Orange Romania

Together we can do more !

Orange Romania

Orange Romania

Networking Marius Iordache

Agenda
Networking Fundamentals TCP/IP addressing Internet and Applications Ethernet LAN Switching
VLANs, Spanning Tree

Orange Romania

Routing
RIP, EIGRP, OSPF

Network Design VPNs Best Practice QoS Case studies

Orange Romania

Networking Fundamentals
The OSI Model Open Systems Interconnection (OSI) offers seven-layer model: Layer 1, physical Layer 2, data link Layer 3, network Layer 4, transport Layer 5, session Layer 6, presentation Layer 7, application

Orange Romania

Orange Romania

OSI
Layer 1, physical

Orange Romania

The physical layer is responsible for converting a frame (the output from Layer 2) into electrical signals to be transmitted over the network. The actual physical network can be copper wiring, optical fiber, wireless radio signals, or any other medium that can carry signals. This layer also provides a method for the receiving device to validate that the data was not corrupted during transmission. Layer 2, data link The data link layer is responsible for establishing the most elemental form of communication session between two different devices so that they may exchange Layer 3 protocols. For computer networks, the data link layer adds a header, which identifies the particular Layer 3 protocol used and the source and destination hardware addresses (also known as Media Access Control [MAC] addresses). At this point, the packet (the Layer 3 output) is successfully processed into a Layer 2 Frame and is ready to go onto the network. Ethernet switching and bridging operate at this level Layer 3, network: The network layer is where the majority of communications protocols do their work, relying on Layers 2 and 1 to send and receive messages to other computers or network devices. The network layer adds another header to the front of the packet, which identifies the unique source and destination IP addresses of the sender and receiver. The process of routing IP packets occurs at this level.

Orange Romania

OSI
Layer 4, transport:

Orange Romania

The transport layer is responsible for taking the chunk of data from the application and preparing it for shipment onto the network. Prepping data for transport involves chopping the chunk into smaller pieces and adding a header that identifies the sending and receiving application (otherwise known as port numbers). For example, Hypertext Transfer Protocol (HTTP) web traffic uses port 80, and FTP traffic uses port 21.Each piece of data and its associated headers is called a packet Layer 5, session: The session layer manages connections between hosts. If the application on one host needs to talk to the application on another, the session layer sets up the connection and ensures that resources are available to facilitate the connection. Networking folks tend to refer to Layers 5 to 7 collectively as the application layers. Layer 6, presentation: The presentation layer provides formatting services for the application layer. For example, file encryption happens at this layer, as does format conversion. Layer 7, application: The application layer provides networking services to a user or application. For example, when an e-mail is sent, the application layer begins the process of taking the data from the e-mail program and preparing it to be put onto a network, progressing through Layers 6 through 1.

Orange Romania

OSI Stack

Orange Romania

Communications between the Layers is made usind PDU (protocol data units), including different data according to the transport layer Define Encapsulation Define De-Encapsulation

Orange Romania

TCP/IP addressing
Computers and devices speaking the same language

Orange Romania

To communicate, this devices should have a form of addressing, to transmit end-to-end the information required MAC address: A manufacturer-allocated ID number that is permanent and unique to every network device on Earth. You have only one, it stays the same wherever you go, and no two people (devices) have the same number. MAC address are formatted using six pairs of hexadecimal numbers, such as 01-23-45-67-89-AB. It provides an easy translation from binary (which uses only 1s and 0s), which is the language of all computers. IP address: Unlike a MAC address, the IP address of any device is temporary and can be changed. It is often assigned by the network itself and is analogous to your street address. It only needs to be unique within a network. Someone elses network might use the same IP address. Every device on an IP network is given an IP address, which looks like this: 192.168.1.1 Dynamically Alocated IP Address: DHCP

Domain Names & IP Relations

Orange Romania

TCP/IP addressing
What is TCP/IP ?

Orange Romania

TCP is a connection-oriented, reliable protocol that breaks messages into segments and reassembles them at the destination station (it also resends packets not received at the destination). TCP also provides virtual circuits between applications. Connection-oriented protocol establishes and maintains a connection during a transmission. The connection is established and maintained during the data transmission. What is UDP (User Datagram Protocol)? An unreliable, connectionless protocol. Although unreliable may have a negative connotation, in cases where realtime information is being exchanged (such as a voice conversation, video, Real Time Application). TCP/IP datagramams TCP IP information is send via datagrams. A single message may be broken into a series of datagrames. The Layer associated with TCP/IP are: Application Layer (e-mail, file transfer) Transport Layer TCP & UDP Network Layer : IP, ICMP, ARP, RARP IP is a connectionless protocol, best effort transporting Datagrams

Orange Romania

ICMP, ARP, RARP

What is ICMP ?

Orange Romania

Internet Control Message Protocol (ICMP) - carry error and control messages with IP datagram . Ping allows one station to discover a host on another network. What is ARP Address Resolution Protocol (ARP) allows communication on a multi-access medium - Ethernet by mapping known IP addresses to MAC addresses What is RARP Reverse Address Resolution Protocol (RARP) is used to map a known MAC address to an IP address. Establishing TCP/IP connection PCs exchange SYN bits, for synchronization. TCP/IP uses three-way hand-shake PC A sends a syncro message to PC B containing a seq number seq =100 PC B ack that it received the message, increments the seq ack = 101, sends its own syn =300 PC A receive the ACK expected, and the communication is now established All communication will be incremented starting fron syn and ack Syn = 201, ack = 301 and so on

Orange Romania

10

TCP/UDP/Ports Numbers
TCP Windowing

Orange Romania

A communication protocol have to receive an ack every packet Reliable but very costly Windowing is a compromise that reduces overhead by ack packets after a specific number has been received Windows size one, each segment is ack every time Windows size of 7, an ack every 7 segments needs to be sent after the receipt of the seven segments

What happens if segment 5 is not received ?? TCP the packet is resend

Orange Romania

11

TCP/UDP/Ports Numbers
What is UDP ?

Orange Romania

UDP is a connectionless, unreliable Layer 4 protocol. Unreliable - the protocol does not ensure that every packet will reach its destination. UDP is used for applications that provide their own error recovery process or when retransmission does not make sense. UDP is simple and efficient. Why not resend ? Real Time Application

Port Numbers Port numbers (socket numbers) are used to keep track of different conversations crossing the network at any given time. Well Known ports are assigned by IANA, other ports are assigned randomly from a specific range TCP UDP FTP 21 Telnet 23 SMTP 25 DNS 53 SSH 22 80 DNS 53 TFTP 69 SNMP 161 RIP 520 80

Orange Romania

12

IP Addressing
Why IP ? IPv4 32 bits => aaaa.bbbb.cccc.dddd ~ 4.3 trillion address combination 00001010.10000000.10110010.00101110 represents 10.128.178.46

Orange Romania

MAC vs IP Address Classes A first octet 1-126 , Network Mask /8 B first octet 128-191, Network Mask /16 C first octet 192.223, Network Mask /24 D multicast E reserved

What represents a 10.10.10.0/29 ? Subnetting A method of segmenting hosts within a Network Why subnetting ? Subnet Mask Subneting formula each bit of subnetting beyond the default, you can create 2n2 subnets 174.24.4.176 1010111000110000000100 10 | 110000 Host 255.255.255.192 1111111111111111111111 11 | 000000 Mask 174.24.4.128 1010111000110000000100 10 | 000000 Subnet 174.24.4.191 1010111000110000000100 10 | 111111 Broadcast

Orange Romania

13

Internet Applications
EMAIL Layer 7 SMTP as protocol SMTP Servers DNS Servers POP3 Post Office Protocol 3 Servers Another Protocol IMAP

Orange Romania

Browsing Layer 7 HTTP

Messenger Skype Kazaa

Orange Romania

14

Ethernet
Ethernet History Ethernet Layer 2 within a LAN Shared Link Ethernet Collisions CSMA/CD Bridges to split collisions domains Switches to offer dedicated domains Routers to permit traffic from one domain to another

Orange Romania

Bridges Layer 2 device which creates new segments, resulting fewer collision domains

Switches High-speed multiport bridge intelligent decisions Throughput Higher port density Lower price per port cost Full duplex speed 10,100,1000 Mbps -> 10Gbps

Routers Layer 3 devices Routing deciscions Inter-Domain Routing

Orange Romania

15

Switching
MAC learning Learn address to make intelligent decisions MAC Learning Forwarding traffic Segmentation

Orange Romania

Broadcast and Collisions Domains

Orange Romania

16

VLANs
What Represent a VLAN

Orange Romania

Networks Loops Alternative paths for redundancy Preventing Network Loops at Layer 2 ?

STP Spanning Tree Protocol IEEE 820.1d 802.1w 802.1s

Orange Romania

17

Spanning Tree Fundamentals

STP dynamically prevents loops in Layer 2 switched networks.

Orange Romania

STP defines a tree that spans all switches in a LAN by forcing certain redundant paths in the network into a blocked state. If a link that previously forwarded traffic becomes unavailable, STP dynamically reconfigures the network to redirect traffic flow by activating the appropriate standby path. Switches dynamically determine the state of the spanning tree by exchanging information with others using Select a Root local Point for the rest of the L2 Network All ports on a root are in forwarding state Non-root switches - elect root port in forwarding state All other ports should be in blocking state

State of a port: Listening Learning Forwarding

Problems to be solved Recognize loops Designate redundant and back-up links Switch the traffic in case of failure

Broadcast Storms infinite flooding the frames

Orange Romania

18

Broadcast Storms
Broadcast Storm - Infinite Loop

Orange Romania

Multiple copies of the same Frame MAC Address Instability Solutions? Using Spanning Tree Rules Roles assigned: Root bridge One RB in any loop Root port Designated Port Non-designated port
Orange Romania 19

Spanning Tree
Port States At any given time, the ports states are as follows:

Orange Romania

There are applications which need a fast calculation Rapid Spanning Tree Designates Alternative and Back-up ports, allowed to immediately enter in forwarding state

Orange Romania

20

VLAN - virtual local area network

Virtual LAN or VLAN

Orange Romania

a group of hosts with a common set of requirements that communicate as if they were attached to the same broadcast domain VLAN membership can be configured through software instead of physically VLANs are created to provide the segmentation services traditionally provided by routers in LAN configurations Protocol Standard VLANs is IEEE 802.1Q Reffered as switching VLANs are broadcast domains defined within switches to allow control of broadcast, multicast, unicast, and unknown unicast within a Layer 2 device VLANs have a variety of configurable parameters, including name, type, and state LANs are defined on a switch in an internal database known as the VLAN Trunking Protocol (VTP) database VLANs are created by number, and there are two ranges of usable VLAN numbers (normal range 11000 and extended range 10254096) Offer Virtualization IEEE 802.1Q header contains a 4-byte tag header 2-byte tag protocol identifier (TPID) 2-byte tag control information (TCI) Twelve-bit VLAN identifier (VID)-Uniquely identifies the VLAN to which the frame belongs Range 1000 - 4096

Orange Romania

21

Ethernet Structure

Orange Romania

Orange Romania

22

Network Example - VLANs

Physical Ethernet interface
Match VLAN: 10

Orange Romania

Match VLAN: 20

Match VLAN: 50 Match VLAN: 100

Match VLAN: 10

Match VLAN: 20

Orange Romania

23

Routing
What is Routing ?

Orange Romania
The process of moving a packet of data from one network to another network based on the destination IP address devices that perform this routing function are referred to as routers Routers maintain a list of routes to as a routing table Based on IP (Internet Protocol) - IP was the connectionless datagram service in the original Transmission Control Program Hosts or devices have IP adresses IP is considered to be a Layer 3 Protocol Today IP Protocol version 4 and version 6 IPv4 defines an IP address usin 32 bits IPv6 defines an IP address using 128 bits

How Routing is achieved Know the destination address Identify the sources it can learn from Discover possible routes Select the best route Maintain and verify routing information

Route Learning Static Dynamic RIP, EIGRP OSPF IS-IS, BGP Connected

Orange Romania

24

Routing

Orange Romania

Routing Operates at layer 3 OSI, moving packets from a source to a destination, based on an IP Network Protocol Routing involves two processes: 1. 2. determining optimal routing paths through a network, forwarding packets along those paths. Routing algorithms make the optimal path determination. Routers communicate with each other and maintain their routing tables through the exchange of messages over the network. Routing update contains all or part of another routers routing table and allows each router to build a detailed picture of the overall network topology. Routing Protocol: a series of messages that routers use to exchange information to provide paths in the network RIPv2 EIGRP OSPF IS-IS BGP

How Routing Works?

Orange Romania

25

Routing
Routers associate the DA in the packet to an appropriate next hop in its routing table.

Orange Romania

For multiple paths, a routing table contains information that allowed a router to elect the best path to the destination All the router in a network performs the same process To route a packet, a router must know the following information : Destination address Source address Possible routes Best route Status of route

What means Best? Hop count Delay Reliability MTU Cost of the path

Static Routes versus Dynamic routes Flat Architecture versus Hierarchical Architecture

Orange Romania

26

Routing Protocols
Distance Vector Routing by rumor, routers sharing their routing tables with each-others Describes direction /port and the distance number of hops or other metrics Routers know the distance but dont know the topology Use regular updates sending the entire routing table

Orange Romania

Link State (SPF algorithm) Each router maintains a database of topology information for the entire network Provide better scaling that Distance Vector, sending updates only when a change occurs Sends only the information specific to the change

Orange Romania

27

Routing Protocols
Autonomous Systems: Interior or Exterior Routing Protocols

Orange Romania

An autonomous system is a collection of networks under a common administrative domain. IGPs operate within an autonomous system. EGPs connect different autonomous systems.
Orange Romania 28

Routing Protocols
Administrative Distance

Orange Romania

Orange Romania

29

Routing Protocols
Routing Protocols Administrative Distance

Orange Romania

Orange Romania

30

Routing Protocols
Routing Protocol Comparison Chart

Orange Romania

Orange Romania

31

Routing Protocols
Comparison of Default Timers

Orange Romania

Orange Romania

32

Topology Types
Topology Types

Orange Romania

Orange Romania

33

Routers and Switches

Different Cisco Series Routers and Switches

Orange Romania

Orange Romania

34

Network Design

Orange Romania

A design goal is to separate the networks Layers, the Hierarchical Design Approach been proven to be the most effective Three primary layers: Access Provides access users in the network Distribution Provides link between Access and Core network Core Network (backbone) Route and switch the packets at high speeds Redundant paths, redundant hardware, fault networks protocols

Design is very important in a network approach Business future Permit extensions and availability to growth May be seen as a modular architecture High availability Oversubscription Redundancy

Orange Romania

35

Network Design

Orange Romania

Orange Romania

36

Virtual Private Networks

Key Concepts:

Orange Romania

VPN allow a corporation to replace the dedicated private networks with virtually private networks Cost savings Security Scalability Compatibility Ease of access

VPN Architecture Layer 2 and Layer 3 May be combined L2 and L3 Modern VPNs based on MPLS

Orange Romania

37

Best Practice
Hardware redundancy Hardware Processors Power supplies Link No single point of failure Hot swap cards

Orange Romania

Networking complexity Redundancy is good and necessary Single, logical an repetitive network design A good design -> simplifies troubleshooting

Software Protocols able to reroute traffic

Dual attached network Network Monitoring Detecting problems before affecting the network Redundant Servers

Trainings

Orange Romania

38

QoS Quality of Service

Key Concepts Allow the transport of traffic with special requirements Defined by the ITU in 1994 Starting from Telephony needs

Orange Romania

An ISP Network must assure : Throughput Dropped packets Latency, Delay Jitter Out-of-Order Delivery

From Best Effort to an ordered delivery scenario Assuring Qos: Best Effort Efficient sharing of bandwidth Relative importance depends on traffic type (audio/video, file transfer, interactive) Challenge: Provide adequate performance

Techniques Identify and explain QoS strategy

Orange Romania

39

Quality of Service
QoS is used in order to prioritize of critical network traffic

Orange Romania

In a network with various traffic (voice, video, data) QoS is used to manage special requirements: Low delay less than 250ms end-to-end Low jitter less than 10 ms Low packet loss less than 0.5 %

QoS assures highly availability in Networks Qos Components Best Effort first come first served, no any preference ~ FIFO Integrated Services End devices are aware of the resources requirements and have the ability to request traffic profile before sending data Differentiated Services - there is no request for a specific traffic profile from the end device The network is configured to give QoS parameters for traffic and the type is configured on the networking equipment traffic is marked on ingress to the network, so that the traffic can be correctly treated - classified DiffServ introduces DSCP Configurations guides and lines to achieve the results Cos L2 IP Precedence L3 DSCP L3

Orange Romania

40

Quality of Service

Orange Romania

Orange Romania

41

QoS Tips & Trips

Congestion Management FIFO PQ Weighted Round Robin Weighted Fair Queuing

Orange Romania

Congestion Avoidance Weighted Random Early Detection Drop the packets based on average queue size and priority of a packet

Classification and Marking Basic Configuration line specific for Cisco case study

Orange Romania

42

Policing versus Shaping

Shaping versus Policing Control the volume of traffic Shaping in a specified period of time on the interface (average) Policing limit the traffic on the interface

Orange Romania

Orange Romania

43

QoS Techniques
FIFO Traffic packets placed on outbound link to egress device in FIFO order

Orange Romania

Orange Romania

44

QoS Techniques
Priority All packets in a higher priority queue are served FIRST

Orange Romania

Rest of traffic Served as required

Orange Romania

45

QoS Techniques
Weighted Fair Queuing Different scheduling priorities to statistically multiplexed data Based on the weight of the packet

Orange Romania

Orange Romania

46

QoS

Orange Romania

Orange Romania

47

Orange Romania

Hands On

Orange Romania

48

Orange Romania

Thank you!

Orange Romania

49