901, Silicon Tower Off C.G.Road Ahmedabad 380 006 India (Cyberoam). All rights reserved.
No part of this training material may be reproduced in any form by any means (including but not limited to photocopying or storing it in any medium by electronic means and whether or not transiently or incidentally to some other use of this training material) without permission in writing from Cyberoam. Requests for permission to make copies of any part of this training material should be mail to: Cyberoam Technologies Private Limited, 901, Silicon Tower, Off C. G. Road, Ahmedabad 380 006, India Warning: The doing of an unauthorized act in relation to a copyright work may result in both a civil claim for damages and criminal prosecution. Cyberoam, Cyberoam NetGenie, Cyberoam Central Console are Trademarks of Cyberoam. This training material may have referred few trademarks for the purpose of indentifying certain products and/or services. All those trademarks are owned by their respective owners. This training material is designed to provide accurate and authoritative information in regard to the subject matter. While Cyberoam has taken all due care and diligence at the time of editing and publishing training material, Cyberoam does not hold any responsibility for any mistake that may have inadvertently contained within training material. Cyberoam shall not be liable for any direct, consequential, or incidental damages arising out of the use of the training material.
Preface Greetings from Cyberoam! Cyberoam Certified Network Security Professional, CCNSP, is designed for IT professionals, wishing to enhance their careers in Network Security industry with hands-on experience on Cyberoam products. It is our pleasure to share our global network security experiences of securing every possible network of small to large organizations.
Today from home to business, from corporation to Government all are becoming network dependent which gives growth to the network security industry. This requires good number of certified network and security professionals who will contribute in securing network. The course is intended to provide in-depth knowledge on network security. Also, the course is intended to provide functional familiarity with Cyberoam family of appliances.
Cyberoam has customers in 125+ countries provides. This next generation certification course is researched and produced by our award winning experts who constantly use their industry experiences in various verticals, business critical state of affairs, and best practices. They have faced numerous deployment scenarios and challenges and they have produced precise and endorse the course. The course goes beyond others, because it is authored by the global network security vendor Cyberoam, who is a leading purveyor in the network security industry. Additionally, this course contains sessions and instructions, which are designed with current industry demand and backed up by extensive lab work. This leading edge certification is an industry benchmark that will help you demonstrate your competency and gain industry recognition for networking and security skills. After this course, you will be enabled to efficiently deploy and troubleshoot Cyberoam Layer 8 Firewall while understanding CyberoamOS and implement concepts such as IPS (Intrusion Prevention System), Network level Anti-Virus/Anti- Spam and WAF (Web Application Firewall) and also in case of an attack, regenerate attacks using forensic analysis, and much more.
Cyberoam certification is the unique opportunity and become the best Certified Network Security Professional.
Wish you success and growth in your careers. God Bless You.
Regards, Hemal Patel CEO Cyberoam Technologies Pvt. Ltd. Training & Certification Programs
As network security assumes significance for businesses and investment in security infrastructure grows by the day, the need to validate the knowledge and skills of network security professionals has also grown proportionately. Cyberoam Certification Program helps these professionals achieve and demonstrate competency in addition to gaining industry recognition for skills in identity-based networking and security as well as in deploying, configuring and managing the Cyberoam CR appliances. With Cyberoam certification, one becomes an expert not just with the current networking and security knowledge, but also with the identity-based security technology that takes future trends into account. The program consists of two certifications - CCNSP and CCNSE - for which instructor-led training is provided on demand. CCNSP and CCNSE are thoughtfully designed to increase efficiency in maximizing the benefits of Cyberoam appliances not only for customers and partners, but also for the certified professionals career.
The CCNSP is designed for acquiring expertise necessary for the installation and configuration of all Cyberoam features and functionality. To attain the CCNSP certification, one needs to clear the exam for accreditation after acquiring expertise in Firewalls and VPN, IPS, Anti-Virus and Anti-Spam and trouble shooting. CCNSE (Cyberoam Certified Network & Security Expert):
The CCNSE exam structure consists of one lab and one exam. Accreditation is achieved based on clearing the exams. The CCNSE professional is certified for product installation, integration, support & management, advanced deployment and advanced troubleshooting. This also helps in bundling services such as technical support and Customised reports. To appear in the CCNSE training or certification exam, the individual must have CCNSP certification Training to Achieve Certification These courses include hands-on tasks and real-world scenarios to gain valuable practical experience. Access to an up-to-date database of answer to your questions is provided. Instructors traverse the globe to deliver training at various centres. Instructor led 2-day courses are available with all the hardware necessary for practising.
Please refer Cyberoam Training Portal [http:// training.cyberoam.com] for further information regarding the certification programmes and trainings. Benefits of Cyberoam Certification Advances your career rapidly Certifies your competence and understanding in handling the CR appliance Increases your credential in the market as Cyberoam Certified Engineer Brings recognition from peers and competitors Increases credibility with customers Brings a sense of personal accomplishment
How to become CCNSP & CCNSE For those of you aspiring for the CCNSE certification, you must acquire a prior CCNSP certification. Though you can undertake the certification exams directly without training to achieve the CCNSP and CCNSE certifications, Cyberoam recommends successful completion of the instructor-led training programs for hands-on experience and in-depth understanding of topics Also, in order to clear the exams for the certifications, you are required to achieve 75% or higher score in the exams. Please, visit below URL for more information regarding Cyberoam Training. http://training.cyberoam.com
Training Contact Details: USA Toll Free: +1-877-380-8531 India Toll Free: +1-800-301-00013 EMEA / APAC: +91-79-66065777 Email: training@cyberoam.com http://training.cyberoam.com
Table of Contents NETWORKING BASICS ........................................................................................................................................ 1 Types of Media ......................................................................................................................................... 1 Guided Media ........................................................................................................................................... 1 Twisted Pair Cable .................................................................................................................................................. 1 UTP Cable ............................................................................................................................................................ 1 Cable Pin outs ..................................................................................................................................................... 2 Co-Axial Cable ........................................................................................................................................................ 4 Fiber Optic Cable .................................................................................................................................................... 4 Unguided Media ....................................................................................................................................... 5 MODES OF TRANSMISSION ................................................................................................................................. 5 HOW SYSTEMS ON DIFFERENT PLATFORMS COMMUNICATE? ..................................................................................... 6 STANDARDIZATION ........................................................................................................................................... 6 STANDARDS ORGANIZATIONS.............................................................................................................................. 6 ISO ............................................................................................................................................................ 7 ITU ............................................................................................................................................................ 7 IEEE ........................................................................................................................................................... 7 IETF ........................................................................................................................................................... 7 OSI REFERENCE MODEL .................................................................................................................................... 7 Application Layer ...................................................................................................................................... 8 Presentation Layer.................................................................................................................................... 8 Session Layer ............................................................................................................................................ 8 Transport Layer ........................................................................................................................................ 8 Network Layer .......................................................................................................................................... 9 Data Link Layer ......................................................................................................................................... 9 Addressing .............................................................................................................................................................. 9 MAC (Link Layer) Addresses ................................................................................................................................ 9 Network Layer Addresses ................................................................................................................................... 9 Physical Layer ......................................................................................................................................... 10 IP PROTOCOL SUITE (TCP/IP MODEL) ............................................................................................................... 10 WHAT IS AN INTERNETWORK? .......................................................................................................................... 10 COMMUNICATION PROTOCOLS ......................................................................................................................... 11 IP ............................................................................................................................................................. 11 ICMP ....................................................................................................................................................... 12 TCP .......................................................................................................................................................... 13 UDP ......................................................................................................................................................... 13 NETWORK TYPES ............................................................................................................................................ 14 LAN ......................................................................................................................................................... 14 Mesh .................................................................................................................................................................... 16 Star ....................................................................................................................................................................... 16 Tree ...................................................................................................................................................................... 17 Bus ........................................................................................................................................................................ 17 Ring ...................................................................................................................................................................... 17 Hybrid topology .................................................................................................................................................... 18 Comparing Topologies .......................................................................................................................................... 18 Interconnecting Devices ....................................................................................................................................... 19 Gateways .......................................................................................................................................................... 19 Routers ............................................................................................................................................................. 19 Bridges .............................................................................................................................................................. 19 Repeaters .......................................................................................................................................................... 19 MAN ....................................................................................................................................................... 20 WAN ....................................................................................................................................................... 20 Point to Point WAN .............................................................................................................................................. 20 Circuit Switching WAN ......................................................................................................................................... 20 Packet Switching .................................................................................................................................................. 21 WAN Interconnecting Devices .............................................................................................................................. 21 WAN Switch .......................................................................................................................................................... 21 Modem ................................................................................................................................................................. 22 IP ADDRESSING .............................................................................................................................................. 22 IPv4 ......................................................................................................................................................... 22 Classes of IP Address ............................................................................................................................................ 22 Class A .................................................................................................................................................................. 23 Class B .................................................................................................................................................................. 23 Class C .................................................................................................................................................................. 23 Class D .................................................................................................................................................................. 23 Class E ................................................................................................................................................................... 23 Understanding the IP Notation .............................................................................................................. 23 Subnetting & Subnet Masks ................................................................................................................... 24 Check Your Progress ............................................................................................................................... 25 IPv6 ......................................................................................................................................................... 26 The need .............................................................................................................................................................. 26 Header .................................................................................................................................................................. 26 Advantage ............................................................................................................................................................ 27 Transition & Working ........................................................................................................................................... 27 Working ................................................................................................................................................................ 27 MULTIPLE PROTOCOLS WITHIN THE SAME PACKET ENVELOPING ............................................................................ 29 APPLICATION PROTOCOLS ................................................................................................................................ 30 HTTP ....................................................................................................................................................... 30 HTTPS ..................................................................................................................................................... 30 SMTP ...................................................................................................................................................... 30 POP/POP3 ............................................................................................................................................... 30 IMAP ....................................................................................................................................................... 30 FTP .......................................................................................................................................................... 31 Telnet ...................................................................................................................................................... 31 INTERCOMMUNICATION ................................................................................................................................... 31 Bridging Internetwork Communication .................................................................................................. 31 Bridging and the OSI Model ................................................................................................................................. 32 Types of Bridges ..................................................................................................................................... 32 Advantages & Disadvantages of Bridging .............................................................................................. 32 Advantages: .......................................................................................................................................................... 32 Disadvantages ...................................................................................................................................................... 33 Switching Internetwork Communication ................................................................................................ 33 LAN Switching ....................................................................................................................................................... 33 VLAN ..................................................................................................................................................................... 33 MPLS..................................................................................................................................................................... 34 Routing Internetwork Communication ................................................................................................... 34 Routing Concepts .................................................................................................................................... 34 Routing Tables ........................................................................................................................................ 35 Routing Metrics ...................................................................................................................................... 35 Path Length .......................................................................................................................................................... 35 Reliability .............................................................................................................................................................. 35 Delay .................................................................................................................................................................... 35 Bandwidth ............................................................................................................................................................ 35 Load ...................................................................................................................................................................... 35 Communication Cost ............................................................................................................................................ 35 Routing Algorithms ................................................................................................................................. 35 Static .................................................................................................................................................................... 35 Dynamic................................................................................................................................................................ 36 Single path And Multipath ................................................................................................................................ 36 Link State and Distance Vector ......................................................................................................................... 37 Protocols used in Routing ....................................................................................................................... 38 RIP ........................................................................................................................................................................ 38 OSPF ..................................................................................................................................................................... 38 BGP ....................................................................................................................................................................... 38 IGRP ...................................................................................................................................................................... 38 Routing and the OSI Model .................................................................................................................... 38 NETWORK MANAGEMENT ................................................................................................................................ 38 1. Performance Management ........................................................................................................................ 39 2. Configuration Management ...................................................................................................................... 39 3. Accounting Management .......................................................................................................................... 39 4. Fault Management .................................................................................................................................... 39 5. Security Management................................................................................................................................ 39 SNMP ...................................................................................................................................................... 40 VPN ......................................................................................................................................................... 40 VPN on L2TP ......................................................................................................................................................... 41 VPN on PPTP ......................................................................................................................................................... 41 IPSec VPN ............................................................................................................................................................. 42 MPLS VPN ............................................................................................................................................................. 42 SSL VPN ................................................................................................................................................................ 42 NETWORKING WITH QUALITY OF SERVICES .......................................................................................................... 42 Overview ................................................................................................................................................. 42 SUMMARY .................................................................................................................................................... 43 CHECK YOUR PROGRESS ....................................................................................... ERROR! BOOKMARK NOT DEFINED.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 1 Networking Basics A network is a data communication system that allows users and devices to communicate with each other. A network that contains computers as a part of devices is known as a Computer Network. When a message is sent across from one point to another point, we say that communication has taken place.
A message is a term used for the information and a single unit of communication transmitted over a network. A message can be anything like an email (Electronic Mail), a file, an image, or any piece of information. A PC or any other machine which is capable of processing information is known as a network node.
In a communication process minimum 2 PCs or devices are involved. The device which initiates the communication is known as a sender and the device which receives the message is a receiver. Sender and Receiver are connected to each other via a medium or media which is generally in the form of wires (nowadays, wireless). Types of Media Signals generated by the sender and receiver during the transmission process require a medium through which they should travel to their destination. The transmission media is divided into two broad categories. 1. Guided 2. Unguided
The overall categorization of the transmission media is shown by the above figure, however the detail description of each is given below. Guided Media Guided Media are those types of media that provide a conduit from one point to another on the network. These include the twisted pair cable, Co-axial cable and the Fiber Optic cable. Twisted Pair Cable This cable comes in two forms 1. UTP (Unshielded Twisted Pair) 2. STP (Shielded Twisted Pair) UTP Cable UTP is the most commonly used cable today. The UTP consists of two cables wound on each other and jacketing a copper wire, each with its own colored plastic insulation.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 2
There are seven major categories of this type of cable. The category number of the cable tells us how many numbers of pairs of wires are contained in the cable. 1. Category 1 This type of cable contains a single pair of wires. This is the basic twisted pair cable generally used in telephone systems. This type of cable cannot be used to carry computer signals and hence are not suitable for computer computer communication. 2. Category 2 This type of cable contains 2 pairs of wires (total 4 wires). It is suitable for voice and data communication up to 4 Mbps only. 3. Category 3 This type of cable has 3 pairs of wires (total 6 wires). It is suitable for data transmission up to 10 Mbps. It is now a standard cable for most of the telephone systems. 4. Category 4 This type of cable has 4 pairs of wires (total 8 wires). It is suitable for data transmission up to 16 Mbps and can be used for low speed computer computer communication as well as voice communication. 5. Category 5 This type of cable is suitable for data transmission up to 100 Mb per second. This cable is mostly used for LANs. 6. Category 5e This cable is similar to a category 5 cable but can support up to (1024 Mb 1 gigabit per second) transmission speed. 7. Category 6 This cable is the fastest copper cable. The speed of this cable is 10Gbps and it is said to be made out of the best copper material. Cable Pin outs There are two basic pin outs used in the cabling the Ethernet cables. The cables are connected to the computer using a RJ45 connector which is a standard defined by the TIA (Telecommunication Industry Association) 1. Straight Cable 2. Cross-Over Cable In a straight cable, the pins on the sender match the pins on the receiver. For Example, suppose pin no 1 is used for sending data and pin no 5 is used for receiving, then it is obvious that if communication is taking place from one computer to another computer without any interconnecting devices, then, the sending pins on the sender side
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 3 should be bound to receiving pins on the receiving side, giving rise to a cross over cable. At the initial level, we can remember that if no switching devices are used, a cross over cable is used for computer to computer communication (peer to peer) and a straight cable is used for communication between computer and other devices like switches, hubs, and more. The Straight and Cross-over terminologies apply to cables Category 5 and 6 cables only. Each cable consists of four basic colors (Blue, Brown, Orange, and Green) with their corresponding white colored wires known as White- Blue, White-Brown, White-Orange and White-Green. The pin numbers on the connector can be understood from the diagram below. The cabling method according to the TIA standard can be understood from the below tables. Straight Through cable RJ45 Pin # (End 1) Wire Color Wire Diagram RJ45 Pin # (End 2) Wire Color Wire Diagram 1 White/Green 1 White/Green
2 Green 2 Green
3 White/Orange 3 White/Orange
4 Blue 4 Blue
5 White/Blue 5 White/Blue
6 Orange 6 Orange
7 White/Brown 7 White/Brown
8 Brown 8 Brown
Cross Over cable Table RJ45 Pin # (End 1) Wire Color Wire Diagram RJ45 Pin # (End 2) Wire Color Wire Diagram 1 White/Green 1 White/Orange
2 Green 2 Orange
3 White/Orange 3 White/Green
4 Blue 4 Blue
5 White/Blue 5 White/Blue
6 Orange 6 Green
7 White/Brown 7 White/Brown
8 Brown 8 Brown
STP Cable A shielded twisted pair cable has a protective shield (covering) within which the two ends of the wire run the entire length. A STP cable can be thought of as a UTP but with a jacketing. A shielded twisted pair has a metal foil or a braided-mesh covering the insulated wires. The major application of the STP cable is the electric industry. This cable is mostly used for powering up electrical devices. However, many ISPs also use this type of cable to terminate the broadband link at customer premises.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 4
Co-Axial Cable A co-axial cable consists of a center wire which is surrounded by an insulation which in turn is surrounded by a braided wire and a shield above the braided wire. This type of cable is primarily used for cable television. This cable can also be used computer networks where high amount of data transfer is required, as this cable has a high frequency.
Fiber Optic Cable A fiber optic cable works on the principle of reflection of light. We know that light travels at a very fast speed. Hence, communication can also be done in the form of light waves using the fiber optic cable. The structure of this cable includes a sheath of glass covered by an outer glass. The light travels through the core of the wire by reflecting over the surfaces of the glass and hence reaches the destination. Fiber cables are used in computer communication. Many other devices like audio players also use the fiber cables known as SPDIF (Sony Philips Digital Interface).
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 5
Unguided Media The unguided media is usually the wireless medium and it can be in the form of radio waves and micro waves. The wireless media can broadly be classified into following categories Wi-Fi Wi-Fi is a wireless technology which allows user to send and receive data using radio waves. Wi-Fi can also provide intra-network and the Internet. The products complying to Wi-Fi define Wi-Fi as a Wireless Local Area Network (WLAN), To check if any device provides a Wi-Fi standard, we can check for the Wi-Fi logo on the device. Wi-Fi is an abbreviated term actually used for WLAN.
3G 3G or 3 rd Generation mobile telecommunication is standard for mobile phones and mobile telecommunication giving services like wireless telephone, mobile internet, and Mobile TV. 4G 4G or 4 th Generation mobile telecommunication is a successor of the 3G technology. A 4G system provides very high speed internet access wirelessly. Wi-max Wi-Max (World Interoperability for Microwave Access) is a standard in wireless communication which results into very high speed of data transfer, wirelessly. It is a part of the 4G (4 th Generation) wireless technology. Modes of Transmission There are three types of strategies used for data transmission between two communicating machines 1. Simplex 2. Half Duplex 3. Full Duplex
In simplex type of communication, the data transfer is done in one way only. A data can travel from point A to point B only but the reverse does not apply true. Example of a simplex type of communication is a door-bell. A door-bell only informs the housemates that there is someone at the door, however, the housemates cannot inform anything to the visitor. In Half Duplex mode, the line between the two points is set up in such a fashion that it allows data to be transferred in both the directions, but only one at a time. While one node is busy sending the data, the other cannot send and vice-versa. Example of half-duplex type of communication can be considered as a hanging bridge where only one person can pass at a time. People can move in both the directions, but at any time, people moving in one
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 6 direction are only allowed. Another example can be of a single way road with traffic controllers at each end. In Full Duplex mode, the line between the nodes is set up to remove the features not provided by the half duplex mode. In this mode, the communication can happen in either way irrespective whether the receiver is sending or receiving the data. Example of this type of transmission can be a freeway. On a freeway, the traffic is allowed to move in both the directions at the same time.
How systems on different platforms communicate? Before we continue to elaborate more on communication in network, it is important for us to know how systems using different platforms communication with each other. For example, we can consider a Linux system and a Windows system. A windows system uses different terminologies than a Linux system, so we can say that there is no communication possible between these two systems. A similar case can be considered if two systems are working with different speaking languages. Well, if the above cases were true, there would have been no communication in the world and it would lead to monopoly in the market. Like, if we bought a Windows product, we would be forced to use only devices capable with windows and never be able to switch to another Operating System. Thankfully, this is not a scenario. ARP (Address Resolution Protocol) is used to find out the physical location of a computer. Each computer on a network has a different address, because each computer cannot have a unique name. We know that a computer at address 1 is johns computer. It is the work of ARP to convert the address 1 to johns computer and johns computer to address 1 when the communication is happens in the network. We shall see more on how the communication is done in detail, in the later parts of this module. Standardization Standardization is a set of rules laid down by standards organizations which has to be followed by any vendor relating a technical standard, specification, a test method, procedure, or definition, etc. So using any system does not matter, deep down under, the communicating technologies and messages are system independent. There are several standards organizations already in place which we shall discuss henceforth. Standards Organizations Standards are developed by extending co-operations from standards creation committees, vendor committees, and government regulatory agencies.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 7 ISO ISO (International Standards Organization) is a multinational body whose creation standards committees are governed by governments throughout the world. It was founded in 1947 and its headquarters are in Geneva, Switzerland. ISO's main products are international standards. ISO also publishes technical reports, technical specifications, publicly available specifications, technical corrigenda, and guides. ISOs most propriety solution to computer networking is the OSI Reference model which talks about connecting two systems with open interfaces. We shall be discussing the OSI Reference Model details in the later part of this module. ITU ITU (International Telecommunications Union) coordinates the standards for telecommunication. The standardization work of ITU starts from 1865 with the birth of telegraph machine, however its real existence started in 1947 when the United Nations recognized it as a specialized agency. Like ISO, ITU also has the committees which are governed by governments across the globe. The most common standards given by ITU are the coding of JPEG images. It also has a vital role in complying the OSI Reference Model. IEEE IEEE (Institute of Electrical and Electronics Engineers) also pronounced as I-Triple E has its headquarters in New York City. IEEE is a not-for-profit organization founded in 1963 as a merger or IRE (Institute of Radio Engineers) and AIEE (American Institute of Electrical Engineers). IEEE's Constitution defines the purposes of the organization as "scientific and educational, directed towards the advancement of theory and practice of Electrical, Electronics, Communications and Computer Engineering, as well as Computer Science. IETF IETF (Internet Engineering Task Force) develops and promotes internet standards. It generally works by creating standards that apply to the Internet and improves the usability of the Internet. IETF publishes a memorandum known as RFC (Request For Comments) which describes the methods, behaviors, research, or innovations that are applicable to the working of Internet. Each RFC is assigned a unique serial number, once published the RFC is not modified. If the RFC document requires revisions, the authors publish a revised document. Every standard has at least one RFC memorandum and we can refer the RFC to know the exact design and working of the process. For example, the protocol which drives the Internet (IP) is documented under RFC 791, prepared on September 1981. OSI Reference Model When the linking of computers started, it was difficult to move information from end points, so in the early 1980s there was a need to develop a standardized network model which would help vendors to develop interpretable network devices. The OSI (Open Systems Interconnection) Reference Model is developed by the ISO (International Standards Organization). It is a seven layered model showing the interconnection between two systems (Sender & Receiver) during the communication process. The OSI model describes how the information flows from the application programs through the network medium to another application program in another computer. The OSI Model has divided one big problem in seven small problems. The seven layers of the OSI Model are labeled 1 7 and they are Layer 1 : Physical Layer Layer 2 : Data-Link Layer Layer 3 : Network Layer Layer 4 : Transport Layer Layer 5 : Session Layer Layer 6 : Presentation Layer Layer 7 : Application Layer
Layer 7 is closest to the user whereas Layer 1 is closest to the Hardware. The OSI Reference Model shows two open systems and their interconnection which can be seen in the diagram below.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 8
Application Layer Application Layer (Layer 7), the topmost layer of the OSI reference model, is related to the services that are used by the user directly such as software for file transfers, database access, and e-mail. In other words, it serves as a platform through which application processes can access network services. A message to be sent across the network enters the OSI reference model at this point and exits the OSI reference model's application layer on the receiving computer. The lower layers support the tasks that are performed at the application layer. These tasks include general network access, flow control, and error recovery. Presentation Layer Presentation Layer (Layer 6), defines the format used to exchange data among networked computers. It can be thought of as network's translator. When computers from different platformssuch as IBM, Apple, and Sunneed to communicate, a certain amount of translation must be done. Within the sending computer, the presentation layer translates data from the format sent down from the application layer into a common intermediary format. At the receiving computer, this layer translates the intermediary format into a format that can be useful to that computer's application layer. The presentation layer is responsible for converting protocols, translating data, encrypting data, and changing or converting the character sets. The presentation layer also manages data compression to reduce number of bits that need to be transmitted. Session Layer Session Layer (Layer 5), opens and closes a connection called session between the communicating computers. This layer is responsible for name recognition and other functions like security which is needed to transfer the information from one computer to another. The session layer also synchronizes the user tasks by placing checkpoints in the stream of data. These checkpoints are then evaluated and broken into smaller groups. If in any case, the network fails the only data that needs to be transmitted again is the data after the checkpoint. Transport Layer Transport Layer (Layer 4), provides additional connection other than provided by session layer which ensures that the packets delivered are free from any errors, in a sequence without losses or duplication. At the sending end this layer packages all the messages and divides long messages into smaller packages. At the receiving end this layer opens the packets, assembles the messages, and sends acknowledgement if required. If a duplicate packet arrives, this layer will detect and discard it.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 9 Network Layer Network Layer (Layer 3), is used for converting the logical address of a computer to its physical address. This layer also determines the path in which the transmitted information will travel on the network. Complex problems like switching and routing, managing traffic in the network and controlling the congestion of data are done by this layer. At this level of message communication, we can see the network communication in two categories 1. Connection-oriented 2. Connectionless
Connection-oriented communication is same as telephone communications. With a telephonic call, we pick up the telephone, dial the number, establish that the person we want to talk to is there, start and carry on our conversation, say bye, and hang up. For the duration of our conversation, a dedicated connection or a circuit is established between us and the person we are talking to. No other conversations can take place till our conversation is complete. In network terms, we establish a session (a connection with another device on the network). Connection-oriented communications are said to be reliable. Reliable means the network guarantees that it will deliver our data. It detects and reports any data that is missing, duplicated, or out of order.
In contrast, connectionless communication is similar compared to mail communications. We compose a letter, write an address, and put the letter in a mailbox. We do not need to establish that the person we are writing to is available at the other end. So, the letter might be left at its destination, and the recipient will open, read, and possibly respond to it. With this type of communication, the order of delivery cannot be predicted. Connectionless communications are said to be unreliable. Unreliable means that the network does not guarantee that it will deliver our data. There's no sure way of telling whether a message has been delivered, or whether data is missing, duplicated, or out of order. Data Link Layer Data-Link Layer (Layer 2) sends data frames from the above layer (Network Layer) to the below layer (Physical Layer). In this layer, the data is in the form of frames. Frames are larger units of data. Frames can also be termed as collection of bits. At the sending end, this layer converts the frames into bits and passes it on to the Physical Layer. At the receiving end, this layer converts the bits into frames and passes it on to the Network Layer. Addressing Every device on the internet has a unique address. These devices can be a computer, a server, routers, or any other device which can connect to a network. Addressing is thus a requisite to identify the location of each device on the network in order to communicate. There are two main categories of address 1. MAC (Link Layer) Address 2. Network Layer Address MAC (Link Layer) Addresses These addresses are also known as physical or hardware addresses. The vendors also call this type of addresses as a MAC (Media Access Control) address. This type of address is always unique and provided along with the NIC (Network Interface Card) or the networking device. This address is a HEX string of 12 characters with 6 groups, each containing 2 values. These addresses exist at the data link layer (Layer 2) of the OSI Reference Model. Most networked devices have only one physical connection and therefore only one link layer address. An example MAC Address would be 01:23:45:67:89:AB. Network Layer Addresses Network layer addresses are virtual or logical addresses. They exist at network layer (Layer 3) of the OSI Reference Model. Network layer addresses are not necessarily unique; they differ from network to network. Most commonly used example of network layer addresses is an IP address. These types of addresses are generally in a hierarchical format which is sorted as the address starts to process. The network layer addresses can be compared to our home address, when we start reading the address; we can identify the address as we start reading more. Similarly, the network layer addresses being in a hierarchical form can be sorted because reading each line narrows the search. The more detailed description of IP addressing is discussed later in this module.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 10 Physical Layer Physical Layer (Layer 1) transmits and receives raw bits to and from a physical media such as wires. This layer is completely hardware oriented and maintains the physical link between the communicating computers at all the times. This layer also defines how the network cables are attached to the NIC (Network Interface Card). For example, this layer will define how many pins in the network cable will be used and the types of transmission techniques that will be used. IP Protocol Suite (TCP/IP Model) The TCP/IP Model or the IP Protocol Suite was developed prior to the OSI Reference Model, so its structure is not the same as the OSI Model. There are five layers in the TCP/IP Model. 1. Application 2. Transport 3. Network 4. Data Link 5. Physical
The first four layers of the TCP/IP Model provide physical interface, network interface, internetwork interface and transport functions which can be related to the first four layers of the OSI Reference Model. The fifth layer corresponds to the three topmost layers of the OSI Reference Model and is singly known as the Application Layer.
TCP/IP is in a hierarchy made up with interactive modules in which each module provides a special and specific functionality. It is not necessary that each function is interdependent. The OSI Model in contrast, briefs about what function is done at each layer. The layers of the TCP/IP model contain independent protocols which can be bridged when required. What is an Internetwork? Internetwork is a term used for networks of networks. Commonly, we can say that an organizations network is its own private network. On connecting two or more of these networks, it would give rise to an internetwork structure. The most common example of an internetwork is the Internet. An internetwork in short is also known as an internet. There is a vast difference between internet and Internet (the one with a capital I). The internet is a relatively small network made up of several networks, while Internet is a huge network comprising most of the different types of network in the globe. So, how does this network work? An internet requires a set of rules based on which a node from one network can communicate with node on another network as shown in the figure below.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 11
The internetwork Communication requires communication rules which are discussed in the topics to follow. Communication Protocols Protocols are defined as a set of rules used for communication. They define standardization in the network and they are language independent. Networking without protocols would lead to monopoly in the market and problem with communication. To Illustrate, if there were no protocols a person speaking Spanish would not be able to communicate with a person speaking English, or a person using Windows would never have sent a file to another one using a Mac or Linux. There are even more instances where the protocols are required, like for example, if we buy a networking hardware with one vendor, it would not work with network hardware of another vendor.
Protocols can also define the low-level details of machine to machine interface like the order in which bits and bytes are to be sent across the network and it also defines the high-level exchanges between the programs like the transfer of a file.
Various protocols are used at different levels of the OSI Reference Model which we can see with the diagram below. Usually more than one protocols function at the same time to achieve the functionalities of the network. When more than one protocol is used in the internetworking environment we term it as a protocol stack or protocol suite. IP The IP (Internet Protocol) is a connectionless service to transfer data between the networked devices. Packets are converted into smaller chunks called datagrams, if the packet size is too large it may be broken down into more datagrams. A single datagram is sent as an individual entity over the network. Each datagram carries a destination address and control information. It is routed through the network without establishment of a circuit. A datagram is divided into a header and a data segment, header segment contains information like the source and destination of the message and data segment contains the actual data to be transferred. There are two versions of IP (IPv4 & IPv6) which shall be discussed in this module later on. We can see the IPv4 Packet structure in the diagram below.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 12
IP packets are composed of a header and other fields. The IPv4 packet header consists of: 4 bits for the version either IPv4 or IPv6. 4 bits for Internet Header Length. This field specifies the length of the header, in the multiples of 4 (e.g., 7 means 28 bytes). 8 bits for the Type of Service, also known as Quality of Service (QoS). This describes the priority of the packet (Low, Medium or High). 16 bits for the total length of the packet (in bytes). 16 bits for an identification tag. This can be used to reconstruct the packet when it is divided into fragments. 3 bits for a flag. This field determines whether the packet can be allowed to be fragmented. (DF: Don't fragment) the packet will not be allowed to be fragmented, (MF: More Fragments) the packet will be fragmented into smaller parts. 13 bits for fragment offset. This field identifies the position of fragment. When the IP packet is fragmented this field can be studied to understand and align the packets in order. 8 bits for Time to live (TTL). This is the number of hops (router, computer or a device in the network) the packet will pass through before it will die. For example, a packet with a TTL of 8 will be allowed to go through 8 routers to get to its destination before it is discarded. Discarding the Packet is important else there will be congestion in the network and will lead to deadlocks. 8 bits for the other type protocol associated (TCP, UDP, ICMP, or any other.). 16 bits for the Header Checksum. The checksum is a number used for error detection and rectification. 32 bits for the source IP address, 32 bits for the destination address. After all the above 160 bits are added to the IP packet, data bits are attached to the header. The data bits can be of variable length primarily because the data can be more to less. ICMP ICMP (Internet Control Message Protocol) is a protocol used mostly by the operating systems of the networked computers to allow sending of error messages. The error messages can be in the form of service not available, host cannot be reached, or router cannot be reached and many more. ICMP can also be used to relay messages on the network when it is combined in the IP packet. The most widely used utility ping is built on the ICMP protocol rules. Ping sends ICMP request to the target and waits for the ICMP response. During this time, it measures the time taken to reach the destination ICMP packet cannot traverse the network as an individual packet, so it requires an IP packet to traverse the network. The ICMP packet is put in the data header of the IP packet.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 13
TCP The TCP (Transmission Control Protocol) works with the IP Protocol to provide reliable service. It is the work of the TCP to rearrange the datagrams which were fragmented into an order. If any datagrams are missing, or they are out of order, the TCP will ensure that the datagrams are retransmitted. The purpose of the TCP is to check and avoid the loss, duplication, damage, or delay of packets. When a packet is sent on the IP header alone it is unreliable, adding TCP to this packet makes it reliable.
UDP The UDP (User Datagram Protocol) is an alternative to TCP. UDP is available in the TCP/IP Protocol Suite. This protocol was invented because TCP is more secure and reliable so it is obvious that TCP is more time consuming. On a network, if less security is desired or security is provided externally and we want that the transfer of information is fast, the UDP can be achieved to get the required throughput. UDP is a unreliable protocol. Like ICMP, UDP header is put into the data header of an IP Packet.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 14
Network Types Based on the geographical expansion, a network can be classified as a LAN (Local Area Network), MAN (Metropolitan Area Network), or a WAN (Wide Area Network). LAN A Local Area Network is a very high speed network that covers a small area like a home, school, computer laboratory, or an office building. A LAN is used to connect workstations, printers, servers, and other devices. The basic advantage offered by a LAN is the sharing of resources. Over the period of time, to access a LAN there are two access methods 1. Ethernet 2. Token Passing The Ethernet technology uses a CSMA/CD (Carrier Sense Multiple Access with Collision Detection) technique to transfer data to another node. In CSMA/CD technology, the device which wants to sends the data, senses the network media to see if any other node is exchanging data, if not, it starts sending the data. After the sending process is complete, the node then checks if a collision occurred. A collision is said to have occurred when more than one node tries to transfer data on the network. When a collision occurs, the sender waits for a particular time and then resends the data. This type of network transmission is limited to a small number of nodes because as the number of nodes will increase, the collisions will increase. Normally, CSMA/CD networks are half duplex.
In the Token passing technology, the sender passes units, also known as tokens. Tokens are similar to priority numbers. Each device passes the token before it wants to begin the data transfer. Once the network is free to transfer the data, the token is then acknowledged, making it a GO signal for the sender to send data. The tokens are then passed in the network through each device to see if there is no transmission in place.
For the above transmissions to take place, there 3 basic transmission methods used 1. Unicast 2. Multicast 3. Broadcast
In Unicast Transmission, a packet is sent from the source to a single destination. This type of transmission is generally used when one to one communication is required. The source puts the address of the destination on the packet, which is then sent to the network and finally reaches the destination. Unicast transmission is generally used in one to one communication. Example of Unicast is a computer to computer communication or communication over a mobile phone. In both the cases, there is one sender and one receiver.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 15
In multicast Transmission, a packet is sent from the source to many destinations. This type of transmission is generally used when one to many communication is required. The source puts the multicast address on the packet, which is then sent to the network. The network creates the copies of the packets and delivers it to the destinations. Multicast is done on a selected audience. Mulicast can be reliable or non-reliable type of communication depending on what the user chooses. Example, a group call over mobile, or sending information to many (not all) computers on a network.
In Broadcast Transmission, a packet is sent from the source to all destinations. This type of transmission is generally used when one to many (all) communication is required. The source puts the broadcast address on the packet, which is then sent to the network. The network creates the copies of the packets and delivers it to all the destinations. A broadcast is generally intended for all the audience. A broadcast is always a non reliable type of communication. Example of broadcast is the radio or television channel. A television channel is available to all its subscribers. However, if the subscriber doesnt receive the signals, the television channel doesnt guarantee the communication.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 16
There are many different ways of connecting the computers together in a network, which gives rise to a Topology. Topology defines the way a network is designed physically and logically. When two or more devices are connected in a network, the links form a topology. The topology is hence a geometric representation of all links in a network and their relationships with each other. There are five basic topologies possible for linking nodes in a network. 1. Mesh 2. Star 3. Tree 4. Bus 5. Ring Mesh In a mesh topology, every device of the network is connected to every other device of the network with a dedicated link. A fully connected mesh network will have n-1 total links at each node where n is the total number of nodes in the network. The total number of links in the network can hence be given by the formula below.
Where n is the total number of links in the network
Star In a star topology, each device has a dedicated link to a central controller, generally known as a hub. Unlike mesh topology, the devices are not connected to each other directly but with the help of a controller. If any device wants to communicate, it first sends the data to the controller and the controller than identifies the destination and transmits the data. The major difference between the mesh and star is the number of links. In a star topology the number of links needed is exactly n where n is the total number of devices on the network.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 17 Tree Tree is a variation of the star topology. As in a star, nodes of a tree are linked to central hubs which control the network traffic. Each device does not plug directly to the central hub, majority of the devices are connected to the secondary hub which in turn is connected to the primary hub. The central hub is known as an active hub. The active hub has a repeater in it which regenerates and transmits the received signal. Active hubs are then connected to the passive hubs which provide simple physical connection between all the devices.
Bus Bus topology is a multipoint connection topology. In this topology one cable acts as a backbone to link all the devices in the network. All the nodes on the network are connected to each other by traversing the main cable (Backbone). A good quality cable with higher bandwidth is used for the backbone while, normal cables are used for connecting the other nodes.
Ring In a ring topology each device on the network has a dedicated link with two other devices on either side of it. A signal passes along the ring in one direction traversing each link as it reaches from the source to the destination. A ring topology is easy to install and reconfigure.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 18 Hybrid topology A hybrid topology is a mixture of more than any one topology from the above stated topologies. For example, if we are connecting many networks, one network might be using a star while another network might want to use a ring. Hence, the overall network formed by interconnecting these networks will be a hybrid topology.
Comparing Topologies Below is the chart which states the comparison of all the topologies stated above. Feature Mesh Star Tree Bus Ring Cost Highest Lower compared to Mesh Higher than star, lower than mesh Lower than mesh, star, and bus Lowest Adding a node Very difficult, as each node has to be connected with n-1 links, and n-1 nodes have to add one more link Easy, only one link is added to the hub, provided the hub has a reserved space to add a link. Easy, as there are more hubs so we can find an empty space in any of the passive hubs Easy, but if the threshold is already reached, there will be a need to change the backbone cable. Medium, to add one node, two existing nodes have to be disconnected and a link has to be formed between the new and the two existing nodes. Removing a node Difficult, as at each node the link has to be removed. Easy, only one link has to be removed. Easy, only one link has to be removed. Easy, only one has to be removed, but it can lead to wastage of the higher bandwidth backbone. Medium, as after removing one node, a new link has to established between the existing nodes on its either side. Failure of a single node Does not affect the other nodes, only the node at which failure has occurred will be affected. Does not affect the other nodes, only the node at which failure has occurred will be affected. Does not affect the other nodes, only the node at which failure has occurred will be affected. Does not affect the other nodes, only the node at which failure has occurred will be affected. However, if the backbone is affected, all communication is affected. Does not affect the other nodes, only the node at which failure has occurred will be affected. However, the overall speed of the network is affected.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 19 Speed of communication High speed as the nodes are directly connected. High speed but not higher than mesh. High speed but not higher than mesh. High speed at neighbours but speed can be reduced if communication is done end to end. The speed is also dependent on the availability of the backbone. Slowest as compared to all the others as the devices have to traverse all the other devices on the network.
As seen from the topologies above, we require special devices to connect the nodes of a network, these devices are known as interconnecting devices. More detailed description about each interconnecting device is given in the topics to follow. Interconnecting Devices In this section we shall see how devices are connected to an internetwork for achieving data transfer. The OSI Reference Model has provided a representation of how the data moves in the network. It can be taken as a basis for analyzing the network strategy. The relation of various devices to the OSI Model can be shown by the figure below.
Gateways Gateways operate at the Session, Presentation, and Application layers of the OSI Reference Model. The major task of the gateway is to connect different networking environments. Gateways can be application specific or network configuration dependent, and they may use a protocol convertor for translating a set of protocols to another. Routers Routers operate at the network layer (Layer 3) of the OSI Reference Model. They connect network to internetworks which are physically unified. On successful connection, the identity of each network is retained as a separate networking environment. A routers primary purpose is to find the best path between the internetwork to forward and store packets. Bridges Bridges operate at the data link layer (Layer 2) of the OSI Reference Model. They connect a similar type of network environment into logical and physical internetworks. Bridges are used to store and forward the frames to the end points. Bridges also inspect the frames and decide whether to forward or discard. Repeaters Repeaters operate at the physical layer (Layer 1) of the OSI Reference Model. Repeaters receive the transmission in form of raw bits and regenerate them by boosting the level (Amplitude) so as to increase the geographical coverage of the network because physical signals can only span a limited distance before the quality of service is affected.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 20
MAN A MAN (Metropolitan Area Network) has a wider scope than a LAN. A MAN spreads into a wider area than a LAN and can be used to connect computers within a few kilometers or expanding up to the length of a city. The topologies, interconnecting devices, and transmission technologies of the MAN remain the same as that of a LAN. A general comparison between LAN, MAN & WAN can be seen from the figure below.
WAN WAN (Wide Area Network) is a name given to a network which has a larger range than a LAN & MAN. Businesses that are spread worldwide have their networks connected via WAN. However, to know the WAN, a very practical example is that of the Internet. The Internet uses the WAN technology to connect computers all over the globe. A WAN can have different types of connections based on which the data transfer takes place between the nodes. Few types of connections used with a WAN are
Point to point Circuit switching Packet switching Point to Point WAN A point to point WAN link is a single link shared between the end points. Generally this type of link can be seen in the telephone lines. In telephone line based links, the customer is directly connected to the ISP devices through his telephone line. These types of lines have to be leased from a carrier and therefore we can also call these types of lines as leased lines. As we discuss more, we shall come across more types of WAN connections, but it is important to remember that the Point-to-Point links are more expensive than any other WAN link. From the figure below we can see the point to point WAN link. Circuit Switching WAN In a circuit switching network, a virtual circuit is developed between the communicating hosts for the period of communication. Circuit switching can be compared directly with the telephone network. In a telephone network,
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 21 when a call is made from one telephone to another, the telephone exchange creates a continuous wire circuit between the two telephones. This circuit remains in place till the call lasts. The circuit switching technique gives entire bandwidth of the channel till the connection is established. However, the major weak point of this switching technology is that, if the node has a slow communication rate, or pauses for a while during communication, the entire bandwidth may be wasted. Also, when two nodes have established a circuit, the other communicating nodes have to wait until the channel is free for communication.
Packet Switching In packet switching technique, the data to be transferred is broken down into smaller units known as packets. Unlike circuit switching technique, packet switching does not establish a dedicated connection between the sender and the receiver. All packets are of the same data size and hence at the sender end, buffering of data takes place. When the buffer reaches the size of packet it is then sent across the network. There are two major packet switching modes which we have already discussed earlier (connection oriented communication mode and connectionless communication mode).
WAN Interconnecting Devices A WAN is made up of several communicating LANs. A WAN is therefore made up of several interconnecting devices. We shall discuss the WAN interconnecting devices in the topics to follow. WAN Switch A WAN switch is a device with many ports used to divert network traffic from source to destination. However, it may be noted that from end to end communication, there can be presence of more than one WAN switch. The WAN switch operates at the data link layer (Layer 2) of the OSI Reference Model.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 22
Modem A modem (Modulator Demodulator) converts the digital signals to analog and vice-versa over a telephone line. A modem hence enables a user to connect through the Internet. A modem connecting though a WAN converts the analog carrier signals to digital signals which can be interpreted by the computers. Hence, when using modems to communicate in a network, we require a modem at each end of communication. From the below figure, we can see the working of the modem.
IP Addressing Every device on the Internetwork is assigned a unique address. These devices may be personal computers, communications servers, ports on a communications server, internetwork routers, or network control servers. Some devices, such as routers, have physical connections to more than one network, and they must normally be assigned a unique internet address for every network connection. The internet hence behaves like a virtual network, using the assigned addresses when sending or receiving packets of information. There are two versions of IP Addresses namely IPv4 and IPv6. In the topics to follow, we shall see how the number of unique IP Addresses is limited in IPv4 and how we can get over it using IPv6. IPv4 Each internetworking address has a 32 bit address field which is split into two parts. The first part identifies the network on which the communicating host is located and the second specifies identifies the communication host itself. Therefore, the hosts attached to same network share a common prefix which designates their network number. Classes of IP Address There are in all five classes of IP addresses. Each class begins with a unique bit pattern used by the Internet software on network hosts to identify the class of the address. Once the internet software has identified address class, it can easily find out which bits represent network number and which bits represent the host portion. Any of the address classes can be used in a private TCP/IP network, provided that connections outside of that private
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 23 network (to other TCP/IP networks) are never going to be needed. If a private IP addressing number scheme is established within a private corporate network, connections out of that network to external public or other private TCP/IP networks can be achieved via a computer which has software enabling it to act as an IP gateway. This will, provide the IP numbering/address translation between the interconnecting networks. Class A A Class A address has the order of the highest bit set to zero and it has a 24 bit local host address. So the number of bits used to identify the network is 7 bits. Class A addressing can specify up to 2 7 (128) networks and a total of 2 24 (16,777,216) devices including hosts per network. In the actual scenario, a network cannot have 0 and 255 as ending bit address, so the maximum number of specified networks is 126 and the maximum number of devices including hosts is 16,777,214. Class B A Class B address has the order of the highest and the second highest bit set to 1-0, so it has a 16 bit local host address. The number of bits used to identify the network is 14 bits. Class B addressing can specify up to 2 14 (16,384) networks and a total of 2 16 (65,536) devices including hosts per network. In the actual scenario, a network cannot have 0 and 255 as ending bit address, so the maximum number of specified networks is 16,382 and the maximum number of devices including hosts is 65,534. Class C A Class C address has the order of the highest three bits set to 1-1-0, so it has a 8 bit local host address. The number of bits used to identify the network is 21 bits. Class C addressing can specify up to 2 21 (2,097,152) networks and a total of 2 8 (256) devices including hosts per network. In the actual scenario, a network cannot have 0 and 255 as ending bit address, so the maximum number of specified networks is 2,097,152 and the maximum number of devices including hosts is 254. Class D The Class D addresses are reserved as multicast addresses and they are generally used by the hardware devices on the network. These addresses have the highest four set to 1-1-1-0. They are used to identify a group of computers/devices in a network which run a common application program or network software. Class E The Class E IP address has the highest five bits set to 1-1-1-1-0. It is currently reserved for use in future. In all the above classes the last set of bits cannot contain 0 and 255 as device address because they are reserved as broadcasting address. Understanding the IP Notation IP Addresses are specified in four sets of decimal numbers separated by a dot. This format is also known as a dotted decimal notation.
The notation hence divides the 32 bit IP Address into 4 groups of 8 bits also known as octets. The addresses are in the form of <network><host> when viewed in a binary notation. A mask determines how much part of the address belongs to the network and how much to the host. A standard Class B addresss mask is 255.255.0.0. The first two octets are for the network and the last two are for hosts. In binary notation we can view this mask as 11111111.11111111.00000000.00000000 Similarly for a Class C address, the mask is 255.255.255.0 which specifies that only the last octet can be used for hosts and devices. Therefore it has only 256 addresses that can be used for hosts and devices. In actual scenario, in the last octet xxx.xxx.xxx.0 and xxx.xxx.xxx.255 are not usable and hence only 254 addresses are finally usable.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 24
Valid network numbers for classes A to D are given below where xxx represents the host portion of the address which is assigned by the network administrator. Class A : 001.xxx.xxx.xxx to 126.xxx.xxx.xxx Class B : 128.001.xxx.xxx to 191.254.xxx.xxx Class C : 192.000.000.xxx to 223.255.254.xxx Class D : 224.000.000.000 to 239.255.255.255 Subnetting & Subnet Masks As we have seen till now, an IP Address is 32 bit and it is divided into two parts: the network identifier and host identifier. There is a major benefit when the IP Addressing scheme like this is used. Routing tables need to store only the routes to each network and not the hosts/devices. Host addresses can be manually assigned by a local administrator instead of a central site. However, there has been a tremendous growth in the number of devices and networks thus leading to a growth in the IP addresses. So, instead of the two levels (Network and Host) hierarchy, a three level structure (Network, Host, and Subnet) was created. The subnet structure of the network is not visible to the outside group of networks making the subnets as an autonomous system.
A subnet mask allows the host portion of an IP Address to be divided into two parts: Subnet number and the host number on that subnet. Example of a three level structure of an IP Address can be seen from the figure below.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 25
In the figure above, the subnet mask bits which are set to 0 identify the subnet host number and the subnet mask bits set to 1 identify the network number and some part of the subnet number.
A worked example Suppose we have been allocated a Class C IP Address range of 192.1.2.0 and we need to establish two subnets each of which must support up to 50 hosts. The workaround is 1. Express the IP Address in binary format 192.1.2.0 = 11000000.00000001.00000010.00000000 2. We need two subnets so choosing the binary combination of 01 and 10 we get 11000000.00000001.00000010.01000000 11000000.00000001.00000010.10000000 3. Define a subnet with all network subnet bits set to 1 and host bits set to 0 Network number: 11000000.00000001.00000010.00000000 = 192.1.2.0 Subnet Mask: 11111111.11111111.11111111.11000000 = 255.255.255.192 4. Assigning the host address Subnet 1: 192.1.2.64: 11000000.00000001.00000010.01000000 Low Address: 192.1.2.65: 11000000.00000001.00000010.01000001 High Address: 192.1.2.114: 11000000.00000001.00000010.01110010 5. Subnet 2: 192.1.2.116: 11000000.00000001.00000010.01110100 Low Address: 192.1.2.117: 11000000.00000001.00000010.01110101 High Address: 192.1.2.166: 11000000.00000001.00000010.10100110 Till this point we only know that the subnets can be changed in bits in the multiples of 8. That is, for a Class A address, the default is 255.0.0.0 or 11111111.00000000.00000000.00000000, for a Class B address, the default is 255.255.0.0 or 11111111.11111111.00000000.00000000, and for a Class C address, the default is 255.255.255.0 or 11111111.11111111.11111111.00000000. Using a CIDR (Classless Inter Domain routing) we can write an IP address with its CIDR notation, instead of writing the subnet. Eg. A 192.168.0.1 IP address with subnet 255.255.255.0 can be written as 192.168.0.1/24, it means that in the subnet, the first 24 bits are set to 1 (as a network address). In a similar way, we can have variable lengths of bits in a subnet mask too. These are known as VLSM (Variable Length Subnet Masks). For example, given a network scenario where we want to have 20 hosts each on 5 different subnets with Class C IP address, we can choose the following exercise. 1. We know its a Class C IP Address so the number of bits to be set to 1 is at least 24 (11111111.11111111.11111111.00000000 or 255.255.255.0). We also know that we need 30 hosts only per network, therefore we can use 5 bits for the host address and 27 bits for network address, writing in the CIDR we shall use /27 addresses. We shall be altering the 25 th , 26 th , and 27 th bit to 001, 010, 011, 100, and 101 to get the subnets. 2. This would give rise to 5 different subnets. The five subnets as a result as 11111111.11111111.11111111.00100000 (255.255.255.32) 11111111.11111111.11111111.01000000 (255.255.255.64) 11111111.11111111.11111111.01100000 (255.255.255.96) 11111111.11111111.11111111.10000000 (255.255.255.128) 11111111.11111111.11111111.10100000 (255.255.255.160) 3. In each subnet we can have hosts having Class C IP Address starting from 1 to 31, like for example 192.168.1.1 192.168.1.31 Check Your Progress The exercises below will help you to check your progress on sub-netting. Fill the table below Prefix Decimal Mask Total Addresses Usable Addresses /24 255.255.255.0 256 /30 4 2
IP Address Mask Network IP Address Broadcast IP Address 192.168.1.1 255.255.255.0 192.168.1.1 255.255.0.0 192.168.1.1 /30 10.10.1.1 /24 10.10.1.1 255.255.254.0 10.10.1.1 /26 IPv6 IPv6 is a new version of the IP protocol. In the explanation below we shall see how and why IPv6 evolved. The need In the modern era, the Internet is not only limited to computers/laptops, most of us also use Internet on the cell phones and tablets. Due to this wide spread and easy availability of Internet, there is a need to give each device a unique IP address. Considering IPv4 address space which is 32 bits i.e. 00001111000011110000111100001111 the maximum possible number of addresses that can be assigned uniquely to each device with all permutations and combinations are 232 which comes to an approximate of 4.3 billion only. Using this address space and considering the number of devices that use Internet, the 4.3 billion IP addresses will be used up very soon and there will no unique IP address which can be given to a new device. Therefore, there arose a need to define an address space which has more than 4.3 billion addresses. To overcome this address problem, IPv6 protocol was documented in RFC 1883 in December 1995. 6th June, 2012 is marked as the world IPv6 launch day when most of ISPs in the world implemented IPv6 in their networks. The total number of population using IPv6 as on November 2012 is 1%. Header IPv6 by far exceeds it former in many ways and hence is advantageous. IPv6 header is 128 bits and hence has much more address space than IPv4. Calculating the address space we can now have 2128 (3.4 X e38) unique addresses for assigning to each and every node connected to the Internet. Modifications are also done in the structure of IPv6 header so as it make it faster to process. Few fields from the IPv4 have been removed while a new field is added and a few field places have been changed. Below we see the comparison of IPv4 with IPv6 header.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 27
The traditional IPv4 header fields like Version, source and destination address are still found on the IPv6 header.
The type-of-service, total length, time-to-live and protocol fields have been changed to traffic class, payload length, next header and hop limit in IPv6. Flow label is a new field in IPv6. IPv6 Header is quite different than the IPv4 header. IPv6 is said to be less memory occupying as it does not have so many fields as the IPv4. This makes the processing of packet faster and hence the communication also. Advantage IPv6 is designed for serverless autoconfiguration, this means IPv6 hosts will configure themselves with unique IPv6 address with Router Advertisements. Often, there will be no need of DHCP, however if a DHCP server exists, an address from the available pool will be fetched. An IPv6 address is separated by eight groups of quartets separated by a colon. An example IPv6 address is 0123:4567:89AB:CDEF:0123:4567:89AB:CDEF Transition & Working IPv6 as we know will take over its predecessor IPv4, however this cannot happen overnight. Hence, until the IPv6 implementation is not completed, there is a need of a mechanism (technique) which can allow both the IP versions to co-exist and communicate. The techniques implemented for IPv4 IPv6 transition can be majorly categorized into
Dual Stack This technique is used to allow IPv4 and IPv6 co-exist in the same device as well as networks. This implementation is done at the software level in the operating system and NIC drivers.
Tunneling Tunneling is the technique used when up-gradation of hosts takes place. Since all the upgrading cannot be done at the same time, hence tunneling algorithms allow IPv4 networks and hosts to communicate with IPv6 networks and hosts. A working example of each terminology and technique is shown in the working section below.
Translation This technique is used for allowing the communication from IPv6-only devices to IPv4-only devices. Working IPv6 is described in the RFC document 2460. The size of the packets has also increased in IPv6. A normal IPv4 can carry (216-1) 65535 octets of payload, however with IPv6 it can be as large as (232-1) 4,294,967,295 octets. The IPv6 address is represented in 8 groups of 16 bit values. Each group is represented in 4 hexadecimal digits and separated by colons. IPv6 address can be abbreviated by removing the zeroes from the group of hexadecimals and if an entire group is zero, it can be omitted. If more than one group is zeroes, it can be omitted by putting double semicolons (::). Example 2012:056F:0000:0000:0000:ef23:0056:5097, can be written as 2012:56F::ef23:56:5097
IPv6 reserved addresses Unspecified address This is an address with all the bits set to 0, i.e. 0000:0000:0000:0000:0000:0000:0000:0000 or ::/128. This type of address is to be used by a software before it
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 28 learns the actual IP address of the host. This type of address should never be assigned to an interface. Routers should not be forwarding these packets.
Link local address or the loopback address, used to identify the host itself (IPv4 127.0.0.1) is given as ::1/128 in IPv6.
IPv6 communication: Understanding the IPv6 communication is little complex but definitely not hard. Let us take the following scenarios Communication from an IPv6 host to an IPv6 host over IPv6 channel (end to end IPv6) Communication from IPv6 host to IPv6 host over IPv4 channel. Communication from IPv6 host to IPv4 host
In scenario 1, since the communication is on IPv6 from end to end, there is no involvement of any conversion mechanism.
In scenario 2, the communication is on IPv6 at the ends however the channel in between is over IPv4, hence, the router at the sending end will put all the IPv6 frames inside an IPv4 packet. At the receiving end, when the router forwards the packet to IPv6 host, it will add 2002::IPv4 in hex.. ie. If the address is 192.168.1.1 then the binary is 11000000.10101000.00000001.00000001, the hex of this code is C0A8:0101. The router at receiving end will forward the traffic to IPv6 host with IPv6 address (2002::C0A8:0101). 2002 address space in IPv6 is reserved for 4 to 6 translation. When the receiver in IPv6 receives a packet whose address is 2002::, it will strip off 2002 to see the IPv4 address. In this scenario, the IPv6 packet is within the IPv4 packet. Hence, the receiver will notice the IPv4 packet and read the IPv6 packet within. The mechanism deployed at the sending end is 6 in 4 (sending IPv6 in IPv4 packet), at the receiving end it is 4 in 6
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 29 (sending IPv4 in IPv6 by prefixing 2002::)
In scenario 3, the communication is between IPv6 host and IPv4 host. In this case, the router will send all the information to IPv4 host by changing to an IPv4. In the reverse direction, the traffic coming from IPv4 to IPv6 will be designated in IPv6 with first 80 bits set to 0, the 16 bits to FFFF and remaining will be the IPv4 address in Hex. Eg. If the traffic is sent from 192.168.1.1 then the receiving IPv6 host will see it as 0000:0000:0000:0000:0000:FFFF:C0A8:0101 or ::FFFF:C0A8:0101.
This terminology is known as 6 to 4 at the sending end and 4 to 6 for the receiving end. However, for bidirectional traffic flow, a dual stack implementation is required. Dual stack implementation has the 6 to 4 conversion on the host itself.
This can be checked on a windows computer by going to command line and using netsh.
This justifies that dual stack implementation is ON on this host and it can convert 6 to 4. 4 to 6 conversion is to be done by the router, and a host cannot understand 4 to 6 (because it is implemented on IPv6) it cannot understand the IPv4 traffic. Multiple Protocols within the same packet Enveloping Generally, many protocols work simultaneously to achieve complete network functionalities. When many protocols work together they are known to be members of a protocol stack or protocol suite. Data to be transported in the network is split into packets which contain information for checking, addressing, and other purposes. When multiple protocols are used the control information is appended to the data in a sequential order in which they fall on the OSI Reference Model (the higher layer protocol first, followed by the lower layer protocols). This process is called enveloping.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 30
The pattern of enveloping shown above is common in most of the cases but the tasks assigned to each protocol differs from vendor to vendor. Application Protocols Protocols are used in each application like Chat, IM, Browser, and much more. Any application working with the protocols will use the basic protocols like TCP, UDP or IP and the application protocol is embedded into the data header of the base protocol. Below we shall see some of the application protocols and their use. HTTP HTTP (HyperText Transfer Protocol) is mainly used to transfer data from the WWW (World Wide Web). This protocol is called HyperText Transfer Protocol because it can rapidly jump from one document to another in a hypertext environment, like we see in the website pages. This protocol works on TCP because it transfer files from one location to another. The general working of this protocol is on port number 80, but it can be configured to work on different ports. The most common version of HTTP protocol used is the HTTP 1.1 which is specified in RFC 2616. HTTPS HTTPS (also known as HTTP Secured) is used to transfer files securely. When we talk about security the HTTPS protocol transfers the files in an encrypted form and decrypts it at the receiving end. This makes the working of protocol a bit difficult but easy for transferring sensitive information like user passwords, financial details, etc. The HTTPS uses TCP port number 443 by default, but it can be configured to use different ports if needed. HTTPS should not be confused with Secured HTTP (S-HTTP), later was not used much and became non-existent. HTTPS is specified in the RFC 2818 whereas S-HTTP is specified in RFC 2660.
The HTTP and HTTPS are used to browse web sites and generally used in the URL (Uniform Resource Locator). We can locate any website by its URL (the address that we key into the address bar of the browser). The URL of HTTP site will always start with an http://websitename.domainname, whereas the URL of an HTTPS site will start with https://websitename.domainname.
SMTP SMTP (Simple Mail Transfer Protocol) is an email transmission protocol used across IP networks. SMTP is used in outgoing mail and it uses TCP port number 25 for all outgoing email communication by default. A secured SMTP is known as SMTPS and it uses port 587 for all outgoing email communications. The final updated version of SMTP is documented in RFC 5321. POP/POP3 POP (Post Office Protocol) is used by email clients to fetch emails from the email server. The POP came into use for using email clients like Microsoft Outlook, or Mozila Thunderbird. In these applications the user is not required to log into the web server, whilst once the users credentials are provided into the application, the application itself will fetch the emails. POP supports simple download and delete type of mechanism, it connects to the web server, where it has an option to either keep the messages on the server or delete and download them to the users computer. POP3 is the third version of the POP protocol. POP3 uses TCP port number 110 and is documented in RFC 1081. IMAP IMAP (Internet Message Access Protocol) is an application layer protocol which has the same working as a POP protocol. The current version of IMAP, IMAP Version 4 Revision 1 is documented in RFC 3501. IMAP works on port number 143. IMAP supports online as well as offline mode of operation. The major difference between the POP and IMAP is that, in POP the user stays connected to the mail server only till the downloading of messages is in progress, while in IMAP, the user is connected to the mail server as long the application interface is open. This
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 31 enables IMAP to download messages on demand.
FTP FTP (File Transfer Protocol) is a standard provided by the TCP/IP for downloading and copying files on the networked computers because transferring of files in a networked environment is one of the most tedious and common task. Though transferring of files sounds like a fairly simple and straightforward process, it has many complications. For example, two computers have their own way to differentiate data and text, or two computers have different structures of directories, or the file naming conventions on two computers are different. Telnet Telnet (TELecommunication NETwork) is a terminal emulation protocol for connecting remote machines. By using telnet, the user can use the remote machine as a local machine. By default telnet works on port number 23 to connect the remote machine. Intercommunication Till this point we have been talking about a single network and internetworks. We have seen the technologies and terminologies used for internetworking. From this point onwards, we shall see how communication is done between the internetworks. Intercommunication is the termed framed for communication between internetworks. At the roots of communication we know that IP addresses are used to identify each machine on the network uniquely. However, intercommunication will occur amongst network which may or may not have the same range of IP Addresses. Secondly, two communicating systems can be on different classes of IP address or different subnet and hence by the communication principles, we know they will not be able to communicate directly. Therefore, we need devices that enable the internetwork communication. There are mainly three terminologies that can be used for internetwork communication (Bridging, Switching, and Routing).
Bridging Internetwork Communication Bridging is used to extend the area of a network by connecting adjacent LANs. A LAN has its limitation in the form of maximum number of devices that can be connected and the maximum distance that can be covered by any LAN. Therefore, to bridge the gap we use a bridge. A bridge is also used to break down a large LAN into smaller LANs (also known as LAN segments). Creating small segments of a LAN is necessary because in a larger LAN there will be more traffic and hence the response time is bound to be more. Bridges and routers and the interconnecting devices used to connect segments of LANs into a large LAN.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 32 Bridging and the OSI Model Bridging occurs at Layer 2 of the OSI Reference Model (Data Link Layer). A bridge therefore sees the network as a collection of source and destination addresses. A bridge does not have the knowledge of the paths between the communicating devices and they have very little communication with the upper layers. Types of Bridges Bridges can be categorized by the functions which they provide. A bridge can either be local or remote. Local bridge is used to provide direct connection between two or more LAN segments within the same area. A remote bridge can be used to multiple LAN segments in different areas over telecommunication lines, or the Internet. From the figures below, we will be able to understand the types of bridges clearly. In remote bridging, at least two bridges will be required to bridge the remote networks, whereas a single bridge can be used in local bridging.
Advantages & Disadvantages of Bridging Advantages: More devices can communicate on a bridged network than the number of devices that would be communicating on a single LAN connected with a bridge.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 33 Bridges extend the geographical length of a LAN hence allowing remote LAN sites to be connected to larger LANs. Bridges are simple to install and transparent to users. Bridges can connect networks over different protocols because they operate below the network layer of the OSI Reference Model. Bridges connect LAN segments and so devices can be moved from one segment to another without the change of an IP Address. Disadvantages Bridges cannot understand the redundant network paths and so it means not taking advantage of splitting the load over network segments. Bridges can overload the network by increasing the traffic when it receives a frame with unknown address. Because the bridges do more work than a repeater by processing the MAC addresses, it is slower than a repeater. Switching Internetwork Communication Like bridging, switching also occurs at Layer 2 (Data Link Layer) of the OSI Reference Model. Switches connect multiple LAN segments and create a single large network. Switches store and forward the frames. There are two major techniques used by a switch; store and forward, and cut through. When a switch works in store and forward device, the frames are not sent until an entire frame is received. In cut through type of switching, the switch starts forwarding a frame when most part of the frame is received. However, it is important to remember that in cut though type of switching method, the forwarding starts before entire frame is received. There are various types of switches that we shall see in the topics to follow. LAN Switching LAN switching uses the MAC address from the sender to decide where to forward the frames. Layer 2 switching is a hardware device which means it uses Application Specific Integrated Circuits (ASIC). A LAN Switch maintains MAC Address tables for maintaining the addresses of senders and destinations. A Layer 2 switch does not change any information contained in a packet and hence can be used to connect networks with different medias like Ethernet & Fiber. Similarly switches can also be used to connect networks working at different speeds like 10Mbps or 1000 Mbps. To see the working of a switch, we can refer the figure given below.
VLAN VLAN (Virtual LAN) is a group of computers which are logically into the same network as if they were in a LAN but not physically. The attributes of a VLAN are same as that of a LAN, but it allows end stations to be grouped even if they are not on the same interconnecting device. A sample VLAN can be seen from the figure below.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 34
MPLS MPLS (Multi Protocol Label Switching) is introduced as a faster mechanism to transfer data. MPLS works at layer 3 (Network Layer) of the OSI Reference Model. MPLS forwards packets from host to destination. In MPLS the IP packets are encapsulated with a label, so instead of looking for the tables in the devices, the nodes on the network are labeled. MPLS works on switching technology and hence the devices that work on MPLS terminology are known as Label Switched Devices. We shall understand MPLS in more detail in the later part of this module. Routing Internetwork Communication Like bridges, routers connect two or more networks to form an internetwork. Routers maintain the logical identity of each network segment. A router based internetwork will have many logical networks each of which is also independent. Routers work at the network layer. Routers have a complex working than a bridge; they first analyze the protocol used to route the packet from one LAN to another. A router which can analyze all the protocols used at the network layer is known as a multiprotocol router. Routing Concepts Routing requires more information than bridging. A router will receive only those packets which are addressed to it. A router has more decisions to make than a bridge and therefore they need more information than a bridge contains. The primary information contained in a router is the routing tables which we shall see in the forthcoming topic. A router is said to have the following basic functions. It must create and maintain the routing tables. It must select the next shortest path to the next network or router based on the information contained in the packet.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 35 Routing Tables A routing table contains data which contains the routes to any network attached to that router. A router makes and stores the routing table so that it knows exactly where to deliver the packets when they arrive. A routing table consists of minimum three fields. 1. Network id (destination network) 2. Cost 3. Next hop (this is the address of the next router on the network) Routing Metrics Path Length Path length is the most common and widely used routing metric. Path length is defined by the length between two communicating nodes. The length between the communicating nodes is not calculated in meters but in the units of time. A length between two communicating nodes will be calculated in milliseconds. So, this lets the router choose the best path. The lower the time required to reach a destination, the nearer is the communicating device. Reliability Reliability, in routing context, is the dependability on a link. A router apart from storing the other metrics also stores the error flow in a link because there can be a case in a network where one of the links is weak and goes down quite often. Delay The delay in routing refers to the length of time required for transferring packet from source to destination in an internetwork. Delay depends on many factors like bandwidth, traffic in network, and distance to be travelled. Bandwidth Bandwidth is the capacity of a link to carry data. Its unit is Bits Per Second. Load Load refers to the extent at which a router will be busy. Load can calculated with factors like CPU usage and packets processed per second. Communication Cost Router can connect two networks over remote segments. It is therefore important to see the operating cost of the router. An organization will certainly not lay down special lines if the communication can be done over a telephone line. Routing Algorithms Static In static routing, the routes on a network are fixed and the routers do not discover any new route. We can say that in this type of routing, a system administrator would configure with all the information necessary for the routers to forward a packet, however, a router will not learn new routes by itself. Static routes once defined to a network are unchangeable. In other words we can also say that in static routing, all the entries in the routing table are done manually. Static routing is not suitable for large networks. If a new router is added to the network, an administrator has to update the route to the new router in each other router. Also, in static routing a problem can arise that the traffic flows from one link only, instead of other links, because the route is predefined. Like in the below figure, we can see that if a static route from network 2 to network 4 is not defined, all communication will happen from Router B-C-D instead of going from Router B to Router D. This will make Router C busier and the link between Router B and Router D will never be used. To summarize static routing is used when the routes of a network are predefined.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 36
Dynamic In contrast to static routing, dynamic routing does not require an administrator to update routing tables on the router. A router will learn by itself and update the routing tables at its predefined time intervals. Dynamic routing is more suitable for large networks, because if any link is busy, another route can be switched over automatically by the router. Also, it is very easy to add a new router to the network. The metrics of each router is calculated by the router itself and hence we can achieve faster communication, even if a link fails. Each router will store the metrics of routers adjacent to it. From the figure below, we can see that when we add a new router (Router E) to the network, Router C and Router D will automatically store the metrics of Router E. Now if communication is initiated from Router A to Router E, a dynamic path will be chosen. This path can either be Router A-C-E or Router A-C-D- E, depending on the metrics. To summarize, dynamic routing is used in an environment where routes of a network are not predefined and we know that the networks adaptability will change.
Single path And Multipath Single path and Multipath Routing algorithms are related to load sharing. There can be a single path or multiple paths to a destination. In single path algorithm, a protocol will learn a single best route to each destination. In multipath algorithm, a protocol will not learn any single route, but it will learn all the routes to each destination. The advantage of learning is that load balancing can be done. When the best route to a destination is flooded with traffic, another route can be used only if multipath routing is used. From the figure below we can understand that if a route from A-D has to be selected, it can either be A-G-H-D or A-E-F-D. In case of single path algorithm, it will select the best route. If the communication line is busy, the single path will still prefer the same route. Multipath algorithm will choose both available paths and if one of the paths if busy, it will divert the packets through another path.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 37
Link State and Distance Vector Link State algorithm calculates the status and connection type of each link to produce a metric. Link state algorithm knows exactly when a link is working or down, how dependable it is and what is the cost of that link. It is very much possible that a link state algorithm may choose a path with more hops and a faster medium rather than a path with less hops and slower medium. Because, a link state protocol is aware about the media types and other factors, link state algorithm requires more processing than any other algorithm. On the other hand, distance vector algorithm is fairly simple. Distance is the cost of reaching any destination. Vector is the interface on which the traffic will be sent to the destination. Distance vector algorithm hence chooses the distance calculation and the network interface to determine the best path for communication. In link state algorithm, each router has the information of the entire network, whereas, in distance vector algorithm, each router has the information of its neighbors only. In case of a link failure, link state will send small updates to each router on the network, whereas, distance vector will send large updates but only to some routers. From the figure below, we can easily understand the link state and distance vector algorithms. In the figure scenario A is the distance vector, whereas scenario B is the link state. The communication is initiated from node A and the destination is Node B. Node A and Node B are connected with a telephone line, giving maximum speed of 56kbps, whereas all other links (A-C, C-D, and D-B) are 100Mbps. A distance vector will directly choose the 56kbps link to send the data, whereas the link state will prefer A-C-D-B due to high speed media.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 38 Protocols used in Routing RIP RIP (Routing Information Protocol) is used to route packets in the internetwork. It is a dynamic protocol and used by IP. The main function of this protocol is to inform the addresses of all routers to other routers. A network characteristic is important when a router wants to make a routing decision. These network characteristics are known commonly known as metrics. The RIP uses a metric called hop count, this metric keeps the numbers of routing nodes falling between two communicating devices. RIP runs on UDP port number 521. RIP is available in two versions namely, RIPv1 and RIPv2. RIP is documented in RFC 1058. OSPF OSPF (Open Shortest Path First) is a link state dynamic routing protocol. It uses link state algorithm and it is documented in RFC 2328. OSPF is used to route IP packets in a single routing domain. It gathers the link state and the media information from the available routers and constructs a diagram of the network. The decision of forwarding the packets is made on the destination IP address. OSPF being a link state protocol can easily detect the changes in the network, in form of link failure and changes the paths very quickly. Link state information is maintained in the LSDB (Link State Database) by all the OSPF routers in the network. On change of any link, the LSDB copies are updated to each router of the network. OSPF does not use a TCP/IP transport protocol (UDP, TCP), but is encapsulated directly in IP datagram with protocol number 89. OSPF handles its own error detection and correction functions. OSPF uses multicast addressing for route flooding on a broadcast network link. OSPF reserves the multicast addresses 224.0.0.5 (all link state routers) and 224.0.0.6 (all Designated Routers), as specified in RFC 2328 and RFC 5340. BGP BGP (Border Gateway Protocol) is the most used protocol for routing decisions on the Internet. BGP is a distance vector dynamic protocol. BGP does not use the traditional metrics, but routing decisions are made based on path, network policies, and other rules. BGP is more known as a reach-ability protocol rather than a routing protocol. OSPF fails in very large networks whereas BGP is designed to work with very large networks. BGP creates redundancy in large networks giving maximum efficiency. BGP works on TCP port number 179. Each BGP router sends a message to all other routers periodically to check the availability. The final version of BGP is documented in RFC 4271 which went through more than 20 revisions starting from RFC 1771. IGRP IGRP (Interior Gateway Routing Protocol) is a proprietary (organization owned) protocol. It was created to overcome the limitations of RIP. IGRP is a distance vector protocol. It is used by routers to exchange routing information. It overcomes the limitation of RIP which could work only till 15 hops and single routing metric. IGRP supports multiple metrics like bandwidth, delay, load, and reliability. To compare two routes, all the metrics stated above are compared and then the best route is selected. To overcome the issues with address space, another protocol EIGRP was created. EIGRP (Enhanced IGRP) is also a proprietary protocol. IGRP is almost considered as obsolete now. Routing and the OSI Model Routers work at layer 3 (Network Layer) of the OSI Reference Model. The main function of the router is to select the shortest path to the next network. Routers do not work at the data-link layer, so they cannot connect different networking environments. Routers are visible to end points and so controlling the traffic from a transmitter to a receiver is possible. Routers have buffers, so if the sending process is faster than the receiving process it will not create congestion in the network. Network Management Network management is a very broad term and it relates to many people associated with the network in different ways. However, in general, network management is a service that uses variety of tools including applications and devices, which can assist a network manager to take decisions based on the network. The ISO has a significant contribution in network standardization. The network management model given by the ISO can lead to understanding major functions of network management. The ISO network management model consists of five
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 39 major areas. Given below is the ISO network management model.
The five major areas of network management by ISO are 1. Performance Management Performance Managements goal is to maintain the internetwork and to determine the efficiency of the network. Performance management is ensures that network performance remains at a good level. It is also concerned with gathering regular performance data like response times, packet loss rate, and link utilization. This information is usually gathered through the implementation of an SNMP management system which we shall discuss in the following topic, either actively monitored, or configured to alert administrators when performance move above or below predefined thresholds. 2. Configuration Management The goal of configuration management is to collect, set, and track configuration of devices on the network. It is concerned with monitoring system configuration and changes taking place in it. This is an important aspect because most the problems in the network arise due to change in configuration like change in configuration files, updating the software, or changes in the system hardware. A proper configuration management system strategy involves tracking and notifying all changes made in the network hardware and software. 3. Accounting Management The goal of accounting management is to gather statistics for the users in the network. This deals with tracking the network utilization according the segments created on the network. 4. Fault Management The goal of fault management is to recognize, correct, and create log of the fault that might have occurred in the network. A proper fault management technique is to log the information, contact the appropriate person, and fix the problem. 5. Security Management The goal of security management is to control the access to vital resources in the network. It does not deal only to see that the network environment is secured but also that the information related to security is gathered and analyzed at regular time intervals.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 40 SNMP SNMP (Simple Network Management Protocol) is a standard protocol for managing devices on internetwork. Devices that support SNMP are routers, switches, servers, workstations, printers, and many more. It is used to monitor devices attached to the network for conditions which require network administrators attention. SNMP is part of the TCP/IP protocol suite and is defined by IETF. The final revised version of SMNP is documented in RFC 2576. VPN Normally, when we are connected to any subnet, we can say that we are in a private network. To put in other words, every subnet is a private network. If we want a remote user who is physically not in the same subnet to be a part of the same subnet then we are talking about the network terminology called VPN (Virtual Private Network). A VPN allows a remote user to become a part of the local private network as if the user is working the same local subnet. This also allows the user to use to the network resources like printers, etc. A VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organizations network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities, but at a much lower cost.
The VPN connections between two sites require that the sites be connected remotely but securely because at one end there is an organizations private network and at the other end, there is a public network like Internet. If there is any failure to secure the connection, then it can lead to a vast security breach in the network. A VPN connection therefore uses tunnels to communicate. Tunnels are pass ways for the traffic to flow. Only the sender and the receiver can use the tunnel. There are three types of tunnels that can be created depending on the type of communication required. The three tunnels are shown in the figure below.
As shown in the figure above, a gateway to gateway tunnel will be used in large organizations where a any branch office computer wants to connect to another branch office computer.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 41
A host to gateway tunnel is used when only one computer from a public network wants to connect to entire organizations network.
A host to host tunnel is used when a particular computer from the public network wants to connect to one particular computer from the organization. VPN on L2TP The L2TP (Layer 2 Tunneling Protocol) acts like a data link (Layer 2 of the OSI Reference Model) protocol for tunneling the traffic between two peers in a network. L2TP uses UDP port number 1701. The two end points of the L2TP tunnel are called LAC (Layer 2 Access Concentrator) and LNS (Layer 2 Network Server). The latest version of this protocol is documented in the RFC 3931. VPN on PPTP The PPTP (Point to Point Protocol) is one of the methods to implement a VPN. The PPTP packet is encapsulated in the IP packet with protocol number 47. The PPTP was first documented under RFC 2637. A PPTP tunnel communicates with the peer on TCP port number 1723. The PPTP is also a data link layer (Layer 2 of the OSI Reference Model) protocol.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 42 IPSec VPN IPSec (Internet Protocol Security) is a protocol suite for securing IP communications by encrypting and authenticating each packet in a communication session. IPSec is a framework that is built into various security products to provide end to end security in wide area networking communications. IPSec is documented in RFC 2401. MPLS VPN MPLS VPN is a method to implement the power of MPLS (Multi Protocol Label Switching) to create a virtual private network. Using MPLS gives the flexibility to the network administrator to route the traffic using the MPLS as backbone.
SSL VPN SSL VPN is a method to implement the VPN with the SSL technology. SSL (Secured Sockets Layer) is a technology which encrypts the data so that no other source can identify the data. The Payment Card Industry always uses the SSL to transfer card data. Websites generally use SSL at the login page, to encrypt the password and other user information. Networking with Quality of Services Overview Quality of Service is related to the capability of a network to provide services to filtered network traffic. The filtered network traffic can be a HTTP, HTTPS, SMTP, POP3, or any other type of traffic. QoS is also useful when we want to provide a dedicated bandwidth to some resources on the network like for example a managers computer. Qos can also be used in cases where the bandwidth needs to be managed by filtering users. For example, we want a user to browse the web sites at a fixed bandwidth because the same has to be allotted to the VOIP network. These types of goals can be achieved using QoS. To summarize, we can say that QoS enables the network administrator to provide better services to certain flows. This can be achieved by either giving a priority to the flow, or lessening the priority of other flows.
Internetworking Technologies Cyberoam Academy http://academy.cyberoam.com 43 Summary Communication is the base of any organization foundation. With proper communication techniques an organization can achieve maximum throughput from the communicating devices. Also, it allows providing a quality of service to the nodes in the network. Interconnecting networks can be easy if the basic setup of network is appropriate. So far we have learnt Types of cables used for networking Reference Models Devices used in networks How devices communicate Flow of communication How addressing is done? Routing Switching VPN QoS