You are on page 1of 37

CCNA Exploration - Network Fundamentals

5 OSI Network Layer


5.0 Chapter Introduction
5.0.1 Chapter Introduction
Page !
We have seen how network appcatons and servces on one end devce can communcate wth
appcatons and servces runnng on another end devce.
Next, as shown n the gure, we w consder how ths data s communcated across the network - from the
orgnatng end devce (or host) to the destnaton host - n an emcent way.
The protocos of the OSI mode Network ayer specfy addressng and processes that enabe Transport ayer
data to be packaged and transported. The Network ayer encapsuaton aows ts contents to be passed to
the destnaton wthn a network or on another network wth mnmum overhead.
Ths chapter focuses on the roe of the Network ayer - examnng how t dvdes networks nto groups of
hosts to manage the ow of data packets wthn a network. We aso consder how communcaton between
networks s factated. Ths communcaton between networks s caed routng.
Learning O"#e$ti%es
Upon competon of ths chapter, you w be abe to:
Identfy the roe of the Network ayer as t descrbes communcaton from one end devce to another
end devce.
Examne the most common Network ayer protoco, Internet Protoco (IP), and ts features for
provdng connectoness and best-ehort servce.
Understand the prncpes used to gude the dvson, or groupng, of devces nto networks.
Understand the herarchca addressng of devces and how ths aows communcaton between
networks.
Understand the fundamentas of routes, next-hop addresses, and packet forwardng to a destnaton
network.
5&'& - C(apter Introdu$tion
The dagram depcts the O S I mode wth the Network Layer hghghted. A man sttng at a PC s shown
wth data owng down the seven ayers of the O S I ayers from the Appcaton Layer to the Physca
Layer. The Physca Layer s connected to a group of nterconnected routers. Data s owng from the
routers to a PC at the Appcaton Layer. As data s communcated, devces use the Transport Layer to
connect processes, and the Network Layer enabes devces to reach each other.
5.1 IPv4
5.1.1 Network Layer - Communication from Hot to Hot
Page !
)(e Network layer* or OSI Layer +* pro%ides ser%i$es to ex$(ange t(e indi%idual pie$es o, data
o%er t(e network "etween identi-ed end de%i$es& To accompsh ths end-to-end transport, Layer 3
uses four basc processes:
Addressng
Encapsuaton
Routng
Decapsuaton
)(e animation in t(e -gure demonstrates t(e ex$(ange o, data&
Addressing
Frst, the Network ayer must provde a mechansm for addressng these end devces. If ndvdua peces of
data are to be drected to an end devce, that devce must have a unque address. In an IPv4 network,
when ths address s added to a devce, the devce s then referred to as a host.
En$apsulation
Second, the Network ayer must provde encapsuaton. Not ony must the devces be dented wth an
address, the ndvdua peces - the Network ayer PDUs - must aso contan these addresses. Durng the
encapsuaton process, Layer 3 receves the Layer 4 PDU and adds a Layer 3 header, or abe, to create the
Layer 3 PDU. When referrng to the Network ayer, we ca ths PDU a packet. When a packet s created, the
header must contan, among other nformaton, the address of the host to whch t s beng sent. Ths
address s referred to as the destnaton address. The Layer 3 header aso contans the address of the
orgnatng host. Ths address s caed the source address.
After the Network ayer competes ts encapsuaton process, the packet s sent down to the Data Lnk ayer
to be prepared for transportaton over the meda.
.outing
Next, the Network ayer must provde servces to drect these packets to ther destnaton host. The source
and destnaton hosts are not aways connected to the same network. In fact, the packet mght have to
trave through many dherent networks. Aong the way, each packet must be guded through the network
to reach ts na destnaton. Intermediary de%i$es t(at $onne$t t(e networks are $alled routers&
)(e role o, t(e router is to sele$t pat(s ,or and dire$t pa$kets toward t(eir destination& )(is
pro$ess is known as routing&
Durng the routng through an nternetwork, the packet may traverse many ntermedary devces. Each
route that a packet takes to reach the next devce s caed a hop. As the packet s forwarded, ts contents
(the Transport ayer PDU), reman ntact unt the destnaton host s reached.
/e$apsulation
Fnay, the packet arrves at the destnaton host and s processed at Layer 3. The host examnes the
destnaton address to verfy that the packet was addressed to ths devce. If the address s correct, the
packet s decapsuated by the Network ayer and the Layer 4 PDU contaned n the packet s passed up to
the approprate servce at Transport ayer.
Unke the Transport ayer (OSI Layer 4), whch manages the data transport between the processes runnng
on each end host, Network layer proto$ols spe$i,y t(e pa$ket stru$ture and pro$essing used to
$arry t(e data ,rom one (ost to anot(er (ost. Operatng wthout regard to the appcaton data
carred n each packet aows the Network ayer to carry packets for mutpe types of communcatons
between mutpe hosts.
5&& - Network Layer - Communi$ation ,rom 0ost to 0ost
The anmaton depcts one host communcatng wth another through the ayers of the O S I mode. Host A
sends data down the O S I mode ayers on one sde through a group of nterconnected routers and then up
the O S I mode ayers on the other sde to Host B. The anmaton concentrates on the Network Layer
protocos and how they forward encapsuated Transport Layer PDU's between hosts. As the anmaton
progresses, the foowng occurs:
Step 1. Host A sends data from ts source address 192.168.32.11 to Host B destnaton address
192.168.36.5.
Step 2. Host A data s encapsuated at the Transport Layer nto a segment.
Step 3. The Host A segment s encapsuated at the Network Layer nto a packet.
Step 4. The Host A packet s encapsuated at the Data Lnk Layer nto a frame.
Step 5. The Host A frame s transmtted on the meda as bts at the Physca Layer.
Step 6. The Host A bts (ones and zeroes) trave through a group of routers n a coud to the Physca Layer
of Host B.
Step 7. At Host B, the bts are receved on the meda at the Physca Layer and sent to the Data Lnk Layer.
Step 8. The Host B frame s decapsuated at the Data Lnk Layer nto a packet.
Step 9. The Host B packet s decapsuated at the Network Layer nto a segment.
Step 10. The Host B segment s decapsuated at the Transport Layer nto data and sent to the destnaton
appcaton.
Page 1!
Network Layer Proto$ols
Protocos mpemented at the Network ayer that carry user data ncude:
Internet Protoco verson 4 (IPv4)
Internet Protoco verson 6 (IPv6)
Nove Internetwork Packet Exchange (IPX)
AppeTak
Connectoness Network Servce (CLNS/DECNet)
The Internet Protoco (IPv4 and IPv6) s the most wdey-used Layer 3 data carryng protoco and w be the
focus of ths course. Dscusson of the other protocos w be mnma.
5&& - Network Layer - Communi$ation ,rom 0ost to 0ost
The anmaton depcts the O S I mode wth the Network Layer hghghted and sts Network Layer
protocos as foows:
- Internet Protoco verson 4 (IPv4)
- Internet Protoco verson 6 (IPv6)
- Nove Internetwork Packet Exchange (IPX)
- AppeTak
- Connectoness Network Servce (CLNS, DECnet)
5.1.! "he IP v4 Protoco# - $%amp#e Network Layer Protoco#
Page !
.ole o, IP%2
As shown n the gure, the Network ayer servces mpemented by the TCP/IP protoco sute are the
Internet Protoco (IP). Verson 4 of IP (IPv4) s currenty the most wdey-used verson of IP. It s the ony
Layer 3 protoco that s used to carry user data over the Internet and s the focus of the CCNA. Therefore, t
w be the exampe we use for Network ayer protocos n ths course.
IP verson 6 (IPv6) s deveoped and beng mpemented n some areas. IPv6 w operate aongsde IPv4
and may repace t n the future. The servces provded by IP, as we as the packet header structure and
contents, are speced by ether IPv4 protoco or IPv6 protoco. These servces and packet structure are
used to encapsuate UDP datagrams or TCP segments for ther trp across an nternetwork.
The characterstcs of each protoco are dherent. Understandng these characterstcs w aow you to
understand the operaton of the servces descrbed by ths protoco.
The Internet Protoco was desgned as a protoco wth ow overhead. It provdes ony the functons that are
necessary to dever a packet from a source to a destnaton over an nterconnected system of networks.
The protoco was not desgned to track and manage the ow of packets. These functons are performed by
other protocos n other ayers.
IPv4 basc characterstcs:
Connectoness - No connecton s estabshed before sendng data packets.
Best Ehort (unreabe) - No overhead s used to guarantee packet devery.
Meda Independent - Operates ndependenty of the medum carryng the data.
5&&1 - )(e IP%2 Proto$ol - Example o, Network Layer Proto$ol
The dagram depcts how the Network Layer uses TCP/IP. IP packets ow through an nternetwork
consstng of routers and a network coud. TCP segments are encapsuated nto IP packets.
- Connectoness - No connecton s estabshed before sendng data packets.
- Best Ehort (unreabe) - No overhead s used to guarantee packet devery.
- Meda Independent - Operates ndependenty of the medum carryng the data.
5.1.& "he IP v4 Protoco# - Connection#e
Page !
Conne$tionless Ser%i$e
An exampe of connectoness communcaton s sendng a etter to someone wthout notfyng the
recpent n advance. As shown n the gure, the posta servce st takes the etter and devers t to the
recpent. Connectoness data communcatons works on the same prncpe. IP packets are sent wthout
notfyng the end host that they are comng.
Connecton-orented protocos, such as TCP, requre that contro data be exchanged to estabsh the
connecton as we as addtona eds n the PDU header. Because IP s connectoness, t requres no nta
exchange of contro nformaton to estabsh an end-to-end connecton before packets are forwarded, nor
does t requre addtona eds n the PDU header to mantan ths connecton. Ths process greaty reduces
the overhead of IP.
Connectoness packet devery may, however, resut n packets arrvng at the destnaton out of sequence.
If out-of-order or mssng packets create probems for the appcaton usng the data, then upper ayer
servces w have to resove these ssues.
5&&+ - )(e IP%2 Proto$ol - Conne$tionless
The dagram depcts connectoness communcaton by comparng posta routes to data networks. A etter
s sent by pacng t n a post box. The etter then traves by truck to the recpent.
Posta Route:
The sender does not know:
- If the recever s present.
- If the etter has arrved.
- If the recever can read the etter.
The recever does not know when the etter s comng.
Data Network:
The sender does not know:
- If the recever s present.
- If the packet has arrved.
- If the recever can read the packet.
The recever does not know when the etter s comng.
5.1.4 "he IP v4 Protoco# - 'et $(ort
Page !
3est E4ort Ser%i$e 5unrelia"le6
The IP protoco does not burden the IP servce wth provdng reabty. Compared to a reabe protoco,
the IP header s smaer. Transportng these smaer headers requres ess overhead. Less overhead means
ess deay n devery. Ths characterstc s desrabe for a Layer 3 protoco.
The msson of Layer 3 s to transport the packets between the hosts whe pacng as tte burden on the
network as possbe. Layer 3 s not concerned wth or even aware of the type of communcaton contaned
nsde of a packet. Ths responsbty s the roe of the upper ayers as requred. The upper ayers can
decde f the communcaton between servces needs reabty and f ths communcaton can toerate the
overhead reabty requres.
IP s often referred to as an unreabe protoco. Unreabe n ths context does not mean that IP works
propery sometmes and does not functon we at other tmes. Nor does t mean that t s unsutabe as a
data communcatons protoco. 7nrelia"le means simply t(at IP does not (a%e t(e $apa"ility to
manage* and re$o%er ,rom* undeli%ered or $orrupt pa$kets&
Sin$e proto$ols at ot(er layers $an manage relia"ility* IP is allowed to ,un$tion %ery e8$iently
at t(e Network layer& If we ncuded reabty overhead n our Layer 3 protoco, then communcatons
that do not requre connectons or reabty woud be burdened wth the bandwdth consumpton and
deay produced by ths overhead. In the TCP/IP sute, the Transport ayer can choose ether TCP or UDP,
based on the needs of the communcaton. As wth a ayer soaton provded by network modes, eavng
the reabty decson to the Transport ayer makes IP more adaptabe and accommodatng for dherent
types of communcaton.
The header of an IP packet does not ncude eds requred for reabe data devery. There are no
acknowedgments of packet devery. There s no error contro for data. Nor s there any form of packet
trackng; therefore, there s no possbty for packet retransmssons.
5&&2 - )(e IP%2 Proto$ol - 3est E4ort
The dagram depcts best ehort devery for IP. Usng the IP protoco packets are routed qucky through the
network wthout ensurng devery. As a resut, some packets may be ost.
As an unreabe Network Layer protoco, IP does not guarantee that a sent packets w be receved. Other
protocos better manage the process of trackng packets and ensurng ther devery.
5.1.5 "he IP v4 Protoco# - )edia Independent
Page !
9edia Independent
The Network ayer s aso not burdened wth the characterstcs of the meda on whch packets w be
transported. IPv4 and IPv6 operate ndependenty of the meda that carry the data at ower ayers of the
protoco stack. As shown n the gure, any ndvdua IP packet can be communcated eectrcay over
cabe, as optca sgnas over ber, or wreessy as rado sgnas.
It s the responsbty of the OSI Data Lnk ayer to take an IP packet and prepare t for transmsson over
the communcatons medum. Ths means that the transport of IP packets s not mted to any partcuar
medum.
There s, however, one ma|or characterstc of the meda that the Network ayer consders: the maxmum
sze of PDU that each medum can transport. Ths characterstc s referred to as the Maxmum
Transmsson Unt (MTU). Part of the contro communcaton between the Data Lnk ayer and the Network
ayer s the estabshment of a maxmum sze for the packet. The Data Lnk ayer passes the MTU upward
to the Network ayer. The Network ayer then determnes how arge to create the packets.
In some cases, an ntermedary devce - usuay a router - w need to spt up a packet when forwardng t
from one meda to a meda wth a smaer MTU. Ths process s caed fragmenting the packet or
fragmentation.
Lnks
RFC-791 http://www.etf.org/rfc/rfc0791.txt
5&&5 - )(e IP%2 Proto$ol - 9edia Independent
The dagram depcts how IP packets can trave over dherent meda. Two PC's are connected to a group of
routers n a network coud. IP packets are not concerned wth the type of meda on whch they are
traveng. Varous types of nks are shown:
- Lnk from PC1 to Router1 - Meda s copper Ethernet.
- Lnk from Router1 to Router2 - Meda s copper sera.
- Lnk from Router2 to Router3 - Meda s optca ber.
- Lnk from Router3 to Router4 - Meda s copper Ethernet.
- Lnk from Router4 to PC2 - Meda s wreess.
5.1.* IP v4 Packet - Packa+in+ the "ranport Layer P,-
Page !
IPv4 encapsuates, or packages, the Transport ayer segment or datagram so that the network can dever
t to the destnaton host. Cck the steps n the gure to see ths process. The IPv4 encapsuaton remans
n pace from the tme the packet eaves the Network ayer of the orgnatng host unt t arrves at the
Network ayer of the destnaton host.
The process of encapsuatng data by ayer enabes the servces at the dherent ayers to deveop and
scae wthout ahectng other ayers. Ths means that Transport ayer segments can be ready packaged by
exstng Network ayer protocos, such as IPv4 and IPv6 or by any new protoco that mght be deveoped n
the future.
Routers can mpement these dherent Network ayer protocos to operate concurrenty over a network to
and from the same or dherent hosts. The routng performed by these ntermedary devces ony consders
the contents of the packet header that encapsuates the segment.
In a cases, the data porton of the packet - that s, the encapsuated Transport ayer PDU - remans
unchanged durng the Network ayer processes.
Lnks
RFC-791 http://www.etf.org/rfc/rfc0791.txt
5&&: - )(e IP%2 Proto$ol - Pa$kaging t(e )ransport Layer P/7
The dagram depcts how the IP packet packages the Transport Layer PDU (segment or datagram).
Step 1. Transport Layer encapsuaton. The Transport Layer adds a header to the upper ayer data so that
segments can be accounted for and reordered at the destnaton.
Step 2. Network Layer encapsuaton. The Network Layer adds a header so that packets can be routed
through compex networks and reach ther destnaton.
Step 3. In the TCP/IP based network, the Network Layer PDU s the IP packet.
5.1.. IP v4 Packet Header
Page !
As shown n the gure, an IPv4 protoco denes many dherent eds n the packet header. These eds
contan bnary vaues that the IPv4 servces reference as they forward packets across the network.
Ths course w consder these 6 key eds:
IP Source Address
IP Destnaton Address
Tme-to-Lve (TTL)
Type-of-Servce (ToS)
Protoco
Fragment Ohset
;ey IP%2 0eader Fields
Ro over each ed on the graphc to see ts purpose.
IP /estination Address
The IP Destnaton Address ed contans a 32-bt bnary vaue that represents the packet destnaton
Network ayer host address.
IP Sour$e Address
The IP Source Address ed contans a 32-bt bnary vaue that represents the packet source Network ayer
host address.
)ime-to-Li%e
The Tme-to-Lve (TTL) s an 8-bt bnary vaue that ndcates the remanng "fe" of the packet. The TTL
vaue s decreased by at east one each tme the packet s processed by a router (that s, each hop). When
the vaue becomes zero, the router dscards or drops the packet and t s removed from the network data
ow. Ths mechansm prevents packets that cannot reach ther destnaton from beng forwarded
ndentey between routers n a routng oop. If routng oops were permtted to contnue, the network
woud become congested wth data packets that w never reach ther destnaton. Decrementng the TTL
vaue at each hop ensures that t eventuay becomes zero and that the packet wth the expred TTL ed
w be dropped.
Proto$ol
Ths 8-bt bnary vaue ndcates the data payoad type that the packet s carryng. The Protoco ed
enabes the Network ayer to pass the data to the approprate upper-ayer protoco.
Exampe vaues are:
01 ICMP
06 TCP
17 UDP
)ype-o,-Ser%i$e
The Type-of-Servce ed contans an 8-bt bnary vaue that s used to determne the prorty of each
packet. Ths vaue enabes a Ouaty-of-Servce (OoS) mechansm to be apped to hgh prorty packets,
such as those carryng teephony voce data. The router processng the packets can be congured to
decde whch packet t s to forward rst based on the Type-of-Servce vaue.
Fragment O4set
As mentoned earer, a router may have to fragment a packet when forwardng t from one medum to
another medum that has a smaer MTU. When fragmentaton occurs, the IPv4 packet uses the Fragment
Ohset ed and the MF ag n the IP header to reconstruct the packet when t arrves at the destnaton
host. The fragment ohset ed dentes the order n whch to pace the packet fragment n the
reconstructon.
9ore Fragments <ag
The More Fragments (MF) ag s a snge bt n the Fag ed used wth the Fragment Ohset for the
fragmentaton and reconstructon of packets. The More Fragments ag bt s set, t means that t s not the
ast fragment of a packet. When a recevng host sees a packet arrve wth the MF = 1, t examnes the
Fragment Ohset to see where ths fragment s to be paced n the reconstructed packet. When a recevng
host receves a frame wth the MF = 0 and a non-zero vaue n the Fragment ohset, t paces that fragment
as the ast part of the reconstructed packet. An unfragmented packet has a zero fragmentaton
nformaton (MF = 0, fragment ohset =0).
/on=t Fragment <ag
The Don't Fragment (DF) ag s a snge bt n the Fag ed that ndcates that fragmentaton of the packet
s not aowed. If the Don't Fragment ag bt s set, then fragmentaton of ths packet s NOT permtted. If a
router needs to fragment a packet to aow t to be passed downward to the Data Lnk ayer but the DF bt
s set to 1, then the router w dscard ths packet.
Lnks:
RFC 791 http://www.etf.org/rfc/rfc0791.txt
For a compete st of vaues of IP Protoco Number ed
http://www.ana.org/assgnments/protoco-numbers
5&&> - )(e IP%2 Pa$ket 0eader
The dagram depcts the IPv4 packet header eds. Informaton s provded for seected eds.
Ver.
IHL
Type of Servce - Data O o S prorty. Enabes the router to gve prorty to voce and network route
nformaton over reguar data.
Packet Length
Identcaton
Fag - These 3 bts represent contro ags, such as DF and MF.
Fragment Ohset - These 13 bts aow a recever to determne the pace of a partcuar fragment n the
orgna IP datagram.
Tme to Lve - Number of hops before the packet s dropped. Ths vaue s decremented at each hop to
prevent packets beng passed around the network n routng oops.
Protoco - Data payoad protoco type. Indcates whether the data s a UDP datagram or TCP segment
because these Transport Layer protocos manage the recept of ther PDU's dherenty.
Header Checksum
Source Address - IPv4 address of the host sendng the packet. Remans unchanged throughout the passage
of the packet across the nternetwork. Enabes the destnaton host to respond to the source f requred.
Destnaton Address - IPv4 address of the host to receve the packet. Remans unchanged throughout the
passage of the packet across the nternetwork. Enabes routers at each hop to forward the packet toward
the destnaton.
Optons
Paddng
Page 1!
Ot(er IP%2 0eader Fields
Ro over each ed on the graphc to see ts purpose.
?ersion - Contans the IP verson number (4).
0eader Lengt( 5I0L6 - Speces the sze of the packet header.
Pa$ket Lengt( - Ths ed gves the entre packet sze, ncudng header and data, n bytes.
Identi-$ation - Ths ed s prmary used for unquey dentfyng fragments of an orgna IP packet.
0eader C(e$ksum - The checksum ed s used for error checkng the packet header.
Options - There s provson for addtona eds n the IPv4 header to provde other servces but these are
rarey used.
5&&> - )(e IP%2 Pa$ket 0eader
The dagram depcts the IPv4 packet header eds n the same sequence as Dagram 1. Informaton s
provded for seected eds other than those n the prevous dagram.
Ver. - IP verson number.
IHL - Sze of the packet header. Ths s necessary because the Optons ed means that the header sze can
vary, and the protoco needs to know where the header ends and the data starts when processng the
packet.
Type of Servce
Packet Length - Sze of entre packet, ncudng the header and data, n bytes. The packet must be a
mnmum of 20 bytes (20 bytes header + 0 bytes data) and a maxmum of 65,535.
Identcaton - Unquey dentes fragments of an orgna IP packet.
Fag
Fragment Ohset
Tme to Lve
Protoco
Header Checksum - For error checkng the packet header. At each hop, the header checksum must be
compared to the vaue of ths ed. If the header checksum does not match the cacuated checksum, the
packet s dscarded. At each hop, the TTL ed s decremented. Fragmentaton s aso possbe, so the
checksum has to be recacuated at each hop. Ths checksum ony appes to the header, not the
encapsuated data.
Source Address
Destnaton Address
Optons - Addtona eds to provde other servces; rarey used.
Paddng
Page +!
)ypi$al IP Pa$ket
The gure represents a compete IP packet wth typca header ed vaues.
?er = 4; IP verson.
I0L = 5; sze of header n 32 bt words (4 bytes). Ths header s 5*4 = 20 bytes, the mnmum vad sze.
)otal Lengt( = 472; sze of packet (header and data) s 472 bytes.
Identi-$ation = 111; orgna packet denter (requred f t s ater fragmented).
Flag = 0; denotes packet can be fragmented f requred.
Fragment O4set = 0; denotes that ths packet s not currenty fragmented (there s no ohset).
)ime to Li%e = 123; denotes the Layer 3 processng tme n seconds before the packet s dropped
(decremented by at east 1 every tme a devce processes the packet header).
Proto$ol = 6; denotes that the data carred by ths packet s a TCP segment .
5&&> - )(e IP%2 Pa$ket 0eader
The dagram depcts a typca IPv4 packet wth exampe vaues.
Ver=4
IHL=5
Type of Servce
Tota Length=472
Identcaton=111
Fag=0
Fragment Ohset=0
Tme=123
Protoco=6
Header Checksum
Source Address
Destnaton Address
Optons
Data
5.! Network - ,ividin+ Hot into /roup
5.!.1 Network - 0eparatin+ Hot into Common /roup
Page !
One of the ma|or roes of the Network ayer s to provde a mechansm for addressng hosts. As the number
of hosts on the network grows, more pannng s requred to manage and address the network.
/i%iding Networks
Rather than havng a hosts everywhere connected to one vast goba network, t s more practca and
manageabe to group hosts nto specc networks. Hstorcay, IP-based networks have ther roots as one
arge network. As ths snge network grew, so dd the ssues reated to ts growth. To aevate these ssues,
the arge network was separated nto smaer networks that were nterconnected. These smaer networks
are often caed subnetworks or subnets.
Network and subnet are terms often used nterchangeaby to refer to any network system made possbe
by the shared common communcaton protocos of the TCP/IP mode.
Smary, as our networks grow, they may become too arge to manage as a snge network. At that pont,
we need to dvde our network. When we pan the dvson of the network, we need to group together those
hosts wth common factors nto the same network.
As shown n the gure, networks can be grouped based on factors that ncude:
Geographc ocaton
Purpose
Ownershp
5&1& - Networks - Separating 0osts into Common @roups
The dagram depcts a arge compex network wth many servers, aptops, and prnters. It provdes reasons
why network desgners dvde arger networks nto smaer ones, such as geography, purpose, and
ownershp. A arge network s too compex to operate and manage emcenty.
Geography: The arge network s dvded nto three smaer ones based on ocaton: West Omce, East
Omce, and North Omce. Varous departments are present n each ocaton, ncudng Saes, HR, Lega, and
Admn.
Purpose: The arge network s dvded nto three smaer ones based on purpose or departmenta functon:
HR Omce, Lega Omce, and Saes Omce.
Ownershp: The arge network s dvded nto three smaer ones based on types of users: Pubc Foor,
Prvate Foor, and Mobe. The pubc and prvate oor areas have a arge ova surroundng them ndcatng
that they are owned by a common entty. The mobe users are outsde the ova.
Page 1!
@rouping 0osts @eograp(i$ally
We can group network hosts together geographcay. Groupng hosts at the same ocaton - such as each
budng on a campus or each oor of a mut-eve budng - nto separate networks can mprove network
management and operaton.
Cli$k t(e @EO@.AP0IC "utton on t(e -gure&
@rouping 0osts ,or Spe$i-$ Purposes
Users who have smar tasks typcay use common software, common toos, and have common tramc
patterns. We can often reduce the tramc requred by the use of specc software and toos by pacng the
resources to support them n the network wth the users.
The voume of network data tramc generated by dherent appcatons can vary sgncanty. Dvdng
networks based on usage factates the ehectve aocaton of network resources as we as authorzed
access to those resources. Network professonas need to baance the number of hosts on a network wth
the amount of tramc generated by the users. For exampe, consder a busness that empoys graphc
desgners who use the network to share very arge mutmeda es. These es consume most of the
avaabe bandwdth for most of the workng day. The busness aso empoys saespersons who ony ogged
n once a day to record ther saes transactons, whch generates mnma network tramc. In ths scenaro,
the best use of network resources woud be to create severa sma networks to whch a few desgners had
access and one arger network that a the saespersons used.
Cli$k t(e P7.POSE "utton on t(e -gure&
@rouping 0osts ,or Owners(ip
Usng an organzatona (company, department) bass for creatng networks asssts n controng access to
the devces and data as we as the admnstraton of the networks. In one arge network, t s much more
dmcut to dene and mt the responsbty for the network personne. Dvdng hosts nto separate
networks provdes a boundary for securty enforcement and management of each network.
Cli$k t(e OANE.S0IP "utton on t(e -gure&
Lnks:
Network desgn http://www.csco.com/en/US/docs/nternetworkng/desgn/gude/nd2002.htm
5&1& - Networks - Separating 0osts into Common @roups
The dagram depcts a smar network dvson as the prevous dagram and sts advantages of breakng a
network nto manageabe segments.
Geography: The arge network s dvded nto three smaer ones based on ocaton: West Omce, East
Omce, and North Omce. The smpe fact of wrng together the physca network can make geographc
ocaton a ogca pace to start when segmentng a network.
Purpose: The voume and type of data generated by a cass of users may make t approprate to group
smar users nto a network. The arge network s dvded nto two smaer ones based on purpose or
departmenta functon:
Art Department - Contans vdeo deveopment workstatons and servers. A speech bubbe above the
workstatons states: Artsts need hgh bandwdth to create vdeo.
Saes Omce - Contans a aptop connected to a server. A speech bubbe above the aptop states:
Saespeope need 100% reabty and speed.
Ownershp: Groupng hosts nto networks based on ownershp can enhance data securty. The network s
dvded nto two segments: corporate records and pubc web ste. An externa user s attemptng to access
es n both ocatons. A rewa at the corporate records ocaton has an X on t, and the text states: STOP!
No entry to the pubc. A speech bubbe above the servers states: We own these servers.
A rewa at the pubc web ste ocaton has text that states: Enter wth permsson. A speech bubbe
above the servers states: We own these servers.
5.!.! 1hy 0eparate Hot Into Network2 - Performance
Page !
As mentoned prevousy, as networks grow arger they present probems that can be at east partay
aevated by dvdng the network nto smaer nterconnected networks.
Common ssues wth arge networks are:
Performance degradaton
Securty ssues
Address Management
Impro%ing Per,orman$e
Large numbers of hosts connected to a snge network can produce voumes of data tramc that may
stretch, f not overwhem, network resources such as bandwdth and routng capabty.
Dvdng arge networks so that hosts who need to communcate are grouped together reduces the tramc
across the nternetworks.
In addton to the actua data communcatons between hosts, network management and contro tramc
(overhead) aso ncreases wth the number of hosts. A sgncant contrbutor to ths overhead can be
network broadcasts.
A broadcast s a message sent from one host to all other hosts on the network. Typcay, a host ntates a
broadcast when nformaton about another unknown host s requred. Broadcasts are a necessary and
usefu too used by protocos to enabe data communcaton on networks. However, arge numbers of hosts
generate arge numbers of broadcasts that consume network bandwdth. And because every other host
has to process the broadcast packet t receves, the other productve functons that a host s performng
are aso nterrupted or degraded.
Broadcasts are contaned wthn a network. In ths context, a network s aso known as a broadcast doman.
Managng the sze of broadcast domans by dvdng a network nto subnets ensures that network and host
performances are not degraded to unacceptabe eves.
.oll o%er OptimiBe @rouping in t(e -gure to see (ow to in$rease per,orman$e&
5&1&1 -- A(y Separate 0osts into NetworksC - Per,orman$e
The dagram depcts separatng a network usng a router to mt broadcasts and mprove performance.
Network Topoogy 1:
Hosts PC1, PC2, PC3, and Server1 are connected to swtch S1. Hosts PC4, PC5, PC6, and Server2 are
connected to swtch S2. Swtches S1 and S2 are connected to swtch S3.
A devces n ths network are connected n one broadcast doman when the swtch s set to the factory
defaut settngs. Because swtches forward broadcasts by defaut, broadcasts are processed by a devces
n ths network.
Network Topoogy 2:
Hosts PC1, PC2, PC3, and Server1 are connected to swtch S1. Hosts PC4, PC5, PC6, and Server2 are
connected to swtch S2. Swtches S1 and S2 are connected to router R1, whch repaces swtch S3.
Repacng the mdde swtch wth a router creates two IP subnets, creatng two dstnct broadcast domans.
A devces are connected, but oca broadcasts are contaned.
Page 1!
In ths actvty, the repacement of a swtch wth a router breaks one arge broadcast doman nto two more
manageabe ones.
Cli$k t(e Pa$ket )ra$er i$on to laun$( t(e Pa$ket )ra$er a$ti%ity&
5&1&1 -- A(y Separate 0osts into NetworksC - Per,orman$e
Lnk to Packet Tracer Exporaton: Routers Segment Broadcast Domans
In ths actvty, repacng a swtch wth a router breaks one arge broadcast doman nto two more-
manageabe domans.
5.!.& 1hy 0eparate Hot Into Network2 - 0ecurity
Page !
The IP-based network that has become the Internet orgnay had a sma number of trusted users n U.S.
government agences and the research organzatons that they sponsored. In ths sma communty,
securty was not a sgncant ssue.
The stuaton has changed as ndvduas, busnesses, and organzatons have deveoped ther own IP
networks that nk to the Internet. The devces, servces, communcatons, and data are the property of
those network owners. Network devces from other companes and organzatons do not need to connect to
ther network.
Dvdng networks based on ownershp means that access to and from resources outsde each network can
be prohbted, aowed, or montored.
.oll o%er t(e A$$ess @ranted and A$$ess /enied "uttons on t(e -gure to see di4erent le%els o,
se$urity&
Internetwork access wthn a company or organzaton can be smary secured. For exampe, a coege
network can be dvded nto admnstratve, research, and student subnetworks. Dvdng a network based
on user access s a means to secure communcatons and data from unauthorzed access by users both
wthn the organzaton and outsde t.
Securty between networks s mpemented n an ntermedary devce (a router or rewa appance) at the
permeter of the network. The rewa functon performed by ths devce permts ony known, trusted data
to access the network.
Lnks:
IP network securty
http://www.csco.com/en/US/docs/nternetworkng/case/studes/cs003.htm
5&1&+ - A(y Separate 0osts into NetworksC - Se$urity
The dagram depcts separatng a network to provde ncreased securty and contro access from the
Internet. Frewas contro access to the Admnstrator and Researcher segments of the network.
Network Topoogy:
On the Admnstrator and Student records segment, hosts PC1, PC2, PC3, Server1, and Server2 are
connected to swtch S1. Swtch S1 s connected to router R1. Router R1 s connected to a rewa, whch s
connected to the Internet.
On the Researcher segment, hosts PC4, PC5, PC6, Server3, and Server4 are connected to swtch S2. Swtch
S2 s connected to router R2. Router R2 s connected to a rewa, whch s connected to the Internet.
Access Granted: Each user can reach servers n ts own department. Admnstrators are aowed access to
Student records servers n the Admnstrator segment of the network. Researchers are aowed access to
Research servers n the Research segment of the network.
Access Dened: The rewas contro access between departments. Each user s bocked from reachng
servers n other departments. A user from the Admnstrator segment of the network who attempts to
access the Research segment s re|ected at the rewa.
5.!.4 1hy 0eparate Hot Into Network2 - 3ddre )ana+ement
Page !
The Internet conssts of mons of hosts, each of whch s dented by ts unque Network ayer address. To
expect each host to know the address of every other host woud mpose a processng burden on these
network devces that woud severey degrade ther performance.
Dvdng arge networks so that hosts who need to communcate are grouped together reduces the
unnecessary overhead of a hosts needng to know a addresses.
For a other destnatons, the hosts ony need to know the address of an ntermedary devce, to whch
they send packets for a other destnatons addresses. Ths ntermedary devce s caed a gateway. The
gateway s a router on a network that serves as an ext from that network.
5&1&2 - A(y Separate 0osts into NetworksC - Address 9anagement
The dagram depcts separatng a network to provde address management.
Network Topoogy 1:
Hosts PC1, PC2, PC3, and PC4 are connected to swtch S1. Swtch S1 s connected to a gateway router. The
gateway router s connected to a coud abeed Outsde. An externa PC s aso connected to the coud.
An arrow ponts to PC1 wth text that states: Ths host has the addresses for the hosts n ts own network.
An arrow ponts to the externa remote PC wth text that states: The address for ths destnaton s
unknown, so packets are passed to the gateway router.
Hosts do not know how to dever data to devces n a remote network. Ths s the roe of the gateway.
5.!.5 How ,o 1e 0eparate Hot Into Network2 - Hierarchica# 3ddrein+
Page !
To be abe to dvde networks, we need herarchca addressng. A herarchca address unquey dentes
each host. It aso has eves that assst n forwardng packets across nternetworks, whch enabes a
network to be dvded based on those eves.
To support data communcatons between networks over nternetworks, Network ayer addressng schemes
are herarchca.
As shown n the gure, posta addresses are prme exampes of herarchca addresses.
Consder the case of sendng a etter from |apan to an empoyee workng at Csco Systems, Inc.
The etter woud be addressed:
Employee Name
Csco Systems, Inc.
170 West Tasman Drve
San |ose, CA 95134
USA
When a etter s posted n the country of orgn, the posta authorty woud ony ook at the destnaton
country and note that the etter was destned for the U.S. No other address detas need to be processed at
ths eve.
Upon arrva n the U.S., the post omce rst ooks at the state, Caforna. The cty, street, and company
name woud not be examned f the etter st needed to be forwarded to the correct state. Once n
Caforna, the etter woud be drected to San |ose. There the oca ma carrer woud take the etter to
West Tasman Drve, and then refer to the street address and dever t to 170. When the etter s actuay
on Csco premses, the empoyee name woud be used to forward t to ts utmate destnaton.
Referrng ony to the reevant address eve (country, state, cty, street, number, and empoyee) at each
stage when drectng the etter onto the next hop makes ths process very emcent. There s no need for
each forwardng stage to know the exact ocaton of the destnaton; the etter was drected n the genera
drecton unt the empoyee's name was nay used at the destnaton.
Herarchca Network ayer addresses work n much the same way. Layer 3 addresses suppy the network
porton of the address. Routers forward packets between networks by referrng ony to the part of the
Network ayer address that s requred to drect the packet toward the destnaton network. By the tme the
packet arrves at the destnaton host network, the whoe destnaton address of the host w have been
used to dever the packet.
If a arge network needs to be dvded nto smaer networks, addtona ayers of addressng can be
created. Usng a herarchca addressng scheme means that the hgher eves of the address (smar to the
country n the posta address) can be retaned, wth the mdde eve denotng the network addresses
(state or cty) and the ower eve the ndvdua hosts.
5&1&5 -- 0ow /o Ae Separate 0osts into NetworksC - 0ierar$(i$al Addressing
The dagram depcts herarchca addressng usng a posta address.
A etter from |apan s addressed to |ane Doe at 170 West Tasman Drve, San |ose, Caforna, zp code
95134, USA. The address on the enveope provdes answers to the foowng questons n a herarchca
manner to factate the devery process. At each step of the devery, the post omce needs to ony
examne the next herarchca eve.
-Whch country? USA
-Whch zp code? 95134 (San |ose)
-Whch address? 170 West Tasman Drve
-Whch person? |ane Doe
5.!.* ,ividin+ the Network - Network from Network
Page !
If a arge network has to be dvded, addtona ayers of addressng can be created. Usng herarchca
addressng means that the hgher eves of the address are retaned; wth a subnetwork eve and then the
host eve.
The ogca 32-bt IPv4 address s herarchca and s made up of two parts. The rst part dentes the
network and the second part dentes a host on that network. Both parts are requred for a compete IP
address.
For convenence IPv4 addresses are dvded n four groups of eght bts (octets). Each octet s converted to
ts decma vaue and the compete address wrtten as the four decma vaues separated by a dot (perod).
For exampe - 192.168.18.57
In ths exampe, as the gure shows, the rst three octets, (192.168.18), can dentfy the network porton
of the address, and the ast octet, (57) dentes the host.
Ths s herarchca addressng because the network porton ndcates the network on whch each unque
host address s ocated. Routers ony need to know how to reach each network, rather than needng to
know the ocaton of each ndvdua host.
Wth IPv4 herarchca addressng, the network porton of the address for a hosts n a network s the same.
To dvde a network, the network porton of the address s extended to use bts from the host porton of the
address. These borrowed host bts are then used as network bts to represent the dherent subnetworks
wthn the range of the orgna network.
Gven that an IPv4 address s 32 bts, when host bts are used to dvde a network the more subnetworks
created resuts n fewer hosts for each subnetwork. Regardess of the number of subnetworks created
however, a 32 bts are requred to dentfy an ndvdua host.
The number of bts of an address used as the network porton s caed the prex ength. For exampe f a
network uses 24 bts to express the network porton of an address the prex s sad to be /24. In the
devces n an IPv4 network, a separate 32-bt number caed a subnet mask ndcates the prex.
Note: Chapter 6 n ths course w cover IPv4 network addressng and subnetworkng n deta.
Extendng the prex ength or subnet mask enabes the creaton of these subnetworks. In ths way network
admnstrators have the exbty to dvde networks to meet dherent needs, such as ocaton, managng
network performance, and securty, whe ensurng each host has a unque address.
For t(e purposes o, explanation* (owe%er in t(is $(apter t(e -rst 12 "its o, an IP%2 address
will "e used as t(e network portion&
Lnks:
Internet Assgned Numbers Authorty
http://www.ana.org/
5&1&: - /i%iding t(e Networks - Networks ,rom Networks
The dagram depcts the structure of the herarchca IPv4 address. In the exampe, the 32-bt IP address
192.168.18.57 s dvded nto two parts, a network porton and host porton. The rst three octets (8 bts
each) are the network porton, and the ast octet (8 bts) s the host porton. In the exampe shown,
192.168.18 s the network porton, and dot 57 s the host porton of the IPv4 address.
5.& 4outin+ - How 5ur ,ata Packet are Hand#ed
5.&.1 ,evice Parameter - 0upportin+ Communication 5utide 5ur Network
Page !
Wthn a network or a subnetwork, hosts communcate wth each other wthout the need for any Network
ayer ntermedary devce. When a host needs to communcate wth another network, an ntermedary
devce, or router, acts as a gateway to the other network.
As a part of ts conguraton, a host has a defaut gateway address dened. As shown n the gure, ths
gateway address s the address of a router nterface that s connected to the same network as the host.
Keep n mnd that t s not feasbe for a partcuar host to know the address of every devce on the Internet
wth whch t may have to communcate. To communcate wth a devce on another network, a host uses
the address of ths gateway, or defaut gateway, to forward a packet outsde the oca network.
The router aso needs a route that denes where to forward the packet next. Ths s caed the next-hop
address. If a route s avaabe to the router, the router w forward the packet to the next-hop router that
ohers a path to the destnaton network.
Lnks:
RFC 823
http://www.etf.org/rfc/rfc0823.txt
5&+& - /e%i$e Parameters - Supporting Communi$ation Outside Our Network
The dagram depcts how gateways enabe communcaton between networks.
Network Topoogy:
Hosts PC1 and PC2 are connected to swtch S1 n LAN1. Swtch S1 s connected to gateway router R1.
Hosts PC3 and PC4 are connected to swtch S2 n LAN2. Swtch S2 s connected to gateway router R2.
Gateway router R1 at the edge of LAN1 s connected to gateway router R2 at the edge of LAN2.
LAN1 IP Addressng:
PC1 IP address: 192.168.2.30/24
PC2 IP address: 192.168.2.31/24
Gateway Router R1: 192.168.2.1/24
LAN2 IP Addressng:
PC3 IP address: 192.168.3.4/24
PC4 IP address: 192.168.3.5/24
Gateway Router R1: 192.168.3.1/24
A speech bubbe for PC1 n LAN1 states: I ony know the addresses of the devces n my network. If I don't
know that address of the destnaton devce, I send the packet to the gateway address by defaut.
5.&.! IP Packet - Carryin+ ,ata $nd to $nd
Page !
As you know, the roe of the Network ayer s to transfer data from the host that orgnates the data to the
host that uses t. Durng encapsuaton at the source host, an IP packet s constructed at Layer 3 to
transport the Layer 4 PDU. If the destnaton host s n the same network as the source host, the packet s
devered between the two hosts on the oca meda wthout the need for a router.
However, f the destnaton host and source host are not n the same network, the packet may be carryng
a Transport ayer PDU across many networks and through many routers. As t does, the nformaton
contaned wthn s not atered by any routers when forwardng decsons are made.
At each hop, the forwardng decsons are based on the nformaton n the IP packet header. The packet
wth ts Network Layer encapsuaton aso s bascay ntact throughout the compete process, from the
source host to the destnaton host.
If communcaton s between hosts n dherent networks, the oca network devers the packet from the
source to ts gateway router. The router examnes the network porton of the packet destnaton address
and forwards the packet to the approprate nterface. If the destnaton network s drecty connected to
ths router, the packet s forwarded drecty to that host. If the destnaton network s not drecty
connected, the packet s forwarded on to a second router that s the next-hop router.
The packet forwardng then becomes the responsbty of ths second router. Many routers or hops aong
the way may process the packet before reachng the destnaton.
Cli$k t(e steps on t(e -gure to ,ollow t(e pat( o, t(e IP pa$ket&
Lnks:
RFC 791 http://www.etf.org/rfc/rfc0791.txt
RFC 823 http://www.etf.org/rfc/rfc0823.txt
5&+&1 - IP Pa$kets - Carrying /ata End to End
The dagram depcts how IP packets are routed.
Network Topoogy:
- Hosts PC1 and PC2 are connected to swtch S1 n LAN1 (network 192.168.2.0/24).
- Swtch S1 s connected to router R1.
- Host PC3 s connected to swtch S2 n LAN2 (network 192.168.3.0/24).
- Swtch S2 s connected to router R1.
- Router R1 s connected to router R3.
- Host PC4 s connected to swtch S3 n LAN3 (network 192.168.4.0/24).
- Swtch S3 s connected to router R2.
- Router R2 s connected to router R3.
- Host PC5 s connected to swtch S4 n LAN4 (network 192.168.5.0/24).
- Swtch S4 s connected to router R3.
Scenaro:
PC2 wth IP address 192.168.2.30/24 n LAN1 needs to send a packet to destnaton PC5 wth IP address
192.168.5.6/24 n LAN4. The packet s routed as foows.
Step 1: PC2 (192.168.2.30/24) asks: "Is ths packet destned for a devce on ths network? No. It s destned
for devce 192.168.5.6/24, a devce on another network."
Step 2: PC2 sends the packet to the router R1 gateway nterface wth IP address 192.168.2.1/24.
Step 3: Router R1 asks: "Is ths packet destned for a drecty connected devce? No. Forward the packet to
the next router." The packet s forwarded to router R2.
Step 4: Router R2 asks: "Is ths packet destned for a drecty connected devce? No. Forward the packet to
the next router." The packet s forwarded to router R3.
Step 5: Router R3 asks: "Is ths packet destned for a drecty connected devce? Yes. Forward the packet to
ths devce." The packet s forwarded to PC5.
Step 6: The IP packet arrves at ts destnaton. The IP header s removed, and the TCP segment s passed
to Layer 4 on devce PC5.
5.&.& 3 /ateway - "he 1ay 5ut of 5ur Network
Page !
The gateway, aso known as the defaut gateway, s needed to send a packet out of the oca network. If
the network porton of the destnaton address of the packet s dherent from the network of the orgnatng
host, the packet has to be routed outsde the orgna network. To do ths, the packet s sent to the
gateway. Ths gateway s a router nterface connected to the oca network. The gateway nterface has a
Network ayer address that matches the network address of the hosts. The hosts are congured to
recognze that address as the gateway.
/e,ault @ateway
The defaut gateway s congured on a host. On a Wndows computer, the Internet Protoco (TCP/IP)
Propertes toos are used to enter the defaut gateway IPv4 address. Both the host IPv4 address and the
gateway address must have the same network (and subnet, f used) porton of ther respectve addresses.
Cli$k on t(e grap(i$ to display t(e Aindows Properties&
Host gateway conguraton http://www.mcrosoft.com/technet/communty/coumns/cabeguy/cg0903.mspx
5&+&+ - A @ateway - )(e Aay Out o, Our Network
The dagram depcts how each host on a partcuar LAN has the same defaut gateway address, whch s
the address of the gateway nterface connected to ths network. The gateway for a Wndows PC s
congured usng TCP/IP Propertes. A screenshot of the Wndows TCP/IP Propertes s shown for PC2.
Network Topoogy:
Hosts PC1, PC2, and PC3 are connected to swtch S1 n LAN1 (network 192.168.1.0/24). Swtch S1 s
connected to gateway router R1.
PC1 IP Address: 192.168.1.1/24
PC1 Gateway Address: 192.168.1.254/24
PC2 IP Address: 192.168.1.2/24
Gateway Address: 192.168.1.254/24
PC3 IP Address: 192.168.1.3/24
PC3 Gateway Address: 192.168.1.254/24
Router R1 gateway LAN nterface IP address: 192.168.1.254/24
PC2 Wndows TCP/IP Propertes Screenshot
IP Address: 192.168.1.2/24
Subnet mask: 255.255.255.0
Gateway Address: 192.168.1.254/24
Page 1!
Con-rming t(e @ateway and .oute
As shown n the gure, the IP address of the defaut gateway of a host can be vewed by ssung the
ip$on-g or route print commands at the command ne of a Wndows computer. The route command s
aso used n a Lnux or UNIX host.
5&+&+ - A @ateway - )(e Aay Out o, Our Network
The dagram depcts usng the Wndows p cong command to conrm gateway settngs. Sampe output
shows the defaut gateway address.
C:\> p cong
Wndows IP Conguraton
Ethernet adapter Loca Area Connecton:
Connecton-specc DNS Sumx - no entry.
IP Address 192.168.1.2 - IP address for ths host computer.
Subnet Mask 255.255.255.0 - Loca network subnet mask.
Defaut Gateway 192.168.1.254 - Defaut gateway address for ths host computer.
Page +!
No pa$ket $an "e ,orwarded wit(out a route& Whether the packet s orgnatng n a host or beng
forwarded by an ntermedary devce, the devce must have a route to dentfy where to forward the
packet.
A host must ether forward a packet to the host on the oca network or to the gateway, as approprate. To
forward the packets, the host must have routes that represent these destnatons.
A router makes a forwardng decson for each packet that arrves at the gateway nterface. Ths forwardng
process s referred to as routng. To forward a packet to a destnaton network, the router requres a route
to that network. If a route to a destnaton network does not exst, the packet cannot be forwarded.
The destnaton network may be a number of routers or hops away from the gateway. The route to that
network woud ony ndcate the next-hop router to whch the packet s to be forwarded, not the na
router. The routng process uses a route to map the destnaton network address to the next hop and then
forwards the packet to ths next-hop address.
Lnks:
RFC 823 http://www.etf.org/rfc/rfc0823.txt
5&+&+ - A @ateway - )(e Aay Out o, Our Network
The dagram depcts a smpe network wth two routers. The contents of the oca routng tabe for one of
the routers s expanded.
Network Topoogy:
The oca router R1 nterface wth IP address 192.168.1.1/24 s connected to the remote router R2 nterface
wth IP address 192.168.1.2/24. Router R2 aso has two oca networks connected on two of ts other
nterfaces: network 10.1.1.0/24 and network 10.1.2.0/24.
The R1 oca router routng tabe contans the foowng:
Destnaton network: 10.1.1.0/24
Next hop address: 192.168.1.2
Destnaton network: 10.1.2.0/24
Next hop address: 192.168.1.2
Ths ndcates that for packets to reach ether the 10.1.1.0/24 or the 10.1.2.0/24 network on router R2, R1
must send the packet to the next hop, whch s R2's 192.168.1.2/24 nterface.
5.&.4 3 4oute - "he Path to a Network
Page !
A route for packets for remote destnatons s added usng the defaut gateway address as the next hop.
Athough t s not usuay done, a host can aso have routes manuay added through conguratons.
Lke end devces, routers aso add routes for the connected networks to ther routng tabe. When a router
nterface s congured wth an IP address and subnet mask, the nterface becomes part of that network.
The routng tabe now ncudes that network as a drecty connected network. A other routes, however,
must be congured or acqured va a routng protoco. To forward a packet the router must know where to
send t. Ths nformaton s avaabe as routes n a routng tabe.
The routng tabe stores nformaton about connected and remote networks. Connected networks are
drecty attached to one of the router nterfaces. These nterfaces are the gateways for the hosts on
dherent oca networks. Remote networks are networks that are not drecty connected to the router.
Routes to these networks can be manuay congured on the router by the network admnstrator or
earned automatcay usng dynamc routng protocos.
Routes n a routng tabe have three man features:
Destnaton network
Next-hop
Metrc
The router matches the destnaton address n the packet header wth the destnaton network of a route n
the routng tabe and forwards the packet to the next-hop router speced by that route. If there are two or
more possbe routes to the same destnaton, the metrc s used to decde whch route appears on the
routng tabe.
As shown n the gure, the routng tabe n a Csco router can be examned wth the s(ow ip route
command.
Note! The routng process and the roe of metrcs are the sub|ect of a ater course and w be covered n
deta there.
As you know, packets cannot be forwarded by the router wthout a route. If a route representng the
destnaton network s not on the routng tabe, the packet w be dropped (that s, not forwarded). The
matchng route coud be ether a connected route or a route to a remote network. The router may aso use
a defaut route to forward the packet. The defaut route s used when the destnaton network s not
represented by any other route n the routng tabe.
5&+&2 - A .oute - )(e Pat( to a Network
The dagram depcts conrmaton of the gateway and route usng the Csco I O S show p route command.
Network Topoogy:
Same as 5.3.3 dagram 3.
The foowng s the parta routng tabe output of the show p route command for oca router R1:
10.0.0.0/24 s subnetted, 2 subnets
R 10.1.1.0 |120/1| va 192.168.2.2, 00:00:08, FastEthernet0/0
R 10.1.2.0 |120/1| va 192.168.2.2, 00:00:08, FastEthernet0/0
C 192.168.2.0/24 s drecty connected, FastEthernet0/0
The next hop for networks 10.1.1.0/24 and 10.1.2.0/24 from oca router R2 s 192.168.2.2.
Page 1!
0ost .outing )a"le
A host creates the routes used to forward the packets t orgnates. These routes are derved from the
connected network and the conguraton of the defaut gateway.
Hosts automatcay add a connected networks to the routes. These routes for the oca networks aow
packets to be devered to hosts that are connected to these networks.
Hosts aso requre a oca routng tabe to ensure that Network ayer packets are drected to the correct
destnaton network. Unke the routng tabe n a router, whch contans both oca and remote routes, the
oca tabe of the host typcay contans ts drect connecton or connectons to the network and ts own
defaut route to the gateway. Congurng the defaut gateway address on the host creates the oca defaut
route.
As shown n the gure, the routng tabe of a computer host can be examned at the command ne by
ssung the netstat -r, route, or route PRINT commands.
In some crcumstances, you may want to ndcate more specc routes from a host. You can use the
foowng optons for the route command to modfy the routng tabe contents:
route ADD
route DELETE
route CHANGE
Lnks:
RFC 823 http://www.etf.org/rfc/rfc0823.txt
5&+&2 - A .oute - )(e Pat( to a Network
The dagram depcts a routng tabe on end devce PC1 after the netstat -r command s ssued.
Network Topoogy:
Host PC1 wth IP address 192.168.1.2 s connected to swtch S1, whch s connected to the router R1
defaut gateway 192.168.1.254.
Output from the netstat -r command:
Interface Lst
0x2 ...00 0f fe 26 f7 7b ... Ggabt Ethernet - Packet Scheduer Mnport
Actve Routes:
Network Destnaton: 0.0.0.0
Netmask: 0.0.0.0
Gateway: 192.168.1.254
Interface: 192.168.1.2
Metrc: 20
Network Destnaton: 192.168.1.0
Netmask: 255.255.255.0
Gateway: 192.168.1.2
Interface: 192.168.1.2
Metrc: 20
Defaut Gateway: 192.168.1.254
Output omtted.
Note that the output shows a route to ts own oca network (192.168.1.0) and a defaut route (0.0.0.0) to
the router gateway for a other networks.
5.&.5 "he ,etination Network
Page !
.outing )a"le Entries
The destnaton network shown n a routng tabe entry, caed a route, represents a range of host
addresses and sometmes a range of network and host addresses.
The herarchca nature of Layer 3 addressng means that one route entry coud refer to a arge genera
network and another entry coud refer to a subnet of that same network. When forwardng a packet, the
router w seect the most specc route.
Returnng to the earer posta addressng exampe, consder sendng the same etter from |apan to 170
West Tasman Drve San |ose, Caforna USA. Whch address woud you use: "USA" or "San |ose Caforna
USA" or "West Tasman Drve San |ose, Caforna USA" or "170 West Tasman Drve San |ose, Caforna
USA"?
The fourth and most specc address woud be used. However, for another etter where the street number
was unknown, the thrd opton woud provde the best address match.
In the same way, a packet destned to the subnet of a arger network woud be routed usng the route to
the subnet. However, a packet addressed to a dherent subnet wthn the same arger network woud be
routed usng the more genera entry.
As shown n the gure, f a packet arrves at a router wth the destnaton address of 10.1.1.55, the router
forwards the packet to a next-hop router assocated wth a route to network 10.1.1.0. If a route to 10.1.1.0
s not sted on the routng, but a route to 10.1.0.0 s avaabe, the packet s forwarded to the next-hop
router for that network.
Therefore, the precedence of route seecton for the packet gong to 10.1.1.55 woud be:
1. 10.1.1.0
2. 10.1.0.0
3. 10.0.0.0
4. 0.0.0.0 (Defaut route f congured)
5. Dropped
5&+&5 - )(e /estination Network
The dagram depcts routng tabe entres usng the Csco I O S show p route command.
10.0.0.0/24 s subnetted, 2 subnets
R 10.1.1.0 |120/1| va 192.168.2.2, 00:00:08, FastEthernet0/0
R 10.1.2.0 |120/1| va 192.168.2.2, 00:00:08, FastEthernet0/0
C 192.168.2.0/24 s drecty connected, FastEthernet0/0
In the routng tabe output, remote destnaton networks 10.1.1.0 and 10.1.2.0 and oca network
192.168.2.0 are hghghted. Packets wth destnaton host addresses n one of the network ranges shown
are matched wth the next hop that eads to that network, whch n ths case s va 192.168.2.2.
Page 1!
/e,ault .oute
A router can be congured to have a defaut route. A defaut route s a route that w match a destnaton
networks. In IPv4 networks, the address 0.0.0.0 s used for ths purpose. The defaut route s used to
forward packets for whch there s no entry n the routng tabe for the destnaton network. Packets wth a
destnaton network address that does not match a more specc route n the routng tabe are forwarded
to the next-hop router assocated wth the defaut route.
Lnks:
RFC 823 http://www.etf.org/rfc/rfc0823.txt
5&+&5 - )(e /estination Network
The dagram depcts a routng tabe entry for a defaut route usng the Csco I O S show p route command.
Gateway of ast resort s 192.168.2.2 to network 0.0.0.0
10.0.0.0/24 s subnetted, 2 subnets
R 10.1.1.0 |120/1| va 192.168.2.2, 00:00:08, FastEthernet0/0
R 10.1.2.0 |120/1| va 192.168.2.2, 00:00:08, FastEthernet0/0
C 192.168.2.0/24 s drecty connected, FastEthernet0/0
S* 0.0.0.0/0 |1/0| va 192.168.2.2
In the routng tabe output, the statement: Gateway of ast resort s 192.168.2.2 to network 0.0.0.0 and the
entry for the defaut destnaton network 0.0.0.0 va 192.168.2.2 are hghghted.
Packets wth destnaton host addresses not n one of the network ranges are forwarded to the gateway of
ast resort, whch s 192.168.2.2.
5.&.* "he Ne%t Hop - 1here the Packet /oe Ne%t
Page !
A next-hop s the address of the devce that w process the packet next. For a host on a network, the
address of the defaut gateway (router nterface) s the next-hop for a packets destned for another
network.
In the routng tabe of a router, each route sts a next hop for each destnaton address that s
encompassed by the route. As each packet arrves at a router, the destnaton network address s
examned and compared to the routes n the routng tabe. When a matchng route s determned, the next
hop address for that route s used to forward of the packet toward ts destnaton. The router then forwards
the packet out the nterface to whch the next-hop router s connected. The next-hop router s the gateway
to networks beyond that ntermedate destnaton.
Networks drecty connected to a router have no next-hop address because there s no ntermedate Layer
3 devce between the router and that network. The router can forward packets drecty out the nterface
onto that network to the destnaton host.
Some routes can have mutpe next-hops. Ths ndcates that there are mutpe paths to the same
destnaton network. These are parae routes that the router can use to forward packets.
Lnks:
RFC 823 http://www.etf.org/rfc/rfc0823.txt
5&+&: - )(e Next 0op - A(ere t(e Pa$ket @oes Next
The dagram depcts routng tabe output from the Csco I O S show p route command to focus on the
next-hop entres.
The foowng s output from the show p route command wth roover popup text.
10.0.0.0/24 s subnetted, 2 subnets
Output ne: R 10.1.1.0 |120/1| va 192.168.2.2, 00:00:08, FastEthernet0/0
Roover text: Ths next-hop address s where the tramc destned to network 10.1.1.0/24 s sent.
Next-hop address 192.168.2.2 s hghghted.
Output ne: R 10.1.2.0 |120/1| va 192.168.2.2, 00:00:08, FastEthernet0/0
Roover text: Ths next-hop address s where the tramc destned to network 10.1.2.0/24 s sent.
Next-hop address 192.168.2.2 s hghghted.
Output ne: C 192.168.2.0/24 s drecty connected, FastEthernet0/0
Roover text: If a network s drecty connected, ony the name of the router nterface s shown.
Interface FastEthernet0/0 s hghghted.
5.&.. Packet 6orwardin+ - )ovin+ the Packet "oward it ,etination
Page !
Routng s done pa$ket-"y-pa$ket and (op-"y-(op. Each packet s treated ndependenty n each router
aong the path. At each hop, the router examnes the destnaton IP address for each packet and then
checks the routng tabe for forwardng nformaton.
The router w do one of three thngs wth the packet:
Forward t to the next-hop router
Forward t to the destnaton host
Drop t
Pa$ket Examination
As an ntermedary devce, a router processes the packet at the Network ayer. However, packets that
arrve at a router's nterfaces are encapsuated as a Data Lnk ayer (Layer 2) PDU. As show n the gure,
the router rst dscards the Layer 2 encapsuaton so that the packet can be examned.
Next 0op Sele$tion
In the router, the destnaton address n a packet header s examned. If a matchng route n the routng
tabe shows that the destnaton network s drecty connected to the router, the packet s forwarded to the
nterface to whch that network s connected. In ths case, there s no next-hop. To be paced onto the
connected network, the packet has to be rst re-encapsuated by the Layer 2 protoco and then forwarded
out the nterface.
If the route matchng the destnaton network of the packet s a remote network, the packet s forwarded to
the ndcated nterface, encapsuated by the Layer 2 protoco, and sent to the next-hop address.
5&+&> - Pa$ket Forwarding - 9o%ing t(e Pa$ket )oward Its /estination
The dagram depcts how a router moves a packet toward ts destnaton when a route for the destnaton
network exsts. An IP packet wth data nsde moves toward the router. It s abeed Data for network
10.1.2.0. A Data Lnk Layer 2 header and traer encapsuate the packet. The foowng are the man steps
n the process.
1. The router removes the Layer 2 encapsuaton.
2. The router extracts the destnaton IP address.
3. The router checks the routng tabe for a match.
4. Network 10.1.2.0 s found n the routng tabe.
5. The router re-encapsuates the packet.
6. The packet s sent to network 10.1.2.0.
Page 1!
7sing t(e /e,ault .oute
As shown n the gure, f the routng tabe does not contan a more specc route entry for an arrvng
packet, the packet s forwarded to the nterface ndcated by a defaut route, f one exsts. At ths nterface,
the packet s encapsuated by the Layer 2 protoco and sent to the next-hop router. The defaut route s
aso known as the Gateway of Last Resort.
Ths process may occur a number of tmes unt the packet reaches ts destnaton network. The router at
each hop knows ony the address of the next-hop; t does not know the detas of the pathway to the
remote destnaton host. Furthermore, not a packets gong to the same destnaton w be forwarded to
the same next-hop at each router. Routers aong the way may earn new routes whe the communcaton s
takng pace and forward ater packets to dherent next-hops.
Defaut routes are mportant because the gateway router s not key to have a route to every possbe
network on the Internet. If the packet s forwarded usng a defaut route, t shoud eventuay arrve at a
router that has a specc route to the destnaton network. Ths router may be the router to whch ths
network s attached. In ths case, ths router w forward the packet over the oca network to the
destnaton host.
5&+&> - Pa$ket Forwarding - 9o%ing t(e Pa$ket )oward Its /estination
The dagram depcts how a router moves a packet toward ts destnaton when there s no route entry for
the destnaton network, but a defaut route exsts. An IP packet wth data nsde moves toward the router.
It s abeed Data for network 172.16.2.0. A Data Lnk Layer 2 header and traer encapsuate the packet.
The foowng are the man steps n the process.
1. The router removes the Layer 2 encapsuaton.
2. The router extracts the destnaton IP address.
3. The router checks the routng tabe for a match.
4. Network 172.16.2.0 s not n the routng tabe, but a defaut route to 192.168.1.2 exsts.
5. The router re-encapsuates the packet.
6. The packet s sent to nterface 192.168.1.2.
Page +!
As a packet passes through the hops n the nternetwork, a routers requre a route to forward a packet. If,
at any router, no route for the destnaton network s found n the routng tabe and there s no defaut
route, that packet s dropped.
IP has no provson to return a packet to the prevous router f a partcuar router has nowhere to send the
packet. Such a functon woud detract from the protoco's emcency and ow overhead. Other protocos are
used to report such errors.
Lnks:
RFC 823 http://www.etf.org/rfc/rfc0823.txt
5&+&> - Pa$ket Forwarding - 9o%ing t(e Pa$ket )oward Its /estination
The dagram depcts what happens when no route entry and no defaut route for the destnaton network
exst. An IP packet wth data nsde moves toward the router. It s abeed Data for network 10.1.2.0. The
routng tabe entres sted are for networks 192.168.1.0, 10.3.5.0 and 11.1.3.0. Because there s no
matchng address n the routng tabe and no avaabe defaut address, the IP packet s dropped. It s not
forwarded and not returned.
Page 2!
In ths actvty, the rues (agorthms) that routers use to make decsons on how to process packets,
dependng on the state of ther routng tabes when the packet arrves, are examned.
Cli$k t(e Pa$ket )ra$er i$on to laun$( t(e Pa$ket )ra$er a$ti%ity&
5&+&> - Pa$ket Forwarding - 9o%ing t(e Pa$ket )oward Its /estination
Lnk to Packet Tracer Exporaton: Router Packet Forwardng
In ths actvty, the rues (agorthms) that routers use to make decsons on how to process packets
dependng on the state of ther routng tabes when the packet arrves are examned.
5.4 4outin+ Procee7 How 4oute are Learned
5.4.1 4outin+ Protoco# - 0harin+ the 4oute
Page !
Routng requres that every hop, or router, aong the path to a packet's destnaton have a route to forward
the packet. Otherwse, the packet s dropped at that hop. Each router n a path does not need a route to a
networks. It ony needs to know the next hop on the path to the packet's destnaton network.
The routng tabe contans the nformaton that a router uses n ts packet forwardng decsons. For the
routng decsons, the routng tabe needs to represent the most accurate state of network pathways that
the router can access. Out-of-date routng nformaton means that packets may not be forwarded to the
most approprate next-hop, causng deays or packet oss.
Ths route nformaton can be manuay congured on the router or earned dynamcay from other routers
n the same nternetwork. After the nterfaces of a router are congured and operatona, the network
assocated wth each nterface s nstaed n the routng tabe as a drecty connected route.
5&2& - .outing Proto$ols - S(aring t(e .outes
The dagram depcts usng nformaton n a routng tabe to forward a packet.
Network Topoogy:
The oca router R1 nterface wth IP address 192.168.2.1/24 s connected to the remote router R2 nterface
wth IP address 192.168.2.2/24. Router R2 aso has two oca networks connected on two of ts other
nterfaces: network 10.1.1.0/24 and network 10.1.2.0/24.
An IP packet arrves at R1 destned for network 10.1.1.0. A speech bubbe for router R1 states: I want to
forward ths packet so t can take the next hop toward ts destnaton. I can use the nformaton n my
routng tabe to determne where to forward ths message.
5.4.! 0tatic 4outin+
Page !
Routes to remote networks wth the assocated next hops can be manuay congured on the router. Ths s
known as statc routng. A defaut route can aso be statcay congured.
If the router s connected to a number of other routers, knowedge of the nternetworkng structure s
requred. To ensure that the packets are routed to use the best possbe next hops, each known destnaton
network needs to ether have a route or a defaut route congured. Because packets are forwarded at
every hop, every router must be congured wth statc routes to next hops that reect ts ocaton n the
nternetwork.
Further, f the nternetwork structure changes or f new networks become avaabe, these changes have to
be manuay updated on every router. If updatng s not done n a tmey fashon, the routng nformaton
may be ncompete or naccurate, resutng n packet deays and possbe packet oss.
5&2&1 - Stati$ .outing
The dagram depcts how statc routes can be used to aow routers to forward packets.
Network Topoogy:
The router A nterface wth IP address 192.168.2.1/24 s connected to an nterface on router B wth IP
address 192.168.2.2/24. The router B nterface wth IP address 192.168.1.1/24 s connected to an nterface
on router C wth IP address 192.168.1.2/24. Router C aso has two oca networks connected on two of ts
other nterfaces: network 10.1.1.0/24 and network 10.1.2.0/24. Routers A and B are congured wth routes.
Router A Conguraton:
Router A IP address 192.168.2.2/24 s congured manuay as the next hop for networks 10.1.1.0/24 and
10.1.2.0/24 on router C.
Router B Conguraton:
Router B IP address 192.168.1.2/24 s congured manuay as the next hop for networks 10.1.1.0/24 and
10.1.2.0/24 on router C.
5.4.& ,ynamic 4outin+
Page !
Athough t s essenta for a routers n an nternetwork to have up-to-date extensve route knowedge,
mantanng the routng tabe by manua statc conguraton s not aways feasbe. Therefore, dynamc
routng protocos are used. Routng protocos are the set of rues by whch routers dynamcay share ther
routng nformaton. As routers become aware of changes to the networks for whch they act as the
gateway, or changes to nks between routers, ths nformaton s passed on to other routers. When a router
receves nformaton about new or changed routes, t updates ts own routng tabe and, n turn, passes the
nformaton to other routers. In ths way, a routers have accurate routng tabes that are updated
dynamcay and can earn about routes to remote networks that are many hops way. An exampe of router
sharng routes s shown n the gure.
Common routng protocos are:
Routng Informaton Protoco (RIP)
Enhanced Interor Gateway Routng Protoco (EIGRP)
Open Shortest Path Frst (OSPF)
Athough routng protocos provde routers wth up-to-date routng tabes, there are costs. Frst, the
exchange of route nformaton adds overhead that consumes network bandwdth. Ths overhead can be an
ssue, partcuary for ow bandwdth nks between routers. Second, the route nformaton that a router
receves s processed extensvey by protocos such as EIGRP and OSPF to make routng tabe entres. Ths
means that routers empoyng these protocos must have sumcent processng capacty to both mpement
the protoco's agorthms and to perform tmey packet routng and forwardng.
Statc routng does not produce any network overhead and paces entres drecty nto the routng tabe; no
processng s requred by the router. The cost for statc routng s admnstratve - the manua conguraton
and mantenance of the routng tabe to ensure emcent and ehectve routng.
In many nternetworks, a combnaton of statc, dynamc, and defaut routes are used to provde the
necessary routes. The conguraton of routng protocos on routers s an ntegra component of the CCNA
and w be covered extensvey by a ater course.