may be divided into two categories: share level access security and user level access security. Using the share level access security model, a resource is protected by a single password that all users must know in order to gain access. For example, any user who knows the password "OurData" could obtain access to a database. The share level access model gives all authorized users equal permissions to files or directories. For example, all users might be given read/write or read-only access to a database. There is no way to give users in the Payroll department full access to a database while giving other users read-only access. A change to a share level password affects all users. Although this may seem to be an easy form of password administration, it can have disadvantages. When a password is changed, all potential users of the information must be informed.
User level access allows the administrator to grant and deny access to files and directories based on usernames or group names and associated passwords. This provides a significant security increase compared to share level access. For example, an unauthorized user must discover an authorized username and associated password to gain access to information. User level access gives each authorized user or groups its own set of permissions for files or directory access. For example, users in the Payroll department might be given read/write permissions to a database while denying access to all other users. Although user level access may seem to require more complex administration, there are advantages when compared to share level access. A password may be changed for an individual user and only that user is affected by the change. Only that user needs to be notified of the change. There are several ways that "hostile" devices may copy, delete, modify, or otherwise make data unavailable through the network. Depending on the type of attack, the network device that contains the information or an intermediate device may be the target. The goal of network security is to prevent unauthorized access. When some form of security is employed, access to information may be either share level access security, or user level access security.
Denial of Service Attack
Attacks on network devices may come in many forms. Only two are mentioned in this lesson. A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system. The goal is to keep this device so busy denying invalid requests that it does not have the resources (e.g. processor time or network bandwidth) to service valid requests from other networked devices. This makes the data unavailable to authorized, valid usersdenying them the requested service. A denial-of-service attack may be performed by a single device, or by many devices. Sometimes, the original attacker will distribute copies of an attack program to other devices via e-mail or another distribution method. In a denial-of-service attack, the original attacker may synchronize numerous devices to perform an attack at the same time. Some of the attacking machines may not even realize that they are part of the attack. It is one of the most difficult forms of attack to address.
Spoofing
Spoofing is a form of attack based on a "hostile" network device pretending to be another (perhaps already authenticated) device. The attacker attempts to assume the identity of a valid device. For example, the attacker may use the Internet Protocol (IP) address of an authorized device.
Firewalls
When deciding on an appropriate network security solution, the advantages and disadvantages of each solution must be considered. Most organizations with connections to the Internet implement some sort of "firewall" to enhance network security. The firewall is usually a combination of network hardware and software that is placed between the resource to be protected and the Internet. Using a firewall, a network administrator configures parameters to allow or deny access to the protected device(s). The firewall might be configured to prevent all incoming Telnet (virtual terminal) requests. This prevents users on the Internet side of the connection from trying to establish Telnet sessions with protected devices. Other incoming network requests, such as the Simple Network Management Protocol (SNMP), File Transfer Protocol (FTP), or Web browsing (HTTP) might be blocked depending on how the firewall parameters are configured. Incoming requests for these services might be blocked while outgoing requests for the same services are allowed. The firewall device might keep a list of authorized or unauthorized Internet addresses. For example, if a device with an IP address that is included on the firewall's unauthorized list attempts to send and/or receive information through the firewall, the transfer would be blocked. Caution must be used when configuring firewall devices. If the firewall policies are configured incorrectly, valid users may not have access to resources. The Training Corporation employs a firewall device with three network interfaces. One interface is connected to the Internet. Another interface is connected to the corporation's customer Web Server. This Web Server contains class schedules and other information about the corporation. The third interface connects to the corporate network. Outgoing Web Browser, E-mail, and file transfer requests are allowed. Only incoming E-mail is allowed to the corporate network.
Encryption
Generally, some form of encryption is used to prevent "hackers" from gaining access to usable information. Encryption techniques can employ simple character substitution or complex algorithms. In security terms, the original, unencrypted information is called "clear text". The goal of encryption is to make the information unusable to anyone except authorized users who know how to decrypt it. Frequently, an encryption key is used to convert the clear text into encrypted data. Public keys, private keys, or a combination of both may be used in the encryption process. The length of the key (the value used to encrypt the original, clear text information) varies. Generally, security increases as longer encryption keys are used. 128-bit encryption keys are common. Encryption methods and lengths include the Data Encryption Standard (DES, 56 bit) and triple DES (3DES, 168 bit). Encryption devices may be composed of hardware, software or both. They may be dedicated devices or perform other network functions. Encryption devices created solely through hardware are losing popularity. Most hardware encryption devices are dedicated network "boxes", inserted between the devices to be protected and the rest of the network. Many Routers and Layer 3 Switches encrypt information through algorithms performed by software. As such, these devices perform dual functions: routing information and encrypting it.
Virtual Private Networks
Remote devices may need to be virtually connected to a central network. For example, an employee with a laptop PC may need to access information stored at corporate headquarters from a hotel room, customer site, or home. A virtual private network (VPN) allows remote users to gain a secure network connection to corporate resources through a public network such as the Internet. Although using a public network, the remote devices can appear to be using an extension of the private, corporate network. The VPN tunnel only protects the information in transit between source and destination. Authentication of the client to the network is the responsibility of the corporation and there are many types of authentication that are used to ensure that only authorized users are permitted access into the network through the VPN. To access corporate resources, the remote user typically connects to an Internet Service Provider (ISP) through a modem. The ISP supplies the path between the remote user and corporate network. The ISP is providing a "tunnel" through which private network traffic may flow. The private communications must be encapsulated in IP packets with addresses supplied by the ISP at the source of a message. When the message reaches its destination through the ISP connection, the message is removed from the ISP "tunnel" packet. It is delivered to the destination using whatever network protocol has been chosen for the private network. While the ISP is using IP for routing information between the remote user and corporate network, the protocol it carries does not have to be IP. For example, a remote PC and corporate network may be sharing information with Novell NetWare (using the IPX network layer protocol) while the ISP is transferring that information using IP. Information between the remote user and the corporate network travels on a public network - the Internet. Thus, the information may be subject to "eavesdropping". To ensure privacy, some form of encryption is typically employed.
A disadvantage of tunneling is that it requires more encapsulation than a standard, non-tunneled connection and therefore, more characters per transfer. With a limited bandwidth WAN connection, this may have an impact on network performance. Several tunneling protocols exist. Microsoft created a protocol known as the Point-To-Point Tunneling Protocol (PPTP). Cisco created the Layer 2 Forwarding (L2F) protocol. Features of each protocol have been incorporated into the Layer 2 Tunneling Protocol (L2TP), created by the Internet Engineering Task Force (IETF). Organizations with Internet connections usually implement a firewall, which is usually a combination of network hardware and software placed between the resource to be protected and the Internet. Encryption is used to protect the privacy of information. VPN tunneling, authentication, along with encryption, provide a secure network connection between remote users and corporate networks. One or more security measures can be used to implement network security. Share and user level access, which require passwords, prevent unauthorized access to information. Firewalls enhance network security by blocking certain types of traffic, such as FTP requests. Data can be encrypted to maintain its privacy during transmission. Tunneling is a technique for connecting private networks through a public network.
Network Troubleshooting - Problem Description
Network troubleshooting is the process of identifying and isolating network problems. Gathering the right information will help in finding solutions to network problems. Documenting findings and actions throughout the process will help in analyzing the problem. Along with knowledge of layered architectures and protocols, this lesson will help you in finding network-related problems and solutions. Network troubleshooting begins with understanding the customer's problem and identifying the symptoms of the problem. Understanding a problem description accurately is a key to determining the cause of a network problem. Be sure to document your findings. It may help to determine if there are one or more simultaneous network problems. When troubleshooting a suspected network problem, listen carefully to the user's problem description. Ask questions if necessary to make sure that the problem is understood. Determine if more than one user is reporting a problem. If the answer is yes, determine if the users' problems appear to be related. This may help to determine if there is more than one simultaneous problem. If the problem is not visible at the moment, see if the person who reported the problem can reproduce it. If not, the problem may be intermittent and therefore very difficult to fix. Determine whether or not the problem has always existed. If it has, the problem may be the installation or initial setup of network-related hardware or software. If the device or software was properly functioning at one time, it will be necessary to find out what has changed. The problem could be a hardware failure or parameter change. This problem can be very different from troubleshooting initial installation failures.
When troubleshooting, it will be necessary to determine the symptoms. There may be indicators such as status lights, warning alarms, or error/status messages on equipment and software that provide symptoms to a problem. Be sure to record them. Another possible cause of a problem may be that the user accidentally performed wrong commands or keystrokes. The user may have performed steps in the wrong sequence and the problem will not be experienced again. When changes to the hardware or software are made, they may affect other equipment in the network. Determine if the change and the reported problem are related (see note 1). Confirm what revisions of the hardware and software are being used. There may be known problems with a particular version of hardware and software or problems with certain hardware and software versions working together. Customer support bulletins, Primus, and other internal documents (such as release notes) may describe a problem, symptoms, and fixes for revision issues (see note 2). If a user cannot communicate with any device in the same facility where the problem was discovered, the problem may reside in that user's network device or the connection to it. If there is a problem in communicating with a remote facility, determine if the user can communicate with any device in the remote facility. If they can, the problem may be isolated to the one remote device. NOTE 1: Be sure to document any network hardware or software changes. For example, if the network map is not updated, then troubleshooting the network will be more difficult. NOTE 2: You will probably need this information when contacting a support center if the problem is escalated.
Troubleshooting by Layers
The concept of network layers is useful for designing network architectures and troubleshooting. Network troubleshooters may check for correct operation at each layer of the architecture until the problem is found. A few examples are given in the following pages. Determine whether or not any application can access a remote device. If one service is available but another is not, the failing application layer software may not be loaded on the system, not currently running or configured incorrectly. For example, if the user can access the remote device using Telnet but cannot establish an FTP session, functions at lower layers of the architecture are working correctly. In this case, the remote device may not be accepting FTP requests, or a firewall may be blocking them. Verify that any firewalls are allowing the necessary traffic to pass through and insure that FTP service is enabled on the remote device. Transport layer issues are frequently related to port numbers. Try to determine what Transport layer port numbers are being used by the application. Check for firewalls that may be blocking network traffic with those port numbers. Routing and logical addressing are handled at the network layer. Verify that IP addresses, net masks, and routing table entries on the source and destination devices and all intermediate network devices are correct in a TCP/IP environment.
Data link protocols and physical connections are the concern at the network interface layer. Verify that the physical cables are connected properly. Check any network link status indicators. For example, if the Ethernet link status light is not indicating a normal connection, a physical cable or network interface may be faulty. Check the interface configuration for correct flow control, duplex, and speed settings. Understanding a problem description accurately is a key to determining the cause and resolution to networking issues. Be sure to document findings throughout the troubleshooting process. Determine if the problem has always existed or is a new issue. Ask the person reporting the problem to demonstrate it, if possible. Determine whether or not there have been any revisions or modifications to hardware or software that may have caused the problem.
Testing Network Functionality
Some network utilities are designed for testing and viewing network status information. Other utilities are used for configuring and viewing parameters. When troubleshooting, it may be necessary to verify parameter settings because they may have been configured incorrectly. Several utilities are available on network devices to test certain network functions. Some are designed specifically for testing networks. Others are standard user applications that may be used for troubleshooting.
Connectivity Utilities
The ping utility is a test to see if another network device is capable of accepting a simple message and responding to it. The network device running the ping utility sends an ICMP (Internet Control Message Protocol) "echo request" to the destination. If the destination device receives the echo request and is configured to respond to ping requests, it will send an "echo reply". The ping command must be entered in lower case letters (ping) on UNIX systems. Most other operating systems are case insensitive. The user initiating the test specifies the destination machine by name or IP address. The Network layer requires an IP address, not a name. If the user issues the command "ping HOST4", the name "HOST4" must be resolved to an IP address before the request is sent. If the command "ping 10.127.5.12" is given, the name resolution step is bypassed. To avoid confusing name resolution issues with device access, the user might want to specify the IP address with the ping command. Many implementations of PING allow the user to specify the number and frequency of echo requests. By default, Microsoft Windows NT sends 4 echo requests at 1-second intervals when the ping command is issued. If the network device issuing the echo request receives a reply, the lower layer protocols and devices are assumed to be functioning properly. This means that the physical connections are intact, switches and other Network Interface layer devices are working, and routers are performing their function.
If the network device issuing the echo request does not receive a reply, lower layer issues should be investigated. For example, there may be a loose cable, a failing hardware device, or incorrect routing tables. Check all devices, including the source and destination. Caution must be used when configuring firewall devices. If the firewall policies are configured incorrectly, valid users may not have access to resources. The "ping" utility performs one of the simplest tests for verifying connectivity between two network devices The traceroute (tracert) utility discovers and displays the path (route) a message uses from source to destination. It is also useful in determining the last router that received the message if its message is not delivered to its final destination. This test is called traceroute on UNIX systems and tracert on Microsoft systems.
Informational Utilities
Viewing network parameters can be an important part of troubleshooting. A single parameter with the wrong value can prevent communications on the network. Device parameter settings include the IP address, netmask, DNS configuration, ARP table entries and static routing table entries. The ipconfig utility is used for determining the network interface configuration. It includes the device name, IP address, netmask, default gateway, and a list of name resolution server(s). The command name for this utility varies slightly, depending upon the operating system. Most Microsoft Operating System Versions use ipconfig. UNIX systems use the command name ifconfig. The ipconfig utility displays the parameters settings for a network interface The nslookup utility is used for determining if Domain Name System (DNS) name resolution is working correctly. It can be used to resolve names to addresses or addresses to names. The arp utility is used to view IP-to-MAC address resolution (arp -a), create static IP-MAC address resolutions (arp -s), and delete entries in the arp table in memory (arp -d). The route utility is used to display routing table entries (route print), create static routing table entries (route add), remove routing table entries (route delete), and modify static routing table entries (route change).
Device Status Utilities
An important part of troubleshooting is determining the current status of a network device interface. If the interface is disabled or has an error, viewing that status can help quickly isolate a problem to a small portion of the network. The netstat utility is used for gathering network interface statistics. This utility is also used for viewing the network device's routing tables. For some operating systems, the "-i" argument in the command tells the utility to display the interface statistics. For other operating systems, "-e" argument tells the utility to display the Ethernet statistics. For all operating systems, the "-r n" argument in the command tells the utility to display routing table entries in numeric format. The netstat utility displays interface statistics and routing table entries.
Troubleshooting Summary
Asking the appropriate questions will usually help a network troubleshooter understand a customer's problem. Symptoms of a problem may be indicated by status lights and error messages. Improper network device configurations or faulty hardware may cause network problems. Considering network issues by layer will help in isolating a problem. When troubleshooting, network utilities are available for testing the network, viewing and changing network parameters, and viewing network status. Application layer protocols offer the interface between the user and lower layer protocols. Applications may be divided into several categories including content access, file transfer, virtual terminal services, network management, and file access. It is important to safeguard information from unauthorized users who can gain access to information throughout the network, any device attached to the network, or during data transmission from one device to another. Network troubleshooting is the process of identifying and isolating network problems. When troubleshooting, considering network issues by layer will help in isolating a problem.
Course Summary
Key points covered in this course: The function of the Application layer of the ARPA architecture Several protocols used at the Application layer of the TCP/IP architecture used for information access Network security issues Some of the ways to implement network security Basic network concepts that help in recommending, installing, configuring, and troubleshooting network products in a customers environment
BNE Network and Transport Layers
Welcome to BNE Network and Transport Layers. The AUDIO portion of this course is supplemental to the material and is not a replacement for the student notes accompanying this course.
EMC recommends downloading the Student Resource Guide from the Supporting Materials tab, and reading the notes in their entirety. Copyright 2005 EMC Corporation. All rights reserved. These materials may not be copied without EMC's written consent. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Celerra, CLARalert, CLARiiON, Connectrix, Dantz, Documentum, EMC, EMC2, HighRoad, Legato, Navisphere, PowerPath, ResourcePak, SnapView/IP, SRDF, Symmetrix, TimeFinder, VisualSAN, where information lives are registered trademarks. Access Logix, AutoAdvice, Automated Resource Manager, AutoSwap, AVALONidm, C-Clip, Celerra Replicator, Centera, CentraStar, CLARevent, CopyCross, CopyPoint, DatabaseXtender, Direct Matrix, Direct Matrix Architecture, EDM, E-Lab, EMC Automated Networked Storage, EMC ControlCenter, EMC Developers Program, EMC OnCourse, EMC Proven, EMC Snap, Enginuity, FarPoint, FLARE, GeoSpan, InfoMover, MirrorView, NetWin, OnAlert, OpenScale, Powerlink, PowerVolume, RepliCare, SafeLine, SAN Architect, SAN Copy, SAN Manager, SDMS, SnapSure, SnapView, StorageScope, SupportMate, SymmAPI, SymmEnabler, Symmetrix DMX, Universal Data Tone, VisualSRM are trademarks of EMC Corporation. All other trademarks used herein are the property of their respective owners.
Course Objectives
Upon completion of this course, you will be able to: Describe how networks are used for sharing resources Identify the purposes and associated protocols of specific ARPA layers Explain Internet Protocol routing and routing tables Identify other protocols related to the Network layer Define the term ports as it applies to the Transport layer
The objectives for this course are shown here. Please take a moment to read them.
Network Layer Description
The Network layer of the ARPA Architecture takes messages created by the Transport Layer and routes them through potentially complex networks from source to destination. This module will present the Internet Protocol (IP), the Internet Control Message Protocol (ICMP), and the Address Resolution Protocol (ARP) needed to perform Network layer functions. The Network layer accepts frames of information from the Network Interface layer and prepares it to be delivered to the Transport layer. In this lesson, we will discuss the functions and protocols needed to transfer information between these two layers. Information will pass through one or more networks between source and destination. The Network layer defines the addressing necessary for a message to traverse the networks. For example, the Internet provides an interconnection for many public and private networks. The Network layer protocol hides the details of the physical interfaces and cabling from the upper layers. This allows upper layer independence from lower layer hardware. For example, upper layer functions are not contingent on a particular LAN protocol such as Ethernet or Token Ring at the Network Interface layer. Logical addresses are used at the Network layer. A logical address is an address that is not hardware vendor specific. Physical addresses imply hardware dependence. For example, every Ethernet Network Interface Card (NIC) has its own unique physical (MAC) address. The Network layer routes messages received from upper layers between source and destination devices. When routing messages between network devices, a path is defined. If a component along the path fails, an alternate route may be available. The Network layer is responsible for keeping track of possible routes between source and destination.
Network Layer Protocols
Two Network layer protocols are defined in the ARPA architecture. They are the Internet Protocol (IP) and the Internet Control Message Protocol (ICMP). A third protocol known as the Address Resolution Protocol (ARP) maps the logical Internet address to a MAC address at the Network Interface layer. The Internet Protocol defines the rules and procedures for sending information between network devices. This is true whether the source and destination are located on the same or different networks. A companion protocol to IP is the Internet Control Message Protocol. It is used for sending administrative information between network devices. ARP maps a logical network layer address with a physical MAC address, bridging the Network Interface layer and the Network layer. ARP is not technically a Network layer protocol, but a Network Interface protocol. The Network layer and Network Interface layer need the services of ARP to associate IP addresses with MAC addresses. The Network layer provides hardware independence between the upper layers and the Network Interface layer of the ARPA architecture. The Internet Protocol (IP) uses logical addresses to route information between source and destination network devices. The Internet Control Message Protocol is a companion to IP that is used for passing administrative information on the network. The Address Resolution Protocol associates logical and physical network addresses.
Internet Protocol Overview
The Internet Protocol (IP) is used almost universally for communicating between network devices. Understanding the fundamental concepts of IP is critical to working within most customers' network environments. The Internet Protocol (IP) is designed for use with network devices in data communication networks. It provides for transmitting blocks of data called datagrams from source to destination.
IP Datagram: The basic unit of information for IP is called a datagram. An IP header that contains addressing plus other administrative information is added to higher layer data, forming a datagram. The datagram is sometimes called a packet. When transmitting, the IP datagram is passed to the Network Interface layer for delivery to the destination. When receiving, the Network layer accepts the datagram from the Network Interface layer, verifies that it is the intended recipient, removes its administrative header and passes the message to the Transport layer. This header contains addressing information and is used to route the packet from source to destination.
IP Version 6
0001020304050607080910111213141516171819202122232425262728293031 Version Traffic Class Payload Length Flow Label Next Header Source address ::: Destination address ::: Data ::: Hop Limit
(Internet Protocol Version 6) The next generation IP protocol. Started in 1991, the specification was completed in 1997 by the Internet Engineering Task Force (IETF). IPv6 is backward compatible with and is designed to fix the shortcomings of IPv4, such as data security and the maximum number of user addresses. IPv6 increases the address space from 32 to 128 bits, providing for an unlimited (for all intents and purposes) number of networks and systems. It also supports quality of service (QoS) parameters for real-time audio and video. Originally called "IP Next Generation" (IPng), IPv6 is expected to slowly replace IPv4, with the two existing side by side for many years. IPv6 was officially deployed in July 2004 when Internet Corporation for Assigned Names and Numbers (ICANN) added IPv6 records to its DNS root server for the .jp (Japan) and .kr (Korea) country codes.
Version. 4 bits. IPv6 version number. Traffic Class. 8 bits. Internet traffic priority delivery value. Flow Label. 20 bits. Used for specifying special router handling from source to destination(s) for a sequence of packets. Payload Length. 16 bits unsigned. Specifies the length of the data in the packet. When cleared to zero, the option is a hop-by-hop Jumbo payload. Next Header. 8 bits. Specifies the next encapsulated protocol. The values are compatible with those specified for the IPv4 protocol field. Hop Limit. 8 bits unsigned. For each router that forwards the packet, the hop limit is decremented by 1. When the hop limit field reaches zero, the packet is discarded. This replaces the TTL field in the IPv4 header that was originally intended to be used as a time based hop limit. Source address. 16 bytes. The IPv6 address of the sending node. Destination address. 16 bytes. The IPv6 address of the destination node.
IP Header
The normal IP header length is 20 bytes. The header will be longer than 20 bytes if options such as explicit routing information are specified. The IP header format, followed by higher layer data, is shown here. NOTE: For more detailed information on Internet Protocol, refer to Request For Comments (RFC) 791, available on the Internet at http://www.ietf.org/rfc.html.
Internet Protocol Addressing
At the Network layer, the IP address specifies a logical network number and one or more hosts within that network. Internet addresses are normally expressed in "dotted decimal" notation (a.b.c.d). Each IP address is 4 bytes (octets) for a total length of 32 bits. Numeric values for each byte range from 0-255 (decimal). There must be a source and a destination address. The source address represents a single device. The destination address may represent one or more devices to receive the packet. There are three types of destination addresses: they are unicast, multicast or broadcast. When a message is sent on the network, one of these three types of destination addresses is used. For a unicast address, the destination is a single network device. For a multicast address, the destination is a group of network devices. For a broadcast address, the destination is all devices on the network. NOTE: Ethernet supports all three destination types.
IP addresses can be divided into two major categories, public (globally unique) and private (enterprise unique). Public addresses are unique to an organization. No other organization in the world is authorized to use these addresses on the Internet. Private addresses must be unique within an enterprise network but can be duplicated by other enterprises. The Network Address Translation (NAT) is a means of transporting packets with private IP addresses through a public network. The packet from a device using a private IP address is intercepted before it reaches the Internet. A device with a public IP address takes the packet, uses its own public address as the source and sends the packet to the Internet. When a reply is made to this packet, the NAT device accepts the packet and forwards it to the original sender. For more information about private IP addresses read RFC 1918. It is available through a variety of RFC repositories including http://www.letf.org/rfc.html on the Internet. Regional Internet Registries (RIR) oversee the assignment of public IP addresses throughout the world. For example, the Asia Pacific Network Information Center (APNIC) oversees the assignment of IP addresses in Asia/Pacific region.
IP Network Classes
There are five classes of Internet addresses; Class A, B, C, D, and E. Only classes A-D are currently used; Class E is reserved. The network class is determined by examining the first octet (byte) of the IP address.
Class A
Class A networks are considered large networks because of the large groups of host numbers. A total of 127 Class "A" networks can be defined with 16,777,214 hosts per network (8 bits in the IP address for the network number, 24 bits for the host number). The first octet in the IP address ranges from 1 through 127. MORE: Remember that an IP address consists of a logical network number and a host number. As an example, for IP address 68.214.99.72, by default, the network portion is "68" and the host portion is "214.99.72". There is a way to change the default portions using netmasks, which will be described later. Class A IP address 127.0.0.1 is reserved for testing and local software applications. It is not assigned to a physical connection. This address is also known as localhost. Normally, all machines on a network have a localhost with this address. When a message is sent to this address, the message never leaves the network device. Instead, it is "looped back" internally as though the message had been received from another host.
Class B
Class B networks are considered medium networks. Class B networks can be defined with 65,534 hosts per network (16 bits for the network number, 16 bits per host number). The first octet in the IP address ranges from 128 through 191. As an example, for IP address 137.91.202.50, by default, the network portion is 137.91 and the host portion is 202.50.
Class C
Class C networks are considered small networks. Class C networks can be defined with 254 hosts per network (24 bits for the network number, 8 bits for the host number). The first octet in the IP address ranges from 192 through 223. As an example, for IP address 193.217.101.42, by default, the network portion is 193.217.101 and the host portion is 42.
Class D
Class D network numbers are used for multicasting when sending messages to a group of devices on the network. The first octet in the IP address ranges from 224 through 239. As an example, certain network devices send routing information throughout the network using multicast address 224.0.0.5. The Internet Protocol adds some administrative information (including logical addressing and routing) to data from higher layers in the architecture. This administrative information is contained in the IP header. The information is mandatory for moving information through the network from source to destination.
Binary/Decimal Number Conversion
Since there are only four network classes available for Internet addresses, other methods of designating network size must be used to gain efficient use of the remaining available addresses. In some cases, it may be desirable to convert between base numbering systems such as binary and decimal. Converting between binary and decimal may help in understanding subnet masks. An example of Internet address 128.10.2.3 (decimal) in both formats is shown here.
Binary to Decimal Steps
To find the decimal equivalent of the binary number, add the decimal value of each position where a "one" bit in the binary number is located. The chart shown displays the binary bit positions (powers of 2), binary value for each bit position, and the decimal equivalent of each bit position (decimal equiv.) In this example, we would add 128 + 64 + 32 + 8 + 1. Therefore, the decimal equivalent of 11101001(binary) is 233.
Subnets
A 32-bit IP address has a network number component and a host number component. This logical network number can be divided to create subnetworks (subnet). Using subnets, each IP address now consists of a network number, subnet number, and a host number. Subnets are used by organizations as a means for limiting broadcast messaging scope and improving network performance. Without subnetting, all devices in a logical network will receive all broadcast messages. By subdividing a logical network, broadcast messages are confined to a single subnet and not the entire network. As the number of devices in a logical network increases, so do the number of broadcast messages. This can negatively impact network performance, as each network device must process each broadcast message. Subnetting will control the distribution of broadcast messages and reduce the possibility of broadcast messages impacting performance. NOTE: Performance impacts are especially noticeable in WANs with limited bandwidth. As we decrease the number of bits from the default host portion of the IP address, we increase the number of possible subnets. However, decreasing the host portion of the IP address to create subnets, will decrease the number of hosts available per subnet.
Example: Assume that the Training Corporation has been assigned network number 128.221.0.0 by a public IP address registry. By default, 128.221 represents the network portion of the address. The possible host portion ranges from 0.1 through 255.254, giving the Training Corporation the possibility of 65,534 hosts in a single logical network. None of its facilities need more than 250 network devices. Without subnetting, over 65,000 host addresses would be unused on this class B network and the Training Corporation would need additional network assignments from the Internet registry. The Training Corporation decided to subdivide its 128.221 network by using the third octet of the IP address for the subnet number. Now only the fourth octet represents the host portion of the IP address. This provides 256 subnets (the 3rd byte in the address ranges from 0.255). Each subnet has a maximum of 254 available host addresses. Each facility would have its own subnetwork of the corporate network. The IP address would look like this: 128.221.(subnet#).(host#). For example, if the IP address of a network device is 128.221.113.24, this could be interpreted as the Training Corporation (128.221), subnet (113) in the training Corporation, and host (24) on subnet 113 in the Training Corporation.
Connecting Subnets
A network layer device is used to separate subnets. These devices are called Routers or Layer 3 Switches. In some cases, such as a Microsoft environment, they are called gateways. If a device in one subnet sends a message to a device in another subnet, the message must pass through one or more routers. NOTE: Although routers and layer 3 switches are different hardware devices, they perform the same basic functions. For this lesson, we will use the term router to represent either device.
Net masks
Because the number of bits representing the network, subnetwork, and host portions of the IP address can vary, some method of defining their length must be used. A 32-bit net mask value specifies which bits in the Internet address represent the network and subnetwork portion of the address and which bits represent the host (node) portion. Network devices sending messages will use the net mask to determine whether or not the intended destination resides on the same subnet. For example, when a source machine wants to send a message to a destination machine, the subnet mask determines if the destination machine is on the same logical subnet or if it resides on a different subnet. If it is on a different subnet, the message must pass through one or more routers between source and destination. The net mask is often specified in dotted decimal notation. Occasionally, a vendor will expect the net mask in hexadecimal format. Each IP address will have a net mask value associated with it.
Network Classes and Default Net masks
Bits whose value equals "1" represent the network and subnetwork portion of the Internet address. Bits whose value equals "0" represent the host portion of the address. The network classes and default net masks are shown here. The number of possible host addresses per network is two (2) raised to the number of bits in the host ID, subtracted by two. The calculation for the maximum number of hosts in a standard Class B network would look like the example shown here.
Default Class B Net mask
The table shown here displays the bit pattern for Class B address and net mask without subnetting. The network number is 128.221, there is no subnet, and the host number is 116.239. NOTE: Remember that an all "zero" bit pattern in the host ID is reserved for generic reference to the network. An all "one" bits pattern in the host ID is reserved as the Broadcast address. The second table shown here displays the bit pattern for a subnetted class B address and net mask with the 3rd byte used as the subnet number. The network number is 128.221, the subnet number is 116 and the host number is 239. NOTE: An entire octet does not need to be used to create the subnet number.
Net mask Characteristics
Net masks do not have to end on a byte boundary. In the upper example, the entire 3rd byte of the IP address was used for the subnet number. A part of the 3rd byte could have been used for the subnet. For example, we could have taken the first half of the 3rd byte for the subnet number. In the lower graphic, the IP address would have remained the same (128.221.116.239) but only the first half of the "116" would have represented the subnet number. The remaining half of the 3rd and all of the 4th byte would represent the host number. In this case, the subnet mask would have been 255.255.240.0 instead of 255.255.255.0. The 4 most significant bits in the 3rd byte of the net mask would have been "one" bits. The decimal-tobinary conversion can help with understanding the new net mask.
A network device uses the netmask to make the route/no-route decision. Consider the following IP address example and its binary format. The source host compared its own network address with the destination host. If there is a "one" bit in the netmask, the corresponding source and destination bits must be compared. If any of these source and destination bits are different, the network devices are located on different networks. The number of unallocated network numbers has decreased significantly as companies and other organizations have increasingly applied for public IP addresses. Classless Inter-Domain Routing (CIDR) is an alternative approach to specifying IP addresses and net masks. Following is an example of how the addressing scheme for CIDR addresses and the addressing scheme for any Class address, such as Class B, are different; for example, IP address 168.214.151.90, Subnet mask 255.255.255.0, and CIDR 168.214.151.90/24. The IP address is followed by the number of "one" bits in a traditional net mask. In other words, the first three bytes (24 bits) of the IP address are considered the network and subnetwork portion of the address. All remaining bits (8, in this example) represent the host ID within the 168.214.151.0 network.
CIDR was developed to conserve IP addresses. In the traditional IP address class structure, many organizations were forced to purchase more addresses than they would ever need. Classless addresses allow the Internet registry to customize the assignment of addresses based on number of addresses needednot network class. This provides more control over the number of IP host addresses that are assigned to an organization. Some organizations do not need an entire network number. The Training Corporation has determined that it will need a maximum of 8,000 IP (host) addresses. This is far more than provided by a single Class C network but much less than a Class B network number provides. Assigning an entire Class B address (with a maximum of 65,534 host numbers) to the Training Corporation would leave over 57,000 host addresses unused. As an example, if the Training Corporation needs a maximum of 8,000 IP addresses, it might be assigned an IP network number of 128.221.160.0/19 using CIDR. This would allow a maximum of 8190 IP addresses, leaving only 190 IP addresses that might never be used, rather than over 57,000.
Setting IP Configurations
IP addresses, net masks and other configuration parameters may be manually assigned by a device administrator or automatically allocated. The Dynamic Host Configuration Protocol (DHCP) is an example of automatic parameter assignment. Depending on the operating system, an administrator may use a command line interface (CLI) or graphical user interface (GUI) to manually assign IP addresses, netmasks and other networkrelated parameters to each network device. If there are many network devices, this can be a time consuming process. Each parameter must be carefully entered. Mistakes, such as giving the same IP address to more than one network device, could affect that device or the entire network behavior.
Dynamic Host Configuration Protocol (DHCP)
DHCP works in a client/server environment. The DHCP client normally broadcasts a request to be given a configuration. The DHCP client "leases" an IP address for a certain amount of time. After half of the lease time has expired, the client automatically "renews the lease" if possible. The DHCP server is responsible for providing configuration data that may include some or all of the following information: a unique IP address, subnet mask, default gateway (IP router), DNS server address, WINS server address, and IP address of the DHCP server. Subnets can be used to make a network more efficient by dividing up a network. Net masks do not have to end on a byte boundary and are used to mask certain portions of IP addresses allowing for more efficient data delivery. Classless Internet addressing is a way to specify an IP address without using an entire network number. The number of bits in a network/subnetwork can be separated from the IP address with a forward slash to minimize the number of IP addresses that may never be used.
IP Routing Tables
Using TCP/IP, network devices can communicate with other devices on the same network or remote networks. To communicate with devices on remote networks, local devices must send their IP packets through one or more routers or Layer 3 Switches. Routing tables within each device are used when deciding which path the packet will travel. To send an IP packet from a source device to a destination device on another network through a router, the source device needs to know the route(s) available to get there. There may be more than one physical path to that destination; therefore, network devices using TCP/IP will have routing tables. Routers could also be called network gateways. Microsoft uses the term "default gateway" when configuring TCP/IP with its Windows operating systems. There are other kinds of gateways such as mail gateways that should not be confused with network gateways. A mail gateway is an intermediate device that is used to temporarily house the message during transmission between the sender and receiver.
The routing table contains a value to represent the relative distance or time to reach the destination. This could be a numeric hop count value or a cost value, based on additional information. Hop count values usually indicate the number of Routers or layer 3 switches through which the packet must pass to reach the destination. Cost count values usually represent a combination of the number of routers between source and destination and the transmission speeds of links between them. If there are multiple routing table entries with the same destination address, the one with the lowest number is considered to be a more efficient route. It is normally used to send packets to the destination rather than the entries with a higher number. There are times when it is helpful to view the routing tables for a particular network device. This is often true when troubleshooting network access problems. Depending on the software platform, routing tables can be viewed using a Command Line Interface (CLI) or a Graphical User Interface (GUI).
Static Entries
There are two basic types of routing table entries. The static routing table entry is used when the device administrator manually adds or deletes routing table entries. The dynamic routing table entries are derived from accepting advertisements from other network devices (usually Routers or Layer 3 Switches). In this context, advertisements are routing table entries distributed by network devices for inclusion in other devices routing tables. NOTE: A network device may have one or both types of entries in its routing table. With static routing table entries, the device administrator must make any additions, deletions, or modifications manually. This can be very time consuming, especially if the network topology changes frequently. Each device's routing table must be configured separately, making static entries undesirable for administrators with many devices to be managed. A static default route is sometimes added to the routing table, especially when there is only one router attached to the network. This tells the device that by default, all packets destined for other networks are to be sent through a particular router. The default route may appear as destination address 0.0.0.0 in the routing table with a metric of 1. The address of the router in the default routing table entry is what Microsoft calls the default gateway. Static routing table entries may be contained in a file that is read by the network device at startup time. The name and location of the file containing static routing entries will vary, depending on the operating system. Static routes can be added at any time but persistence at startup may be optional. Static entries may be created using a command line or GUI capability. The route command is used to create, modify and delete static routing table entries. It is available for most Microsoft and UNIX-based operating systems.
Dynamic Entries
With dynamic routing table entries, a network device's routing tables automatically change according to advertisements that it receives from other network devices. If the device is an end station (not capable of routing), it can only receive advertisements and update its routing tables. If the device is capable of forwarding packets from one network to another (i.e. a router), it can be told to send and/or receive advertisements. To compare this concept with human communications, receiving advertisements could be called listening while sending advertisements could be called talking. For autonomous networks, networks that are managed by a single organization, there are several protocols available for dynamic routing, two of the most popular are the Routing Information Protocol (RIP) and the Open Shortest Path First (OSPF) protocol. Each allows for sending and/or receiving of routing information. In the UNIX environment, an executable program called routed dynamically manages routing table entries using RIP only. Another application called gated is capable of dynamically managing routing table entries using both RIP and OSPF.
Routing Information Protocol (RIP)
RIP is an early protocol for dynamic routing table administration. RIP is a distance vector algorithm, meaning that it calculates the preferred path to the destination based on the number of routers between source and destination. If there are multiple paths from source to destination, the path with the least number of routers will be preferred. RIP uses hop count as the metric for routing table entries. Each router between the source and destination represents a hop. For example, in the RIP metric, a router is defined to be one hop from directly connected networks, two hops from networks that are reachable through one other router and so on. Hop counts do not necessarily represent the number of routers between source and destination devices. To give preference to a particular path, network administrators may alter the count.
Open Shortest Path First (OSPF)
OSPF is another protocol for dynamic routing table administration. OSPF is a link state algorithm, meaning that it calculates the preferred path to the destination based on the path speeds between source and destination. For example, it might be faster to send a packet through 3 routers with 100 Mbps paths between them rather than 2 routers with a 56Kbps path between them. A cost value is calculated to compare multiple paths for a destination. The network speeds and number of routers are used as cost factors. The preferred routing table entry is the one with the lowest cost value. The OSPF provides load balancing. If there are multiple paths of equal cost between source and destination, the traffic will be split equally among those paths. Network devices using TCP/IP have a routing table. The routing table contains entries that provide directions for sending an IP packet to its destination. Routing table entries list the destination, router (gateway), IP address and a value to determine the preferred path. The two basic types of routing table entries are static and dynamic.
Internet Control Message Protocol
There are several utilities and protocols that can be used to ensure the network remains connected and functioning properly. The Internet Control Message Protocol (ICMP) is a partner to IP that handles error and control messages. ICMP is used for notifying network devices of certain network-related conditions and for notifying network devices when the routing tables have changed. It is also utilized for testing and troubleshooting network connectivity. Each ICMP message consists of a type and a code. The message type is represented by a numeric value that indicates a general message category. The message code provides more detailed information about that message type. Not all types have multiple codes associated with them. NOTE: For more information on ICMP types and codes, refer to Request For Comments (RFC) 792, available on the Internet at http://www.ietf.org/rfc.html PING is a utility which verifies the physical connection between source and destination devices and all connections between them. It uses an ICMP "echo request" (from the source) and an ICMP "echo reply" (from the destination). As a matter of fact, derived from defense department jargon, ping is the term used to denote the sonar active pulse which will return from a target when trying to find an object while in a submarine. Each ICMP message consists of a type and code. The code provides more information about the message type. PING verifies the physical connection between source and destination devices and all connections between them.
Address Resolution Protocol
Before sending an IP packet to a destination, the lower layer address of the destination or device that routes packets to the destination must be known. Generally, two machines must know each others MAC address to communicate over the physical medium. The Address Resolution Protocol (ARP) associates the logical (IP) address with the physical (MAC) address. NOTE: Remember that MAC addresses are used by physical network interfaces. For example, a NIC uses an Ethernet address not an IP address. Direct Routing If the source and destination devices are connected to the same logical network, the source needs to know the MAC address for the destination network device. Indirect Routing If the source and destination devices are connected to different logical networks, the source needs to know the MAC address of a router that can forward the message to the destination. The IP to MAC address associations are contained in ARP table entries. Each network attached device has its own ARP table. An ARP table entry consists of an IP address, a MAC address and the ARP entry type. ARP entry types are either static (manually entered) or dynamic (learned through ARP requests).
ARP Table Entries
Static ARP table entries are created manually. A system manager must know the IP and MAC address to create this entry in the ARP table. Dynamic ARP table entries are created as needed. When an IP to MAC association does not exist in a source device's ARP table, the source device broadcasts an ARP request and waits for a reply. The ARP request includes the IP address of the destination network device. Normally, the only device to reply to this ARP request is the device with the assigned destination IP address. The destination responds with an ARP reply and the source updates its ARP table. The ARP reply contains the MAC address of the destination device. Example: A PC needs to issue a file open request to a corporate file server over an Ethernet LAN. If the PC does not have an ARP table entry for the server, it broadcasts an ARP request. The server responds with its MAC address and the PC updates its ARP table. The PC sends the file open request to the server in an Ethernet frame. The destination address in the frame is the MAC address from the ARP reply. The file server receives the request to open the file. The ARPA architecture uses the Address Resolution Protocol (ARP) to perform the IP-to-MAC mappings. These mappings are entries in an ARP table.
Transport Layer Function
This section will present the protocols used by the Transport Layer of the ARPA architecture. You will also learn the differences between these protocols and how port numbers at the Transport layer prevent different Application layer processes from accidentally receiving each other's data. The Transport layer offers services to the Application layer when a network device is sending and receiving data. The Transport layer serves as the intermediary between the Application layer (user interface services) and the Network layer (packet delivery services). A header, containing administrative information, is created by the Transport layer and used to provide its services to the Application layer. When a network device sends information, the Transport layer accepts Application layer data, adds a Transport layer header to it, and passes the resulting message to the Network layer. When a network device receives information, the Transport layer accepts the information received from the Network layer, removes the Transport layer header created by the sender and passes the higher layer information to the Application layer. The services provided by the Transport layer depend on the protocol that is used. Possible Transport layer services are acknowledged message delivery, message sequencing, and message flow control. Based on its service requirements, the Application layer sends its data to the appropriate Transport layer protocol. The Transport layer acknowledgement of message delivery is similar to certified mail services in many countries. The person sending a letter attaches the information necessary for acknowledgement of delivery to be returned.
When the letter is delivered, the recipient acknowledges delivery by signing a receipt form that is returned to the original sender. If the sending network device requests delivery acknowledgement and the recipient has a message for the original sender, the recipient may send the acknowledgement and message together. If the sending network device requests delivery acknowledgement and the recipient does not have a message for the original sender, the acknowledgement may be sent alone. If acknowledgement is not received within a designated amount of time after sending, the sender assumes that the message was not delivered. Normally, the sender will retransmit the information. Transport layer delivery without acknowledgement or "best effort" service is similar to first class postal services in many countries. The postal service attempts to deliver the letter but does not tell the sender whether or not the letter was actually delivered. Using the appropriate Transport layer protocol, the sender establishes a session with the receiver. A sequence number is added to each message. With sequenced delivery, the receiving Transport layer service can detect problems and take corrective action when messages are missing, duplicated, or received out of order. If there is no agreement between sender and receiver, it is possible for the sender to transmit more information than the receiver can accept and store. Using message flow control, the receiver tells the sender how much storage (usually memory buffer) it has available for messages from the sender. The Transport layer acts as the intermediary between the Application and Network layers of the ARPA architecture. The services provided by the Transport layer depend on the protocol being used. Transport layer services may include guaranteed delivery, message sequencing and/or flow control.
Transmission Control Protocol
Two protocols are used at the Transport layer. They are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). Each Transport layer protocol offers a predefined set of services. The Transmission Control Protocol (TCP) is connection based. Connection based means that a virtual session is established before information is sent between the source and destination. As data is received from the Application layer, TCP adds a header containing message delivery information. The combination of Application layer data and TCP header forms the Transport layer message. The message for TCP is called a segment. TCP provides a reliable transport mechanism, meaning it acknowledges the delivery of messages.
TCP Header
The header is normally 20 bytes in length but could be longer with options, such as maximum segment size. A checksum included in the header is used to check for bit corruption at the Transport layer. Each TCP segment contains sequencing information. If TCP receives a duplicate copy of a segment, it is discarded. Only the first copy of that segment is kept. NOTE: If a segment in the sequence is not received, the problem can be detected and the missing segment can be requested. Lower layer protocols, such as Ethernet, may also use some algorithm to check for bit corruption at that layer. TCP implements flow control using the Window Size field of the TCP header. Each of the partners in the virtual connection specifies the maximum number of bytes they will accept from the other. When system "A" sends data or acknowledgements to system "B", it tells system "B" how much buffer is available to accept new information (using the Window field). System "B" will adjust the amount of information it sends to system "A" accordingly. The Training Corporation uses the Simple Mail Transfer Protocol (SMTP), File Transfer Protocol (FTP), and Hyper Text Transfer Protocol (HTTP). All of these Application layer protocols use the services of TCP at the Transport layer to guarantee delivery of messages, handle flow control, and ensure proper message sequencing. Most users do not know that they are using TCP. Users do not receive a message informing them that this protocol is in use.
User Datagram Protocol
The User Datagram Protocol (UDP) is a relatively simple Transport layer protocol. It is not connection based, which means that a virtual session is not created before messages are sent between source and destination. UDP messages are sometimes called datagrams. The header is 8 bytes in length and the format is shown here. UDP does not acknowledge the delivery of Transport layer messages. UDP does not offer a message sequencing service. It does not create a relationship between the current message, the one before it, or the one following. UDP does not provide message flow control. Because UDP does not offer flow control, it is possible to send information faster than the receiver can accept it. This can result in messages being discarded by the receiver due to lack of buffer space. If the application layer requires guaranteed delivery, message sequencing, or flow control, the application layer must handle those functions itself. The Training Corporation uses the Network File Systems (NFS) protocol at the Application layer for sharing files among UNIX hosts. Version 2 of NFS required the use of UDP at the Transport layer. The Transport layer offers two protocols: TCP and UDP. TCP acknowledges the delivery of messages and keeps them in the original sequence. It also checks for missing messages and duplicate copies of messages. TCP implements flow control using the Window Size field of the TCP header. UDP is a relatively simple Transport layer protocol that does not support message acknowledgement, sequencing, or flow control.
Port Number Overview
An IP address alone is not sufficient to uniquely identify communications between two network devices. This lesson introduces a solution called socket addressing. The Transport layer uses the concept of a logical port number to deliver messages. A source and destination port number is specified in the TCP or UDP header. A port number is represented by a 16-bit integer. In the TCP or UDP header, a source and destination port number must be specified. The sender inputs the destination port number, telling the receiver which process is to receive this message. The sender also inputs the source port number, telling the receiving process which port should be used for replies to this message. Transport layer port numbers provide a way to make the initial request for a service on a remote host. They also identify communications with a remote system. They are used to uniquely identify services or processes on the systems. The port numbers are divided into Well Known Ports, Registered Ports and Dynamic Ports. Well Known Ports range from 0 to 1023 while Registered and Dynamic Ports range from 1024 to 65535. Some Well Known Ports are HTTP (port 80), SMTP (port 25), and FTP (ports 20 and 21). Most service-to-port number assignments are administered by a governing Internet committee and not by individual vendors. Port number assignments for UNIX, Microsoft and other operating systems should be consistent. For example, a web browser normally requests access to a web server by specifying service port 80 as the destination port in the TCP header, regardless of the vendor. For more information on specific port number assignments, refer to the Internet Assigned Numbers Authority (www.iana.org).
Port 0 is reserved. Ports 1 -1023 represent "well known services". They are used as the contact port when making the initial request for service. For example, E-mail is normally handled by the Simple Mail Transfer Protocol, port number 25. The reserved port numbers have not been defined for service or registered use by the standards body. They are simply reserved for future use. Port 1024 is reserved. Ports 1025 through 49151 are registered port numbers. They are typically the port numbers used when communication has been established between network devices.
Socket Addressing
The concept of socket addressing was introduced in Berkeley UNIX. The term "socket" is generally associated with the combination of an IP address (Network layer) and a port number (Transport layer). Socket addresses may be specified in more than one way. Shown here are two examples using port number 40727. Most operating systems will use one of these formats.
Network Problem Example
IP addresses alone will not uniquely identify the destination of messages. In this example, the same server provides file transfer and email services to clients. Without a Transport layer destination port number, the receiving network device cannot know which service the client is requesting. By using IP addresses at the Network layer and Port Numbers at the Transport layer (a socket address), communications between Application layer processes can be uniquely identified. In this example, the client uses the same destination IP address for file and E-mail services but adds the port number to identify which service receives a particular message. Port numbers provide a way to make a request for a service or communicate with a specific process on another network device. Port numbers are 16 bit integers. The TCP or UDP header includes source and destination port numbers. Socket addressing is generally defined as the combination of an IP address (Network layer) and a port number (Transport layer).
Summary
For the ARPA architecture, there are two Transport layer protocols: TCP and UDP. TCP is a guaranteed delivery service with flow control and acknowledgement capabilities. UDP is a nonguaranteed service with no flow control or acknowledgement capabilities. Port numbers are used to specify the service or application that is being addressed. In summary, network layer protocols specify addressing and routing schemes for getting higher layer messages to their destination. The Internet protocol is used almost universally for communicating between network devices. IP addresses are used to route IP packets from source to destination. Transport layer protocols may offer guaranteed delivery of higher layer data or provide simpler, non-guaranteed delivery service. IP addresses are used at the network layer and port numbers are used at the transport layer so that communications between application layer processes can be uniquely identified.
Course Summary
Key points covered in this course: How networks are used for sharing resources The purposes and associated protocols of specific ARPA layers Internet Protocol routing and routing tables Other protocols related to the Network layer The term ports as it applies to the Transport layer

Basic Networking

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Basic Networking

Hochgeladen von

Copyright:

Verfügbare Formate

Copyright 2005 EMC Corporation. Do not Copy - All Rights Reserved.

Basic Network Environment

BNE Network Fundamentals

2005 EMC Corporation. All rights reserved.

BNE Network Fundamentals - 1

Copyright 2005 EMC Corporation. Do not Copy - All Rights Reserved.

2005 EMC Corporation. All rights reserved.

BNE Network Fundamentals - 2

This course will present the fundamental concepts of a networked environment.

BNE Network Fundamentals - 2

Copyright 2005 EMC Corporation. Do not Copy - All Rights Reserved.

Layered Architectures Separate Network Issues

2005 EMC Corporation. All rights reserved.

BNE Network Fundamentals - 3

BNE Network Fundamentals - 3

Copyright 2005 EMC Corporation. Do not Copy - All Rights Reserved.

2005 EMC Corporation. All rights reserved.

BNE Network Fundamentals - 4

BNE Network Fundamentals - 4

Copyright 2005 EMC Corporation. Do not Copy - All Rights Reserved.

Open System Protocols

2005 EMC Corporation. All rights reserved.

BNE Network Fundamentals - 5

BNE Network Fundamentals - 5

Copyright 2005 EMC Corporation. Do not Copy - All Rights Reserved.

Introducing the OSI Model

2005 EMC Corporation. All rights reserved.

BNE Network Fundamentals - 6

BNE Network Fundamentals - 6

Copyright 2005 EMC Corporation. Do not Copy - All Rights Reserved.

2005 EMC Corporation. All rights reserved.

BNE Network Fundamentals - 7

BNE Network Fundamentals - 7

Copyright 2005 EMC Corporation. Do not Copy - All Rights Reserved.

OSI Upper Layers

2005 EMC Corporation. All rights reserved.

BNE Network Fundamentals - 8

BNE Network Fundamentals - 8

Copyright 2005 EMC Corporation. Do not Copy - All Rights Reserved.

OSI Middle and Lower Layers

2005 EMC Corporation. All rights reserved.

BNE Network Fundamentals - 9

BNE Network Fundamentals - 9

Copyright 2005 EMC Corporation. Do not Copy - All Rights Reserved.

BNE Network Fundamentals - 10

Copyright 2005 EMC Corporation. Do not Copy - All Rights Reserved.

Introducing the ARPA Architecture

2005 EMC Corporation. All rights reserved.

BNE Network Fundamentals - 11

BNE Network Fundamentals - 11

Copyright 2005 EMC Corporation. Do not Copy - All Rights Reserved.

2005 EMC Corporation. All rights reserved.

BNE Network Fundamentals - 12

Copyright 2005 EMC Corporation. Do not Copy - All Rights Reserved.

2005 EMC Corporation. All rights reserved.

BNE Network Fundamentals - 13

BNE Network Fundamentals - 13

Copyright 2005 EMC Corporation. Do not Copy - All Rights Reserved.

ARPA and OSI Comparison

2005 EMC Corporation. All rights reserved.

BNE Network Fundamentals - 14

BNE Network Fundamentals - 14