PENetworkDatacom201 StudyMaterial

PE N e t w or k D a t a com 2 0 1
Infosys Product Engineering School
Aut hor s:
D ocum e nt N o.
Ra v i Kira n Gu ndu , Mu t h u Ra k k a ppa n Ka n a ga v e lu , Anuk r it i Kha r e , Re v a t h i Ka n doj i
Aut h or iz e d By
Ve r . Re vision 1.1
Date 31/ 12/ 2009
COPYRI GH T N OTI CE
All ideas and inform at ion cont ained in t his docum ent are t he int ellect ual propert y of Educat ion and Research Depart m ent , I nfosys Technologies Lim it ed. This docum ent is not for general dist ribut ion and is m eant for use only for t he person t hey are specifically issued t o. This docum ent shall not be loaned t o anyone, wit hin or out side I nfosys, including it s cust om ers. Copying or unaut horized dist ribut ion of t his docum ent , in any for m or m eans including elect ronic, m echanical, phot ocopying or ot herwise is illegal.
Educat ion and Resear ch Depart m ent I nfosy s Technologies Lim it ed Elect r onic Cit y Hosur Road Bangalore - 561 229, I ndia. Tel: 91 80 852 0261- 270 Fax: 91 80 852 0362 www.infyosy s.com m ailt o: I PES@infosys.com
COMPANY CONFIDENTIAL
Cour se num be r Aut h or
TPEDNWDATI CS2010
Cou r se D e scr ipt ion

Cour se n a m e
PE Net w or k Dat acom 201
Ravi Kiran Gundu, RaviKiran_Gundu@infosys.com , PED, Hyderabad Anukrit i Khare, Anukrit i_Khare@infosys.com , PED, Hyderabad Revat hi Kandoj i, Revat hi_Kandoj i@infosys.com , PED, Hyderabad Mut hu Rakkappan Kanagavelu, m ut hur_kanagavelu@infosys.com , PED, Hyderabad
Pr e - r e qu isit e s for a t t e nding cou r se :
Sugge st e d cour se dur a t ion
M odifica t ion Log

Ve r sion Date Aut h or ( s) Re vie w e r D e scr ipt ion
Re fe r e n ce s
1 . Cisco Ce r t ifie d N e t w or k Associa t e St udy Guide Six t h Edit ion - By Todd Lam m le 2 . Junipe r N e t w or k s Ce r t ifie d I nt e r n e t Associa t e St udy Guide - By Joseph M. Soricelli wit h John L. Ham m ond, Galina Diker Pildush, Thom as E. Van Met er, and Todd M. Warble 3 . CCN A Of ficia l Ex a m Ce r t if ica t ion Librar y, 3 rd Edit ion by Wendell Odom 4 . D a t a a nd Com put e r com m un ica t ion - By William St allings 5 . Com put e r N e t w or k s - By Andr ew.S.Tenenbaum 6 . w w w .pr ot ocols.com 7 . w w w .h ow st uff w or k s.com 8 . w w w .ie t f.or g 9 . w w w .ie e e .or g 1 0 . w w w .cisco.com 1 1 . w w w .Jun ipe r .com 1 2 . ht t p:/ / e n.w ik ipe dia .or g
Ta ble of Con t e n t s
1 I nt roduct ion t o Net w orking ......................................................................................... 7 1.1 How do devices com m unicat e? .............................................................................. 7 1.2 Types of Net working Technologies ......................................................................... 8 1.3 St andard Bodies ................................................................................................. 10 1.4 Net work Elem ent s .............................................................................................. 11 1.5 Net work Topologies ............................................................................................ 12 2 Net w or k Refer ence Models ........................................................................................ 17 2.1 OSI Reference Model .......................................................................................... 17 3 Net w or k devices ....................................................................................................... 23 3.1 End Devices ....................................................................................................... 23 3.2 Repeat er ........................................................................................................... 23 3.3 Hub .................................................................................................................. 23 3.4 Swit ches ........................................................................................................... 24 3.4 Bridges ............................................................................................................. 25 3.5 Rout ers ............................................................................................................. 26 4 Lay er 1 ................................................................................................................... 27 4.1 Cables .............................................................................................................. 27 5 Lay er 2 ................................................................................................................... 31 5.1 LAN Technologies ............................................................................................... 31 5.2 MAC address ...................................................................................................... 41 5.3 Spanning Tree Pr ot ocol ....................................................................................... 43 5.4 VLAN ................................................................................................................ 47 5.6 Port Encapsulat ion .............................................................................................. 52 6 Lay er 3 ................................................................................................................... 54 6.1 I P Addressing and Subnet t ing .............................................................................. 54 6.2 I nt ernet Prot ocol Version 6 ( I Pv6) ........................................................................ 60
6.2 Rout ing ............................................................................................................. 70 6.3. Rout ing Prot ocols .............................................................................................. 75 6.4 Ext erior Gat eway Rout ing Prot ocol- BGP................................................................. 89 6.5 Net work Securit y ................................................................................................ 94 6.6 I P Securit y ( I PSec) ........................................................................................... 101 7 I P Mult icast ........................................................................................................... 106 7.1 Mult icast ing Overview ....................................................................................... 106 7.2 Mult icast prot ocols ............................................................................................ 108 8 Ov er view MPLS ...................................................................................................... 113 9 Ov er view of WAN Technologies ................................................................................ 117 9.1 Point t o Point Prot ocol ( PPP) .............................................................................. 119 9.2 I nt egrat ed Ser vices Digit al Net work ( I SDN) ......................................................... 120 9.3 Fram e Relay .................................................................................................... 122 9.4 ATM & Ov erlay Net wor ks ................................................................................... 125
1 I n t r odu ct ion t o N e t w or k in g
As t he com put er usage grew m any folds t han any one had expect ed and m ost im port ant ly, it required available resour ces t o be shared bet w een m any com put ing m achines for efficient working, m an st art ed t hinking of com m unicat ing bet ween t he st andalone m achines. The r esult was an am azing new ar ea of com m unicat ion, lat er bapt ized as Dat a Com m unicat ion ( Or Dat aCom as it is popularly known) . A sim ple one line definit ion of a Com put e r N e t w or k can be as a series of com put ers t hat are connect ed t hr ough a com m unicat ion channel. As Dat aCom ev olved, t he init ial connect ivit y m echanism available was t hrough DI ALUP lines, as pr ovided over PSTN ( Public Swit ch Telephone Net work) . As w e know t oday, t hese dial- up lines wer e suit ed well for v oice usage, as t hey w er e affect ing digit ized dat a sev erely. Ev en, t he m ot her of all net work s I nt ernet was built on an assum pt ion t hat it ll be a dat a- orient ed net w or k. Of course, cont inuous t echnology ev olut ion m ade I nt ernet a v oice/ p com pat ible, t hus carr ying voice. As am algam at ion of new pr ocess int ensive, m ission crit ical and bandwidt h int ensive applicat ions em erged, t her e w er e new m edia/ access t echnologies wit h various feat ur es ( access t ype, bandwidt h, speed, v oice/ dat a qualit y st andards et c) cam e t hrough. Som e of t hem are as follows: Leased lines I SDN Microwav e ATM WDM Wi- Fi The charact erist ics of access/ m edia t echnologies coupled wit h advanced applicat ions and t he int ernet w ork devices such as rout er s, swit ches, all m ade it possible for what we see t oday A Conv erged Net w or k.
1 .1 H ow do de vice s com m unica t e ?

Ev er y device com es wit h a hardwar e t hat can connect t o t he net w ork . As t his provides an int erface t o t he net w ork , t his is called t he Net wor k I nt erface Card ( NI C) . This will have a physical address called as t he MAC addr ess and t his is unique and is of 48 bit s in lengt h. This for m s a basis for all t he com m unicat ions t hat happen across t he w orld. Based on t he nat ure of w ork done t he devices ar e classified broadly int o t wo t ypes. 1. DTE : These ar e t he end devices which int end t o com m unicat e 2. DCE: This refers t o a class of equipm ent t hat enables t he com m unicat ion bet ween t he end devices. Ther e ar e various kinds of devices and various t echnologies t hat enable com m unicat ion across devices in various circum st ances. They ar e discussed in t he com ing chapt er s.
1 .2 Type s of N e t w or k ing Te chnologie s

I f one br oadly classifies t ypes of net w or ks , t hey r esult in 3 cat egories. LAN WAN MAN As t he nam e suggest s, t he prim ary dist inct ion am ong above net work t ypes is t he physical dist ance ov er which t he net work/ area spans. As new t echnologies em erged, new t ypes of net w orks were added t o t he cat egories, alt hough t he physical dist ance no longer rem ained as differ ent iat ing fact or. Som e of t hese new t ypes of net w or ks are list ed below.

SAN PAN DAN CAN -
St orage Ar ea Net wor k Per sonal Ar ea Net wor k Desk Ar ea Net w ork Clust er Ar ea Net wor k, Cam pus Area Net wor k
Loca l Ar e a N e t w or k s ( LAN )
A LAN int erconnect s net wor k devices ov er a ( relat ively) short dist ance or ar ea, usually wit hin a building or hom e or an adj acent buildings. Som e of it s dist inct ive feat ur es ar e LANs are t ypically owned, cont rolled and m anaged by single per son or an organizat ion. They also use specific t echnologies as building blocks m ost ly Et hernet , Token Ring, FDDI and m ost ly ar e abundant wit h bandwidt h as opposed t o WAN/ MAN. E.g. I nfosys corporat e net work in Elect r onics Cit y.
Figure 1: A Typical LAN net w ork Today s LAN is scaled t o gr eat height s, result ing increasingly congest ed and ov erburdened net w ork s. Som e of t he prim ary cont ribut ors t o t his aspect of LAN ar e Fast er CPUs, Fast er Operat ing Syst em s and Bandw idt h I nt ensive Applicat ions. ( LAN) Swit ching is t he t echnology t hat gav e us t he answ er t o addr ess above.
M e t r opolit a n Ar e a N e t w or k s ( M AN )
As t he nam e suggest s, t hese t ypes of net w or ks span ov er cam pus or cit y, t ypically geographically separat ed by 5- 50 kilom et ers apart . Cust om ers of MANs ar e large com panies t hat need t o com m unicat e wit hin a cit y at large speeds. They t ypically use wireless or opt ical fiber infrast ruct ure t o link t heir sit es. E.g. Accessing t he m achines in I nfosy s t ow ers office fr om Elect r onics Cit y. I n m ost cases, Met r opolit an Area Net w or ks get ext ended t o form so called CANCam pus Area Net w orks. As an exam ple, colleges/ universit ies in a st at e or a count ries get int erconnect ed t heir MAN ov er I nt ernet via WAN. Som e of t he t echnologies used in t his space ATM, FDDI , are get t ing replaced wit h lat est t echnologies such as Et hernet - based MANs Met r o Et hernet . DQDB, Dist ribut ed Queue Dual Bus, is t he MAN st andard for dat a com m unicat ion and is specified in t he I EEE 802.6 st andard. Net w ork s can be up t o 30 m iles long and operat e at speeds of 34 t o 155 Mbit / s using DQDB
W ide Ar e a N e t w or k s ( W AN )
These t ypes of net w ork s cover wide geographical area. Typically t he syst em s net work ed will be in different cit ies or count ries. E.g. Connect ing from I nfosy s OSDC in Bangalore t o t he net works in USA. The m ost well known exam ple of WAN is t he I nt ernet . A WAN can be public or pr ivat e net works, depending on t he ownership of underlying WAN.
Service Provider
Figure 2: A Typical WAN net w ork Public N e t w or k s ar e generally one operat ed by t he t elephone aut horit y of t he count ry. The aut horit y, refer r ed t o as PTT ( Post , Telephone and Telegraph) , owns t he swit ches and lines and im poses r egulat ions on how t he net w ork is used. Som e value added services like elect r onic m ail and dat abase access m ay be pr ovided. E.g.: BSNL Pr iv a t e N e t w or k s ar e provided by an organizat ion for it s own benefit . The net work will oft en use a hybrid of public net work s and privat e net w orks t o effect it s design. E.g. I nfosy s Corporat e Net w or k
1 .3 St a nda r d Bodie s
St andards organizat ions uses specific processes t o cr eat e form al st andards. The processes include organizing ideas, discussing t he approach, dev eloping draft st andards, vot ing on all or cert ain aspect s of t he st andar ds, and t hen form ally releasing t he com plet ed st andard t o t he public. The following were som e of t he best - known st andards organizat ions I SO- I nt ernat ional Organizat ion for St andardizat ion ( I SO) is an int ernat ional st andards organizat ion responsible for a wide range of st andards, Technical Report s, Technical Specificat ions, Publicly Available Specificat ions, Technical Corrigenda, and Guides. The best known cont ribut ion fr om I SO is t he dev elopm ent of t he OSI refer ence m odel and t he OSI pr ot ocol suit e. ANSI - Am erican Nat ional St andards I nst it ut e ( ANSI ) is a non profit privat e organizat ion which oversees t he dev elopm ent and use of st andards, coordinat es for volunt ary st andards gr oups wit hin t he Unit ed St at es. The Fiber Dist ribut ed Dat a I nt erface ( FDDI ) and ot her com m unicat ion st andards w ere dev eloped by ANSI . EI A- Elect ronic I ndust ries Associat ion ( EI A) specifies elect rical t ransm ission st andards, including t hose used in net working. The EI A dev eloped t he widely used EI A/ TI A- 32 st andard ( form erly known as RS- 232) . I EEE- I nst it ut e of Elect rical and Elect ronic Engineers ( I EEE) is a pr ofessional organizat ion t hat defines net w or king and ot her st andards. The I EEE developed t he LAN/ MAN gr oup of st andards which includes t he I EEE 802.3 Et hernet st andard and t he I EEE 802.11 Wireless Net working st andard. I TU- T- I nt ernat ional Telecom m unicat ion Union Telecom m unicat ion St andardizat ion Sect or ( I TU- T) is for m erly called t he Com m it t ee for I nt ernat ional Telegraph and Telephone ( CCI TT) , I TU- T is now an int ernat ional organizat ion t hat dev elops com m unicat ion st andards. The I TU- T dev eloped X.25 and ot her com m unicat ions st andards. I AB- I nt ernet Act ivit ies Board ( I AB) is a group of int ernet work r esearchers who discuss issues pert inent t o t he I nt ernet and set I nt er net policies t hrough decisions and t ask for ces ( I ETF & I RTF) .The I AB designat es som e Request For Com m ent s ( RFC) docum ent s as int ernet st andards, including Transm ission Cont r ol Prot ocol/ I nt ernet Prot ocol ( TCP/ I P) and t he Sim ple Net w ork Managem ent Pr ot ocol ( SNMP) . I ETF- The I nt ernet Engineering Task Force ( I ETF) is an open st andards organizat ion. I t dev elops and prom ot es I nt ernet st andards ( TCP/ I P suit e) . The purpose of I ETF is t o m ake t he I nt ernet w ork bet t er by pr oducing high qualit y, relevant t echnical docum ent s t hat influence t he way people design, use, and m anage t he I nt ernet . MEF- The Met r o Et hernet Forum ( MEF) is a non- profit int ernat ional indust ry consort ium dedicat ed t o worldwide adopt ion of Car rier Et hernet net works and ser vices. I t is a com binat ion of m ark et ing and t echnical forum t o prom ot e t he adopt ion of Met r o Et hernet which m akes it as a key different iat or from com m on st andard bodies. COMPANY CONFIDENTIAL
1 .4 N e t w or k Ele m e nt s
A t ypical net work consist s of t he following: A host or D TE ( Dat a Tr ansm it t ing Equipm ent ) is t he end- user m achine used for running user program s. I t could be a m ainfram e or per sonal com put er or t erm inal. E.g. Personal Com put er connect ed in t he I nfosys Net w ork Tr a n sm ission lin e s, also called circuit s, channels or t runks connect t he host s and swit ches. A D CE ( Dat a Circuit Ter m inat ing Equipm ent ) connect s t he DTE t o t he t r ansm ission line or channel. I t provides an int erface for t he DTE int o t he net work . E.g.: The copper cable which connect s t he P.C t o t he RJ45 j ack or a m odem . Not e: Wit h em erging access- layer t echnologies, such as Wi- Fi, it is not m andat ory t o hav e physically connect ed t o t he net w ork t o access t he r esour ces. Sw it ching e le m e nt s, also called I M Ps ( I nt er face Message Processor) or D SEs ( Dat a Swit ching Exchange) , connect t w o or m ore t ransm ission lines. When dat a arrive on an incom ing line, t he swit ching elem ent chooses an out going line t o forward t hem on. E.g. A r out er
Ba sic Re qu ir e m e n t s of a N e t w or k
Pe r for m a nce : Perform ance m ust be m easur ed by t he net work r esponse t im e. Som e of t he fact ors perform ance depends upon are t he num ber of users on t he sy st em , t ransm ission speeds, t ype of t ransm ission m edium and t he t ype of hardwar e and soft ware being em ployed. Consist e ncy : Pr edict abilit y of response t im e, accuracy of t he dat a t ransm it t ed and m ean t im e bet ween failures ( MTBF) ar e im port ant fact ors t hat affect consist ency. Re lia bilit y : Net w ork failure is any ev ent t hat pr ohibit s t he user from using t he net work . I t m ay include a br eakdow n in hardware, t he t ransm ission m edia and net work cont rolling soft war e. Re cove r y: Aft er a failure t he net work m ust be able t o r ecov er t o a pr escribed lev el of operat ion. Se cur it y : Prot ect ion fr om unaut horized access is an im port ant com ponent in com put er net works. QoS ( Qu a lit y of Se r vice ) : The capabilit y of a net work t o provide bet t er service t o select ed net work t raffic is r efer red as Qualit y of Service ( QoS) . Main purpose of QOS is t o pr ovide priorit y including dedicat ed bandwidt h, im prov ed loss charact erist ics, cont rolled j it t er and lat ency ( required by som e int eract ive and real- t im e t raffic) Sca la bilit y : Num ber of nodes which t he net w ork can have wit hout affect ing t he perform ance and t he funct ionalit y br eak down.
Ana t om y of a Typica l N e t w or k
H ost / D TE Rout ing Ele m e nt s
BRIDGE/ SWITCH/HUB
S Tr a n sm ission Line s E R V
198.202.150.20
ROUTER
IP Cloud 206.236.175.1
E 206.236.175.25
198.202.150.1
Networking within a LAN
Connecting to a WAN
Figure 3: Typical Com put er Net w ork
1 .5 N e t w or k Topologie s
Net w ork t opologies r efer t o how a net w or k has been phy sically designed as w ell as how t he dat a is being forwarded in a net work . Physical net work t opology describes t he configurat ion of cables, com put er s and various devices t hat com prises a net work . Besides t his physical t opology t here is one m or e t opology called as logical t opology, which is used t o t ransm it dat a wit hin t he net wor k bet ween various devices. Following wer e t he basic t ypes of phy sical t opologies. 1. Linear Bus Topology 2. Ring Topology 3. St ar Topology 4. Mesh Topology
Line a r Bus Topology

I t consist s of a m ain linear bus t o which all t he nodes ( com put er s, serv er s, peripherals et c) are connect ed. Bot h t he ends of t he linear bus m ust be t erm inat ed wit h a t erm inat or. A t erm inat or is a device t hat absorbs/ dissipat es t he energy t hat r em ains in t he signal t o prevent it from r eflect ing/ propagat ing back. Com m on cables used wit h t his t opology are t wist ed pair cable, coaxial cable and fiber opt ic cable. This t ype of t opology can be used by Et hernet and Local Talk net w or ks.
Figure 4: Linear Bus Topology Adv a nt a ge s:

New device can be easily connect ed in a linear bus t opology. I t requires less cable lengt h com par ed t o ot her m et hods.
D isa dv a nt a ge s:

A break at one point in t he linear bus int errupt s t he ent ire net work Term inat ors are essent ial at bot h t he ends Difficult t o diagnose if t he ent ire net work shut s down
Ring Topology
This t opology will be for m ed when every node have one node connect ed on eit her side of it , t he ent ire connect ion will result in a circle shape.
Ther e ar e t wo t ypes of connect ions single ring and dual ring.
Figure 5: Ring Topology Adv a nt a ge s:

Tr oubleshoot ing is easier com par at ively. Dual link provides r edundancy if any br eakage t akes place, unt il t he fault is repaired.
A break at one point in t he cable brings t he ent ire net w ork down ( in t he case of single ring)
St a r Topology
All t he nodes will be connect ed direct ly t o t he cent ral hub/ server which cont r ols t he com plet e net work. This t opology allows each node in t he net work t o have point t o point connect ion t hrough t he cent ral hub. All com m unicat ions will t ake place via cent ral hub. The cent ral hub som et im es act s as a repeat er t o st r engt hen t he signal. Com m on cables used wit h t his t opology are t wist ed pair cable and fiber opt ic cable This t ype of t opology can be used by Et hernet and LocalTalk net work s.
Figure 6: St ar Topology Adv a nt a ge s:

I nst allat ion and wiring is easier and sim ple t o add new node No dist urbance t o t he circuit while connect ing or r em oving a device fr om t he net w or k Easy t o diagnose in t he ev ent of fault

Com par ed t o linear bus t ype, t his t opology need m ore cable lengt h I f t he cent ral hub fails, all t he nodes at t ached will fail t o com m unicat e Mor e expensive t han linear bus t opology
M e sh Topology
Mesh net work s allow each device t o hav e direct connect ion wit h ever y ot her device in t he net w ork . The num ber of links present in m esh net work wit h n host s can be calculat ed using form ula: n( n- 1) / 2.
Figure 7: Mesh Topology Adv a nt a ge s:

Single net work br eak down will not have any appreciable im pact on net wor k I t gives com plet e redundancy
Expensive, as t he cost involved in cabling will be m or e.
Ther e ar e also hybrid net work s which are form ed by t he com binat ion of t he abov e discussed net works such as st ar- ring net work, st ar- bus net work and m esh net works.
2 N e t w or k Re fe r e n ce M ode ls
When t he nodes want t o exchange dat a and inform at ion ov er a net wor k, t here needs t o be a st andard which bot h t he sender and receiver should agree upon so as t o ident ify t he way in which t he inform at ion should be sent so t hat it can be received. This st andard is referr ed t o as r efer ence m odel. A refer ence m odel addr esses all t he processes t hat are r equired for com m unicat ion bet ween t hese ent it ies. Ther e ar e various r efer ence m odels t hat t he nodes can use t o exchange t he inform at ion. OSI Refer ence Model TCP/ I P Refer ence Model Et hernet reference Model Ciscos r efer ence Model et c.
These reference m odels group several logically relat ed pr ocesses int o layers. Each layer is expect ed t o perform som e funct ions. The advant ages of having a layer ed appr oach ar e as follows A net work operat ion which is ver y com plex can be m odularized int o differ ent layer s and t his in t urn helps in ident ifying t he pr ocess t hat caused t he pr oblem . As an applicat ion developer, one can have an ease in designing and dev eloping applicat ions t hat are specific t o a part icular layer wit h out having t he need t o change t he ot her layers in t he m odel. Since each layer defines it s own st andards for all t he processes, any v endor dev eloping t he layer based plug- in applicat ions and devices ar e expect ed t o follow t hem . This r esult s in achieving t he m ult i vendor com pat ibilit y and int egrat ion wit h a lot of ease. To sum m arize t he advant ages of a layer ed approach, it provides bet t er int eroperabilit y, port abilit y, er r or det ect ion and debugging.
2 .1 OSI Re fe r e nce M ode l

I n 1970s, t he I nt ernat ional Organizat ion for St andardizat ion ( I SO) has proposed t he st andard for inform at ion exchange over t he net wor k. The m ain significance of t his st andard nam ed as Open Syst em s I nt erconnect ion ( OSI ) is t o help facilit at e a dat a t ransfer bet w een different kinds of host s. Ex . A PC and a UNI X host . The OSI reference m odel is not a physical device. I nst ead, it is only a set of guidelines or st andards which t he applicat ion developers or t he v endor s need t o follow while dev eloping t he applicat ions t hat enable t he dat a exchange over a net w or k.
OSI also provides a fram ework for cr eat ing and deploying st andards, int ernet w or king m echanism s and devices wit h respect t o t he net wor ks. The processes in t he OSI ar e cat egorized int o 7 different layers. These layers ar e again divided int o 2 groups. The t op t hree layers of t he OSI which form t he first group are concerned about how t he inform at ion is passed bet ween t he differ ent applicat ions wit hin t he syst em . This group is basically responsible for t he com m unicat ion bet ween t he applicat ions and t he way t hey int eract wit h t he user of t he syst em . The bot t om 4 layers of t he OSI ar e responsible for defining how t he t ransm ission of dat a will happen acr oss t he net w ork bet w een differ ent end syst em s. So t he upper gr oup of layers will never need t o know t he net w ork addr esses t hat t he dat a is going t o be sent t o and also t he pat h t hat t he dat a is going t o t ake when it is being t ransm it t ed t o t he dest inat ion syst em .
Application A Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer dt data Bits - 0110001100111 dh data nh data th data sh data data data ah ph
Application B Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer
Figure 8: OSI Refer ence Model
APPLI CATI ON ( Provides user int erface) PRESEN TATI ON ( Handles dat a encr ypt ion and conv er sion) SESSI ON ( Responsible for separat ion of dat a from session point of view) TRAN SPORT ( Pr ovides r eliable or unreliable dat a t ransm ission) N ETW ORK ( Logical addressing and pat h det erm inat ion) D ATA LI N K ( Making t he dat a int o fram es and pr ovide physical address) PH YSI CAL ( Moving dat a bet ween devices and providing volt age and hardw are)
Physica l la ye r The Phy sical layer is r esponsible for specifying t he physical needs of t ransm ission. This includes t he inform at ion on signaling, m echanical and procedural requirem ent s for cont r ol of t he physical link bet w een t he host and t he dest inat ion. The physical layer has 2 t ypes of equipm ent Dat a Term inal Equipm ent ( DTE) : This resides on t he end sy st em s. These are responsible t o eit her t ransm it or r eceive t he dat a and does not perform any logical funct ions Dat a Connect ion Equipm ent ( DCE) : t his resides on t he int erm ediat e syst em s and it cont ains t he circuit s t hat perform logical funct ions for forwarding t he t raffic.
The services ar e m ade available t o t he DTE t hr ough m odem or som e ot her signal channels. The physical layer equipm ent is built based on som e com pliance t o t he st andards t hat could enable t hem t o com m unicat e wit h t he ot her devices on t he net work.
D a t a Link La y e r Befor e put t ing t he dat a t o t he phy sical layer, t he dat a needs t o be chunked in fram es. So t he dat a link layer form at s t he dat a int o fram es and also adds a layer 2 header t o each of t hese fram es.
This header cont ains t he inform at ion of t he source hardwar e addr ess and t he dest inat ion hardwar e address and ot her inform at ion like t he v er sion and t he operat ion code. This inform at ion is also referr ed t o as cont rol I nform at ion. When t he fram es pass t hrough differ ent hops t his inform at ion is updat ed so as t o est ablish whet her t he delivery of t he pack et is as per t he expect at ions. When t he dat a is receiv ed at t he dest inat ion t he dest inat ion st rips off t his header fr om t he fram e r eceived and t hus produces t he exact pack et t hat is car rying t he dat a. The Dat a Link Lay er is divided int o 2 part s Medium Access Cont r ol ( MAC) : This defines how t he dat a and pack et s are placed on t he phy sical m edium . Logical Link Cont r ol ( LLC) : This part of t he Dat a Link Layer is r esponsible for t he ident ificat ion and encapsulat ion of t he pr ot ocols t hat ar e being used at t he higher layer s.
The m echanism s t hat t ake place at t he layer 2 are r efer red t o as bridging and swit ching.
N e t w or k La ye r The Net w or k Layer is r esponsible for logical addressing and det erm ining t he pat h t hat t he dat a has t o t ak e t o reach t he dest inat ion fr om t he source. All t he rout ing devices wor k on t his layer and all t he rout ing m echanism s t ak e place in t his layer. Rout ing is a process of ident ifying t he next node t hat should receive t he dat a int ended for t he cur rent dest inat ion. First when a dat a ar rives on an incom ing int er face on a rout er, a check t ak es place whet her it is dest ined t o t hat int erface. I f t his check passes t he dat a is r eceived and if t he check does not pass, t hen an int er face is ident ified so as t o t ransm it t he dat a t o t he int ended dest inat ion and it is t ransm it t ed. For t his t he rout ing t ables assist ance is t aken in ident ifying t he out going int erface and if t he int erface is not ident ified t hen t he dat a is dropped. Ther e ar e 2 packet s t hat are t ransm it t ed across t he net w or k t hey ar e Dat a Pack et s and Rout ing Updat e Packet s. To cont r ol t he securit y m echanism s and ot her access cont rols t he r out er s use access list s which will creat ed and adm inist ered by t he net work adm inist rat or t o filt er t he packet s on incom ing and out going int erfaces. For specific net work t raffic t ypes t he Qualit y of Ser vice ( QoS) is offer ed t o guarant ee t he t hroughput and bandwidt h t hat t he net work is supposed t o offer.
Tr a n spor t La ye r The Transport Lay er is m ainly responsible for t he segm ent at ion and r e assem bly of dat a bet ween t he applicat ions and t he dat a st r eam . Furt her, t he t ransport est ablishes a logical connect ion t hrough which t he end t o end dat a can be t ransport ed bet w een t he host and t he dest inat ion. Ther e ar e t wo pr ot ocols t hat com e int o pict ure when t he dat a t ransport at ion is referr ed t o. The first one, TCP offers a r eliable connect ion but involves a net w ork ov erhead and secondly UDP t hat does not involve net work ov erhead but does not offer r eliable com m unicat ion. I t is t he choice of t he applicat ion developer t o decide which prot ocol t hat he want s t o use. One of t he im port ant m echanism s offer ed by t he t ransport layer is t he flow cont r ol in a connect ion orient ed com m unicat ion. All t he segm ent s are acknowledged back and all t he segm ent s which are not acknowledged ar e r et ransm it t ed. Furt her t hese segm ent s are sequenced back in proper order once t hey arrive. The m echanism s t hat ar e done by t he t ransport layer ar e Dat a t ransport at ion, Logical connect ion est ablishm ent , Flow Cont r ol, Er ror Cont rol, Tearing t he Virt ual Circuit s, Windowing, Dat a Mult iplexing
Se ssion la y e r When t he present at ion layer conv ert s t he dat a int o t he net w ork st andar d form at , it becom es t he r esponsibilit y of t he session layer t o est ablish t he session, m anage it and t ear it down aft er t he dat a has been sent . Furt her t he session also provides t he dialog cont rol services bet w een t he end devices and t he t ransm it t ing and receiving nodes. o Thus t he m ain responsibilit y of t he session layer is t o separat e t he dat a of one applicat ion from t he dat a of t he ot her applicat ion.
Various session layer pr ot ocols like NFS, SQL, RPC, X- WI NDOW, ASP, DNA SCP ar e available t o ensure t he secure and sm oot h t ransm ission of dat a from m ult iple sessions. The session layer offers t hree differ ent m odes for com m unicat ion. o o o Sim plex Half- duplex Full- duplex
Pr e se nt a t ion la ye r The m ain funct ion of t he pr esent at ion layer is t o pr esent t he dat a t o t he applicat ion layer in t he way it can underst and. Furt her when t he applicat ion wishes t o send t he dat a, t he present at ion layer perfor m s t he funct ions like encry pt ion and coding. The dat a encoding and decoding need t o be handled because t he dat a needs t o be t ranslat ed int o a st andard form at before it is sent over a net w or k. This is because t he end sy st em s are generally configured t o receive dat a in a st andard and specific form at . Once an end sy st em r eceives t he dat a in a specific form at , t he pr esent at ion layer decodes t he dat a based on t he applicat ion t hat request ed t he dat a and present s it in it s nat ive form at . Furt her, t he present at ion layer ensur es t hat t he dat a sent by an applicat ion in one host can be r ead by t he applicat ion of t he r eceiving host . Generally, when t he dat a is being t ransfer r ed fr om on com put er t o t he ot her , t he dat a is convert ed t o t he st andard form at by t he pr esent at ion layer in t he host com put er and t his dat a is t ransm it t ed ov er t he net w ork. When t he dat a is r eceived at t he ot her end, t he pr esent at ion layer r esiding on t he r eceiving syst em will convert it back int o t he nat ive form at and pr esent s it t o t he applicat ion t hat is int ended t o r eceive t his dat a. Som e st andards defined for t he pr esent at ion are PI CT,TI FF,JPEG,MI DI ,MPEG et c.,
Applica t ion la y e r The applicat ion layer is responsible for providing an int erface t o t he user.
I t furt her has t he responsibilit y t o ident ify and est ablish whet her t he com m unicat ion part ner is available and whet her t he resources t hat are available are sufficient t o st art t he int ended com m unicat ion. Ev en t hough m ost applicat ions m ake use of only t he deskt op resources, t hey m ay require t o unit e som e m or e com ponent s for com m unicat ion from m any net work applicat ions. These applicat ions m ay include File t ransfer, Rem ot e access, Client serv er t echnologies et c. Ther e ar e m any applicat ions which provide t heir services for com m unicat ion over t he Ent erprise net work s. Ther e are m any changes and researches going on t o pr ovide t he applicat ions which offer a higher per form ance. This is because t he need for t he int ernet w or king is growing at a rapid pace in t he curr ent t im es. Exam ples of such applicat ions are WWW, SMTP, EDI , Financial Transact ion Services, and I nt ernet Navigat ion Ut ilit ies.
3 N e t w or k de vice s
All t he devices t hat have a r ole t o play when an end device want s t o t ransm it or receive som e piece of inform at ion ov er t he net wor k ar e referr ed t o as t he net w ork devices. Based on t he operat ions being done by each device, t hey ar e broadly cat egorized so as t o fit in t he different layer s of t he OSI Refer ence m odel. How ev er few devices pr ovide sim ilar funct ionalit y t hough t heir way of providing solut ion m ay differ. The advant ages of having different devices ar e t hat t he perform ance will get im proved as t he device will not have m ult iple funct ions t o be perform ed. Each device is discussed in det ail along wit h t he layer t hat it fit s int o, t he funct ions t hat it would perform and t he advant ages and disadvant ages of using t he sam e in t he net work. Also t he need for having each device has been discussed.
3 .1 End D e vice s
End devices refer t o t he end nodes t hat access t he net w ork . These devices com m unicat e and can include t erm inals, applicat ion serv ers, Mobile devices et c. These form t he basis for t he ent ire net work form at ion.
3 .2 Re pe a t e r
A Repeat er is a device t hat regenerat es t he signal t hat is received and t hen forwards t o all act ive port s wit hout processing or looking int o t he dat a. I n pract ice, aft er a specified lengt h of dist ance signal becom es w eak, t hr eat ening t he dat e int egrit y. A Repeat er on receiving a signal t hat is t oo w eak or corrupt ed r egenerat es ev er y bit of it wit h original st rengt h so t hat it can t rav el furt her in t he net wor k. Thus, Repeat er pr act ically increases t he physical lengt h of a LAN by enabling t he signal t o t ravel longer dist ances. Layer at which t his device operat es: Phy sical Layer Num ber of br oadcast dom ain( s) : 1 Num ber of collision dom ain( s) : 1
Adv a nt a ge s: I t st r engt hens t he signal. I t can overcom e t he lengt h rest rict ions on 10BASE5 Et hernet .
D isa dv a nt a ge s: I t cannot segm ent a net wor k. A Repeat er can r ecov er t he original signal only when it receives it befor e noise int erv ent ion.
3 .3 H ub
Hub is not hing but a m ult iport repeat er, used for connect ing m ult iple devices and t hereby m aking t hem act as a single net work . Any signal received on a Hub port is r eam plified and t ransm it t ed over all ot her Hub port s wit hout m aking any at t em pt t o int erpr et t he signal. Hub always r esult s in a physical st ar t opology. Hubs do not segm ent a net w ork; t hey can neit her br eak collision dom ain nor t he broadcast dom ain. Thus, in Hub environm ent each host segm ent r epr esent s only one collision dom ain and only one broadcast dom ain. 10Base- T net w or ks m ak e use of Hubs.
Hubs can only operat e in half duplex m ode; t hey cannot run full duplex Et hernet . Using Hubs in a net wor k can increase congest ion in an Et hernet net w ork t her eby lessening t he bandwidt h and increasing t he num ber of collisions. All t he port s shar e t he sam e back pane t hough t hey are connect ed t o t he different end devices. As a r esult of t his t he upward link can be used only by one of it port s at any part icular t im e fram e. This scheduling is done by CSMA/ CD. Layer at which t his device operat es: Phy sical Layer Num ber of br oadcast dom ain( s) : 1 Num ber of collision dom ain( s) : 1
Adv a nt a ge s: Cost effect ive: I f t he design and im plem ent at ion is done car efully, Hubs can cr eat e a nice net work wher e t he budget is lim it ed
D isa dv a nt a ge s: Creat es one large collision dom ain and hence pr ovides lesser bandwidt h t o user s Only one device per net wor k segm ent is allowed t o com m unicat e at a given inst ance
3 .4 Sw it che s
The growing need of connect ing m ore num ber of devices across a LAN has led t o t he operat ing cost pr oblem s wit h respect t o t he devices. Also t his led t o t he com plexit y t o m aint ain t hese devices and t o adm inist er t hem . This led t o t he requirem ent of a higher port densit y operat ing m edium at a r elat ively lower operat ing cost t han bridge. I nt r oduct ion of Swit ch happened as t he solut ion t o address t hese issues. Swit ch funct ions sim ilar t o bridge ex cept t hat it is Hardwar e based. This adds t he efficiency of having m ult iport pat hs inside t he swit ch t o be act ive at t he sam e inst ance of t im e. Ther e ar e differ ent way s of t raffic swit ching St or e a nd For w a r d: I n t his t ype of swit ching, befor e t ransm it t ing t he pack et t o t he next st at ion t he pack et is ex am ined and when it is fine, it will be for warded t o t he next hop at a lat er point of t im e. This t echnique is prefer red w hen t he net w ork has t o be highly delay t olerant and t her e is no direct connect ion available end t o end. Cut - Thr ough: I n t his m et hod, only t he dest inat ion address is copied and buffer ed by t he swit ch by exam ining t he im m ediat e 6 byt es of t he pr eam ble in t he pack et . I t t akes t he for warding and filt ering decision by exam ining t he int erface relat ed t o t he dest inat ion address buffer ed. This provides an efficient swit ching m echanism as t he decisions ar e m ade fast er when com par ed t o t he st or e and for ward t echnique. Fr a gm e nt Fr e e : This is a m odified version of t he Cut Thr ough t echnique and in t his m et hod t he swit ch will be in wait ing st at e unt il t he collision window passes. This t echnique provides for a bet t er er ror checking as it addresses m inim al congest ion t hat exist s in swit ching. Layer at which t his device operat es: Phy sical Layer, Dat a Link Lay er But t here ar e enhancem ent s wher e t here ar e special swit ches which operat e at t he net work layer also.
Num ber of br oadcast dom ain( s) : 1 Num ber of collision dom ain( s) : One per each connect ed port
Adv a nt a ge s: Reduce t he num ber of Broadcast dom ains Support logical segm ent at ion t hrough m ult iple VLANs The load on t he CPU is low in swit ches when com pared t o bridges Swit ches ar e cheaper and are of a bet t er choice for a net w ork planner.
D isa dv a nt a ge s: Not so efficient in segm ent ing t he broadcast dom ain. Open up t he pot ent ial securit y t hreat s as t he forwarding of fram es is based on t he dest inat ion MAC addr ess only Mult icast packet handling is com plex wit h respect t o swit ches.
3 .4 Br idge s
A net work bridge is a device t hat connect s t w o different LAN segm ent s. This connect ion is soft war e based. Furt her a bridge has a m axim um of 16 port s. Typically a bridge perfor m s t he following funct ions. Addr e ss Le a r n ing: When a fram e has t o be sent t o a dest inat ion, t he bridge det erm ines t he int erface on which t he t raffic needs t o be sent . For t his t he bridge refer s t o t he MAC addr ess t able which has t he det ails of t he int erfaces and t he addr esses t hat can be r eached via t hese int erfaces. I n case t her e is no inform at ion about t he addr ess in t he MAC t able t he fram e is for warded acr oss on all t he int erfaces. Sign a l r e ge ne r a t ion : A bridge is responsible for t he regenerat ion of t he signal so as t o ensur e t hat t he pack et s ar e not dropped t ill t hey r each t he dest inat ion. Split t in g t h e Collision dom a in: The pr oblem involved wit h t he HUB is t hat t he com m unicat ion can only be half duplex and also t he m edium cannot be used efficient ly. The use of a bridge split s t he collision dom ain providing each int erface wit h independent for warding. Ther e ar e 2 kinds of bridging t echniques Tr a n spa r e nt Br idging: I n t his m et hod, bridges use forw arding dat abase while sending t he fram es ov er t he net wor k segm ent s. The dat abase is init ially em pt y and whenever t he fr am es are r eceived by t he bridge, an ent ry is recorded in t he forwarding dat abase. Based on t he for warding t able t he bridge t ak es forwarding, filt ering and flooding decisions. Sour ce Rout e Br idge : I n t his m et hod, bridges operat e by broadcast ing t he fram es on all t he int erfaces and sim ilarly each receiving bridge will repeat t he br oadcast ing m echanism wit hin a specific diam et er and w hen t he responses ar e sent t o t he source bridge, t he best pat h available t o t he dest inat ion is select ed and t he fram es are sent on t hat pat h. Layer at which t his device operat es: Phy sical Layer, Dat a Link Lay er Num ber of br oadcast dom ain( s) : 1 Num ber of collision dom ain( s) : One per connect ed Port
Adv a nt a ge s: Aut o Configurat ion I nexpensive Micro segm ent at ion Transparency wit h t he higher layer pr ot ocols
D isa dv a nt a ge s: Broadcast scope not lim it ed Er rors ar e int roduced w hen differ ent MAC prot ocols ar e bridged
3 .5 Rout e r s
When t he logical addressing has com e int o exist ence t here was a dem and for t ransm it t ing t he packet s across differ ent net w orks in a secured and cont rolled. This led t o t he ev olut ion of t he rout ing. The exist ing swit ches and bridges and ot her net wor k devices were not capable enough t o handle t he r out ing funct ionalit y and also it was decided t hat a new device shall be int roduced so as t o per form t his funct ionalit y and ensur e t hat t he net w ork can be m odular wit h each device per for m ing a cert ain set of t asks rat her t han overloading a device wit h all t he t ask s t hat need t o be perform ed in an end t o end net work connect ion. These funct ionalit ies are handled in t he device Rout er . Typically a rout er perfor m s t wo differ ent funct ions Pa ck e t For w a r ding: This involves r out er forw arding t he packet t o t he dest inat ion int erface ident ified from t he rout ing t able along wit h t he required headers. Rout e Sh a r ing: This is t he t ask perform ed by t he r out er t o shar e t he inform at ion about t he net works learnt fr om t he ot her r out ers wit h t he r est of t he r out ers in t he net w orks so as t o enable t he net w or k fully connect ed and r each t o an opt im al decision regarding t he pat h t o be followed while sending a pack et from t he sour ce t o t he dest inat ion net wor k. Layer at which t his device operat es: Net w or k Layer Num ber of br oadcast dom ain( s) : One per each connect ed int erface
Adv a nt a ge s: Rout er funct ions on bot h LAN & WAN Rout er can connect different devices irrespect ive of m edia and archit ect ures. Rout er det erm ines which pat h fit s in t he best t o r each a part icular dest inat ion Enhances t he securit y by filt ering t he broadcast s. Disadvant ages: Lat ency increases wit h use of a r out er wit h a gr eat er degr ee of packet filt ering Considerably m ore expensive t han a bridge, Hub and swit ch Rout ing updat es cause addit ional overhead over t he net work Rout er work s only on t he rout ed and r out ing prot ocols.
4 La ye r 1
4 .1 Ca ble s
A net work is an associat ion bet ween m any host s. The host s ar e linked wit h each ot her using different cabling t ypes. Wit h t he help of t hese cables t he host s int eract t o shar e inform at ion wit h each ot her. A variet y of net w ork cables ar e available for use t hese day s. Type s of Ca bling: Mainly t he net wor king cables are of t hr ee t ypes: 1. Co- axial Cable 2. Twist ed Pair cable 3. Fiber Opt ic Cable
Co- a x ia l Ca ble
Co- axial cable is generally m ade up of t wo conduct or s t hat have a com m on alignm ent . The m iddle part is a copper wire shielded by a plast ic cov ering wit h an ext ernal conduct or. The ext ernal conduct or is used for pr oviding t he elect rical shield for t he signals. Physical and elect rical prot ect ion is provided by a plast ic t ube. The figure below shows a t ypical coaxial cable.
Figure 9: Co- axial cable Ther e ar e m ainly t wo t y pes of coaxial cables. 1. Thick N e t : I t is nearly 0.38 inches in t he t hickness. I t can easily carry a signal for 500 m et ers befor e any loss is done t o it . The m ain short com ing is t hat it is difficult t o wor k wit h t hicknet . 2. Thin N e t : ThinNet is about 0.25 inches in t hickness. Due t o it s widt h it is easy t o work wit h and lit he. ThinNet can carry a signal for 185 m et ers before t he dam age is done t o it .
Tw ist e d Pa ir Ca ble
Twist ed pair cable has t wo insulat ed t hreads of copper wires warped ar ound each ot her . Warping helps in eradicat ing t he elect rical int erfer ence fr om out side sour ces. More t wist s result in reducing t he int erfer ence t o gr eat er ext ent . The figure below show s a t ypical t wist ed pair cable.
Figure 10: Twist ed- Pair cable Ther e ar e m ainly t wo t y pes of t wist ed pair cable: 1. Shie lde d Tw ist e d Pa ir : The shielded t wist ed pair is shielded by a wire plait around bot h t he wires. This helps in reducing t he EMI r adiat ion and crosst alk. 2. Unshie lde d Tw ist e d Pa ir : The unshielded t wist ed pair does not hav e any shielding around t he wires. Twist ed pair has m any benefit s over ot her cables as it s sim ple t o set up, cheap and readily obt ainable. I t s disadvant ages include recept ivit y t o EMI and vulnerabilit y t o snooping. They usually use RJ45 connect or.
Fibe r Opt ic Ca ble

I t is pr epar ed by plast ic fibers or light conduct ing glass m at erial. I t generally car ries dat a in t he t ransfor m ed pulses of light . Glass cables hav e t he abilit y t o carr y signals t o far dist ances as com par ed t o plast ic fibers t hough plast ic fibers ar e easy t o fix. The figure below show s a t ypical fiber opt ic cable.
Figure 11- a: Fiber Opt ic Cable Fiber opt ic cable cost s nearly as coaxial cable and t wist ed pair t hough it has som e advant ages ov er t wist ed pair as it s is resist ant t o EMI radiat ion. I t pr ovides a st eady and shelt ered br oadcast . I t also provides v er y high bandwidt hs which m akes it m uch m or e efficient t han t wist ed pair and coaxial cable as it car ry t housand t im es m or e dat a t han t he ot her cables. The lengt h of t he cable varies fr om .25 t o 2.0 kilom et ers. Mainly fiber com pat ible NI Cs can be used wit h fiber opt ic cables.
Figure 11- b: Fiber Opt ic Cable The physical layer defines t he elect rical, m echanical, procedural, and funct ional specificat ions for act ivat ing, m aint aining, and deact ivat ing t he physical link bet ween com m unicat ing net wor k syst em s. I t is concerned wit h t ransm it t ing raw bit s over a com m unicat ion channel. For exam ple, t he design issues at t his layer, have t o do wit h m aking sure t hat when one side sends bit " 1, it is received by t he ot her side as bit " 1" . Typical quest ions her e ar e how m any volt s r epresent a 1 and how m any for a 0, how m any m icroseconds a bit last s, connect ion set - up, har dware det ails of t he t ransm ission m edium and so on. The design issues here largely deal wit h t he m echanical, elect rical and procedural int erfaces ( E.g. RS- 232C, RS- 449, and X.21) and t he physical t ransm ission m edium , which lies below t he phy sical layer. Som e physical t ransm ission m edia are t wist ed pair cable, coaxial cable ( bandwidt h 1- 500 Mbps) , opt ical fibre ( 10 Gbps) , m icrowave ( 50 Mbps) and sat ellit e ( 50 Mbps) .
Transm ission can be sim plex ( t ransm ission in one direct ion only) , ha lf- duple x ( t ransm ission in bot h direct ions, but only one direct ion at a t im e) or fu ll- duple x ( t ransm ission sim ult aneously in bot h direct ions) . Physical layer im plem ent at ions can be cat egorized as eit her LAN or WAN specificat ions. Following diagram illust rat es som e com m on LAN and WAN physical layer im plem ent at ions.
5 La ye r 2
5 .1 LAN Te chnologie s
A LAN ( Local Area Net wor k) is a collect ion of com put er s t hat are int erconnect ed in order t o com m unicat e, exchange inform at ion and share r esour ces like print ers, dat abase et c. Thus, a com put er having efficient resour ces can easily facilit at e m ult iple users in t he LAN despit e of it s physical locat ion. All com put er s in a LAN can effect ively send and receive dat a addressed t o t hem . This dat a is in t he for m of dat a pack et s. The t ransm ission of dat a pack et s acr oss t he LAN is organized wit h t he help of LAN t echnologies. Ther e are different LAN t echnologies in use. The various LAN t echnologies differ fr om each ot her on t he basis of m edia access t echnology ( i.e. how t o t ransfer dat a) and physical t ransm ission m edium ( i.e. what physical m edium t o be used t o t ransfer dat a) . Thus we can say LAN t echnologies are st andar ds used for appr opriat e t ransm ission of dat a. Following are t he accept ed LAN t echnologies: 1. Et hernet 2. Tok en Ring 3. FDDI
Et he r ne t
Et hernet belongs t o t he unit of local- area net wor k ( LAN) defined by t he I EEE 802.3 st andard. Pr esent ly, t hree dat a rat es ar e defined for working over opt ical fiber and t wist edpair cables: 10 Mbps: This is known as 10Base- T Et hernet 100 Mbps: This is know n as Fast Et hernet 1000 Mbps: This is known as Gigabit Et hernet Et hernet is considered as one of t he m ost significant LAN t echnologies because of t he following feat ures:

I t favors considerable t opological adapt abilit y for net w or k inst allat ion. I t is easy t o grasp, act ualize, adm inist er, and m aint ain I t support s im plem ent at ion on low- cost . I t operat es efficient ly on product s com plying wit h various st andards and supplied by varied m anufact ur er s.
N e t w or k e le m e nt s of Et he r n e t : Et hernet LAN includes net work nodes and connect ing m edia as t he net wor k elem ent s. The t w o t ypes of net w or k nodes are: 1. Dat a t erm inal Equipm ent ( DTE) : DTE r efer s t o t he devices t hat for m t he t erm inal point s of t he net work i.e. t he sour ce or dest inat ion of t he dat a fram e. Exam ple: PC, file ser ver s et c 2. Dat a com m unicat ion equipm ent ( DCE) : DCE refer s t o t he m idway net w ork com ponent s t hat receive and pass on t he fram es acr oss t he net work . Exam ple: Net work int erface cards ( NI C) , r epeat er s, m odem s et c.
N e t w or k t opologie s a nd st r uct u r e s of Et h e r ne t : Et hernet support s m any LAN t opologies and st ruct ur es. Despit e of t he varied size of Et hernet LANs, com binat ion of t hree building blocks ar e consider ed for int erconnect ion of devices. 1. Point - t o- point int erconnect ion: Point - t o- point int erconnect ion involves t wo net w or k com ponent s. The int erconnect ion m ay be DTE- DTE/ DTE- DCE/ DCE- DCE. A net wor k link for m s t he cable bet ween t he t wo com ponent s.
Figure 12: Point - t o- Point int erconnect ion 2. Coaxial Bus Topology: A coaxial bus t opology r efer s t o segm ent s consist ing of com put ers or ot her net wor k devices int erconnect ed t o each ot her. One segm ent can be in t urn connect ed t o ot her segm ent s wit h t he help of r epeat er s.
Figure 13: Coaxial Bus Topology
3. St ar- Connect ed Topology: St ar- connect ed t opology is a popular net wor k configurat ion. I t consist s of a cent r al net work unit like a hub or a net w ork swit ch. All connect ions in a st ar t opology ar e point - t o- point links applied wit h eit her t wist edpair or opt ical fiber cable
Figure 14: St ar connect ed Topology
Et he r n e t in t he OSI Re fe r e nce m ode l:
Figure 15: I EEE802.3 Reference Model
Hav e a look at t he diagram abov e. I t show s t he r elat ionship of t he I EEE 802.3 reference m odel t o t he OSI refer ence m odel. The dat a link layer of OSI m odel is divided int o t wo layers of I EEE 802.3 m odel i.e. t he m edia access cont r ol ( MAC) part and t he MAC- client part . The OSI physical layer is sam e as I EEE 802.3 physical layer. The MAC- client part consist s of any of t he following: 1. Logical Link Cont rol ( LLC) : I n case of a DTE unit , LLC act s as an int er face bet w een MAC and upper layer pr ot ocols. 2. Bridge ent it y: I n case of a DCE unit , bridge ent it y act s as a bridge pr oviding LAN- LAN int erface for sam e or different prot ocols. The funct ions of t he MAC layer ar e as follows: 1. I t encapsulat es dat a and assem bles t he fram e befor e t ransm ission. I t perform s er ror det ect ion also. 2. I t perform s m edia access cont rol wher ein it st art s t he fr am e t ransm ission and also wor ks if t ransm ission fails. Transm ission of fram e in MAC layer: The fram e t ransm ission in MAC layer depends on whet her operat ed wit h full duplex m ode or half duplex m ode. Half duplex m ode is one in which t he fram e is send or r eceived at a t im e. Full duplex m ode is one in which t he fram e is sent and r eceived at t he sam e t im e. H a lf D uple x Tr a nsm ission: The Et hernet t ransm ission working on half duplex m ode is based on CSMA/ CD t ransm ission. CSMA/ CD st ands for carrier sense m ult iple access wit h collision det ect . As t he full form show s, CSMA/ CD prot ocol senses t he car rier i.e. t he m edium t hat carries dat a. Thus, while t he half duplex t ransm ission has t o send and receive at a t im e, CSMA/ CD helps t o avoid collision. The w or king of CSMA/ CD prot ocol is as follows: 1. Carrier sense: Ev ery node in t he net wor k m onit or s t he t raffic on t he m edium cont inuously and looks for em pt y slot s. 2. Mult iple access: The nodes can t ransm it t he dat a once t hey find em pt y slot s wher ein no dat a is being t ransm it t ed on t he m edium . 3. Collision det ect : When t wo nodes in a net work st art t ransm ission at t he sam e t im e, t he dat a of one node can collide wit h t hat of t he ot her node. At such inst ances, t he t ransm it t ing nodes st op t ransm it t ing t heir dat a and wait for collision t o clear. Then t he nodes r et ransm it t he dat a.
Figure 16: Half Duplex Transm ission Full D uple x Tr a n sm ission: The Et hernet t ransm ission wor king on full duplex m ode allows concurr ent sending and receiving of dat a. Thus it is a t wo- way t ransm ission on a point - t o- point link. Full duplex t ransm ission provides efficiency since t w o separat e channels ar e used t o send and r eceive dat a. I t does not suffer from collisions and cont ent ion of m edia. The fram e t ransm ission st art s as soon as t he fram e is prepar ed and t he fram es ar e t ransm it t ed at int ervals known as I nt er fram e gap ( I FG)
Figure 17: Full Duplex Transm ission M AC Addr e ss: MAC address is m edia access cont r ol address w hich is a hardware addr ess given t o all nodes on a net w or k. MAC address is called t he layer 2 address t hat wor ks at t he dat a link layer for t ransm ission of fram es over a LAN. MAC addr ess is a 6 byt es hexadecim al address as shown below:
Figure 18: MAC Address
Tok e n Ring
Tok en Ring is a LAN t echnology defined by I EEE 802.5. The concept of t oken ring was given by I BM and is prim arily pract iced as t he LAN t echnology at I BM. Aft er t ok en Ring concept im plem ent ed by I BM, I EEE 802.5 was dev eloped. Ope r a t ion of Tok e n Ring: I EEE 802.5 is known as t oken passing net work . Token is a sm all fram e t hat is passed around a net work wit h st ar or ring t opology. One node at a t im e passes t he t oken ar ound t he t opology. Once a node holds a t oken, t he node has t he aut horit y t o t ransm it it . I f t he node does not have any dat a t o send, it sim ply passes t he t oken t o t he nex t node. I f t he node has som e dat a t o t ransm it , it t akes hold of t he t oken, changes and appends t he inform at ion t o t he t oken and t hen passes it t o next node. During t he t ransm ission of one t ok en, no ot her can t ransm it anot her t ok en. This helps avoiding collision. The t ok en circulat es wit hin t he t opology t ill it reaches it s dest inat ion. Aft er t he t ok en reaches it s dest inat ion, t he dest inat ion node processes it . The t oken ring t echnology is calculat ive. This m eans t hat it can calculat e t he m axim um t im e passed before any node can st art t ransm ission. This feat ure is unavailable in a CSMA/ CD net work. Thus, t ok en ring t echnology is useful in robust net work s. Special charact erist ics of t ok en ring: 1. Priorit y syst em : Token ring t echnology pract ices a priorit y syst em wher ein cert ain nodes in t he t opology have been assigned high priorit y so t hat t hey ar e able t o use t he net w or k oft en. 2. Mechanism s for fault m anagem ent : Ev er y t oken ring im plem ent at ion consist s of a m onit oring node. The m onit oring node has t o perform t he funct ion of m aint aining t he ring. I t provides t im ing of inform at ion t o all t he t ransm it t ing nodes on t he ring. I n case of sending failure, it helps avoiding t he t ok en from circulat ing const ant ly t hroughout t he ring. Tok en ring t echnology senses and r ect ifies t he net work fault s if any. This is done wit h t he help of Be a con in g a lgor it hm . This algorit hm sends a Beacon fr am e acr oss t he ring which not ifies t he nodes about t he failure. Tok e n Ring Fr a m e For m a t :
Figure 19: Token Ring Fram e
Fie lds of Tok e n Fr a m e : St art Delim it er: The st art delim it er inform s t he nodes when t he t ok en arrives. This field does not follow t he encoding schem e like t he r em aining schem e. Access- cont r ol: The access cont r ol byt e consist s of priorit y field, reser vat ion field, t oken bit and a m onit or bit . End delim it er: The end delim it er inform s t he nodes when t he t ok en ends. This helps in checking t he sequence of t he fram e. Fie lds of D a t a / Com m a nd Fr a m e : I n addit ion t o t he t hree fields like t he t oken fr am e, t he Dat a/ com m and fram e has t he following fields: St art delim it er: The st art delim it er inform s t he nodes when t he fram e arrives. This field does not follow t he encoding schem e like t he r em aining schem e. Access- cont r ol: The access cont r ol byt e consist s of priorit y field, reser vat ion field, t oken bit and a m onit or bit . Fram e- cont r ol: I t det er m ines t he dat a or cont r ol inform at ion of t he fram e. Source and Dest inat ion addr ess: These are t he 6 byt e hardwar e addresses of sour ce and dest inat ion t hat are used for sending t he dat a at t he apt dest inat ion. Dat a: This field consist s of t he t ok en ring holding t im e given by lim it ed lengt h of t he field. This provides t he m axim um t im e a t ok en can be possessed by any node. Fram e- check sequence ( FCS) : I t consist s of t he sequence num ber which is a calculat ive value. I t is given by t he source node. At t he dest inat ion node, t he value is recalculat ed t o check if som e dat a is m issing. I n case t he sequence is not m at ching, t he fram e is discarded. End delim it er: The end delim it er inform s t he nodes when t he fram e ends. This helps in checking t he sequence of t he fram e. Fram e St at us: The Fram e St at us field consist s of address- recognized indicat or and fram ecopied indicat or.
Fibe r D ist r ibut e d D a t a I nt e r fa ce ( FD D I )
Concent rat
Figure 20: Fiber Dist ribut ed Dat a I nt er face Fiber Dist ribut ed Dat a I nt erface is a fiber opt ic cable LAN which is based on t oken passing using dual rings. I t is r ecognized for high bandwidt h and great er dist ance. I t has a higher edge com pared t o t he copper cables. FDDI t hat is im plem ent ed using copper cables is known as CDDI . FFDI consist s of a dual ring st ruct ure. As shown in t he diagram below, dual ring im plies t hat t he dat a flows over t w o rings in eit her direct ion. One ring is t he prim ary ring and t he second ring is t he secondary ring. The prim ary ring is used m ainly for all t he t ransm ission. The secondary ring act s as a backup ring. I n case t he prim ary ring fails, t he secondar y ring can be used. FDDI uses fiber opt ic as m edium for all dat a t ransm ission. Opt ical fiber is secure, reliable and gives a good perform ance. Opt ical fiber is resist ant from elect ric int erference or elect r om agnet ic int erfer ence. Opt ical fiber t hat is used m ay be single m ode or m ult im ode. A m ode im plies t he m et hod by which a ray of light get s int o t he fiber. Lasers are used in single m ode and LEDs ar e used in m ult im ode. Spe cifica t ions of FD D I The physical layer and t he m edia access part of t he OSI layer is specified by FDDI . Ther e are four specificat ions of FDDI which perform t heir respect ive funct ions in order t o provide high speed link bet ween t he upper layer prot ocols like I P, I PX and t he physical m edium like opt ic fiber.
The four specificat ions of FDDI ar e as follows: 1. Media Access Cont rol ( MAC) : This specificat ion provides t he hardwar e addressing and fram e form at . I t shows t he m et hod for accessing m edium , includes handling of t okens, CRC check algorit hm s and m echanism s for err or r ecov ery. 2. Physical Layer Prot ocol ( PHY) : This specificat ion handles encoding and decoding of dat a in a fram e. I t also keeps a check of clocking requirem ent s and fram e for m ing. 3. Physical- Medium Dependent ( PMD) : This specificat ion rules t he propert ies of t ransm ission m edium like links of fiber opt ics, ocular com ponent s and er ror in bit rat e. 4. St at ion Managem ent ( SMT) : The st at ion m anagem ent specificat ion m anages t he configurat ion of different st at ions along wit h t he configurat ion of rings. I t also m anages t he cont rol feat ures of t he ring.
Figure 21: FDDI St andards Types of st at ion at t achm ent : FDDI pr ovides differ ent ways t o connect t o FDDI devices. There ar e four t ypes of FDDI devices: 1. Single- at t achm ent st at ion ( SAS) : These devices are connect ed t o t he FDDI prim ary ring only. They are connect ed t hr ough concent rat or s. Concent rat ors ar e helpful since adding t he devices t hrough concent rat or s will not affect incase device failure occurs. 2. Dual- at t achm ent st at ion ( DAS) : The DAS devices ar e connect ed direct ly t o t he FDDI ring. They ar e connect ed t o bot h, prim ary and secondar y FDDI rings. DAS devices consist of port s nam ed as Port A and Port B which are at t ached t o bot h t he rings of FDDI . The figure below show s t he DAS port s.
Figure 22: DAS Port s 3. Single- at t ached concent rat or ( SAC) : I t is a concent rat or device t hat is at t ached t o prim ary ring only. 4. Dual- at t ached concent r at or ( DAC) : These concent rat ors ar e connect ed t o bot h prim ary and secondary rings. All SAS devices are at t ached t o t he ring t hrough t he concent rat or. The following diagram shows t he r esponsibilit y of concent r at or.
Figure 23: Concent rat or Fr a m e for m a t of FD D I :
Figure 24: FDDI Fram e Form at
Pream ble: The pr eam ble pr ovides a specific sequence t o t he fram e. This helps t he st at ion t o underst and t he ar rival of t he fram e. St art delim it er: The st art delim it er inform s t he nodes when t he fram e arrives. This field does not follow t he encoding schem e like t he r em aining schem e. Fram e- cont r ol: I t det er m ines t he dat a or cont r ol inform at ion of t he fram e. Source and Dest inat ion addr ess: These are t he 6 byt e hardwar e addresses of sour ce and dest inat ion t hat are used for sending t he dat a at t he apt dest inat ion. Dat a: This field consist s of t he t ok en ring holding t im e given by lim it ed lengt h of t he field. This provides t he m axim um t im e a t ok en can be possessed by any node. Fram e- check sequence ( FCS) : I t consist s of t he sequence num ber which is a calculat ive value. I t is given by t he source node. At t he dest inat ion node, t he value is recalculat ed t o check if som e dat a is m issing. I n case t he sequence is not m at ching, t he fram e is discarded. End delim it er: The end delim it er inform s t he nodes when t he fram e ends. This helps in checking t he sequence of t he fram e. Fram e St at us: The Fram e St at us field consist s of address- recognized indicat or and fram ecopied indicat or.
5 .2 M AC a ddre ss
Media Access Cont r ol ( MAC) addr esses consist of a subset of dat a link layer addr esses. MAC addr esses ident ify net work ent it ies in LANs t hat im plem ent t he I EEE MAC addr esses of t he dat a link layer. As w it h m ost dat a- link addresses, MAC addresses ar e unique for each LAN int erface. Below diagram illust rat es t he relat ionship bet ween MAC addresses, dat a- link addresses, and t he I EEE sub layer s of t he dat a link layer.
MAC addr esses are 48 bit s in lengt h and are ex pressed as 12 hexadecim al digit s. The first 6 hexadecim al digit s, which ar e adm inist er ed by t he I EEE, ident ify t he m anufact ur er or vendor and t hus com prise t he Organizat ionally Unique I dent ifier ( OUI ) . The last 6 hexadecim al digit s com prise t he int erface serial num ber, or anot her value adm inist ered by t he specific vendor. MAC addresses som et im es are called burned- in addresses ( BI As) because
t hey ar e burned int o r ead- only m em ory ( ROM) and are copied int o random - access m em ory ( RAM) when t he int erface card init ializes.
M a pping Addr e sse s I P addr ess is used t o rout e t he t r affic ar ound t he net w ork and MAC address is used t o for ward t he cont ent ov er physical net wor k. I n pract ice int ernet w or k uses only I P address t o rout e t raffic and once t he dest inat ion net wor k is ident ified t her e is a need t o m ap net work addresses t o MAC addr esses t o r each it s final dest inat ion. Different pr ot ocol suit es em ploy different m et hods t o perform t his m apping, but Address Resolut ion Prot ocol ( ARP) is used m ost popularly am ong all m et hods Address Resolut ion Prot ocol ( ARP) is t he m et hod used in t he TCP/ I P suit e. I n Address Resolut ion Prot ocol ( ARP) an ARP t able is m aint ained, which cont ains t he inform at ion on t he m apping bet ween t he net work addr esses and MAC addr esses. I n t his pr ot ocol, when a net work device has t o send dat a t o anot her dev ice on t he sam e net w or k it m ust first m ap t he dest inat ion I P addr ess t o t he cor responding MAC addr ess before sending t he dat a. First t he sending device will check it s ARP t able for t he m apping if it already exist s. I f it does not exist , it will send a br oadcast on t he net work wit h t he dest inat ion st at ions I P address det ails in it . Ev er y device in t he net wor k receives t he pack et and com pares t he I P address wit h it s own. Only t he device wit h t he m at ching I P addr ess replies wit h a packet cont aining it s MAC address. The sending device t hen adds t his inform at ion t o t he ARP t able for fut ure use and proceeds wit h t he dat a t ransfer . I n case when t he dest inat ion device lies on som e ot her net w or k, t hen t he pr ocess rem ains sam e ex cept t hat t he sending st at ion sends t he ARP request for t he MAC address of it s default gat eway. Then t he default gat eway forwards t he packet over t he net w or k t o t he desired net work on which dest inat ion device exist s. Hello prot ocol is anot her pr ot ocol t hat is widely used t o learn t he MAC addresses of ot her devices. I t s a net wor k layer pr ot ocol and used by net w ork devices t o ident ify t o anot her devices t hat t hey are funct ional and available. Hello m essages ar e sent at r egular int ervals t o indicat e t hat t hey ar e st ill funct ional. Hello m essages ar e also sent when a new device pow ers up in a net work, t he new device will broadcast t he hello m essages and all t he ot her devices will ret urn Hello m essage. Net w or k devices can learn t he MAC addr esses of ot her devices by exam ining t hese Hello prot ocol packet s
Xer ox Net work Syst em s ( XNS) , Nov ell I nt ernet wor k Pack et Exchange ( I PX) , and DECnet Phase I V ar e t he t hr ee pr ot ocols t hat use pr edict able MAC addr esses. I n t hese prot ocol suit es, MAC addresses ar e pr edict able because t he net w or k layer eit her uses an algorit hm t o det erm ine t he MAC address or it em beds t he MAC addr ess in t he net wor k layer address
5 .3 Spa nning Tr e e Pr ot ocol

Re st r ict ions of La ye r 2 Sw it ch in g I n layer 2 swit ching t he rout ing decisions are m ade depending upon t he MAC addr ess. Layer 2 devices help in breaking t he collision dom ains but t he problem wit h t hem is t hat ev en aft er br eaking t he collision dom ains it st ill has one large broadcast dom ain. As a r esult of t his neit her t he net w or ks size can grow nor t he efficiency, and consequent ly t he per form ance of t he net w ork is r educed. Funct ions of La ye r 2 Sw it ching The t hr ee m ain funct ions of layer 2 swit ching are addr ess learning, For ward/ Filt er decisions and loop avoidance. Let s underst and t hem in det ail. 1 . Addr e ss le a r ning Layer 2 swit ches and bridges learn t he MAC address by ent ering t hem in t he MAC address t able every t im e a pack et is r eceived. 2 . For w a r d/ filt e r de cisions The Forward/ Filt er decisions are t aken based on t he MAC addr ess t able ent ries. Depending upon t he source and dest inat ion address t he packet s ar e forwarded t o t he specified port . 3 . Loop a voida nce I f t he swit ches are connect ed wit h t he redundant links net work loops occur. STP is used t o elim inat e t he swit ching loops at layer 2. Let us now look int o t he funct ioning of Spanning Tr ee Prot ocol. Spa nning Tr e e Pr ot ocol ( STP) STP is m ainly used t o im pede t he swit ching loops in t he net work. STP uses spanning t ree algorit hm for it s operat ion. The m ain t ask is t o find out t he redundant links and t hen st op t he pr ocessing of pack et s on t hose links. This way it ensures t here ar e no r edundant links and t he net w ork becom es loop fr ee.
The figure show ed below exhibit s a net wor k wit h swit ching loops.
Figure 25: Net w ork wit h Swit ching Loops The m ain problem s t hat t his net work has are:

Redundant links Mult iple fram e copies Broadcast St orm s
These all can accum ulat e t o form a bigger pr oblem in t he net work . Te r m s Re la t e d t o Spa nning Tr e e Pr ot ocol Spanning t ree uses cert ain specific j argons for it s working. Let us first underst and t he t erm s t o fam iliarize our selves wit h t he t erm inology. Root Br idge The root bridge is t he m ain bridge in t he net wor k. Root Bridge is select ed based on t he priorit y and t he Mac address. Root Bridge t akes t he final decision so as t o which bridge should be in forwarding and which one should be block ed. Br idge I D Bridge I D is det erm ined for ev er y swit ch in t he net work based on t he com binat ion of bridge priorit y and MAC address. This is a unique id which helps root bridge is m aking t he rout ing decisions. The bridge whose bridge id is lowest is chosen as t he root bridge of t he net work. N on r oot br idge s All t he bridge except t he Root Bridge com es under non r oot bridges. Non r oot bridges m ainly forward t he pack et s and help in ensuring t hat t he net w ork is loop fr ee by prevent ing loops.
Por t cost The port cost is det erm ined based on t he bandwidt h of t he link. The port cost helps in choosing t he pat h when t her e are num er ous links. Root por t Root port s ar e not hing but t he port s of t he r oot bridge. I n case of a num ber of links t he r oot port is det erm ined based on t he cost of t he link. And if t wo links sam e cost s also t hen bridge id is used as a deciding fact or . D e sign a t e d por t A designat ed port is t he one whose st at e is forw arding i.e. it forw ards t he packet s. I t is decided based on t he lowest cost . N on de signa t e d por t A non designat ed port is always in blocking m ode i.e. it does not forward any fram es. I t has a higher cost t han t he designat ed rout er. For w a r ding por t This port for wards t he fr am es in t he net w or k. Block e d por t A port is block ed in order t o prevent t he swit ching loops in t he net work . The port s of t he r edundant links ar e blocked by t he root bridge and as a result of t his t hey do not forw ard t he fram es. Spa nning Tr e e Ope r a t ion s The m ain funct ion of STP is t o find t he r edundant links in t he net wor k. Once t he root bridge is decided, it chooses t he r oot bridge. Lat er t he r oot bridge select s t he designat ed and non designat ed port s. The designat ed port s st ar t forwarding while t he non designat ed port s go int o t he blocking m ode and do not forward any fram es. Ther e is always only one designat ed port in a link. Also t here can be only one Root Bridge in t he net work. Se le ct ion of t h e Root Br idge The root bridge is select ed based on t he bridge priorit y and t he MAC address. Bridge I D is a 8 byt es long address which is a com binat ion of MAC address and bridge priorit y. I n case t he priorit y of t he bridges is sam e MAC address is used as a deciding fact or for t he root bridge. For exam ple let s consider we have t wo swit ches whose priorit y is sam e and t he MAC address is as follows: Swit ch A: 0000.0D00.3333
Swit ch B: 0000.0D00.6666 Then by looking at t he MAC addr ess w e can find out t hat Swit ch A would becom e t he root bridge. I f y ou want t o m ak e any bridge t he Root Bridge in specific, lower dow n it s bridge priorit y so t hat it is chosen as a Root Bridge ev ery t im e and hence our prim ary obj ect ive t hat is efficiency in t he net work is achieved. The figure given below shows a net w ork which has r edundant links.
Figure 26: Redundant Net work Links Let s t r y t o locat e her e which one is t he r oot bridge. As w e can see t he priorit y of bot h t he swit ches is sam e so now our deciding fact or is t he MAC address, depending upon which t he root bridge com es out t o be Swit ch A. Since swit ch A is select ed as t he r oot bridge one of t he port s of Swit ch B will have t o be block ed t o av oid swit ching loops. To find out t he blocked port w e will look at t he cost of t he link first . Her e t he cost for bot h t he links is sam e and consequent ly t he port wit h higher num ber is blocked. Por t St a t e s The port s running in a Spanning Tree pr ot ocol r un m ainly in t he following five st at es: Block ing A block ed port is generally blocked by t he root bridge and it can not forward t he fram es. A blocking port prev ent s t he net w or k loops in t he net w or k. By default all t he port s in a net work ar e in blocking st at e when t he swit ch is powered up. List e ning- I n t his st at e, t he port list ens only t o BPDUs and t herefor e ensure t hat no m or e swit ching loops occur. A port in t his st at e pr epares it self for for warding t he fram es but it doesnt populat e t he MAC addr ess t able. Le a r ning- A swit ch in t he learning st at e list ens t o t he BPDUs and lear ns various pat hs in t he net work by populat ing t he MAC address t able. For w a r ding A port in forwarding st at e send and receives t he dat a fram e.
D isa ble d- A port in disabled st at e is non funct ional. I t does not part icipat e in any net work act ivit y like sending or r eceiving of t he fram es. Generally t he swit ch por t s ar e eit her in t he forw arding st at e or blocking st at e. The st at e of t he port s change t o list ening or learning only when t here is a change in t he t opology. Conve r ge nce A net work is said t o be conv erged only when all t he port st at es ar e changed t o eit her for warding or blocking. The t ransm ission in t he net work can not st art unt il t he net work has conv erged. Once conv er gence is done it is cert ain t hat all t he port s will have sam e ent ries in t heir t opology t able and t hus t he t ransm ission will be done equally acr oss t he net work.
5 .4 VLAN
W hy VLAN ? A LAN is defined as a single broadcast dom ain t hat m eans if a user br oadcast s a m essage t hen it will be received by every ot her user connect ed t o t hat LAN. This problem can be av oided by int roducing a rout er ( Lay er- 3 device) . How ev er , r out ers t ake m or e t im e t o process t he incom ing dat a besides involving t he addit ional cost and m or e im port ant ly, t he broadcast dom ains will be form ed based on t he physical connect ivit y of t he devices in a given net work. VLANs were being int roduced as an alt ernat ive and m ost effect ive solut ion for classifying t he broadcast dom ains which are independent of physical locat ion and can be accom plished wit h swit ches and bridges ( Lay er- 2 devices) . This doesnt lead t o t he ext inct ion of rout er s as t hey ar e st ill needed t o m ake t he int erVLAN com m unicat ion possible.
Ba sic Pr inciple
VLAN is logical grouping of net work users and r esources connect ed t o one or m or e swit ches. Each VLAN gr oup can be t r eat ed as a differ ent segm ent i.e. one br oadcast dom ain. The adm inist rat or can creat e VLANs sim ply by configuring differ ent int erfaces int o different VLANs. So, as in a general case all t he port s on a swit ch doesnt form a single broadcast dom ain, inst ead t hey are separat ed int o m any sm aller br oadcast dom ains based on t he num ber of VLANs. Thus VLANs can m ake it possible t o define broadcast dom ains wit hout using a Layer- 3 device ( rout er) Since VLAN is a logical grouping, t he devices need not be physically locat ed t oget her. Ther efor e VLANs can be defined based on funct ion, applicat ion prot ocol, depart m ent et c. irrespect ive of wher e t he devices/ user s are act ually locat ed. Below shown diagram shows how t he host s in different VLANs need not be phy sically locat ed t oget her .
Figure 27: Different VLANs connect ed t oget her in a net work Pa ssin g t r a ffic be t w e e n VLAN s Fram es from one device t o ot her device wit hin a VLAN can be forwarded using a swit ch. Howev er, swit ches do not forward fram es bet w een differ ent VLANs and exact ly here com es t he need of Lay er- 3 devices. I n a Mult iple VLAN net w or k, a r out er is needed for int erVLAN com m unicat ion. I n a net work wit h n num ber of VLANs, a r out er m ust be connect ed t o all n VLANs t o facilit at e t he com m unicat ion bet ween t hem . For t his n rout er int erfaces are needed, alt ernat ively, a rout er t hat support s t r unking can be used. Using t runking one int erface/ port is logically divided int o sub int erfaces and each sub- int er face can be connect ed t o one VLAN.
Figure 28: I nt er- VLAN com m unicat ion using a rout er sub- int erfaces
VLAN Tr unk ing Pr ot ocol ( VTP)

This prot ocol has been creat ed by CI SCO. This prot ocol was int roduced t o cr eat e and m anage VLANs in an int ernet work. This also ensures t hat t he configurat ion across all swit ches t hroughout t he net work is consist ent . I n order t o com m unicat e VLAN inform at ion using VTP at least one swit ch should be in Ser ver m ode and all t he concerned swit ches should be in a com m on dom ain. VTP is always used in a m ult i VLAN net wor k and t he VTP infor m at ion is for warded only t hrough t runk port s. VTP m ode s of ope r a t ion Ther e ar e 3 different m odes in which a device can operat e in a given VTP dom ain Se r ve r : By default all t he swit ches will be pr esent in serv er m ode. This m ode enables a swit ch t o cr eat e, m odify and delet e VLANs in a given dom ain. Any changes t o t he VTP can be done in t his m ode and t hey will be advert ised in t he ent ire dom ain. This is t he only m ode which originat es t he VTP advert isem ent s. I n t his m ode VLAN configurat ion will be saved in NVRAM. Clie nt : I n t his m ode t he inform at ion r eceived from t he Ser ver will be processed and for warded. A swit ch in t his m ode will not be able t o creat e, m odify and delet e any VLAN inform at ion. I n t his m ode t he configurat ion inform at ion received fr om t he serv er will not be st or ed in NVRAM. Tr a n spa r e nt : Swit ches in t his m ode do not process t he inform at ion received from Serv er , t hey will sim ply forward. They can cr eat e, m odify and delet e t he VLAN configurat ion but t he m odificat ion will st ay wit hin t he swit ch t hey will not be adv ert ised in t he dom ain. I n t his m ode also VLAN configurat ion will be saved in NVRAM.
Type s of VLAN M e m be r ships

St a t ic V LAN s This is t he m ost secure t ype of VLAN. These ar e cr eat ed by adm inist rat or who assigns a swit ch port t o a VLAN m anually. Such swit ch port will always m aint ains t he associat ion unt il t he net w ork adm inist rat or changes it m anually D yna m ic VLAN s I n t his m et hod, adm inist rat or will define t he VLAN associat ion in a dat abase and whenev er a node is added it s VLAN configurat ion will be ident ified dynam ically by r efer ring t o t he m apping in t he dat abase. Using int elligent m anagem ent soft war e, adm inist rat or can use MAC addresses, applicat ion prot ocols, I P addresses et c t o cr eat e VLANs aut om at ically.
Type s of VLAN s
Por t Ba se d VLAN ( La ye r - 1 VLAN ) : As t he nam e suggest s t his t ype of VLAN connect ion uses t he phy sical port address t o for m t he VLAN groups. Differ ent port s are assigned t o differ ent VLANs and VLAN m em bership is defined based on t he port t o which t he device is connect ed. For exam ple, in a swit ch wit h 5 port s wit h port 1, 3 and 5 assigned t o VLAN 1 and port 2 and 4 assigned t o VLAN 2. When devices ar e connect ed t hey will aut om at ically fall int o t he corr esponding VLAN based on t he port t o which t hey ar e connect ed. Preferably it assigns t he port s t hat ar e phy sically close t oget her on t he swit ch int o t he sam e VLAN. M AC Ba se d VLAN ( La ye r - 2 VLAN ) As t he nam e suggest s t his t ype of VLAN connect ion uses t he MAC addr ess of t he wor kst at ion t o for m VLAN gr oups. I nit ially differ ent MAC addresses ar e assigned t o different VLANs and VLAN m em ber ship is defined based on t his m apping. The advant age is t hat t hey are sim pler t o m anage. When com put ers are m ov ed, as t he MAC addr ess form a par t of NI C and hence when a device is m ov ed, no r econfigurat ion is needed t o allow t he dev ice t o st ay in t he sam e VLAN. I P Ba se d V LAN ( La ye r - 3 VLAN ) I n t his m et hod t he VLAN gr oups are form ed using t he net work layer address. Som e Lay er- 3 VLANs can also use t he net w or k layer pr ot ocol t o cr eat e VLAN gr oups Applica t ion Ba se d VLAN ( La ye r - 4 VLAN ) I n t his t ype, VLAN gr oups ar e form ed by using t he applicat ion layer pr ot ocol. For exam ple, t elnet applicat ions can be ex ecut ed on one VLAN and sim ilarly differ ent VLAN for each applicat ion layer prot ocol as desired. Som et im es Layer- 4 VLANs are defined in com binat ion wit h t he net wor k layer and dat a link layer addresses.
Type s of VLAN conne ct ions

Tr unk Link These links can car ry fr am es of differ ent VLANs. Trunk links are configurable and can be m ade t o carry fram es of all t he VLANs or can be r est rict ed t o carr y only few VLANs dat a. As t hey need m or e bandwidt h, t hey are suppor t ed only on Fast or Gigabit Et hernet . Fram es on t runked links will be t agged wit h special header s t o ident ify t he VLAN inform at ion t o which t he fram e belongs t o. This t echnique is called Fram e Tagging and t he corr esponding fram es are called t agged fram es.
Acce ss Link Any device at t ached t o an access link will be a part of only one VLAN. These links will be unawar e of t he VLAN m em ber ship as t he VLAN inform at ion will be r em oved fr om t he fram e befor e it is sent t o t he device connect ed t o access link. All fram es on access links m ust be unt agged H ybr id Link This is a com binat ion of abov e t w o links; t hey can have bot h t agged and unt agged fram es
VLAN Tr unk ing M e t hods or VLAN I de nt ifica t ion M e t hods

Trunking m akes it possible for a port t o be a m em ber of m ore t han one VLAN at t he sam e t im e. Fram e t agging is used when a fram e t ravels t hr ough a t runked link, t o ident ify t he corr esponding VLAN and exit accordingly. Various VLAN ident ificat ion m et hods are discussed below:
I nt e r Sw it ch Link ( I SL) This has been dev eloped by CI SCO befor e t he I EEE has st andardized t he t runking prot ocol. This pr ot ocol can only used bet ween CI SCO devices; it cannot be used on t he swit ches m anufact ur ed by ot her vendors. I SL funct ions at Layer- 2 and fully encapsulat es t he dat a fram e wit h I SL Header and CRC, k eeping t he original Et hernet fram e int act .
Adva nt a ge s
Br oa dca st cont r ol: I n a norm al LAN, all users can see all devices. Ther e is no rest rict ion on broadcast , all t he devices in t he net w ork can see and r espond t o t he m essage. Depending on t he fr equency at which broadcast occurs t he t raffic in t he net work will increase and t her eby cr eat ing m or e congest ion. Som e older applicat ions consum e lesser bandwidt h, howev er som e new generat ion applicat ions such as m ult im edia applicat ions consum e all t he available bandwidt h, also t hey use broadcast and m ult icast m essages ext ensively. By int roducing t he concept of VLAN, w orkst at ions can be logically grouped as r equired t hereby confining t he broadcast m essage t o t hat part icular VLAN. I n t his way we can also keep one segm ent s pr oblem from pr opagat ing t hrough t he com plet e net work. For exam ple, if an educat ional inst it ut ion has different depart m ent s, t he user s can be logically grouped based on t he depart m ent t o w hich t hey belong, t hough t hey ar e connect ed t o a single swit ch. Now each depart m ent will have great er bandwidt h com parat ively and only t he r espect ive depart m ent m essages will be flooded in t hat segm ent .
I ncr e a se d se cu r it y : As already discussed any user connect ed on a LAN can access t he net w ork r esour ces. By creat ing VLANs adm inist rat or will have cont r ol on each port and device, no user can have com plet e access t o t he net work resources j ust by plugging int o one of t he available swit ch port . Net w ork securit y can be ensur ed by gr ouping sensit ive devices int o a single VLAN and placing only t hose users/ devices int o t hat VLAN who can hav e access. This will curt ail t he chances for t he out sider s t o gain access t o dat a. For exam ple, in an educat ional inst it ut e all t he st aff syst em s and devices can be put int o a separat e VLAN and appropriat e access lev els can be pr ovided t o ensure t hat no st udent can access t he dat a. Re duce d cost : As w e already know , by using VLANs m any sm aller broadcast dom ains can be cr eat ed wit hout using t he expensive r out er s. Though t he rout ers ar e st ill needed for int er- VLAN com m unicat ion, t he t ot al t he num ber of r out er s needed will be r educed appreciably by using VLANs. Sca la bilit y : As t he num ber of sy st em s in a single VLAN increases, m or e VLANs can be cr eat ed t o keep t he broadcast m essages from consum ing t oo m uch of bandwidt h. At t he t im e of adding a new device/ user, t her e is no r est rict ion on t he availabilit y of swit ch port s since devices/ user s can be added t o any VLAN irr espect ive of t heir physical locat ion. Pe r for m a nce : Com par ed t o swit ches, r out er s require m ore pr ocessing of incom ing dat a. I n a net work wit h m ore broadcast and m ult icast m essages, t he lat ency in t he rout er s increases as t he volum e of t raffic increases t her eby r esult ing in poor perform ance, but it s not t he sam e wit h VLAN as br oadcast dom ains are cr eat ed by using swit ches not t he rout ers. Sim plif ie d Adm inist r a t ion : Depending on t he t ype of VLAN configured, som e of t he adm inist rat ive t asks can be sim plified. For exam ple, if a syst em is m oved wit hin t he sam e VLAN no reconfigurat ion is required on r out er.
5 .6 Por t Enca psula t ion

Ther e w as a significant need for a device t o connect t o various br oadcast dom ains. This in t urn im plied t hat t he port should have an abilit y t o connect t o v arious VLANs. Hence, a st andard was defined by t he I EEE t o provision for t he sam e. This is 802.1Q referr ed as dot 1q encapsulat ion. This would int roduce t he VLAN I D t o be sent in t he pack et in order t o
recognize t he br oadcast dom ain t hat t he packet id dest ined for. This m echanism is called port encapsulat ion and t he port which is encapsulat ed is referr ed as a t agged port . When a port is encapsulat ed t he following 32 bit header get s included in t he Et hernet packet 1 6 bit s TPI D
3 bit s PCP
1 bit CFI
1 2 bit s VI D
Ta g Pr ot ocol I de nt if ie r ( TPI D ) : t his cont ains a value 0x8100 t o ident ify t hat t he fram e is t agged as an I EEE 802.1Q. Pr ior it y Code Point ( PCP) : Take values from 0- 7 t o priorit ize t he packet based on Voice dat a and video. Ca n onica l For m a t I ndica t or ( CFI ) : I f set t o 0, it indicat es t hat t he MAC addr ess is canonical and if set t o 1 t he fram e should not be for warded t o an unt agged port . This is basically used for com pat ibilit y bet ween Et hernet and t ok en ring. VLAN I de nt ifie r ( V I D ) : This cont ains t he act ual VLAN I D t o which t he fram e is dest ined. This t akes t he values from 0- 4094.
6 La ye r 3
6 .1 I P Addre ssing a nd Subne t t ing
N e e d for I P Addr e ssing A MAC address is a 48 bit unique address given t o a physical hardwar e. This addresses accurat e delivery of t he pack et s from sour ce t o t he dest inat ion but at t he sam e t im e gives rise t o various challenges like t he ex haust ion of t he addresses for enabling users t o connect and access t he dat a over t he int ernet dom ain. This led t o t he evolut ion of t he logical addressing t hat would address t he challenge by providing a way t o assign differ ent addresses wit hin t he net wor k and use anot her address t o com m unicat e t o t he ext ernal net wor k. Furt her t he logical addressing provides a w ay t o define broadcast dom ains sub net works and rout e t he t raffic bet ween various net wor ks t hrough t he use of various prot ocols. Wit h t he sat urat ion of t he addresses in t he I Pv 4 address space a new I P addressing is found as a solut ion which increases t he addr ess size from 32 bit t o 128 bit I P addr ess but unt il t hen various t echnologies like NAT ar e being used t o addr ess t hese exhaust ion problem s. This part icular docum ent cov ers t he I P addr essing and Subnet t ing along wit h t he VLSM and CI DR. How ev er t he I Pv6 addressing and NAT are out of t he scope of t his docum ent . Cla ssful I P Addr e ssin g The I P addr essing was st andardized in t he year 1981. An I P addr ess is a 32 bit address which is divided int o 4 oct et s and each of t hese oct et s are separat ed by dot . The earlier flavour of I P addressing is referr ed t o as Classful I P addressing. I n t his period t he I P address is viewed as a com binat ion of Net w or k addr ess and t he Host Address. Based on t hese t wo com ponent s various classes w er e defined which act ually define t he num ber of sub net work s and t he num ber of host s t hat can be held in wit h t hat part icular net work. The I P addr ess classes t hat are classified are Class A Class B Class C Ther e ar e t w o m ore special classes which are reserv ed and are used for broadcast and m ult icast which are not going t o be cov er ed in t his part icular docum ent .
Figure 29: Classful I P Addressing Cla ss A: This class defines I P addresses wit hin t he range 01- 127. Class A net w ork s, as shown in t he figure, will have 8 bit s for t he net w ork part and 24 bit s for t he host part . This t ype of net work is used when t he num ber of host s in each net work is m or e t han 65535. Each class A net wor k pr ecisely has 16777214 host s. The I P addr esses in case of class A when conv ert ed t o t he binary not at ion will always have 0 as t he first bit of t he first oct et . Cla ss B: This class of net works uses 16 bit s for t he net wor k addr ess and 16 bit s for t he host part . These t ypes of net work addr esses are configured when t he num ber of host s t o be support ed on each net w ork falls in t he range 256- 65535. The addresses of t he class B st art from 128- 192. The class B I P addr esses will have 10 as t he first 2 bit s of t he first oct et . Cla ss C: Class C net work addr esses pr ovide 24 bit s for t he net work and 8 bit s for t he host . So, in a t ypical class C net work t here ar e only 254 host s. However 2 24 such net work s can
be form ed. The range of I P addr esses in Class C is 192- 233. A class C net work has 110 as t he first 3 bit s of t he fir st oct et . Cla ss D a nd Cla ss E: Class D and Class E net work ar e exclusively reserv ed for m ult icast and broadcast groups and t his docum ent s scope does not cov er t hese. Typically a Class D net w or k falls in t he range 224- 239 and a class E net wor k falls in t he range 240- 254. Class D and E net works st art wit h 1110 and 11110 r espect ively. The net work addr esses in t he 127 net work purposes ar e used for loop back purposes and t his serv es t he following purposes. A m et hod of per form ing t ransm ission t est s of access lines from t he ser ving swit ching cent er, which m et hod usually does not r equire t he assist ance of per sonnel at t he serv ed t erm inal. A m et hod of t est ing bet ween st at ions ( not necessarily adj acent ) wherein t wo lines are used, wit h t he t est ing being done at one st at ion and t he t wo lines int erconnect ed at t he dist ant st at ion. Com m only called loop ar ound when t he int erconnect ing circuit is accessed by dialing. A pat ch cable, applied m anually or aut om at ically, rem ot ely or locally, t hat facilit at es a loopback t est . A com m unicat ion channel wit h only one endpoint . Any m essage t ransm it t ed t hrough such a channel is im m ediat ely received by t he sam e channel.
The num ber of host s in each net work can be det erm ined by t he form ula 2 n - 2 where n refers t o t he num ber of bit s t hat ar e allowed for t he host . This is because t he first address of t he net w ork is referr ed t o as t he net work address and t he last address is referr ed t o as broadcast address for t hat part icular net work. Lim it a t ions of t he Cla ssfu l Addr e ssing The original I nt ernet designers never envisioned t hat t he I nt ernet would grow int o what it has becom e t oday. Most of t he pr oblem s t hat were faced by t he I nt ernet t oday can be t raced back t o t he decisions t hat wer e m ade early during it s init ial year s. I n t he early int ernet days, t he I P addr esses wer e allocat ed freely. A lot of I P addresses w ere wast ed because of t he lack of sync bet ween t he r equirem ent and t he allocat ion. There was no concern of t he deplet ion of t he I P addr esses unt il t he I P addr ess space began t o exhaust and failing t o provide new I P addr esses for t he users who required t hem . Ther e w er e only 232 ( 4,294,967,296) I Pv4 addresses available as t he I P address space was st andardized t o have a 32 bit address. The cur r ent address short age pr oblem could have been addr essed if t he decision was t ak en t o increase t he addr ess size so t hat t he num ber of I P addresses w ould have increased exponent ially.
The oct et boundaries for differ ent classes of t he net w or ks ar e easy t o underst and but t hey do not provide a solut ion t o provide a finit e address space. Furt her t here was no net work class t hat could cat er t o t he needs of t he m edium sized organizat ions. For exam ple, a class C, which support s 254 host s, is t oo sm all while a class B, which support s 65,534 host s, is very large and result s in wast age of t he I P addr esses. I n t he past , sit es wit h several hundred host s wer e assigned a single Class B address inst ead of t w o Class C addresses. This r esult ed in an exhaust ion of t he class B net w ork address space. Now only t he class C net work addresses ar e r eadily available for t he m edium sized organizat ions, which pot ent ially have negat ive im pact of increasing t he size of t he global I nt ernet s r out ing t able. This led t o t he ev olut ion of t he classless I P addressing which sees an addit ional field t o be included in t he I P address. This is called Subnet t ing. SUBN ETTI N G A st andard t o support subnet t ing which m eans division was concept ualized and int roduced in t he year 1985 by in an RFC; t he process of subnet t ing involves division of a single CLASS A, B or C net work int o sm aller pieces. Subnet t ing was int roduced t o addr ess som e of t he problem s t hat wer e beginning t o experience by part s of t he I nt ernet wit h t he t wo- level Classful addressing hierar chy, such as: I nt ernet rout ing t ables w er e st art ing t o grow. Local adm inist rat ors had t o request for anot her net w ork num ber from t he I nt ernet dom ain before t hey could inst all anot her net w or k at t heir sit e. Bot h t hese pr oblem s w er e addressed by adding anot her hierar chy lev el t o t he I P addressing st ruct ure. I nst ead of t he t wo- level hierar chy in t he classful addressing, Subnet t ing was int roduced t o support a 3 level hierarchy . The basic idea of Subnet t ing is t o divide t he st andard Classful host num ber field int o t wo differ ent part s- t he subnet num ber and t he host num ber t hat cat ers t o t hat subnet . The subnet deals wit h t hese problem s by ensuring t hat t he subnet st ruct ure of t he int ernal net wor k is not visible t o t he ext ernal net work. Furt her t he r out ing problem is addressed as t he r out e fr om t he int ernet t o any given subnet is t he sam e and t he different iat ing fact or for t hese subnet s of a given is t he subnet num ber. The rout ers in t he organizat ion need t o rout e t he t raffic bet ween individual subnet s. Subnet t ing over cam e t he r egist er ed num ber issue by assigning each organizat ion one or few net work num ber s and t he organizat ion is free t o assign dist inct subnet num ber t o each of t he connect ed inside it s privat e net wor k. This allowed organizat ions t o deploy addit ional subnet s wit hout obt aining new net w or k num ber s from t he int ernet .
SUBN ET M ASK A subnet m ask is used t o det erm ine t he num ber of t hat is r equired inside a net work . Net w ork subnet t ing can be done only along t he binary boundaries. So, a subnet can be cr eat ed only in chunks of pow er s of 2. Wit h t he int roduct ion of t he subnet m ask t he I P addresses ar e repr esent ed as a com binat ion of I P addr ess followed by t he subnet m ask. For exam ple 10.1.1.13 wit h a subnet m ask of 8 bit s is r epr esent ed as 10.1.1.13/ 8 or 10.1.1.13/ 255.0.0.0. Repr esent at ion of t he subnet m ask. The subnet m ask involves left m ost bit s t o be higher order bit s ( 1) and t he r est all bit s are 0s. For exam ple, a subnet m ask of 8 is equal t o 255.0.0.0 Sim ilarly, few ex am ples for t he equivalent m ask for t he num ber of bit s can be found in t he following t able
Subnet m ask in bit s 8 16 24 23 27
Act ual Subnet m ask 255.0.0.0 255.255.0.0 255.255.255.0 255.255.254.0 255.255.255.224
These subnet s provide a way t o ext end t he classes of I P addressing t o allow or rest rict t he num ber of host s r equired per net works and t he net works r equired which give an edge in conserving t he I P addr esses and use t hem efficient ly. This is done by Variable Lengt h Subnet Masking ( VLSM) . This is t he way of defining t he I P address of any class t o define t he num ber of bit s of net w ork of any class. This t ype of I P addr essing is refer red t o as Classless I P addressing. For exam ple, a class A I P addr ess using a subnet m ask of 24 can produce 2 24 net works and sim ilarly a class C net work wit h a subnet m ask of 8 pr oduces on 2 8 net works. The decision on t he subnet m ask needs t o be t aken by det er m ining t he num ber of differ ent subnet s needed and t he num ber of host s t hat are r equired per each of t hese net w ork s.
N e t w or k a ddr e ss a nd br oa dca st a ddr e ss For any given net w ork t her e needs t o be 2 addr esses which define way s t o 1. 2. Forward t he t raffic t o all t he host s connect ed t o t hat net wor k ( Broadcast ing) . Rout e t he t raffic t o or fr om t he ot her net works.
The broadcast ing of t he t raffic t o all t he host s is t aken car e by t he br oadcast addr ess of t he net work. This is usually t he last address of any net work. The rout ing is done based on t he net w ork addr ess which is t he first address in any net w ork . Hence t he num ber of host s t hat can exist for a given net wor k is given by 2 No. Of host
bit s
2.
Furt her t he m et hod t o find t he net work addr ess and t he br oadcast addr ess when an I P address and t he subnet Mask ar e given is as follows. Consider an organizat ion is assigned 194 net work. The requirem ent is t o have 300 host s per net w ork and 100 such net w orks. Considering t he abov e t o be a class C net w ork, t he num ber of host s t hat can be for a part icular net work is 254 as t he subnet m ask for a class C net work is 24. provided
Consider a subnet of 23 in t his case which will provide 9 bit s for t he host s. So t he num ber of host s in t his case will be 2 9 - 2 which is 510. Furt her it can also produce m or e t han 100 net wor ks. So t he subnet m ask of 23 will suffice t he need. This could have been possible wit h even a lesser subnet m ask but t he efficiency of I P addressing com es only when we conserv e I P addresses. I f an I P addr ess 194.12.13.10/ 23 is given in t his. The net w ork address and t he broadcast address can be as follows. 1. Convert t he Net work address t o Binary 11000010.00001100.00001101.00001010 2. Convert t he subnet m ask t o Binary 11111111.11111111.11111110.00000000 3. Do a logical AND for t hese t o get t he net work address 11000010.00001100.00001101.00001010 11111111.11111111.11111110.00000000 11000010.00001100.00001100.00000000 4. Convert it back t o t he norm al decim al not at ion which would result in 194.12.12.0 5. The broadcast address which is t he last address is 194.12.12.255 The net work is referr ed t o as 194.12.12.0/ 23 for t he ext ernal rout ing purposes.
I f w e follow t he sam e procedur e where t he subnet m ask is 24, t hen t he net work addr ess is 194.12.13.0/ 24 Cla ssle ss I nt e r - D om a in Rout ing ( CI D R) The near- t erm exhaust ion of t he Class B net w ork address space and t he rapid growt h in t he size of t he global I nt ernet s r out ing t ables m ade it necessary for t he dev elopm ent of Classless I nt er- Dom ain Rout ing ( CI DR) . CI DR support s t wo im port ant feat ur es t hat benefit t he global I nt ernet r out ing syst em : 1. CI DR elim inat es t he t radit ional concept of Class A, Class B, and Class C net work addresses and r eplaces t hem wit h t he generalized concept of a net work prefix. Rout er s use t he net w or k pr efix, rat her t han t he first 3 bit s of t he I P address, t o det erm ine t he dividing point bet ween t he net w ork num ber and t he host num ber. As a r esult , CI DR support s t he deploym ent of arbit rarily sized net work s rat her t han t he st andard 8- bit , 16- bit , or 24- bit net wor k num bers associat ed wit h classful addressing. 2. CI DR support s r out e aggregat ion where a single rout ing t able ent ry can represent t he addr ess space of t housands of t radit ional classful rout es. This allows a single rout ing t able ent ry t o specify how t o r out e t r affic t o m any individual net wor k addresses. Rout e aggr egat ion helps cont r ol t he am ount of r out ing inform at ion in t he I nt ernet s backbone rout ers, reduces r out e flapping ( rapid changes in rout e availabilit y) , and eases t he local adm inist rat ive burden of updat ing ext ernal rout ing inform at ion. I n a classful environm ent , an I nt ernet Service Provider ( I SP) can only allocat e / 8, / 16, or / 24 addr esses. I n a CI DR environm ent , t he I SP can carv e out a block of it s regist er ed address space t hat specifically m eet s t he needs of each client , pr ovides addit ional room for gr owt h, and does not wast e a scarce resource. CI DR helps cont rol t he growt h of t he I nt ernet s rout ing t ables by r educing t he am ount of r out ing inform at ion. This process r equires t hat t he I nt ernet be divided int o addressing dom ains. Wit hin a dom ain, det ailed inform at ion is available about all of t he net works t hat r eside in t he dom ain. Out side of an addressing dom ain, only t he com m on net work prefix is advert ised. This allows a single rout ing t able ent ry t o specify a r out e t o m any individual net wor k addr esses.
6 .2 I nt e r ne t Prot ocol Ve r sion 6 ( I Pv6 )

A Qu ick Ba ck gr ound I Pv6 m eans I nt ernet Pr ot ocol version 6. The I nt ernet Pr ot ocol ( I P) is t he net w ork layer prot ocol for t he int ernet . At present t wo differ ent versions of TCP/ I P addressing are in use: I Pv4 and I Pv6. I Pv4 has ser ved t he I nt ernet com m unit y well, but it s lim it ed address space
has caused problem s as it cannot m eet t he exponent ially increasing need for I P addr esses and hence I Pv6 has been int roduced. Unlike 32- bit I Pv4 addr esses, I Pv6 uses a 128- bit address. Apart fr om providing t he enough addresses it also provides ease of use and configurat ion, enhanced securit y and abilit y t o int erpolat e wit h I Pv4 as t he t ransit ion t akes place. I Pv6 H e a de r I nt r odu ct ion Ther e are sev eral changes in Header form at in I Pv6 when com par ed t o I Pv4. I Pv6 uses t wo dist inct headers, I Pv6 Main Header and I Pv6 Ext ension Header s. Ext ension Header s ar e opt ional and are int roduced t o pr ovide ext ra inform at ion t hat is needed occasionally, whereas Main Header is a fixed one. I n t he com ing sect ions we will be discussing differ ent I Pv6 Header Tables in det ail. I Pv6 M a in H e a de r This header is of 40 Byt es long and is equivalent t o t he basic I Pv4 Header except few changes t hat hav e been im plem ent ed t o m ak e it m or e flexible com pared t o I Pv4 Header .
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 32 Bit s - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Ver sion 4 Bit s Payload Lengt h 16 Bit s
Traffic Class 8 Bit s
Flow Label 20 Bit s Next Hop Lim it 8 Bit s 8 Bit s
Header
Source Address 128 Bit s Dest inat ion Address 128 Bit s
Not e: The bit s given in t he above figure gives t he size of each field. The purpose of each field of I Pv6 Main Header shown in t he Figure 1 is described below: Ver sion ( 4 Bit s) : This field is used t o ident ify t he version of Pr ot ocol being used. I t s value is always 6 for I Pv6 for obvious reasons. Traffic Class ( 8 Bit s) : This field is used t o dist inguish bet ween t he pack et s wit h different r eal t im e deliver y requirem ent s for exam ple t o ident ify t he priorit ies and different classes of t he pack et s. I t is used by t he sour ce node and by t he forwar ding rout ers.
This field is described as a 6- bit Differ ent iat ed Services ( DS) field and a 2- bit field which is current ly reserv ed. The service int erface t o t he I Pv6 ser vice wit hin a node m ust provide a m eans for an upper- layer prot ocol t o supply t he value of t he Traffic Class bit s in packet s originat ed by t hat upper layer prot ocol. For all 8 bit s t he default value is 0. This is sim ilar t o Type of Service ( TOS) field in I Pv4 packet Flow Label ( 20 Bit s) : A flow is a sequence of packet s sent from a part icular sour ce t o a part icular dest inat ion for which t he source request s a special handling by t he rout ers ( I pv6 Rout er in t his case) such as " real- t im e" ser vice. This field is used t o label such sequences of packet s. Host s or rout er s t hat do not support t he funct ions of t he Flow Label field are required t o set t he field t o zer o. Payload Lengt h ( 16 Bit s) : This field gives t he lengt h of t he I Pv6 Payload i.e. t he num ber of byt es following t he 40- byt e Header , in oct et s. Point t o not e is t hat any ext ension headers pr esent are considered part of t he payload, i.e., included in t he lengt h count . The m axim um lengt h of t his is 64Kbyt es, if a great er dat a field is needed, Jum bo Payload is used. Jum bo Payload is indicat ed by t he pr esence of zer o in t he Payload Lengt h. Next Header ( 8 Bit s) : The reason why I Pv6 header is m or e sim plified is t hat t here can be addit ional ext ension headers, as already discussed. This field ident ifies t he t ype of header ( if any) t hat following t he I Pv6 Main Header. I f t his header is t he last I P header ( i.e. no furt her headers aft er t his) t hen t his field t ells which t ransport pr ot ocol handler ( e.g. TCP, UDP) t he packet m ust be passed t o. Hop Lim it ( 8 Bit s) : I t is decrem ent ed by 1 by each node t hat forw ards t he pack et . The packet is discarded if Hop Lim it is decr em ent ed t o zer o. This field is used t o k eep t he packet s from exist ing for ev er . Source Address: 128- bit address of t he originat or/ sour ce of t he pack et . Dest inat ion Address: 128- bit address of t he int ended r ecipient of t he packet ( possibly not t he final dest inat ion address, if a Rout ing header is pr esent ) . Com pa r ison w it h t h e I Pv4 H e a de r Ta ble I n t he below discussion we will see t he changes t hat are m ade in I Pv6 Header when com pared t o I Pv4 Header .
Ver sion 4 Bit s
HL
Type Of Ser vice 8 Bit s
Tot al Lengt h 16 Bit s
Bit s
F I dent ificat ion 16 Bit s Bit s Tim e To Live 8 Bit s Prot ocol 8 Bit s lag 3
Fragm ent Offset 13 Bit s
Header Checksum 16 Bit s
Source Address 32 Bit s
Dest inat ion Address 32 Bit s
Opt ions ( 0 or m or e w or ds)
Type of Service is r eplaced by Traffic Class in I Pv6 Tot al Lengt h field was changed t o Payload Lengt h and also The Payload Lengt h field of I Pv6 ex cludes t he Header lengt h unlike Tot al Lengt h field of I Pv4 All t he fields relat ed t o fragm ent at ion wer e r em ov ed because I Pv6 t akes a differ ent approach t o fragm ent at ion The field Tim e To Live of I Pv4 Header was a t im e in seconds, but no r out er used it in t hat way, so t he nam e has been changed in I Pv6 Header as Hop Lim it t o r eflect t he way it is being used. The Pr ot ocol field was t aken because t he Nex t Header t ells what follows t he last I P header Check sum field has been r em ov ed because, dat a link layer and t ransport layers norm ally have t heir own check sum s, calculat ing anot her checksum would great ly reduces perform ance As is evident t he address lengt h is increased from 32 bit s t o 128 bit s.
I Pv4 Opt ions per form a vit al role in t he operat ion hence t hat capabilit y has been preserv ed in I Pv6 as well. But keeping t heir im pact on perform ance in considerat ion, t he funct ionalit y of Opt ions has been rem ov ed from m ain header and im plem ent ed t hrough Ext ension Header s. Flow Label field has been newly added in I Pv6 com par ed t o I Pv4. I HL field is rem ov ed as I Pv6 header has a fixed lengt h.
By including all t hese m odificat ion t he int ent ion of I pv6 a fast , y et flexible prot ocol wit h plent y address space has been achieved. I Pv6 Ex t e nsion H e a de r s Six differ ent ext ension headers ( Hop- by- Hop Opt ions header , Dest inat ion Opt ions header, Rout ing header, Fragm ent header , Aut hent icat ion header and Encapsulat ing Securit y Payload header) are pr esent at t he m om ent . Header s are linked by populat ing t he Next Header field. Following is t he recom m ended order in which headers should appear: I Pv6 header Hop- by- Hop Opt ions header Dest inat ion Opt ions header ( rout ing header associat ions) Rout ing header Fragm ent header Aut hent icat ion header Encapsulat ing Securit y Payload header Dest inat ion Opt ions header ( opt ions pr ocessed by final dest inat ion) Upper- layer header
Each ext ension header can occur only once, ex cept for t he Dest inat ion Opt ions header which can occur at m ost t wice in t he sam e order as m ent ioned abov e. Ther e is a rest rict ion on Hop- by- Hop Opt ions header t hat it should appear im m ediat ely aft er an I Pv6 Main header . I f t he upper header is anot her I Pv6 Header t hen it m ay be followed by it s own opt ional Header s. This scenario generally happens in Tunneling or Encapsulat ion in I Pv6. Som e of t he headers have a fixed form at ; ot her s cont ain a variable num ber of variable- lengt h fields ( curr ent ly, Hop- by- Hop Opt ions header and Dest inat ion Opt ions header) .
Variable lengt h fields are not hing but t ype- lengt h- value ( TLV) encoded Opt ions, of t he below given form at .
Opt ion Type 8 Bit s
Dat a
Opt ion Lengt h 8 Bit s Byt es)
Opt ion Dat a Variable Lengt h (0 t o 255
Opt ion Type ( 8 Bit s) : This field ident ifies t he t ype of opt ion. The highest - order t w o bit s of t his field are int ernally encoded such t hat t hey specify t he act ion t hat m ust be t ak en if t he I Pv6 node fails t o r ecognize t he Opt ion Type. 00- skip t he opt ion 01- discard t he packet 10- discard t he packet and send back an I CMP packet / m essage 11- discard t he packet , do not send I CMP pack et / m essage for m ult icast addresses A part icular opt ion is ident ified by a full 8- bit Opt ion Type, which includes t he above explained t wo higher bit s as well. Opt ion Dat a Lengt h ( 8 Bit s) : 8- bit unsigned int eger . Gives t he lengt h of t he Opt ion Dat a field in oct et s. Opt ion Dat a ( 0 t o 255 Byt es) : Variable lengt h field ( 0 t o 255 byt es) . Cont ains Opt ion Type ( m ent ioned in Opt ion Type field) specific dat a Below sect ion gives an insight int o t he each ext ension Header:
H op- by- H op Opt ions he a de r All t he Header opt ions are pr ocessed only by t he node ident ified in t he I Pv6 dest inat ion address field except for t he Hop- by- Hop Opt ions header. I t is used t o car ry inform at ion t hat m ust be exam ined by all t he rout er s along t he packet ' delivery pat h. The Hop- by- Hop s Opt ions header is ident ified by a Next Header value of 0 in t he I Pv 6 header , and has t he following form at :
Next Header
8 Bit s
Hdr Ext Len

8 Bit s
Opt ions COMPANY CONFIDENTIAL
Next Header ( 8 Bit s) : This field ident ifies t he t ype of header im m ediat ely following t he Hop- by- Hop Opt ions header . Hdr Ext Len ( 8 Bit s) : I t gives t he lengt h of t he Hop- by- Hop Opt ions header byt es, not including t he first 8 byt es, which are m andat or y. Opt ions: Variable- lengt h field cont ains one or m or e TLV- encoded opt ions. D e st ina t ion Opt ion s h e a de r This header is used t o car ry inform at ion t hat need be int erpret ed only by a packet s dest inat ion node( s) . The Next Header value of 60 gives t he Dest inat ion Opt ions header ident it y, and it has t he form at as shown below:
Next Header
8 Bit s
Hdr Ext Len

8 Bit s
Next Header and Hdr Ex t Len as described abov e. Opt ions: Variable- lengt h field cont ains one or m or e TLV- encoded opt ions as described earlier. Rout ing he a de r Som et im es it becom es necessary t o visit few specified int erm ediat e nodes on t he way t o dest inat ion. This header gives t he list of such int erm ediat e nodes w hich are t o be visit ed. The Next Header value of 43 gives t he Rout ing header ident it y, and it has t he form at as shown below: Next Header 8 Bit s Len 8 Bit s Hdr Ext Type 8 Bit s Rout ing t s Left 8 Bit s Segm en
Opt ions
Type Specific Dat a Variable Lengt h Field
Rout ing Type ( 8 Bit s) : This field gives t he form at of t he r est of t he header . Segm ent s Left ( 8 Bit s) : I t s an unsigned int eger. I t gives t he num ber of int erm ediat e nodes being m ent ioned clearly, t hat ar e due t o be visit ed. When a node is visit ed, it s value is decrem ent ed. Type- specific dat a ( Variable Lengt h) : The for m at of t his dat a is det erm ined by t he Rout ing Type. Fr a gm e nt h e a de r The Fragm ent header is used by an I Pv6 source t o send a pack et larger t han t hat would fit in t he pat h MTU ( m axim um packet size in oct et s, which can be conv ey ed over a link) t o it s dest inat ion. I n I Pv6, unlike I Pv4 only t he source host can fr agm ent a packet , r out er s along t he way cannot do it . I f rout er confront ed wit h a pack et t hat is t oo big, it discards t he packet and sends an I CMP pack et back t o t he source. The Next Header value of 44 gives t he Fragm ent header ident it y, and it has t he for m at as shown below: Next Header 8 Bit s d 8 Bit s Reser ve
Fragm ent Offset 13 Bit s
es Bit
Bit s
I dent ificat ion 32 Bit s
Next Header ( 8 Bit s) : I t gives t he init ial header t ype of t he r em aining part of t he packet of t he original packet . This r em aining part of t he pack et is called as Fragm ent able Part . Reser ved ( 8 Bit s) : This is an 8 Bit value which is m arked as zero for t he t ransm ission and ignored or not validat ed on r ecept ion.
Fragm ent Offset ( 13 Bit s) : This is t he offset , of t he dat a which follows t his header , relat ive t o t he st art of t he Fragm ent able part . Res ( 2 Bit s) : To be init ialized t o zer o for t ransm ission and dest inat ion should ignore t his field on recept ion M flag ( 1 Bit ) : This bit is set t o 1 for m ore fr agm ent s and set t o 0 for last fragm ent . I dent ificat ion ( 32 Bit s) : Gives t he ident ificat ion value of t he packet , generat ed by t he sour ce node for every packet t hat is t o be fragm ent ed. Aut he nt ica t ion he a de r This Header pr ovides aut hent icat ion for t he I P header , also for upper level prot ocol dat a t o t he possible ex t ent . The Next Header value of 51 gives t he Aut hent icat ion header ident it y, and it has t he form at as shown below: Next Header 8 Bit s Len 8 Bit s Payload RESERVED 16 Bit s
Securit y Param et er s I ndex ( SPI ) 32 Bit s Sequence Num ber Field 32 Bit s Aut hent icat ion Dat a variable lengt h
Payload Lengt h ( 8 Bit s) : This field specifies t he lengt h of Aut hent icat ion header. Reser ved ( 16 Bit s) : This field is reserv ed for fut ure use. I t MUST be set t o zer o. Securit y Param et ers I ndex ( SPI ) ( 32 Bit s) : This index along wit h t he securit y prot ocol ( AH) and dest inat ion I P address ident ifies t he Securit y Associat ion for t he dat agram . Sequence Num ber ( 32 Bit s) : This unsigned 32- bit field cont ains a m onot onically increasing count er value ( sequence num ber) . I t is m andat ory and is always present ev en if t he receiver does not elect t o enable t he ant i- replay ser vice for a specific SA. Processing of t he Sequence Num ber field is at t he discret ion of t he receiver, i.e., t he sender MUST always t ransm it t his field, but t he r eceiver need not act upon it Aut hent icat ion Dat a ( Variable Lengt h) : This is a variable- lengt h field t hat cont ains t he I nt egrit y Check Value ( I CV) for t his pack et .
Enca psu la t ing Se cur it y Pa yloa d h e a de r This header m akes it possible t o encrypt t he cont ent s of a pack et so t hat only t he int ended r ecipient can read it . All t he inform at ion following t his Header is encrypt ed and hence it is inaccessible t o int erm ediary net work devices. This header is ident ified by a Next Header value of 50 in t he im m ediat ely preceding header The services pr ovided by t he int ernet have dem anded m ore I P addresses as t he num ber of devices connect ing t o t he net w ork hav e gr own. As a wor k around, t he NAT ( Net work Addr ess Translat ion) is used but it had it s own issues and it added a considerable ov er head on t he end t o end net w or k. The solut ion t hought was t o incr ease t he I P addr ess size from 32 bit s t o 128 bit s t o accom m odat e m ore devices. The I pv6 pr oposes new er broadcast and unicast m et hods and t he delim it er used in : rat her t han . .Ther e is an addit ion of anycast which defines on sending t he t raffic t o any of t he gr oup of nodes. The m ult icast scalabilit y is also int roduced. I t provides for t he Hexadecim al addresses being used wit hin t he I P addr ess. Addr e ssing D e scr ipt ion The I pv6 addr ess is an eight - part hexadecim al address separat ed by colons ( " : " ) . Each part is 16 bit long and hence it is 8x16= 128 bit address 1080: 0: 0: 0: 8: 800: 200C: 417A Unicast address FF01: 0: 0: 0: 0: 0: 0: 101 Mult icast address Br oa dca st ing M e t h ods I ncluded in I Pv6 ar e a num ber of new broadcast ing m et hods: Unicast Mult icast Anycast
Fe a t ur e s

QoS Mobile I P Aut o configurat ion Securit y
Overview
of I Pv6 and MPLS

6 .2 Rout ing
Rout ing Ba sics
Rout ing is t he process of guiding t he rout ers t o find t he best possible out going pat h for an incom ing packet . This is done wit h t he help of configured I P addresses on host s t hat are present on t he net w ork . Thus, t he t erm rout ing im plies m oving a dat a pack et from one host on a net work t o anot her host on a different net wor k. Thus, t hey help com m unicat ion across t he int ernet work. Rout ers use logical net work address of t he dest inat ion host t o t rav er se t he packet t hrough t he ent ire net w or k and reach t he appr opriat e net work and t hey use physical address t o sent t he packet t o t he exact dest inat ion host . Rout ers need t o hav e a cert ain am ount of basic inform at ion in order t o r out e t he packet s which are st at ed as follows: Dest inat ion address of t he host I t should know about t he neighbor rout ers so t hat it can pass t he inform at ion t hrough t hem in order t o r each a r em ot e rout er. I t m ust be awar e of possible rout es t o dist ant net work s. I t m ust be able t o calculat e t he best r out e t o each dist ant net work . Rout er s need t o preserv e and validat e t he r out ing inform at ion.
The rout ers can be m ade aware of t he r out ing inform at ion t hrough t he neighboring rout ers or it is direct ly fed by t he net w or k adm inist rat or. Aft er acquiring t he inform at ion, t he rout ers build t he rout ing t able which helps t hem t race t he r em ot e net wor k. Rout ers ar e awar e of t he net w or ks t hat are direct ly connect ed t o t hem .
The Pr oce ss of I P r out ing

The basic process of I P rout ing is unanim ous irrespect ive of t he ext ent of t he int ernet w or k. Let us have a look at t he basic process of I P rout ing wit h t he help of an exam ple. Consider t he figure ( a) below. Let us assum e t hat Host A want s t o com m unicat e wit h Host B. We use t he ping com m and fr om Host A t o host B. i.e. Host A pings Host B.
Figure 30: Basic I P Rout ing
Following is t he st ep by st ep process t hat t ak es place for t his com m unicat ion: 1. I nt ernet Cont r ol Message Prot ocol ( I CMP) gener at es an echo request . 2. I CMP hands ov er t he r equest t o I nt ernet Pr ot ocol ( I P) , which t hen generat es a pack et . This packet should cont ain an I P sour ce address, an I P dest inat ion address, and a Pr ot ocol field. The prot ocol field gives t he inform at ion about which prot ocol is t o be used at t he net work layer when t he packet r eaches t he dest inat ion. 3. Aft er t he pack et is generat ed, I P finds out if t he dest inat ion I P addr ess is on t he local net work or a dist ant net wor k. 4. I n t his case, t he packet is dest ined for a dist ant net work i.e. 10.1.2.2. Thus, t he pack et should be sent t o t he default gat eway so t hat it can be r out ed t o t he dist ant net wor k. The configured default gat eway is found out by searching t he regist ry in Windows. 5. Host A wit h I P address 10.1.1.2 has a default gat eway configured as 10.1.1.1. I n order t o send t he pack et t o t he default gat eway, t he hardwar e addr ess of t he r out er s int erface E0 which is configured wit h t he I P addr ess of 10.1.1.1 should be known. This is because t he packet needs t o be given t o t he Dat a Link layer t o form t he fram e and send t o t he r out er s int erface connect ed t o t he 10.1.1.0 net work . I t is im port ant t o send t he pack et t o t he Media Access Cont r ol ( MAC) address of t he gat eway because host s can com m unicat e using hardware addresses only. 6. The ARP ( Addr ess r esolut ion prot ocol) is used t o find t he hardware address. The ARP cache is first check ed if t o see if t he I P addr ess of t he default gat eway has already been resolved t o a hardware address. I f t he addr ess is already r esolved, t he pack et is given t o t he dat a link layer and sent t o E0 int erface of t he default gat eway. I f t he hardware address is not already present in t he ARP cache, an ARP broadcast is send t o t he local net work t o search for t he hardwar e addr ess of 10.1.1.1.The rout er responds t o t he request and supplies t he hardwar e addr ess of E0 and Host A adds t his address t o it s cache. 7. The fram e is creat ed which consist s of t he cont r ol inform at ion like dest inat ion MAC address, sour ce MAC address and t ype of pr ot ocol. I t does not include t he MAC address of t he Host B. FCS is t he fram e check sequence used t o cont r ol t he sequence of dat a. The fram e is shown below:
D e st ina t ion M AC
( rout ers E0 MAC address)
Sour ce M AC
( Host A MAC address)
Et he r - Type f ie ld
Pa ck e t
FCS ( CRC)
8. Aft er t he fram e is com plet ed, it s given down t o t he Phy sical layer and put on t he physical m edium 9. Ev er y host in t he sam e collision dom ain receives t he dat a from t he physical layer and rebuilds t he fram e. I t check s if t he FCS m at ches. I f it m at ches, it accept s t he dat a else it rej ect s it . I f t he FCS m at ches, it checks t he hardwar e addr ess as well. Aft er t his, it is handed ov er t o t he net wor k layer . 10. The pack et is drawn fr om t he fram e and t he rest of t he fram e is discar ded. The pack et is given t o t he prot ocol shown in t he Et her- Type field. 11. The net w ork layer pr ot ocol i.e. I P obt ains t he pack et and checks t he I P dest inat ion address. Since t he packet s dest inat ion address is not t hat of t he receiving rout er , it finds out if t he dest inat ion address is pr esent in it s rout ing t able. 12. I f t he rout er does not find an ent ry for t he net wor k 10.1.2.0 or t he packet will be discarded im m ediat ely and an I CMP m essage will be sent back t o t he originat ing device wit h a m essage t hat t he dest inat ion is unreachable. 13. I f t he rout er finds t he ent ry t o t he net work 10.1.2.0, it swit ches t he packet t o t hat int erface. I n our exam ple, it s E1. 14. The rout er swit ches t he packet t o t he buffer of Et hernet 1. 15. Now, it s t he dut y of E1 t o r each t he dest inat ion Host B. I t r equires t he hardwar e addr ess of Host B for t his purpose. I t checks t he ARP cache first . I f t he hardw are address of Host B is already present in t he ARP cache, t hen t he packet and t he har dware address ar e given t o t he Dat a Link layer t o form t he fram e. I f t he hardware address is not already present in t he ARP cache, an ARP br oadcast is send t o t he local net work t o search for t he hardwar e addr ess of 10.1.2.2. Host B responds t o t he request and supplies t he hardwar e address and t he r out er adds t his address t o it s cache. The pack et is t hen given t o t he dat a link layer for fr am ing. 16. The fram e is cr eat ed at t he dat a link layer wit h t he sour ce and dest inat ion Mac addr esses, t he et her t ype field and t he FCS field. The fram e is given t o t he Phy sical layer t o be sent on t he phy sical m eans one bit at a t im e. 17. Host B receives t he fram e and it runs a CRC t o check if t he fram e belongs t o it self. I f t he result m at ches, it checks for t he dest inat ion MAC address. I f t he dest inat ion MAC address m at ches, it hands over t he packet fr om t he fram e t o t he pr ot ocol list ed in t he et her field. Thus t he packet is reached at Host B. Now Host Bs I P pr ot ocol decides t hat it has t o
respond t o t he echo r equest and t he sam e pr ocedur e is followed t o reach t he reply t o Host A. The m ost im port ant t hing t o rem em ber is t hat hardware addr esses ar e always local. They should never pass t he r out er s int erface. I n our exam ple, w e have not iced t he sam e. While sending t he fram e fr om Host A t o default rout er , t he dest inat ion hardware addr ess was t hat of t he default rout er and not t hat of t he final dest inat ion Host B.
I P Rout ing Te chnique s

As we have seen t he I P r out ing process described abov e, we ar e awar e t hat t he rout ers hav e knowledge about t he direct ly connect ed net w or ks only. I f any dist ant net work is not pr esent in t he rout ing t able of a rout er, it is discarded by t he rout er . The r out er does not send any broadcast in order t o find t he dist ant net work . This produces a lot of t rouble while rout ing inform at ion wit hin a large net work. The solut ion t o such crisis is t o m ake t he rout ers awar e of t he dist ant net wor ks. This can be done wit h t he help of I P rout ing t echniques. Following are t he various I P rout ing t echniques: St at ic Rout ing Default Rout ing Dynam ic Rout ing.
St a t ic Rout in g St at ic rout ing im plies t hat rout es ar e added t o each r out er s r out ing t able m anually. I n order t o configure t he st at ic rout es in a net wor k, it is im port ant t o under st and t he in and out of t he int ernet work . Following are t he feat ures of st at ic rout ing: The rout er CPU does not have any overhead of com put at ion of pat hs. Ther e is no use of bandwidt h bet ween t he r out ers since no r out ing inform at ion is t o not be passed. St at ic rout ing is secure because, t he adm inist rat or him self pr ovides t r ust ed r out es.
St at ic rout es can be configured on all rout er s by assigning t he rout es t o t he dist ant net works. Following are t he lim it at ions of st at ic rout ing: I t s an ov erhead for t he net wor k adm inist rat or as he needs t o underst and every rout e on t he net w ork in order t o configure t he r out es cor rect ly. I n case a net w ork is added t o t he int ernet w or k , t he adm inist rat or has t o add a rout e t o it on all rout ers m anually.
St at ic rout ing is not a pract ical solut ion in case of a large net wor k. I n t his case, m aint aining t he rout es would becom e a t edious j ob.
D e fa ult Rout in g Default rout e r efer s t o providing a default exit int erface t o a r out er . This im plies t hat if a dist ant net work address is not list ed in t he rout ing t able of a rout ing, t he rout er should use t he default rout e t o pass it forward. The default root is also known as t he gat eway of last resort . The figure below shows a default rout e at t he gat eway r out er .
Figure 31: Default Rout e A default rout e is set in case of st ub net work s. Her e, t he rout er possesses only one exit int erface. D yna m ic Rout in g Consider a very large and com plex net work . I f we cont inue t o rely on t he st at ic rout ing, we would end up m illions of ent ries acr oss t he devices spr ead at different locat ions. Secondly, if t here is a change in t he net wor k t opology, updat ing t he st at ic rout e inform at ion acr oss t he devices w ould be very difficult . So t her e was a need for an int elligence m echanism t o det erm ine t he available net work s and t he way t o reach t hem dynam ically. Thus t he dynam ic rout ing cam e int o exist ence. Dynam ic rout ing refer s t o a process wher ein t he prot ocols ar e used t o learn and m aint ain t he rout ing inform at ion on t he r out ers. Thus, pr ot ocols updat e t he r out ing t ables of t he rout ers. I t is easier t han st at ic or default rout ing because it does not involve m anual updat ing of any r out e on t he r out ing t able. A r out ing prot ocol gover ns t he rules used by a rout er when it passes r out ing inform at ion am ong neighbor rout ers. The m et hod of dynam ic rout ing is m uch cost ly as it requires rout ers t o use t he net w or k bandwidt h t o pass t he inform at ion across t he net work. Also, it consum es CPU processes.
Rout ing prot ocols are considered t o be soft ware applicat ions which learn t he dist ant net works and find out t he way t o get t o t hem . A r out er will first com e t o know about t he direct ly connect ed net wor ks. Aft er t his, t he prot ocol shall learn t he ot her r out es fr om it s neighbors t hat run t he sam e r out ing prot ocol. Aft er learning t he rout es, t he rout er will calculat e t he best possible pat h based on an algorit hm . This best rout e is adv ert ised by t he rout er t hr oughout t he net work. I n t his m anner, t he ent ire net work com es t o know about t he reachable net work s, net wor k failures and out ages. Following are t he exam ples of rout ing prot ocols: 1. Rout ing I nform at ion prot ocol ( RI P) 2. Open short est pat h first ( OSPF) 3. Border gat eway r out er ( BGP) Thus, w e hav e seen t hat rout ing t echniques ar e used depending upon t he t opology and t he size of t he int ernet wor k. I t is up t o t he net wor k adm inist rat or t o decide which t echnique is best suit able for t he int ernet work. The decision is m uch dependent on t he specific environm ent and t he business r equirem ent s.
6 .3 . Rout ing Prot ocols

Rout ing I nfor m a t ion Pr ot ocols
Rout ing im plies t raversal of inform at ion from source host in one net w or k t o dest inat ion host in sam e or a differ ent net w ork via t he int erm ediat e net w or k com ponent s. Prior t o under st anding t he RI P pr ot ocol and it s operat ions, let us have a look at t he concept s r elat ed t o RI P. 1 . I nt e r ior Ga t e w a y Pr ot ocol ( I GP) : I n t he present scenario, where t he net work s are v ery large in size, it is very unlikely t hat a single prot ocol would suffice t o im plem ent all t he funct ionalit y. Ther e w ould be m any individual syst em s car rying out t heir respect ive t ask s and a single ent it y t o govern or cont r ol t hem . Each syst em will have it s own r out ing t echnology. The prot ocol used for r out ing wit hin a syst em is called I nt erior Gat eway Prot ocol. The individual syst em s ar e called aut onom ous sy st em s ( AS) . 2 . Ex t e r ior Ga t e w a y Pr ot ocol ( EGP) : For t he abov e scenario, t he prot ocol used t o int erface am ong t hese individual syst em s is called t he Ext erior Gat eway Pr ot ocol. 3 . Use r D a t a gr a m Pr ot ocol ( UD P) : This prot ocol is an unreliable connect ionless pr ot ocol. I t is used for one- shot , r equest - reply applicat ions wher e prom pt delivery is im port ant . Applicat ion has t he r esponsibilit y t o do er ror r ecov ery . I t has ext r em ely low ov erheads.
Te r m inologie s in Rout ing Pr ot ocols

Adm inist r a t ive D ist a n ce The adm inist rat ive dist ance ( AD) is used t o j udge t he reliabilit y of rout ing inform at ion received on a r out er fr om a neighbor r out er. AD is an int eger fr om 0 t o 255, wher e 0 is consider ed as m ost r eliable and 255 is least r eliable which im plies no t r affic will be passed t hrough t his rout e. I f a rout er receives t w o updat es fr om t he sam e dist ant net work, t he rout er checks t he AD first . The r out e wit h t he least AD is added t o t he rout ing t able. I f bot h t he rout es have t he sam e AD, t hen t he rout ing prot ocol m et ric ( hop count or bandwidt h) are consider ed for t he best rout e. The rout e wit h t he least m et ric will be added t o t he rout ing t able. But if bot h adver t ised rout es hav e t he sam e AD as w ell as t he sam e m et rics, t hen t he rout ing prot ocol will send t he pack et s across each link. This process is known as loa d ba la n cin g. The adm inist rat ive dist ance can be configured on different r out ing prot ocols. The r out ers of different m anufact ur er s hav e default adm inist rat ive dist ance assigned t o various rout ing prot ocols support ed by t hem . They can also be changed. Exam ple: The default adm inist rat ive dist ance assigned t o Cisco r out ers ar e as follows:
Rout e Sou r ce Conn e ct e d int e r fa ce St a t ic r out e EI GRP I GRP OSPF RI P Unk n ow n
D e fa ult AD 0 1 90 100 110 120 255
From t he abov e exam ple, we can see t hat t he direct ly connect ed r out e is t he first preferr ed rout e as it has t he AD= 0. A st at ically defined rout e w ould be t he next preferr ed rout e. Thus, if we have a st at ic rout e, a RI P- advert ised r out e, and an I GRP- advert ised rout e advert ising t he sam e net work, t hen by default , t he rout er will always use t he st at ic rout e t he AD of st at ic r out e is changed m anually.
Cla ssifica t ion of Rout ing Algor it hm s
Ther e ar e differ ent t ypes of r out ing algorit hm s st at ed as under: 1 . D ist a nce ve ct or The dist ance- vect or pr ot ocols find t he best pat h t o a rem ot e net w ork by referring dist ance. When a pack et goes t hr ough a rout er , it is known as a hop. The best rout e is t he rout e wit h least num ber of hops. Vect or specifies t he direct ion t o t he rem ot e net work . Dist ance vect or prot ocols send t he ent ire rout ing t able as updat es t o direct ly connect ed neighbors. The updat es enclose t he lengt h of t he pat h t o t he dest inat ion ( dist ance) , as w ell as t he addr ess of t he next rout er down t he pat h ( v ect or) . W or k in g of dist a nce v e ct or r out in g pr ot ocol Let us consider figure ( 32) . I t consist s of an int ernet work wit h four rout er s. The direct ly at t ached net w or k and int erfaces are shown in t he figure. As soon as a dist ance- vect or rout ing prot ocol is st ar t ed on each r out er, t he rout ing t ables ar e updat ed wit h all rout e inform at ion gat hered from neighbor rout er s. I nit ially, every rout er has only t he direct ly connect ed rout es in t he rout ing t able as shown in figure ( 33) . The r out er s st art exchanging t heir rout ing t ables wit h t he neighbors in t he form of updat es. I n it s rout able t able, each r out er includes t he net work num ber, exit int erface, and hop count t o t he net work . The pr ocess of exchanging inform at ion cont inues in a sim ilar fashion. As shown in figure ( 34) , t he rout ing t ables include inform at ion about all t he net work s in t he int ernet work. Thus, t hey ar e com plet e. Such a com plet e net work is known as conv erged net w or k. No dat a is passed when t he rout er s wit hin t he net work are conv erging. Thus, early convergence t im e is a serious concern. Figure ( 32)
Figure ( 33)
Figure ( 34)
2 . Link st a t e Link- st at e prot ocols are also known as short est - pat h- first prot ocols. I n order t o find t he short est pat h, t he r out er s form t hr ee dist inct t ables. One t able is used t o k eep a r ecord of direct ly connect ed neighbors, one t able finds out t he t opology of t he com plet e int ernet w or k, and one form s t he r out ing t able. Link st at e rout ing prot ocols are m or e efficient t han dist ance vect or as t hey possess m ore knowledge about t he int ernet work . Exam ple: OSPF. Link st at e prot ocols pass on t he infor m at ion about t heir own links t o neighbor r out ers on t he net w or k. 3 . H ybr id Hybrid prot ocols include t he feat ur es of bot h link st at e and dist ance v ect or. Exam ple: EI GRP ( Cisco specific prot ocol) . 4 . Pa t h ve ct or Dist ance Vect or and Link St at e Algorit hm s ar e good when t he rout ing is done wit hin an aut onom ous Syst em . But when t he rout ing needs t o be across Aut onom ous Syst em s ( AS) ov er a large net work, t hese pr ot ocols ar e difficult t o adm inist er. The m ain issue wit h t he Dist ance vect or algorit hm s is t he t here will be m any rout ing loops which would ham per t he perform ance. On t he ot her hand, t he link st at e pr ot ocols need m any resources t o calculat e t he r out ing t ables for r out ing decisions. Hence t hese ar e cat ered t o by Pat h vect or algorit hm s.
This is sim ilar t o t he earlier algorit hm s but j ust uses one node per aut onom ous sy st em t o advert ise t he rout e wit hin t he AS t o t he ot her AS. This node is called Speak er.
Rout ing Loops

Dist ance v ect or algorit hm has slow conv ergence. This gives rise t o r out ing loops. All t he rout ers ar e not updat ed sim ult aneously. Exam ple: Consider t he figure ( 35) below: Suppose t hat t he int erface t o Net work 5 fails. All rout ers know about Net w ork 5 fr om Rout er D. Rout er A r eaches net w ork 5 t hrough rout er B. When Net w ork 5 is down, Rout er D inform s Rout er C. Thus, Rout er C doesnt send m essages t o r out er D anym or e. But r out er s A, B, and E are not y et known about t his. Hence t hey k eep sending out infor m at ion. Now t here is a discrepancy. Rout er A sends it rout ing t able which shows it can reach net wor k 5 t hrough rout er B. This false I nform at ion get s updat ed in t he rout ing t able of rout er C. Due t o t his incorrect inform at ion rout er C sends pack et s dest ined for net work 5 t o r out er B and r out er B sends pack et s dest ined for net w or k 5 t o rout er C. This form s a r out ing loop. Figure ( 35)
Following are t he m et hods used by dist ance vect or algorit hm t o pr ev ent rout ing loops: 1 . M a x im u m H op Cou nt : The problem described abov e is known as count ing t o infinit y. The hop count goes on increasing indefinit ely as t her e is no way t o cont r ol it every t im e t he packet passes t hr ough a rout er. This can be cont rolled by adding a m axim um hop count for one inform at ion packet . Thus, any pack et t hat crosses t he m axim um hop count will be consider ed as unreachable and shall be discarded. RI P has a m axim um hop count of 15. Thus, in case of t he abov e problem , for any r out er, net w or k 5 will be consider ed as down if t he packet dest ined for net w or k 5 cr osses 15 hops. 2 . Split H or iz on : Split horizon is anot her solut ion for rout ing loops. This is a rule t hat st at es rout ing inform at ion should not be sent back in t he direct ion fr om which it was r eceived. This would help propagat ion of incorr ect inform at ion acr oss t he int ernet work. Thus, in case of t he above pr oblem , rout er A will not be able t o send incor rect inform at ion of reaching net work 5 t hr ough rout er B as t he split horizon rule will prev ent it from sending t he inform at ion received fr om rout er B back t o rout er B 3 . Rout e Poison ing: Rout e poisoning refers t o advert ising a part icular r out e as unr eachable when it is down. Thus, in case of t he abov e problem , Rout er D will advert ise t he net w ork 5
wit h a hop count of 16 which shows it is unreachable ( rem em ber t hat RI P has a m axim um hop count 15. Hence hop count of 16 will be considered unr eachable) . 4 . H olddow n s: The serial links on t he rout ers have a t endency t o go up and down when t hey lose and gain connect ivit y. I n t his case, t he link t hat is down j ust for a couple of seconds m ay also be propagat ed t hroughout t he net wor k while t he updat es ar e sent . Holddowns can prevent t his incorrect inform at ion flowing. Holddowns refer t o t im ers t hat allow rout ers t o st abilize aft er t he down link is up or aft er any alt ernat e link is sear ched.
Rout ing I nfor m a t ion Pr ot ocol V2 ( RI P V1 )

Aft er a t horough under st anding of all t he concept s relat ed t o RI P, let s go t hrough t he specific feat ur es of RI P. RI P is a dynam ic rout ing prot ocol t hat uses t he Bellm an- Ford algorit hm . I t is a t rue dist ance vect or prot ocol. Thus, it is very clear t hat it will have all t he feat ur es of a dist ance vect or rout ing prot ocol t hat are described abov e. I t will use hop count as t he m et ric t o find t he best pat h and ex change r out ing t ables wit h t he neighbor r out ers. M e ssa ge For m a t This is an UDP based prot ocol. Each host using RI P sends and receiv es dat agram on port no 520. The updat e m essages are sent fr om port no 520 and t he response m essages t o t he r equest ar e sent t o t he port from which t he r equest originat ed. Pa ck e t For m a t s 1 - oct e t com m a nd
1 - oct e t Ve r sion N um be r
2 - oct e t Ze r o fie ld
2 - oct e t AFI Fie ld
4 - oct e t IP Addr e ss
4 - oct e t Ze r o Fie ld
4 - Oct e t Ze r o Fie ld
4 - Oct e t M e t r ic Fie ld
Com m a nd- indicat es t he t ype of packet , whet her it s a request or response. The request ask s t he r out er t o send t he com plet e r out ing t able or part of it s inform at ion. The r esponse can be a periodic rout ing updat e m essage or r eply t o a request raised earlier. When r esponses cont ains rout ing t able ent ries it requires m ult iple RI P packet s t o send inform at ion fr om large r out ing t ables Ve r sion N u m be r - used t o provide t he RI P version used. This field can indicat e different pot ent ially incom pat ible versions. Ze r o- t his field was added solely t o provide backward com pat ibilit y wit h pre- st andard variet y of RI P Addr e ss- f a m ily ide nt ifie r ( AFI ) - This field is used t o indicat e t he t ype of address being specified. The AFI for I P is 2. Addr e ss- Provides t he I P addr ess for t he ent ry M e t r ic- indicat es t he num ber of rout ers ( int er net work hops) t rav ersed in it s way t o dest inat ion. This value is bet w een 1 and 15 for a valid rout e and 16 for an unreachable rout e.
Tim e r s Rout e Upda t e Tim e r : The updat e m essages are sent for ev ery 30 seconds so a Rout ing Updat e Tim er is m aint ained for t his pur pose Rout e I nv a lid Tim e r : I f t he rout er does not receive a m essage wit hin 180 seconds from any rout er, it consider s t hat part icular rout er as invalid. Rout e Flush Tim e r : Wait s for 240 seconds bet ween a rout e becom ing invalid and it s rem oval fr om t he r out ing t able
Rout ing I nfor m a t ion Pr ot ocol V2 ( RI P V2 )

Ther e ar e cert ain lim it at ions of RI P st at ed as follows: I t is br oadcast based. Thus uses a lot of bandwidt h. I t does not support variable lengt h subnet m ask. I t does not pr ovide aut hent icat ion and t hereby is pr one t o at t acks.
Due t o t he above lim it at ions, RI Pv2 was dev eloped t o include t he abilit y t o carry t he subnet inform at ion. Plain t ext aut hent icat ion was added t o secure rout ing updat es. To av oid waking up host s t hat do not part icipat e in t he r out ing prot ocol, RI Pv2 m ult icast s r out ing updat es t o 224.0.0.9, as opposed t o RI P which uses br oadcast addr ess. Following is t he com parison bet ween RI P V1 & RI P V2 S.N o 1 RI P V1 I t uses t he dist ance vect or algorit hm I t has a m axim um hop count of 15 I t uses classful addressing I t is a prot ocol broadcast based RI P V2 I t uses t he dist ance vect or algorit hm
I t has a m axim um hop count of 15
3 4
I t uses classless addr essing I t is a m ult icast based prot ocol.
5 6 7
I t does not support VLSM No aut hent icat ion is provided It does not support discont inuous net works
I T support s VLSM I t allows for aut hent icat ion I t support s discont inuous net w or ks
OSPF
I P r out ing Rout ing in an I P r efer s t o t ransm it t ing t he packet s acr oss different net wor ks. This can be achiev ed in 2 ways St a t ic Rout in g: This r efers t o a m et hod where we m anually specify which pat h t he t raffic should t ake when it has t o t rav el fr om one net w ork t o t he ot her. How ev er in a m ult i net wor k dom ain it is not easy t o im plem ent . D yna m ic Rout in g: This is done by t he use of dynam ic Rout ing Prot ocols. These ar e configured on t he rout er and t hey t ak e t he r esponsibilit y of ident ifying t he net w or ks and est ablishing pat h t o each of t hese net work s. Dynam ic Rout ing Prot ocols r ely on t wo different kinds of algorit hm s. 1. Link St at e 2. Dist ance Vect or The Link St at e algorit hm and Dist ance Vect or algorit hm are not cov er ed in t he scope of t his docum ent . Ba ck gr ou nd I n for m a t ion a nd I ssue s w it h RI P ( Rout ing I nfor m a t ion Pr ot ocol) RI P cat ered t o t he rout ing needs but when t he net wor k size began t o grow, RI P exhibit ed so m any problem s because of which t here aroused a need for an open st andard non- propriet ar y I nt erior Gat eway Pr ot ocol. So, in t he m id 1980s so m any r esear ches w er e conduct ed t o addr ess t he r out ing problem s caused by scalabilit y issues of RI P and finally a solut ion was found which is refer red t o as OSPF. Ther e is a lim it of 15 hops wit h respect t o RI P and any net wor k out side t hat is consider ed t o be unreachable. The VLSM could not be handled be handled by RI P earlier and VLSM is significant in assigning t he I P addr esses efficient ly. RI P used periodic updat es t o be br oadcast ed across t he net w or k and it caused a lot of ov erhead inform at ion t o be t ransm it t ed over t he net work which reduced t he efficiency in it s operat ion especially wit h a WAN wher e w e have slower t ransm issions. The conv ergence of RI P is slower and in t he large net work s it consum es a lot of m inut es t o conv erge. Furt her rout er s go t hru t he hold- down and gar bage collect ion and slowly t im e out t he not r eceived r ecent inform at ion. This r esult s in t he inconsist encies in t he net work. Also t he RI P does not consider t he net w ork delays and t he link cost s as it is based only on t he hop count s and t he pat h wit h least hop count is preferr ed ev en if t he a pat h wit h higher hop count guarant ees bet t er bandw idt h and m inim al delay in t he net w ork . The RI Pv2 which was int roduced lat er was im plem ent ed wit h som e enhancem ent s like VLSM, aut hent icat ion and m ult icast r out ing capabilit y but it st ill failed t o addr ess t he issues of slow conv ergence and hop count lim it at ion t hat effect t he large net works t o a great ext ent .
This led t o t he int roduct ion of t he OSPF which provides a r obust scalable net w or k open st andard pr ot ocol which can be used in t he large ent erprise net w or ks. Today m ost of t he corporat e net work s use OSPF because of wide v ariet y of advant ages t hat it provides. Adv a nt a ge s of OSPF
Open St andard m ak es it run on m ost of t he Rout ers. Uses Dij ikst ras short est pat h First algorit hm which guarant ees loop fr ee t opology. Fast er convergence by t riggered updat es via Link St at e Adv ert isem ent s ( LSAs) . This is OSPF is a classless pr ot ocol. Hence it support s hierarchical design wit h VLSM and Link st at e Rout e Sum m arizat ion. The m et ric ( cost ) is inversely proport ional t o t he bandwidt h in case of OSPF. I t support s r out ing aut hent icat ion by various passw ord aut hent icat ion m et hods. OSPF allows rout e inj ect ion and t agging which is a m echanism where ot her r out ing prot ocols inj ect t heir rout es int o OSPF cont r olled syst em . Wit h t he t agging t he syst em can dist inguish bet ween t he learnt r out es and inj ect ed r out es.
D isa dv a nt a ge s of OSPF Requires higher m em or y t o handle adj acencies and, t opology and rout ing t ables. An ext ra CPU is required t o process SPF algorit hm on all t he rout er s as soon as t hey are t urned on for building t he adj acencies and rout ing t ables. The net work designer needs t o t ake ext ra care when designing t he hierarchy for t he large net work s. The link st at e prot ocols are m ore com plex and m or e difficult t o t rouble shoot when com pared t o t he dist ance v ect or pr ot ocols. The r out er s running t he ot her pr ot ocols m ight need t o be upgraded t o handle t he OSPF inform at ion.
W he n t o use OSPF Based on t he abov e advant ages and disadvant ages OSPF can be used when t he net work wit h m or e t han 50 rout er s in a m ixed v endor environm ent . I n a fixed v endor environm ent even EI GRP can be considered. For sm aller environm ent s ot her prot ocols like RI P can be used as it is fairly sim ple t o im plem ent t hem . OSPF Link St a t e s OSPF is a link st at e prot ocol which is charact erized by t he form at ion of links and com m unicat ion of t he st at e of each link over t he net work . A link is not hing but an int erface bet ween 2 nodes ( r out ers) and t he Link St at e is not hing but t he descript ion of t he link which includes I P address of t he link, m ask, net work t ype t hat it can connect t o, rout ers connect ed t o t hat link et c. These link st at es ar e exchanges ov er t he net w ork and t hese packet s are referr ed t o as link st at e packet s. All t he link st at e inform at ion is st ored in a dat abase called as link st at e dat abase. Aut onom ous Syst e m ( AS) , I GP & EGP OSPF is used in an aut onom ous syst em . An aut onom ous sy st em is a group of net w or ks which are being run under a single adm inist rat ive cont r ol. The rout ing in an aut onom ous syst em is perform ed by an I nt erior Gat eway Prot ocol ( I GP) . I GP includes RI P, OSPF, EI GRP and I S- I S. And t he r out ing bet ween various aut onom ous sy st em s is perform ed by Ext erior Gat eway pr ot ocol ( EGP) . Today only 0ne EGP is act ive and it is Bor der Gat eway Pr ot ocol ( BGP) . Not all t he prot ocols underst and t he concept of AS. The Aut onom ous Syst em s ar e for m ed so as t o det erm ine how far t he net w or k num ber can be com m unicat ed by t he rout er and also t o det erm ine what rout es it can advert ise t o anot her AS and what rout e advert isem ent s it can r eceive fr om t he ot her AS.
To dist inguish bet ween Aut onom ous Syst em s, each AS is assigned a unique num ber ranging from 1- 65535. The I nt ernet Assigned Num ber s Aut horit y is responsible for assigning t hese AS num bers. This num ber is used for public com m unicat ion but int ernally various AS num bers can be used. OSPF Ar e a s OSPF im plem ent s ar eas wit hin aut onom ous sy st em s t o provide hierarchy. An area is a cont iguous group of net work s. These ar e used t o det erm ine and cont r ol when t o shar e inform at ion across t he net work and how m uch inform at ion can be shared. Unlike t he flat rout ing where in t he change in one r out er will be com m unicat ed ov er t he ent ire net work, a hierarchical rout ing will only effect t he ar ea.
OSPF H ie r a r ch y The OSPF im plem ent s hierarchy in 2 layer s. 1. Areas 2. Back bone Each ar ea is charact erized by a 32bit num ber which is unique. This can be a single decim al num ber or a dot t ed decim al num ber. The backbone is a special area which refers t o t he t op of t he hier archy and it is represent ed by area 0. This is supposed t o be configured when t her e are m ore t han 2 areas but in general it is a good pract ice t o always st art configuring t he areas wit h area 0. Furt her t he back bone should be connect ed t o all t he ot her ar eas. This is because of t he assum pt ion t hat t he net work inform at ion about all t he ar eas is available t o t he back bone. Rout e r t e r m inology in OSPF I n OSPF based on t he int erfaces t hat a r out er has wit h respect t o areas, differ ent kinds of rout er s ar e defined I nt e r n a l Rout e r ( I R) : I f a r out er has all t he int erfaces wit hin t he sam e ar ea, it is called as I nt ernal Rout er. Ar e a Bor de r Rout e r ( ABR) : I f a rout er has int erfaces in m ult iple areas, it is refer red t o as ABR. This is m ainly responsible t o exchange t he inform at ion of t he net wor ks bet w een areas. These per form t he t ask of com m unicat ing wit h t he back bone ar ea. Hence it becom es t he responsibilit y of t he ABR t o m aint ain t he backbone and ot her area infor m at ion. Aut onom ous Sy st e m Boun da r y Rout e r ( ASBR) : The ASBR is responsible t o com m unicat e t he aut onom ous sy st em rout e inform at ion t o t he ot her AS also it receives t he inform at ion from ot her AS. These act as gat eways bet w een t he AS and ot her AS which m ay be running RI P or EI GRP or ot her inst ances of OSPF. OSPF LSA Pa ck e t Type s Depending t he lim it of t rav er sing over t he net w ork t he LSAs ar e br oadly t erm ed as 5 t ypes
LSA Type 1 : These LSAs are t erm ed as rout er LSAs and t hese ar e originat ed by all t he rout ers in t he net work . These pack et s have t he inform at ion of t he int er faces on t hat rout er and t hese ar e flooded inside a single ar ea. LSA Type 2 : These ar e t erm ed as net w or k LSAs. These ar e init iat ed by t he designat ed rout er and t his is broadcast ed t o all t he rout er s wit hin t he area and t hese LSAs cont ain t he list of t he rout ers connect ed in t he area. LSA Type 3 , 4 : These are called sum m ary LSAs. These ar e init iat ed by ABRs and are flooded t hrough out t he LSAs associat ed ar ea. The sum m ary LSAs ar e used t o adv ert ise r out e t o t he dest inat ion out side t he area. The differ ence bet ween t he t ypes 3 and 4 is t hat t he t ype 3 LSAs are used t o describe t he rout es t o t he net w or k s and t ype 4 LSAs ar e used t o describe r out es t o ASBRs. LSA Type 5 : These ar e known as AS- Ext ernal LSAs. These ar e originat ed by ASBRs and flooded t hroughout t he aut onom ous Sy st em . These describe a rout e t o a dest inat ion in anot her aut onom ous Syst em . Also, t he default rout es for t he AS ar e described by t he ASext ernal- LSAs. Ar e a Type s The areas in t he OSPF are divided int o t he following Ba ck bon e : The back bone area is already discussed in t he previous sect ions. St ub a r e a : This is t he ar ea which does not receive ext ernal rout es apart from t he default rout e. The ar ea exchanges t he r out es wit hin it self. When all t he rout er s in t he area need t o be st ub, t hey only generat e only t hose t ypes of LSAs t hat are specific t o t hat area. Only default rout e Type 3 LSA is r eceived in t his area and no r out er in t his area can generat e t he sam e. Tot a lly St ubby Ar e a : The rout er s in t his area will not ev en allow t he I nt er ar ea Sum m ar y LSAs. Only t he default rout e LSA will be adver t ised in t his area and t his is t he only way in which t he t raffic is rout ed out side t his area. This is non st andard but a useful ext ension by Cisco. This will lower sy st em ut ilizat ion as only few r out ing decisions have t o be m ade by t he rout ing processor. N ot So St u bby Ar e a : This can im port AS ext ernal rout es and send t hem t o t he back bone but cannot r eceive AS ext ernal rout es from t he back bone or t he ot her ar eas. I n t his area Type 3 and 4 LSAs are not flooded. I t is possible t o have an area which is bot h not so st ubby and t ot ally st ubby. This can be achieved by put t ing an ASBR on t he edge of t he t ot ally st ub area. This can send ext ernal rout es t o t he t ot ally st ubby ar ea and t hese ar e available t o r out ers wit hin t he ar ea. Aut h e nt ica t ion in OSPF OSPF follows for 2 t ypes of aut hent icat ion. 1 . Sim ple Pa ssw or d Au t he nt ica t ion : I n t his t ype of aut hent icat ion each area is configured wit h a password k ey. Any r out er t hat want s t o part icipat e in t his area needs t o have t hat key configurat ion allowing it t o exchange t he r out es over t hat part icular
area. This m et hod is not advised as t here is a t hreat of t he passive at t acks. Anyone who has analyzer capabilit y can break t his password and get t he packet s ex changed in t his area. 2 . M e ssa ge D ige st Aut h e nt ica t ion: This is a crypt ographic aut hent icat ion wher e in t he key- id is configured on each rout er along wit h t he password. Based on t he OSPF packet , t he r out er will generat e a m essage digest and append it t o t he packet by using an algorit hm . The k ey is not ex changed ov er t he physical and it is assigned adm inist rat ively and also t he non decreasing sequence is also associat ed wit h t he packet s t o prot ect against replay at t acks. When an int erface is configured wit h a new key , it will send m ult iple packet s t o be aut hent icat ed using m ult iple keys all t he rout ers and once it det ect s t hat all t he neighbor s aut hent icat ed t he packet s, it will st op sending t he duplicat es.
Conf igu r ing OSPF OSPF configurat ion on a rout er involves 2 m aj or act ivit ies. 1. Enable t he OSPF on t he rout er 2. Configure t he int erface on t he rout er t o a part icular area using t he net wor k addr ess. Vir t u a l Link in OSPF I n OSPF, virt ual link is configured m ainly t o link an area t hat is not physically connect ed t o t he back bone and secondly t o pat ch t he back bone in t he ev ent of t he occurr ence of t he ar ea 0 discont inuit ies. The virt ual link provides a logical pat h from a disconnect ed ar ea t o t he back bone. This is configured bet w een t wp ABRs t hat hav e a com m on ar ea and one of t hem is connect ed t o t he back bone. Furt her because of a rout er crash, if a need ar ises t o split t he backbone int o 2. Then bot h t hese ar e defined t o be ar ea 0 and a virt ual link is configured bet w een 2 ABRs t hat t ouch area 0 fr om each side and share a com m on area. This is also used w hen t wo different OSPF net works need t o be m erged t o form a single ar ea. N e ighbor for m a t ion in OSPF When t he rout er s share a com m on segm ent t hen t hey ar e called as neighbors on t he segm ent . Hello prot ocol is responsible for t he neighbor elect ion. Each int erface sends hello packet s periodically using t he I P m ult icast . Once t he hello packet s are r eceived by t he rout ers, t hey check t he availabilit y of t heir I D in t he list and if it exist s, t hen t hey becom e neighbors. Only prim ary addresses are consider ed for neighbor form at ion. I f a secondary address is configured on t he int erface, it should be r est rict ed t o belong t o t he sam e ar ea t hat t he prim ary int erface belongs t o. Tw o int erfaces can be neighbors only if t hey have sam e area- id, passwords, st ub ar ea flag, hello and dead int ervals, MTU sizes on t he connect ed int erfaces. Ther e ar e 3 st ages in form ing neighbors 1. D ow n St a t e : The rout ers dont exchange any OSPF inform at ion wit h any ot her rout er. 2. I nit St a t e : This refers t o a unidirect ional com m unicat ion where a rout e receives a hello and adds it t o t he neighbor list .
3. Tw o- W a y- St a t e : Once a r out er adds anot her rout er t o it s neighbor list , it sends a unidirect ional reply. Once t he originat ing rout er r eceives t his r eply, it adds t he dest inat ion rout er t o it s neighbor list . Adj a ce ncy in OSPF I n case of neighbor for m at ion, t he neighbors are det erm ined based on t he hello pack et exchange. Adj acencies ar e form ed based on t he dat abase exchange. So, t wo int er faces ar e called adj acent if t hey exchange t he dat abase inform at ion. I nst ead of each rout er exchanging t he inform at ion over t he net work which causes a lot of ov erhead on t he net w ork, a r out er per each m ult i access segm ent is elect ed t o do t his j ob and t his is called designat ed rout er ( DR) and in t he event of t he failure of t he DR one m or e rout ed is elect ed as backup and t his is called Backup Designat ed Rout er ( BDR) . The elect ion of DR is done based on t he priorit y set for t he r out er. I n t he ev ent wher e priorit ies are t he sam e, t he one wit h t he least rout er I D will be elect ed as t he DR. Once t he DR is elect ed, fr om t he rem aining rout ers in t he segm ent , t he sam e procedure is followed t o elect BDR. All t he rout er s exchange t he inform at ion wit h DR and BDR and Dr in t urn com m unicat es t he infor m at ion t o t he rest of t he r out er s. This r educes t he t raffic flow fr om O ( n* n) t o O ( n) . To build an adj acency, m ult iple st at es ar e involved. Rout er s t hat have exact link st at e dat abase will becom e adj acent t o each ot her . The st at es t hat t he r out er s pass t hr ough in building t he adj acency bet ween t hem ar e list ed below 1. D ow n: I n t his st at e t he Rout ers do not r eceive any inform at ion from any of t he rout er s. 2. At t e m pt : I n t his st at e rout er at t em pt s t o t ransm it hello packet s as it did not receive inform at ion from any of t he r out ers. 3. I nit : I n t his st at e, t he int erface det ect s a hello packet t hat has been sent by anot her but t his is a unidirect ional packet and t he com m unicat ion does not get est ablished yet . 4. Tw o- W a y: I n t his st age t he com m unicat ion will be bidirect ional, t he BR and t he BDR are elect ed at t he end of t his st age. This is done by deciding whet her t he link is point - t o point or virt ual. 5. Ex st a r t : I n t his st age rout er s will generat e a sequence num ber for t he pack et s t hat t hey send. This is t o ensure t hat t he m ost recent inform at ion is being exchanged ov er t he net work. 6. Ex cha nge : I n t his st at e rout er s will send t he ent ire link- st at e dat abase descript ion t o t he ot her r out ers and in t his st at e all t he packet s ar e flooded. 7. Loa ding: in t his st age, rout ers finalize t he ex change t he inform at ion t hat is exchanged. Rout er s build t wo list link- st at e r equest list and link st at e ret ransm ission list . The out dat ed or incom plet e inform at ion form s r equest list . The updat e inform at ion for m s t he ret ransm ission list t ill it get s acknowledged. 8. Full: This is t he final st at e which indicat es t hat t he adj acency is com plet e and t he neighbors ar e fully adj acent and dat abase is sy nchronized at all t he rout ers. Rout e Sum m a r iz a t ion in OSPF Sum m arizat ion of rout es in OSPF r efer s t o sum m arizing inform at ion about m ult iple rout es in one single advert isem ent . Rout es can be sum m arized bet ween 2 areas but it is a best pract ice t o sum m arize t he rout es in t he direct ion of t he back bone so t hat t he back bone will have a r ecord of all t he rout es in t he OSPF net w or k. Rout e sum m arizat ion is done generally at t he ABRs. The backbone r eceives t he r out e sum m ary about an area fr om it s respect ive ABR and in t urn it will inj ect t hese int o t he ot her areas. The rout e sum m arizat ion in OSPF is int o 2 cat egories
I nt er- Ar ea Ext ernal The I nt er- area rout e area rout e sum m arizat ion refers t o sum m arizat ion of t he rout es bet ween t he areas in t he sam e Aut onom ous Syst em . The ar eas are assigned num bers cont iguously so t hat he range can be specified in order t o lum p t he net work addr esses. I t would be difficult if t he ar eas ar e ov er lapping because t he m iddle rout ers will not be in a posit ion t o det er m ine wher e t he t raffic should be sent based on t he sum m ary address. Ext ernal rout e sum m arizat ion refers t o a sit uat ion where t he ext ernal r out es ar e being inj ect ed int o t he aut onom ous syst em . The ASBR perform t his funct ion and care needs t o be t aken car e t hat t he ext ernal rout es are cont iguous. Furt her , if t he rout ers hav e ov erlapping sum m arizat ions, t hen t her e is a risk of t he packet s being sent in t he wrong direct ion. I n case of t he ext ernal rout e inj ect ion int o t he OSPF t he OSPF r edist ribut ion of t he r out es will t ake place acr oss t he ent ire Aut onom ous Syst em . I n t his case t he cost associat ed wit h t he ext ernal will be considered as t he cost inside t he aut onom ous sy st em and in t he ev ent wher e no cost is specified OSPF will default it t o 20. Ther e ar e t wo t ypes of ext ernal rout e sum m arizat ions. I n t he first t ype t he cost t o reach an ext ernal rout e is t he sum of t he ext ernal rout e cost and t he int ernal rout e cost t o reach t hat rout e. I n t he t ype 2 t he cost t o reach an ext ernal rout e will be t he one received from t he ext ernal rout e sum m arizat ion irrespect ive of t he cost of t he int ernal rout e. I n pract ice t ype 1 is always pr efer r ed over t he t ype 2 rout e for t he sam e dest inat ion. One m ore r out e is propagat ed inside t he aut onom ous syst em in t he OSPF. This is done t o ident ify a default rout e t o t he I SP and t his is done by t he ASBR. OSPF r e dist r ibut ion t o ot h e r pr ot ocols When t he OSPF r out es ar e being redist ribut ed t o ot her prot ocols, care needs t o be t aken t o pr ovide a m et ric t hat is valid wit h t he receiving prot ocol. For exam ple, if t he OSPF rout es are r edist ribut ed t o RI P, t he m et ric t hat is being sent should be bet ween t he values 116. I n case of a m ut ual redist ribut ion, ut m ost care should be t aken as t he inaccurat e redist ribut ion will cause rout ing inform at ion t o be looped. One t hing t hat should be handled wit h care is t hat t he inform at ion t hat is learnt from a pr ot ocol should not be inj ect ed back t o t he sam e. OSPF filt ers inform at ion t hrough int erfaces and dist ribut e list s. I t m aint ains t wo kinds of dist ribut e list s. One will be t he out list which is used on t he ASBR t o filt er t he r out es being sent t o t he ot her pr ot ocols. Anot her list referr ed t o as Dist ribut e- list - in works on all rout ers which will filt er rout es being put in t he rout ing t able. However, LSAs can be propagat ed and t he downst ream r out ers will st ill have t he r out es. Point s t o r e m e m be r w hile con figur ing OSPF Det erm ine num ber of r out ers per area Num ber of ar eas per ABR Mode in which OSPF is planned t o run Num ber of neighbors Type of m esh Mem ory in a rout er CPU in each r out er Default rout e should not point t o int ernal net work else it will cause rout ing loops. Hello and Dead int ervals m ust m at ch t o becom e neighbors.
MTU sizes m ust be configured sam e if it is int ended t o cr eat e neighboring bet ween int erfaces.
Cost Value Table indicat ing cost s of different band widt hs Cost Value 1785 1652 64 10 1 I nt erface Type 56 Kbps Serial 64 Kbps Serial T1 Et hernet Fast Et hernet & FDDI
6 .4 Ex t e r ior Ga t e w a y Rout ing Pr ot ocol- BGP

EVOLUTI ON of BGP I n t he early days of t he int ernet ( ARPANET) t he connect ivit y was hierar chical and a single backbone net w or k used t o pr ovide services for each connect ed net work . The Ext erior Gat eway Prot ocol which was used t o pr ovide t he com m unicat ion am ong t he Aut onom ous Syst em s ( AS) provided no loop prev ent ion. I n addit ion t o t his t he ent ire r out ing t able is sent in t he r egular broadcast ing updat es. At t he t im e, EGP sat isfied t he requirem ent s of t he I nt ernet . When t he int ernet grew and t he ARPANET was disbanded, t his hierarchical design was t ransfor m ed int o t iered net w ork design. The m aj or I SPs w ere referr ed t o as TI ER 1, t he wholesale I SPs ar e r eferr ed as TI ER 2 and t he sm aller I SPs ar e r eferr ed as TI ER 3.The hierarchy followed here was t hat t he TI ER 1 w ould com prise a set of TI ER 2 I SPs which in t urn would have m ult iple TI ER 3 I SPs. But when t he int ernet was used for com m ercial purposes t han for m ere research purposes, t her e aroused a need for a change in t he design t o provide a fast er and efficient com m unicat ion t o t he cust om er s. For t his purpose, I SPs connect ed t o m ult iple upst ream provider s and t he TI ER 1 I SPs connect ed t o m ult iple exchange point s spr ead acr oss various locat ions. Ther e was an increase in t he prefixes being advert ised t o t he net work r egularly. This resem bled a m esh like t opology which led t o t he downfall of t he EGP. This led t o t he ev olut ion of BGP. The t ypical t iered design of t he I SPs at t he various lev els can be seen in t he figure below.
EP
BGP was specified m ainly pr oposed for t he following reasons.

Figure 36: Tiered Design of t he I SPs
To support m esh t opology of t he I SP net w or ks. Enforce adm inist rat ive policies and cont r ol I SPs. Scale up t he innum erous r out e advert isem ent s.
BGP runs on t he Pat h vect or Algorit hm . When t he connect ion is first est ablished, t he neighbors exchange t he full inform at ion about t heir net work s am ong t hem selves. Lat er , when t here is a change in t he rout ing t able, t he rout er s send t he inform at ion only about t he changed r out es. The rout er s in BGP t hat exchange inform at ion bet ween t hem selves ar e called peer s or neighbors. The connect ion is logical and needs a physical TCP connect ion t o be est ablished bet ween t hem . This connect ion can be direct or a set of int erm ediat e links. Pe e r s
From t he above figure, t he I P reachabilit y bet ween Rout ers B and E is easy as t hey have a direct physical connect ion. On t he ot her hand, t he Rout er A and Rout er D are
Figure 37: Peers
connect ed only via an int erm ediat e r out er. This would im ply t hat t he I P r eachabilit y bet ween t hese is supplied by som e ot her m eans. Hence t his would need an AS. One opt ion connect s t w o r out ers in different AS net works, like t he Rout er B- Rout er E session. The second opt ion is for t w o rout er s in t he sam e AS t o est ablish a session; t his is represent ed by t he Rout er A- Rout er D connect ion. While TCP sessions are est ablished based on t he I P r eachabilit y bet ween t wo peers, BGP uses each t ype of session in a differ ent m anner. Ex t e r na l BGP Se ssion s The session bet ween t wo BGP rout er s ar e in different AS net works is consider ed an ext ernal BGP ( EBGP) connect ion. An EBGP connect ion is generally form ed bet ween t he direct ly connect ed peer s. The t im e- t o- live ( TTL) of t he I P pack et is set t o 1, t o av oid an int erm ediat e rout er t o forward t he BGP packet . Once t he EBGP session is est ablished, t he t wo peer s can begin t o exchange r out ing inform at ion wit h each ot her. The r out es learned fr om t he ot her EBGP sessions are adv ert ised. All act ive r out es learnt from t he int ernal BGP peer s are also adv ert ised.
The abov e figure show s t he default EBGP rout e advert isem ent s. The rout e 10.100.0.0 / 16 is advert ised fr om t he Rout er I t o Rout er E via an EBGP session. The rout e 10.200.0.0 / 16 is advert ised t o Rout er E by t he Rout er F, which is an int ernal peer. Bot h rout es are curr ent ly act ive in Rout er Es rout ing t able and are advert ised t o Rout er B using an EBGP adv ert isem ent . I nt e r n a l BGP Se ssion s When bot h t he rout ers belong t o t he sam e AS, t he connect ion is called an int ernal BGP ( I BGP) connect ion. For I BGP peer s t her e is no requirem ent for t he physical connect ivit y. The TTL of t he BGP pack et s is set t o 64 t o allow for connect ivit y acr oss an AS. I BGP peer s depend on t he I GP knowledge wit hin t he AS net wor k. I n general, t he TCP session across t he net wor k will be est ablished by exam ining t he t ables of t he int erm ediat e nodes. To be specific, t he loopback addr esses of t he peer s are used t o est ablish t he session for st abilit y and resiliency. Mor e specifically, t his session is est ablished using t he loopback addresses of t he peer s for st abilit y and resiliency. This would allow I BGP session t o be act ive ev en in case of t he net wor k out ages.
Figure 38: Default EBGP rout e Advert isem ent
Peer s ex change t he rout es once t he I BGP session is est ablished. By default , only act ive BGP r out es learned fr om EBGP peers are adv ert ised across an I BGP session. Rout er B and Rout er C ar e I BGP peer s. Rout er B is learning 10.100.0.0 / 16 and 10.200.0.0 / 16 r out es fr om Rout er E, an EBGP peer. Bot h of t hese rout es are t hen r e- adv ert ised t o Rout er C across t he I BGP session. The Rout er C rout er is also learning about t he 172.30.1.0 / 24 rout e from an I BGP peerRout er D. This rout e is not advert ised t o t he ot her AS 10 rout ers because it violat es t he advert isem ent rules for I BGP peers. Confe de r a t ion s: Since t he r out er s wit hin an AS ar e fully logically m eshed t hey consum e a high am ount of bandwidt h. The necessit y for t he high band widt h in t his case can be reduced by dividing t he AS int o sub divided ASs which are r elat ively sm aller. These sub divided ASs can be gr ouped t oget her int o unit s called as confederat ions. The confederat ions r educe t he t ot al num ber of r equired peer s wit hin t he AS. Wit hout confederat ions, all t he rout ers in an AS m ust be fully m eshed. Rout e - r e f le ct or s: Rout e reflect or s ( RR) pr ovide anot her alt ernat ive for r educing t he num ber of I BGP peers wit hin an AS. Rout e reflect or s allow r out er s t o adv ert ise or r eflect I BGP r out es t o ot her I BGP speak ers I nt ernal peers of r out e r eflect ors ar e divided int o t w o gr oups: client peers and nonclient peer s. A rout e reflect or and all it s client s are called a clust er. I n an AS, t here can be m or e t han one rout e r eflect or clust er. There can also be m ore t han one r out e r eflect or in a clust er. When t her e is m ore t han one r eflect or in a clust er, special care m ust be t aken t o prevent r out e loops. St a t e s: BGP uses a Finit e St at e Machine m odel when form ing a peer relat ionship. The following are t he BGP peer st at es BGP At t r ibut e s When t her e are m ult iple r out es t o reach a part icular dest inat ion, t he best rout e needs t o be det erm ined. Ther e will be a set s param et ers observ ed by BGP for t hese decisions. These ar e called BGP at t ribut es. To design a r obust net w ork, a user needs a t hor ough underst anding about how t hese at t ribut es influence t he r out e select ion. BGP uses t he following at t ribut es Weight Local pr efer ence Mult i- exit discrim inat or Origin AS_pat h Next hop Com m unit y
W e ight At t r ibut e This is local t o a r out er . The rout e wit h t he highest w eight will have t he highest priorit y Loca l Pr e fe r e nce At t r ibut e
The local prefer ence will det erm ine how t o com e out of t he local aut onom ous syst em ( AS) . This will be pr opagat ed t hr oughout t he ent ire local Aut onom ous Syst em . Local preference at t ribut e is used t o det erm ine t he exit point from t he AS from m ult iple exit point s from t he AS. M ult i- Ex it D iscr im in a t or At t r ibut e The m ult i- exit discrim inat or ( MED) or m et ric at t ribut e is used t o det erm ine t he rout e t o be followed by an ext ernal AS t o. The t erm suggest ion is used because t he ext ernal AS t hat is receiving t he MEDs m ay be using ot her BGP at t ribut es for r out e select ion. Or igin At t r ibut e The origin at t ribut e specifies how BGP learned about a part icular rout e. I t can hav e one of t he t hr ee possible values: I GP- t his value is set when t he net work r out er configurat ion com m and is used t o inj ect t he rout e int o BGP. The r out e is int erior t o t he originat ing AS. EGPindicat es t hat t he rout e is learned via t he Ext erior Border Gat eway Pr ot ocol ( EBGP) . I ncom ple t e t he origin of t he rout e is unknow n or learned in som e ot her w ay. I t occurs when a r out e is r edist ribut ed int o BGP.
AS_ pa t h At t r ibut e When a rout e adv ert isem ent passes t hrough an aut onom ous syst em , t he AS num ber is added t o an order ed list of AS num ber s t hat t he rout e adv ert isem ent has t rav ersed. N e x t - H op At t r ibut e The EBGP next - hop at t ribut e is t he I P address t hat is used t o reach t he advert ising rout er. For EBGP peers, t he next - hop addr ess is t he I P addr ess of t he connect ion bet w een t he peers. For I BGP, t he EBGP next - hop address is car ried int o t he local AS. Com m u nit y At t r ibut e I t provides a way of grouping dest inat ions, called com m unit ies, t o which rout ing decisions ( for exam ple - accept ance, preference, and r edist ribut ion) can be applied. Rout e m aps ar e used t o set t he com m unit y at t ribut e. The Pr edefined com m unit y at t ribut es were: no- e x por t Do not adv ert ise t his r out e t o EBGP peer s. no- a dve r t ise Do not advert ise t his rout e t o any peer. int e r ne t Advert ise t his r out e t o t he I nt ernet com m unit y; all rout er s in t he net work belong t o it .
BGP M e ssa ge Type s
The ope n m e ssa ge is r esponsible t o open a connect ion bet ween t he peers. Once t he TCP connect ion is est ablished, t his is t he first m essage being sent by t he part ies. The open m essages need t o be confirm ed prior t o sending t he ot her m essages. These are confirm ed by using a keep alive m essage by t he peer. An upda t e m e ssa ge is used t o updat e t he BGP sy st em s about t he rout es. These ar e generally t ransm it t ed using a TCP connect ion t o ensur e er ror fr ee deliver y. These m essages are r esponsible and play a k ey r ole in synchronizing t he rout ing t ables from t he net work s per spect ive. They are t r ansm it t ed whenev er a r out e is added, delet ed or m odified. The n ot if ica t ion m e ssa ge is used t o indicat e an er ror condit ion. When a session has t o be closed, t he not ificat ion m essages ar e r esponsible for closing t he session and updat e t he connect ed rout er s wit h t he r eason for closing t he sam e. The k e e p- a live m e ssa ge is sent t o not ify t he ot her devices in t he net wor k t hat t he curr ent device is act ive. These ar e sent r egularly so as t o r et ain t he session from expiring.
BGP Pa t h Se le ct ion As per t he at t ribut es and t he updat es r eceived from m ult iple sources, t he best pat h is chosen by BGP in t he following way. I f t he next Hop specified in t he pat h is not accessible, t he updat e should be dropped. The pat h wit h t he highest weight has a higher preference I n t he ev ent wher e t he w eight s are sam e, t he pat h wit h t he largest local preference will have t he higher pr iorit y. I f bot h weight and local prefer ence ar e sam e, t he pat h originat ed by BGP running on t he r out er w ill be prefer r ed. I f t hese cannot det er m ine t he best pat h, t hen t he pat h wit h t he short est AS_pat h would be preferr ed. I f AS_pat h lengt h is sam e for all t he pat hs, t he pat h wit h least origin will have a higher priorit y. I f t he origin codes are also t he sam e, t he pat h wit h least Mult i- Exit Discrim inat or at t ribut e will have a higher precedence. For pat hs wit h sam e Mult i- Exit Discrim inat or, t he Ext ernal Pat h will have a priorit y over t he I nt ernal Pat h. The pat h t hrough t he closest I GP neighbor is preferr ed if t he nat ure of pat hs is sam e.
6 .5 N e t w or k Se cur it y
Net w ork securit y refers t o m aking your inform at ion safe and secur e. This can be done by m aking t he cont ent s of t he pack et s pr ot ect ed and indecipherable. Net w ork securit y is an int egral part of large as well as m edium ent erprise net work s. This is im plem ent ed using various t echniques at different lev els.
The use of firewalls is ver y r egular in t his cont ext . Firewalls provide t he feat ur e of net work securit y by exam ining t he dat a pack et s at differ ent layers viz. layer 3 and layer 4. The dat a in addit ion t o t he header s are inspect ed t o m ak e sur e t hat t he securit y is not affect ed. The capabilit y of fir ewall is usually t o aut hent icat e w eb br owser r equest s, k eep a check on t hat TCP sessions are not act ive for a longer period of t im e and also t o v erify t he dom ain nam e service ( DNS) inquiry. Rout er s provide ext ra securit y t o t he int ernal net work by select ing t he t raffic in different divisions of t he confined com pany net wor k. Rout ers im plem ent t his by applying t he concept of access list s. VLANs can also be used in place of r out ers in an int ernal secur ed net work. I n VLAN design int ernal rout ers can be subst it ut ed by m ult ilayer swit ches which have t heir own pr ecaut ionary feat ures. The below given figure shows a st andard pr ot ect ed net work:
Figure 39: St andard Pr ot ect ed Net work Let us now t ry t o under st and what kind of securit y t hreat s a classic prot ect ed int ernet work encount ers in day t o day life; lat er w ell t ry t o underst and how can we prot ect our net work from such t hreat s.
Se cur it y Thr e a t s
Securit y at t ack s diverge consider ably in t heir int ricacy and t hr eat level. Many a t im es t hey occur as a result of t he unawar eness of user s. Those who com m enced I nt ernet which has becom e an inseparable part of every ones life w ould never hav e for eseen t he securit y issues t hat wer e associat ed wit h it . This is a huge reason for insecurit y as m ost I P im plem ent at ions have becom e inherent ly insecure. Let s first ident ify ourselves wit h som e com m on t ype of securit y at t acks. Applica t ion- la y e r a t t a ck s These at t acks t ake place m ainly in t he applicat ions t hat run on t he sev ent h layer of OSI m odel. Pr ot ocols like hyper t ext t ransfer pr ot ocol ( HTTP) , File t ransfer pr ot ocol ( FTP) , and em ails are t he first t arget s. This oft en is a r esult of t he perm issions grant ed t o t hese applicat ions due t o which t he m achines t hat ar e using one of t he abov e m ent ioned applicat ions are sm ashed.
Aut or oot e r s Aut oroot ers ar e a kind of hack er s m achine. Hackers use aut or oot er s t o explor e, scrut inize, and t hen confine dat a on an int ended m achine which provides t hem an insight int o t he desired syst em aut om at ically. Ba ck door s Backdoors ar e m ainly an undocum ent ed way t o get access t o a com put er sy st em or t o t he dat a it cont ains. Wit h t he help of som e incursions t he bad guys r each t o t he specific host t hey int end t o. D e nia l of se r v ice ( D oS) a nd dist r ibut e d de nia l of se r vice ( D D oS) a t t a ck s These are m any of such effort less at t acks t hat ev en a sm all boy can carry out successfully. I n such scenarios t he ser vice t hat is norm ally provided by a sy st em is m ade engaged by devast at ing it . TCP SYN flood This usually init iat es when a SYN m essage is sent t o t he serv er in a TCP connect ion. The serv er in such cases is supposed t o r espond back wit h a SYN- ACK m essage and t hen t he connect ion is est ablished. But what goes wr ong her e is t hat in bet ween t he connect ion is halfway open t he vict im m achine is flooded wit h an inundat ion of half- open connect ions which ends up m aking t he syst em paralyzed. Ping of de a t h a t t a ck s Hack ers com m only accom plish t his at t ack by pinging vict im s m achine wit h out sized packet s causing a device t o k eep r eboot ing per sist ent ly or wit h t he int ent ion of syst em crashing.
I P spoof in g I n I P Spoofing a bad guy usually from inside or out side your net w or k pr et ends t o be as a t rust ed host m achine by using an approv ed int ernal or ext ernal addr ess. Thus t he hack er s t rue ident it y is disguised at t he back of t he spoofed addr ess which lat er r esult s in m any problem s. N e t w or k r e conn a issa nce I n net work r econnaissance hackers t ry t o learn about net w or k and t hen t hey br eak t he m achine. They use m et hods like DNS r equest s and port scans t o learn about t he net w ork. Pa ck e t sn iff e r s Pack et sniffer is a t ool which sends all packet s hit ched fr om phy sical layer. A pack et sniffer can not ch very highly confident ial inform at ion very easily.
Pa ssw or d a t t a ck s Passw ord at t ack s m ainly look for t he user password and hence access t he applicat ions used by t he vict im . Br ut e for ce a t t a ck This is a soft ware based at t ack wher ein an applicat ion is run on t he vict im s net work which in t urn helps in accessing ot her applicat ions in t he net work . Por t r e dir e ct ion a t t a ck s Port r edirect ion is a t ype of convict ion m isuse wher ein a syst em is negot iat ed by t he bad guy on t he out er net wor k of t he firewall and t hen m aneuv er t o per m it out side t raffic in exclusive of br eaching t he firewall rules. Tr oj a n hor se a t t a ck s a nd vir u se s Viruses and Troj an hor se harm t he vict im s m achine using m alevolent code. Viruses are vicious program s w hich are at t ached t o com m and.com . Viruses t r y t o delet e all t he files t hat are in t he vict im s m achine and t hat are t he applicat ion t ypes as com m and.com . Tr ust e x ploit a t ion a t t a ck s I n t hese t ypes of at t ack s t he t rust is exploit ed inside t he net work . Here an individual t akes t he benefit of t he associat ion in a net work and t hen t ries t o m isuse t he privilege provided. Ex t e nua t ing Se cur it y Thr e a t s
Securit y t hreat s can be m it igat ed t o a lot of ext ent by using t he access list s. Access list provide a way in which t he t raffic should flow in t he net w or k. Access list are applied on t he rout ers t o ensur e t hat only t he perm it t ed dat a is allowed t o pass t he net wor k. Let s t r y t o under st and t he funct ioning of t he access list s.
Acce ss List s
An access list is not hing but a set of condit ions which help t he dat a in t he net w or k t o flow in t he perm issible m anner. I t helps in classifying t he pack et s in a net work. Access list helps in cont rolling t he t raffic in a net work t o a large ext ent . I t provides a way in which t he decision regarding t he flow of any pack et fr om a link is decided. Wit h an appropriat e com binat ion of access list s t he securit y can be im plem ent ed in any m anner in t he net w ork . The cr eat ion of access list is not hing but like writ ing a code wit h cert ain condit ions like t aking a specific act ion if t he given condit ion is m et . I f t he specified condit ion is not m et t he packet is dropped or for warded t o som e ot her int erface depending on t he ot her configurat ion st at em ent s. Once y ou are clear wit h what filt ering condit ions you want in your net work , t he access list can be cr eat ed. And aft er cr eat ing t he access list it can be applied t o inbound or out bound int erface depending on our need. Pack et s passing t hrough t he net w or k which has access list applied t o it follow cert ain rules:

The com parison always st art s wit h t he first line of t he access list and t hen follows t he chronological order. The proper act ion for a packet is t aken once a m at ch is m ade from t he access list st at em ent . At t he end of ev ery access list st at em ent t her e is an im plicit deny. I f t he condit ions are not m et t he pack et will be abandoned.
Access list s ar e m ainly t wo t ypes of access list s: St a nda r d a cce ss list s St andard access list s m ake use of t he sour ce I P address as a filt er condit ion. As w e dont specify t he prot ocol in t he access list , st andard access list will not filt er based on t he prot ocol and will perm it or deny an int act set of pr ot ocols. They wont be able t o m ake any decisions based on whet her t he pr ot ocol is I P, TCP or UDP. Ex t e nde d a cce ss list s Ext ended access list m ake t he filt ering decisions based on m any ot her fields as well. They consider t he source I P addr ess, dest inat ion I P addr ess, prot ocol used and t he port num ber t he applicat ion is using at t he Transport layer. This m akes t he r ange of filt ering decisions broad and one can select t he pack et s appropriat ely.
Once t he access list is creat ed considering t he filt ering decisions and t he t ype of access list t o be used, t he next st ep is t o apply t hem t o t he int erface w e want t o. An access list rem ains inact ive unt il it is applied t o an int erface. While applying t o t he int erface w e need t o m ent ion t he direct ion in which we want it t o be funct ional. Depending upon t he direct ion in which t he access list s are applied t hey can be discrim inat ed as: I nbound a cce ss list s When t he access list is applied in t he inbound t raffic it is know as t he inbound access list . An inbound access list filt ers t he dat a befor e passing t hrough t he int erface and a packet is rout ed only if it has m at ched t he m ent ioned condit ions. Out boun d a cce ss list s When t he access list is applied in t he out bound t raffic it is know as t he out bound access list . An out bound access list filt ers t he dat a aft er passing t he int erface befor e get t ing lined up. Few guiding principle t hat we should keep in m ind befor e applying t he access list t o any int erface ar e: Ther e can be only one access list per prot ocol per direct ion i.e. t heir can be one inbound and one out bound access list per int erface. Access list should be cr eat ed in a way t hat t he vit al condit ions are checked on t he t op of t he list . Ev er y new ent ry in t he list is added at t he bot t om of t he list . Ther e is an im plicit deny at t he end of ev er y access list so ending t he access list wit h perm it is required else all t he packet s will be discarded. Access list s can only filt er t he t raffic passing t hrough t he r out er it can not filt er t he t raffic init iat ed from t he rout er . St andard access list s should be placed in t he vicinit y of dest inat ion. And t he ext ended access list s should be placed in close proxim it y t o t he source. Let s now look int o t he im plem ent at ion of t he t wo t ypes of access list s: St a nda r d Acce ss List s As y ou know st andard access list filt er t he t raffic based on t he sour ce I P addr ess. The st andard access list s lie in t he range of 1- 99 or 1300- 1999. This access list num ber helps t he r out er in ident ifying what t ype of access list it is.
For exam ple consider t he below net work .
Figure 40: Sam ple Net w ork1 Here w e want t o st op t he user s net work t o access t he account s net work and it should be accessible t o all t he ot her net w ork s. So here t he st andard list can be creat ed considering t hat t he pack et s fr om t he net work id of users net w or k are denied and all ot her packet s ar e allowed t o access t he account s net work. Aft er cr eat ing t he list it can be applied t o t he out bound direct ion of t he int erface Et hernet 0 ( E0) t o pr ev ent t he user s fr om accessing t he account s net w ork . Ex t e nde d Acce ss List s An Ext ended list s com es int o pict ure when we need t o m ake decisions based on t he I P address of source and dest inat ion bot h. Ext ended access list also allows y ou t o m ent ion t he port and t he pr ot ocol t hat ident ifies t he t ype of applicat ion. Ext ended list s helps in denying or allowing specific operat ions from one host t o anot her depending upon t he pr ot ocol and t he port m ent ioned. Sim ilarly if we consider t he sam e exam ple as w e consider ed for st andar d access list .
Figure 41: Sam ple Net w ork2
And now if t he r equirem ent is t hat you dont want t he user on users net wor k t o be able t o t elnet t he account s net work we can cr eat e an access list wit h prot ocol TCP and port num ber 23 t o deny t he t elnet access t o t he users on Users net work. Applying t his access list will help in rest rict ing only t he t elnet access while ot her operat ions would be allowed.
6 .6 I P Se cur it y ( I PSe c)
Wit h t he explosive growt h and rapid advances in com m unicat ion t echnology t he need for securit y in t he I nt er net have accent uat ed. Bot h organizat ions and individuals are focusing on secure net w ork infrast ruct ur e, applicat ions t hat have securit y m echanism s, cont rol of net work/ user t raffic using encrypt ion and aut hent icat ion m echanism s. The ev olving and em erging wide spread of business t hese day s necessit at e t o connect t o t he rem ot e locat ions ov er t he public int ernet securely. The I nt ernet Pr ot ocol Securit y ( I P Securit y) provides aut hent icat ion and encrypt ion of each I P packet in t he net work. I t is designed t o pr ovide high qualit y, int eroperable, crypt ographicallybased securit y for I Pv4 and I Pv6. The m aj or funct ional areas of I P- level Securit y are
Aut hent icat ion Confident ialit y Key Managem ent
Aut h e nt ica t ion: I t ensures t hat t he dat a r eceived was t ransm it t ed by t he part y ident ified as t he source in t he packet header. Conf ide nt ia lit y: This enables t o encrypt t he dat a t o pr ev ent snooping by t hird part ies. Ke y M a n a ge m e nt : This m echanism allows secure exchange of keys which enables t he dat a flow acr oss net wor ks in an encr ypt ed form at .
I P Se r vice s
I PSec provides m any securit y ser vices t hat provide pr ot ect ion for I P and ot her upper/ higher layers. I t det erm ines t he algorit hm s, crypt ographic keys and securit y prot ocols t o pr ovide t he r equired services. Few I PSec ser vices ar e:

Connect ionless int egrit y Prot ect ion against replays Confident ialit y Dat a origin Aut hent icat ion Lim it ed t raffic flow confident ialit y Access cont rol
Se cur it y Ar chit e ct ur e
I PSec suit e is a fram ew ork of open st andards t hat provides various funct ionalit ies using t he below m ent ioned pr ot ocols.
Figure 42: Securit y Ar chit ect ur e Block Diagram ESP: ESP st ands for Encapsulat ing Securit y Payload prot ocol. I t provides confident ialit y in t he form of encr ypt ion, connect ionless int egrit y, lim it ed t raffic flow confident ialit y, aut hent icat ion of t he dat a and an ant i- replay service. AH :
I P Aut hent icat ion Header ( AH) is one of t he m em bers of I PSec suit e. I t guarant ees connect ionless int egrit y and dat a origin aut hent icat ion. AH prot ect s I P dat agram and I P Payload against ant i- replay at t acks. Encapsulat ing Securit y Payload and Aut hent icat ion Header plays a vit al role in providing access cont r ol based on t he m anagem ent of t raffic flows and dist ribut ion of crypt ographic keys. Ke y M a n a ge m e nt : I PSec uses t he crypt ographic keys and set of m echanism s for aut hent icat ion and encr ypt ion. I t support s bot h aut om at ic and m anual key dist ribut ion.
Aut h e nt ica t ion Algor it hm : Aut hent icat ion Algorit hm specifies and provides various aut hent icat ion opt ions t o t he user . I PSec can cr eat e a dedicat ed encrypt ed t unnel t o allow com m unicat ion bet ween t w o securit y gat eway s. D om a in of I nt e r pr e t a t ion : D OI DOI of I PSec support s conciliat ion of I P com pr ession and when encry pt ion is used in I PSec, it avoids com pr ession by ot her lower layer pr ot ocols.
I PSe c Applica t ions

Ther e ar e sev eral applicat ions of I PSec due t o it s capabilit ies and feat ur es.
I PSec enables secur e r em ot e access ov er t he int ernet which provides effect ive way t o access com pany net work t hat r educes t oll charges of t he em ployees and t elecom m ut ers. I PSec pr ovides com m unicat ion which is secur e acr oss differ ent net work s like LANs, WANs and int ernet . I PSec enhances t he securit y of various com m erce applicat ions. I t encr ypt s and aut hent icat es t he t raffic at I P lev el. I PSec is capable of est ablishing connect ivit y bet ween int ranet & ext r anet wit h part ner s and building virt ual privat e net wor ks t hat reduces net w ork ov erhead, cost s. Som e of t he I PSec applicat ions are file t ransfer, client / server, web access, rem ot e logon.
Se cur it y Associa t ions

I PSec uses Securit y Associat ions ( SA) for bot h aut hent icat ion ( AH) , confident ialit y ( ESP) t o specify t he pr ot ocols and securit y param et ers. An Associat ion can be defined as one way relat ionship bet ween sending host and receiving host t hat affords securit y ser vices t o t he t raffic car ried on it . Two Securit y Associat ions ar e required t o est ablish t wo- way secur e ex change of dat a.
Ther e ar e t hr ee uniquely ident ified securit y associat ion param et ers. I P Dest inat ion Address: o o The I P Dest inat ion address denot es t he dest inat ion endpoint of t he Securit y Associat ion.I t m ay be a net w ork or end- user sy st em . Unicast addresses are allowed as of now.
Securit y Param et er s I ndex( SPI ) : o o SPI is a bit st ring which has local significance and assigned t o t he SA. AH and ESP headers include SPI so as t o enable t he r eceiving syst em t o select t he SA.
Securit y Pr ot ocol I dent ifier: o o Securit y Pr ot ocol I dent ifier is used t o indicat e which I PSec prot ocol is in use. SPI specifies whet her t he securit y associat ion is an AH or ESP.
I PSe c Be n e fit s
The benefit s of I PSec include: o o o o o o St rong securit y t hat can be applied t o all t raffic cr ossing t he perim et er. Transparent t o applicat ions. No need t o change soft ware on a user or ser ver syst em W he n I PSe c is im ple m e nt e d in a r out e r or fir e w a ll I PSec can be t r anspar ent t o end users. Ther e is no need t o t rain user s on securit y m echanism s I PSec can provide secur it y for individual
7 I P M u lt ica st
7 .1 M ult ica st ing Ove r vie w
Ther e w ere only 2 way s of sending t he t raffic in t radit ional syst em s. 1. Unicast where in a single dest ined user is sent wit h t he t raffic 2. Broadcast wher e in all t he nodes connect ed t o t he net w or k is sent t he t raffic. But wit h t he facilit ies provided by t he applicat ions and t he net w ork, t here has been a great dem and wher e in a specific group needed t o access t he sam e m essage and passing t he t raffic as unicast for each int ended r ecipient would becom e hect ic and it would not be a good idea t o t hink for. Furt her, t he specific group t hat needed t o access t he m essage was dynam ic wit h addit ion of new recipient s and delet ion of t he exist ing recipient s. Furt her, t her e has been a need for efficient handling of t he session across v arious user s am ong t he gr oup. This led t o t he int roduct ion of m ult icast and m ult icast pr ot ocols. I P Mult icast is used acr oss various applicat ions like video conferencing, soft ware dist ribut ion et c. I n addit ion t o t his, t he am ount of ov erhead is also r educed as t he single st r eam is used inst ead of duplicat ing t he sam e over t he net w ork for each single user. That m eans t her e will be only a single st ream even for any num ber of users. Especially, consider a sit uat ion wit h a video being shared t o t housands of recipient s, t his would add a considerable am ount of ov erhead in case it has t o be built and sent t o individual recipient s independent ly and separat ely. Though a single st ream is sent t o m ult iple user s t he er ror fr ee delivery is ensured by t he efficient prot ocols t hat work in back ground for various purposes. The I P m ult icast group is an arbit rar y gr oup of people int erest ed t o subscribe a service at t hat part icular m om ent of t im e. This group will subscribe t o an address refer red t o as I P m ult icast address. These addr esses belong t o t he gr oup D class of I P addresses and ar e assigned t o t he gr oup by t he I nt ernet Assigned Num ber s Aut horit y ( I ANA) . Hence t he m ult icast addresses use t he range 224.0.0.0 t o 239.255.255.255. Link Loca l Addr e sse s The addresses, 224.0.0.0 t o 224.0.0.255 are used specifically be t he m ult icast prot ocols and t hese addresses ar e reserv ed by I ANA for t hat purpose. The I P m ult icast group can be spr ead acr oss different geographical locat ions. These addresses are called as Reserv ed Link Local Addresses. Packet s bearing t hese addresses will never be forwarded by t he rout er . These packet s are r efer red as local t o t hat part icular LAN segm ent . Globa lly scope d a ddr e sse s The addresses 224.0.1.0 t o 238.255.255.255 are called globally scoped addresses and are used t o m ult icast dat a acr oss t he organizat ions. From t hese addresses som e ar e r eser ved for use by t he m ult icast applicat ions t hrough I ANA. NTP uses t he address 224.0.1.1.
Lim it e d scope Addr e sse s The addresses 239.0.0.0 t o 239.255.255.255 are r eser ved for t he int ernal group for m at ion wit hin an organizat ion and t hese addresses ar e filt ered and are pr ev ent ed by t he rout er t o ent er t he AS fr om an ext ernal AS. These ar e furt her sub divided wit hin t he local group t o allow for t he r euse wit hin t he sm aller dom ains. La ye r 2 m ult ica st a ddr e sse s Wit h t he higher layers support ing t he m ult icast , t her e needs t o be a pr ovision at t he Layer 2 level t o enable physical m ult icast ing of t he pack et s. Hence t her e needs t o be a m echanism in place t o dist inguish t he m ult icast packet s from t he unicast pack et s dest ined t o t he MAC address burnt in t he NI C card of t he device. As in t he case of t he br oadcast addresses t he 0t h bit of t he first oct et is set t o 1 indicat ing t he pack et is int ended for unicast or Br oadcast / Mult icast . The I ANA r eserv es a set of MAC addresses wit h 01: 00: 5E in hexadecim al t o cat er t o t he need of m apping I P m ult icast addresses t o t he MAC addresses. Half of t hese addr esses are used for t he m ult icast ing and hence 0100.5E00.0000 t o 0100.5E7F.FFFF for m s t he range of t he m ult icast MAC addresses. M ult ica st dist r ibut ion Tr e e s The Mult icast dist ribut ion t rees det erm ine how t he inform at ion will flow from a sour ce t o each node in t he net wor k. There ar e 2 kinds of Mult icast dist ribut ion t rees. Sour ce D ist r ibut ion Tr e e s: The r oot of a sour ce t ree is t he source fr om where t he t raffic is generat ed. The r est of t he r out ers fr om a spanning Tree. Generally, t hese spanning t rees ar e built on t he short est and hence t hese t rees ar e referr ed t o as t he Short est Pat h Tr ees. These follow t he not at ion ( S, G) wher e S is t he Sour ce addr ess and G is t he Gr oup addr ess. This ensur es t hat t he t raffic is forwarded t o all t he possible receivers in t he group. Sha r e d D ist r ibut ion Tr e e s: These t r ees use a single point as t he sour ce. This point is called RP ( Rendezv ous Point ) . When t he rout er want s t o send som e t raffic, it would send it t o t he RP and t his would in t urn send it t o all t he dest ined rout er s in t he net work . M ult ica st For w a r ding Unlike unicast t raffic for warding, t he m ult icast rout er has t o det erm ine t he direct ion of t he up st r eam s and dow n st r eam s. This is because t he t raffic is sent t o an arbit rary group of host s. I n t he ev ent of exist ence of m ult iple downst ream pat hs, t he appr opriat e pat h t hrough which t he t raffic is for w arded t o t he downst r eam is select ed. This concept of for warding t he t raffic away fr om t he source is called as reverse pat h forwarding. RPF Che ck Whenev er a m ult icast packet ar rives at a r out er t he RF is check ed and t he pack et is for warded only on successful RPF check.
The sour ce addr ess in t he unicast rout ing t able is looked at t o det erm ine whet her it has ar rived on t he cor r ect int erface. This int erface should be on t he rev er se pat h back t o t he source. I f t he int erface is on t he r everse pat h as expect ed, t hen t he packet is forwarded. I f t he int erface is not on t he r ev erse pat h t hen t he pack et is dr opped.
7 .2 M ult ica st prot ocols

I nt e r ne t Gr ou p M a n a ge m e nt Pr ot ocol When t he m ult icast syst em s hav e t o com m unicat e wit h t he net w or k r out er s, t he I nt ernet Gr oup Managem ent Prot ocol is used. I GMP facilit at es a r eceiver t o part icipat e in a t ransm ission wit h a part icular group address. The t ranslat ion of t he packet t o t he m ult icast prot ocol pack et and forwarding of t he packet t o a source in t he group are handled by a designat ed rout er . I GMP basically perform s 3 funct ions. 1. Joining a m ult icast group 2. St ay connect ed t o a m ult icast group 3. Unsubscribe/ Leav e a Mult icast group The I GMP init ially was first proposed t o handle t he above funct ions. However t here hav e been enhancem ent s t o provide m or e and m ore capabilit ies. Let us exam ine each v er sion. I GM P V e r sion 1 The I GMP v ersion has been defined in RFC 1112. This has suppor t t o j oining and st aying connect ed t o a m ult icast group. This is handled by 2 differ ent m essages. The first m essage is responsible for enabling t he j oining and connect ion ret ent ion wit h a m ult icast group while t he second m essage is responsible for get t ing t he info fr om t he m ult icast group. Ver sion Type Unused Gr oup Addr ess The various field definit ions are: Ve r sion: This field will be 1 for I GMP v1. Type : This indicat es t he m essage t ype. 1 repr esent s Host m em ber ship query while 2 represent s Host Mem bership Report . Unu se d The field is of 1 oct et in size, should cont ain all zeros and is not defined yet Che ck sum This field displays a st andard I P check sum value for t he I GMP packet . Check Sum
Gr oup Addr e ss I n a Host m em ber ship report , t he m ult icast group address is encoded in t his field. For a Host Mem bership Quer y t his field would cont ain all zeros. The Host Mem bership Query ( General Query) m essages are frequent ly generat ed by t he rout ers t o find out int erest ed receivers. The quer y is sent t o 224.0.0.1 ( All host group address) I n response t o t he quer y, t he host generat es a Host Mem bership Report of t he gr oups it has j oined and t his is sent t o t he m ult icast group t hat he host int ends t o j oin. The r eceiver does not explicit ly send any m essage t o indicat e t hat it want s t o leave t he m ult icast . I t j ust st ops r esponding t o t he m ult icast m essages fr om t he group.
I GM P V e r sion 2 As t he ver sion 1 of t he I GMP did not leave a host wit h an opt ion t o leave t he m ult icast group, t her e was t ransm ission of unneeded m ult icast t raffic from and t o t his host . This led t o t he basis of pr oposing I GMPv2 in RFC 2336 which serv ed t he purpose of giving an opt ion for a host t o leave a m ult icast group.
Type
Max. Resp. Tim e Gr oup Addr ess
Check Sum
Type : This describes t he m essage t ype being sent . The possible values for t he sam e are _ _ _ _ 0x11 0x12 0x16 0x17 Mem bership Quer y I GMPv1 Mem ber ship Report and is used for back ward com pat ibilit y I GMPv2 Mem ber ship report Leav e Gr oup Message
M a x Re spon se Tim e : Wait ing t im e of a host for receiving t he m em ber ship report fr om t he m ult icast group. This is set t o 10 seconds by default . Che ck sum : I P Checksum value for t he I GMP packet I GM P V e r sion 3 Wit h I GMP v1 and v2 t he host s could exchange t he inform at ion wit h a part icular m ult icast group. I GMP v3 provides t he host w it h an opt ion t o specify t he source list t hat it does not want t o r eceive t he m ult icast t raffic fr om and also explicit ly specify t he sour ce in t he group t hat it want s t o r eceive t he t raffic from .
Pr ot ocol I nde pe nde nt M ult ica st ( PI M ) PI M- SM is a sparse m ode pr ot ocol. I t s feat ures include JOI N m echanism inst ead of flood & prune m odel. Prot ocol independent . Support s bot h Source based t ree ( SPT) and Shared t r ees ( RPT) . Support s RPT t o SPT sw it chover. Widely Deployed and is t he m ost popular pr ot ocol in use
N e ighbor D iscove r y a nd D R Ele ct ion in PI M SM Rout er s exchange Hello pack et s for neighbor discovery . Designat ed Rout er ( DR) is elect ed based on DR priorit y. I f priorit y is sam e I P address is consider ed for elect ion. Higher I P address r out er w ould becom e DR. DR is t hen r esponsible t o send PI M JOI N/ Prune/ Regist er m essages on t hat m ult i access net work.
Shared t ree const ruct ion is t riggered by DR when it receives a I GMP JOI N m essages from it s direct ly connect ed host . When an I GMP JOI N is r eceived by DR it does t he following Locat e t he RP for t he gr oup. For t his RP, locat e t he RPF neighbor. Send a PI M ( * , G) JOI N t owards RP. Join/ Prune m essages are sent t o ALL_PI M_ROUTERS address 224.0.0.13 When int erm ediat e r out er s r eceive PI M ( * , G) JOI N it does following Check if shar ed t r ee already exist s for ( * , G) . I f yes, add t his downst r eam int erface int o OI L I f shar ed t ree does not exist , add t his downst r eam int erface in OI L and find RPF neighbor t owards RP Send a PI M ( * ,G) JOI N t owards RP
Const r uct ion of a Sh a r e d Tr e e
When DR receives t raffic from a direct ly connect ed source it does following Find RP for t he gr oup G. Encapsulat e m ult icast t r affic in Regist er m essage and unicast it t o RP Cont inue doing above st ep unt il Regist er St op is r eceived from RP When Regist er St op is r eceived, STOP encapsulat ing t he t raffic from Source and st art Regist er St op t im er. When Regist er St op t im er expires, send a NULL r egist er m essage ( Regist er m essage wit hout any m ult icast dat a) . I f no Regist er St op is r eceived, st art encapsulat ing Mcast t raffic again I f ( S,G) t r ee is built from RP t hen st art sending nat ive m ult icast t raffic t owards sour ce t r ee
When RP r eceives a Regist er m essage it does following Decapsulat e t he dat a and see if any receivers ar e pr esent for ( * ,G) . I f y es, send t o t he OI L and st art building source t r ee t owards t he sour ce Once Mult icast dat a st ar t s ar riving direct ly on SPT, send a Regist er STOP m essage I f, no m em bers are pr esent on OI L send a Regist er STOP and dont init iat e any SPT. I f no m em ber s are pr esent in OI L aft er SPT is built , Prune t he SPT
A t hreshold lim it can be set on rout ers for each group. When DR connect ed t o t he r eceiver st art s get t ing t raffic from gr oup G, it ident ifies t he sour ce and checks t he t hr eshold lim it set for swit chover from RPT t o SPT Threshold lim it is gener ally in t erm s of rat e i.e in kbps. Default t hreshold is 0 which indicat es a r out er t o j oin t he SPT as soon as first packet is received A t hreshold of infinit y indicat es a r out er never t o j oin t he SPT. I n bet ween values ar e not r ecom m ended
As soon as a r out er st ar t s r eceiving t raffic on SPT, it com pares it s RPF neighbors t o see if RPF neighbor is sam e for bot h RPT and SPT. I f t hey are sam e, no act ion needs t o be t ak en, I f t hey ar e different , a Prune needs t o be sent t o t he RPT RPF neighbor for ( S, G) pair wit h RPT bit set . Each PI M Rout er calculat es t he RP for a given group fr om t he list of RPs available called RPSet . This RP- Set can be obt ained in t wo ways St a t ic Gr ou p- RP M a pping : I n t his m et hod, for each group, one or m ore RPs ar e added st at ically. Best RP is select ed am ong t hem by running a hash algorit hm Because it is st at ically configured, it is an adm inist rat ive ov erhead I f RP fails or changes, t he m appings has t o be done again on each r out er
8 Ove r vie w M PLS

Evolut ion of M PLS I n t he t radit ional days of t he int ernet , t he challenge was t o im prove t he speed and t im e t aken by a rout er t o perfor m t he rout ing lookup. His is t o reduce t he delays in t he t ransm ission. The r out ers used a soft war e based approach for per form ing t his t ask of rout ing lookup. This was done on a cent ralized CPU ar chit ect ure. There w er e 2 m aj or t asks involved in t his. They ar e rout ing prot ocol m aint enance and t raffic forwarding based on t he rout e lookup. People st art ed observing t he benefit s of having an ATM based approach for t hese. As a r esult , ATM was int roduced in t he I P rout ing t o av oid t hese bot t lenecks. ATM uses hardwar e based Traffic Forwarding unlike t he I P r out ing wher e t he Traffic For warding is Soft war e based. ATM used pr e est ablished forw arding pat hs t o for ward t raffic. I t furt her used a fixed header lengt h. These all form ed a basis for MPLS. By t he t im e MPLS could act ually be deployed, t he r out er v endor s cam e up wit h hardwar e based rout ing lookups. This was done wit h t he aid of t he silicon t echnology and ASI Cs have com e int o t he pict ure. Though one issue was solved, t he second issue of t raffic for warding was left unaddressed. This r efers t o t ransm ission of t he packet s from one end of t he net wor k t o anot her . Let us look at various m et hods followed for t he t raffic forwarding, t heir advant ages and t he disadvant ages. 1. I P Rout ing: This used backbone wit h dedicat ed leased lines. This support ed speeds bet ween 1.544 Mbps ( T1) t o 44.736 Mbps ( T3) . Each net w ork had only few r out ers and adm inist rat ors used I GP for cont r olling t he policies and t raffic. The I GP based m et rics w ere used for opt im al ut ilizat ion. These w er e not dynam ic enough t o balance t he t raffic am ong t he links as t he best r out e select ed will always be loaded wit h all t he t raffic and t he ot her pat hs ar e not used at all. 2. ATM and Overlay Net w ork s: The t radit ional I P rout ing has becom e highly ineffect ive when t he int ernet speeds began t o gr ow and t he I SPs could not provide a higher int erface speed, t raffic cont r ol and pat t ern cont rol. Under t hese circum st ances, t he I SPs int roduced ATM which provided speeds ranging from 155.52 Mbps ( OC- 3) t o 622.08 Mbps ( OC- 12) .ATM used virt ual Circuit s ( VCs) t o connect rout ers in t he net work. Though t he physical connect ivit y is different , each Virt ual Connect ion appear ed like a Point t o Point link. Due t o sev eral m ult iple net wor ks operat ing in parallel, t his is called an overlay net wor k. Ther e was a bet t er t raffic cont rol as t he VC set up det erm ined t he pat hs dynam ically. Whenev er t her e is an over ut ilizat ion, t he VC set up m ov es t o t he ot her pat h. The basic drawback wit h t he overlay net work is t hat ATM used a fixed 53 byt e sized cell t o t ransm it t he dat a. Along wit h t he 48 byt e payload, a 5 byt e header was t ransm it t ed. Consider a 64 byt e dat a t o be t ransm it t ed. This would go in as 2 packet s and each pack et used 53 byt es. So t he t ot al of 106 byt e was sent and t her e was wast age of around 40% on t he band widt h. While t his is t he wor st case scenario, t he average bandwidt h wast age const it ut ed t o ar ound 20% . These all led t o t he int roduct ion of MPLS.
Under t hese circum st ances t he MPLS fram ew ork was proposed by t he I ETF which com bines bot h t he ATM advant ages and opt ical net works. Basically, Mult icast has t he following funct ion t o per form
Manage t raffic flows at applicat ion independent .
various granularit ies which are hardwar e independent ,
Ser ve a layer 2.5 prot ocol irrespect ive of layer2 and layer 3 prot ocols. Map I P addresses t o labels and provide pack et swit ching and circuit swit ching abilit ies. Support exist ing prot ocols t hrough t he int erfacing t o t hem . Support various t echnologies like I P, ATM, Fram e Relay, SONET
The dat a t ransm ission in MPLS is m ainly t hrough t he Label Swit ched Pat hs called as LSPs. Each node will be assigned a label and t hese labels are swit ched when est ablishing t he pat h from sour ce t o t he dest inat ion. The labels ident ify t he underlying prot ocols and LSP ar e est ablished prior t o t ransm it t ing t he dat a or when a cert ain flow is det ect ed. The labels ar e dist ribut ed by prot ocols like LDP, RSVP et c. As t he labels are of fixed lengt h and are insert ed at t he beginning of t he packet , t he swit ching is at a v ery high speed. Mult i Prot ocol Label Swit ching ( MPLS) insert s t he label st ack t o t he net wor k layer packet s and m akes t hem as t he label packet s. Labels are at t ached bet ween t he Dat a Link Lay er header and t he Lay er 3 header. The for m at of t he MPLS label st ack is shown in t he following illust rat ion:
5 Label ( 20 bit s)
8 bit s
CoS TTL MPLS Label St ack
La be l: This cont ains t he act ual label and gives t he inform at ion about t he Lay er 3 prot ocol and about t he way t o forwar d t he pack et . CoS: The scheduling/ Discarding of t he algorit hm s depend on set t ing t he Class of Ser vice field. S: This will have 1 for t he last ent ry in t he label st ack and 0 for t he rest of t he ent ries. TTL: The TTL specifies t he Tim e t o live value. M PLS t e r m inology :
La be l
A Label is a short , fixed lengt h ident ifier which det erm ines t he pat h t o be t aken by t he packet . I t is present / encapsulat ed in t he layer- 2 header . I n t he MPLS net w ork , t he next hop is calculat ed on t he basis of t he label cont ained in t he pack et at t hat device. LSR is responsible for high speed swit ching of t he packet s in t he MPLS cor e. The swit ching is done based on t he labels and t he pat h t o be t raversed. They are also known as P- Rout e r s and t hey run a label binding prot ocol. These are r efer red as PE r out ers and t hese are at t he edge of t he MPLS cloud. These ar e r esponsible for t he t raffic m anagem ent at t he end point s wher e it ent er s and exit s t he MPLS net w or k This is t he pat h t hat t he packet is supposed t o t rav er se and t his is est ablished prior t o t he dat a t ransm ission.
LSR ( La be l Sw it ching Rout e r s) LER ( La be l e dge r out e r s) LSP ( La be l Sw it che d Pa t h LD P ( La be l D ist r ibut ion Pr ot ocol)
This is responsible t o assign t he labels t o t he packet s and t hey ar e responsible for label binding and propagat ion.
There ar e differ ent pr ot ocols used by MPLS for Label Dist ribut ion. Below are few of t hem

Label Dist ribut ion Prot ocol ( LD P) pr oposed by I ETF Tag Dist ribut ion Prot ocol ( TD P) proposed by Cisco Aggregat e Rout e- based I P Swit ching proposed by I BM
LD P I n sim ple words, LDP m aps t he dest inat ion ( I P addr ess) t o Labels. LDP dist ribut es t he labels t o t he devices in MPLS core ( i.e. LSRs) .The MPLS peer devices com m unicat e wit h each ot her by sending LDP m essages t o each ot her ( Discov ery , session, advert isem ent and not ificat ion m essages) .
D a t a Tr a n sm ission in M PLS

The rout e t o r each dest inat ion from t he source is det erm ined by t he Rout ing Prot ocol These I P addr esses are m apped t o t he labels by t he LDP and t his form s an LSP. Once t he LSP is form ed t he pack et s ar e int roduced int o t he MPLS cor e net work and t he dat a is t ransm it t ed t hrough t he LSP.
For w a r ding Equ iva le n ce Cla sse s The way t he pack et s ar e t o be forwarded ar e det erm ined by t he LSRs. This is done by t he use of Label I nfor m at ion Base. The LI Bs m ap t he FEC t o labels and t he packet s get for warded by m eans of label swapping. FEC represent s t he group of I P packet s t hat ar e t o be forwarded in t he sam e m anner. Pack et s wit h sam e FECs will have t he following charact erist ics They t ake t he sam e LSP They hav e com m on CoS They hav e t he sam e priorit ies and t he forwarding/ discarding m echanism s
I n t he figure below, P1 and P2 ar e dest ined for different I P addr esses.

When t he pack et com es int o t he MPLS net work , it is assigned wit h t he FEC. The MPLS devices ar e assigned wit h t he labels by m apping t he FEC t o a cert ain label. This is done by m aking use of LI B.
Though t he packet s w ere for t he differ ent dest inat ions, t he LSP is sam e. This is due t o t he sam e FEC being given t o bot h of t hem .
Figure 43: Sam ple MPLS net work MPLS addresses t he pr oblem s faced by various t echnologies. Below are t he advant ages of using MPLS 1. Speed 2. Bet t er QoS 3. Scalabilit y
4.
Efficient Traffic Engineering
9 Ove r vie w of W AN Te ch n ologie s

As t he nam e signifies, Wide Area Net w or k is an int ernet wor k t hat spreads across long dist ances. Basically it ext ends one LAN t o ot her LANs at dist ant sit es. A dist ant sit e m ay be in anot her cit y or m ay be in a furt her count ry . Apart fr om t he dist ance, an im port ant feat ur e of a WAN is t hat one cannot own t he WAN infrast ruct ur e. Usually LAN infrast ruct ur e can be owned but WAN infrast ruct ure cannot be owned. WAN infrast r uct ure is leased from t he service provider. W AN t e r m s use d: 1 . Cust om e r pr e m ise s e quipm e nt ( CPE) : CPE is apparat us t hat s owned by t he cust om er and locat ed on t he cust om ers pr em ises. 2 . D e m a r ca t ion point : The dem arcat ion point is a defined m ark wher e t he service provider s j ob ends and t he CPE begins. I t s generally a device possessed and inst alled by t he t elecom m unicat ions com pany. 3 . Ce nt r a l office ( CO) : This spot j oins t he cust om ers net work t o t he ser vice provider s swit ched net work . The CO is occasionally known as Point of pr esence ( POP) 4 . Toll ne t w or k : A t runk inside t he providers net wor k is known as a t oll net work. Type s of W AN Con ne ct ion : Synchronous serial
Figure 44: Dedicat ed line
Asynchr onous serial, I SDN
Figure 45: Circuit Swit ched
Figur e 46: Packet Sw it ched
1 . Le a se d lin e s: A leased line is a pre- set up dedicat ed connect ion t hat st art s at t he CPE, flows acr oss t he DCE swit ch and reaches t he CPE at t he dist ant sit e. I t is also known as point t o point connect ion. This dedicat ed connect ion is quit e cost ly since it com es as owned line. I t pr ovides synchr onous serial lines up t o 45 Mbps. PPP encapsulat ions are usually used in leased lines. 2 . Cir cuit sw it che d: A circuit swit ched connect ion is t he one in which t he cost is applicable for t he durat ion of usage of connect ion. An end- t o- end connect ion is first est ablished and only t hen dat a t ransfer t akes place. This kind of connect ion is analogous t o phone call. One has t o pay only for t he durat ion one t alks. I t uses m odem s or I SDN for dat a t ransfer and is ut ilized dat a t ransfer of low- bandwidt h. 3 . Pa ck e t sw it che d: A packet swit ched connect ion is t he one wher ein t he bandwidt h is shared am ongst different com panies. Dat a t r ansfer t ak es place as and when r equired but cannot be done const ant ly. This t ype connect ion seem s t o be like leased line but is m ore like circuit swit ched line. The advant age is t hat it is ext rem ely cost effect ive and doesnt wait for an end- t o- end connect ion est ablishm ent . The disadvant age is t hat since t he bandwidt h is shared am ongst ot her com panies, t he t ransfer rat e m ay var y depending upon t he bandwidt h. I t provides synchronous serial lines fr om 56 kbps t o 45 Mbps ( T3) . Se r ia l Tr a n sm ission : Transm ission of dat a in a wide area net work t akes place wit h t he help of serial connect ors. The serial connect ors t r ansfer dat a at t he rat e of one bit at a t im e. Serial links are expressed in frequency ( hert z) . The am ount of dat a t hat can be carried wit hin t hese fr equencies is called bandwidt h. The quant it y of dat a in bit s per second t hat t he serial channel carries is known as bandwidt h. D a t a Te r m ina l Equipm e nt ( D TE) a n d D a t a Com m u nica t ion Equipm e nt ( D CE) : A Dat a Term inal Equipm ent ( DTE) is equipm ent locat ed at t he cust om ers pr em ise t hat is used t o connect t o ot her serial deices. A Dat a Com m unicat ion Equipm ent ( DCE) is t he int erm ediat e connect ion used t o connect t w o DTE. Rout er int erfaces ar e DTE and t hey connect t o DCE like CSU/ DSU. The CSU/ DSU is connect ed t o he dem ar k and is t he last responsibilit y of t he ser vice pr ovider . Following diagram shows a DTE- DCE- DTE WAN connect ion:
Figure 47: DTE- DCE- DTE WAN connect ion Let s hav e a look at t he dat a link layer prot ocols t hat are used for encapsulat ion of t he packet s.
9 .1 Point t o Point Pr ot ocol ( PPP)

PPP is one of t he WAN prot ocols used at t he dat a link layer for encapsulat ion of fram es. I t can be used along wit h dial- up or synchronous serial ( I SDN) m edium . I t m aint ains dat a link connect ions using t he link cont rol prot ocol ( LCP) and also passes on t he net w ork layer inform at ion using t he net w or k cont r ol prot ocol ( NCP) . Thus it is seen t hat PPP pr ot ocol perm it s m ult iple net work layer pr ot ocols t o run ov er a point t o point connect ion. The advant ages of PPP ar e as follows: 1. 2. 3. 4. 5. It It It It It can encapsulat e several layer 3 packet s over a dat a link layer. is non propriet ary. Thus, can be used am ongst m ult iple vendors. provides aut hent icat ion and is secur e. facilit at es dynam ic addressing. support s callback.
The figure below shows t he PPP pr ot ocol st ack on OSI reference m odel:
Figure 48: PPP Prot ocol St ack The com ponent s of PPP are as follows: 1. At physical layer: The physical layer st andards used for PPP ar e EI A/ TI A- 2 3 2 - C, V.2 4 , V.3 5 , a nd I SD N . 2. H D LC: I t encapsulat es dat a on a serial link. 3. LCP: I t est ablishes, configures, m aint ains and t erm inat es a point - t o- point link. 4. N CP: I t est ablishes and configures various net wor k layer prot ocols. I t allows us t o use m ult iple net work layer prot ocols sim ult aneously. Conf igu r a t ion opt ion s for LCP: The LCP support s PPP by pr oviding various opt ions. Following are t he opt ions included: 1. Aut hent icat ion: This is t he securit y opt ion t hat asks for aut hent icat ion befor e est ablishing t he connect ion.
2. Com pr ession: Com pr ession is used t o increase t he effect iveness of t ransm ission. Com pr essed dat a ut ilizes low bandwidt h over t he m edium . Ther eby it increases t hroughput of t he connect ion. The dat a is decom pressed at t he end wher e it is received. 3. Det ect ion of er r or s: PPP m ak es sur e t hat t he dat a t ransfer is dependable. I t facilit at es opt ions of Qualit y and Magic Num ber t o solve t his purpose. 4. PPP callback: PPP callback is a useful charact erist ic of PPP. I t facilit at es callback aft er successful aut hent icat ion. The process st art s wit h t he calling rout er cont act ing t he rem ot e rout er and aut hent icat ing. Aft er t he aut hent icat ion is com plet ed, t he rem ot e r out er ends t he connect ion and rest art s it from rem ot e rout er s end. This helps in recording t he usage depending upon access. Est a blishm e nt of a PPP se ssion : A PPP session est ablishm ent t akes place in t he following 3 st eps: 1. Link - e st a blish m e nt pha se : This is t he first st age of session est ablishm ent . During t his st age, t he link is configured and t est ed by sending LCP pack et s. These LCP packet s are sent by each PPP device. These packet s include t he fields direct ing t he Configurat ion Opt ions st at ed above. I n case if no configurat ion opt ions are given, t he default opt ions are t aken int o considerat ion. 2. Aut h e nt ica t ion ph a se : This is t he second st age of session est ablishm ent . I t aut hent icat es t he host s t hat will be used in dat a t ransm ission. 3. N e t w or k la ye r pr ot ocol pha se : This is t he t hird st age of PPP session est ablishm ent . The net w ork layer pr ot ocol inform at ion is passed during t his phase. Ev ery layer 3 prot ocol set s up a ser vice wit h NCP. Aut h e nt ica t ion M e t h ods of PPP: PPP provides t he following t wo m et hods of aut hent icat ion: 1. Pa ssw or d Aut he nt ica t ion Pr ot ocol ( PAP) : The Passw ord Aut hent icat ion Prot ocol ( PAP) is less safe com pared t o t he ot her m et hod. I t t ransm it s t he dat a in clear t ext . I t is done on init ial link est ablishm ent only. When t he PPP link is first est ablished, t he dist ant host sends t he usernam e and password back t o t he originat ing rout er and t hus aut hent icat ion is approv ed. 2. Cha lle nge H a ndsh a k e Aut he nt ica t ion Pr ot ocol ( CH AP) : The Challenge Handshake Aut hent icat ion Prot ocol ( CHAP) is safer of t he t wo m et hods. I t per form s aut hent icat ion at t he init ial link est ablishm ent as well as perform s r egular checkups in bet ween. I t provides MD5 aut hent icat ion.
9 .2 I nt e gr a t e d Se r vice s D igit a l N e t w or k ( I SDN )

I nt egrat ed Ser vices Digit al Net work ( I SDN) is a com bined service of voice and dat a t ransm it t ed across t he sam e m edium . I t is a digit al service. I SDN facilit at es dat a and voice over t he already available t elephone net wor k. I SDN applicat ions use a lot of net work bandwidt h. The charact erist ics of I SDN im plem ent at ion include t he following: COMPANY CONFIDENTIAL
I t com prises im age applicat ions running at high speed. I t includes file t ransfer at a v ery high speed. I t support s videoconfer encing. I SDN consist s of com m unicat ion prot ocols t hat m ake t he sim ult aneous t ransfer of dat a and voice possible. The PPP prot ocol is usually used wit h I SDN t hat offers dat a encapsulat ion, link int egrit y, and aut hent icat ion. Following are t he advant ages of I SDN: I t is capable of holding voice, video, and dat a concur rent ly. I t is quick as it has a fast er call set up. I t possesses fast er rat e of dat a. Com pone nt s of I SD N : Funct ions and refer ence point s const it ut e t he basic com ponent s of I SDN. The figure below shows t he various refer ence point s and t erm inals t hat are used as part of I SDN
Figure 49: I SDN Com ponent s At som e places, I SDN ut ilizes a t wo- wire connect ion at hom e or office. That is known as U r efer ence point . The NT1 device conv ert s t he t w o- wire link t o a four- wir e link t hat are required by I SDN phones and t erm inal adapt ers ( TAs) . Som e of t he rout ers also hav e t he facilit y of built - in NT1 ( U) int erface. I SD N Te r m ina ls: The devices t hat are connect ed t o t he I SDN net wor k ar e ident ified as t erm inal equipm ent ( TE) and net work t erm inat ion ( NT) equipm ent . Bot h TE and NT com e in t he following t wo t ypes: TE1 Term inal equipm ent t ype 1 im plies t he t erm inals t hat are able t o int erpret I SDN st andards and t hus can connect direct ly t o I SDN net w or k.
TE2 Term inal equipm ent t ype 2 includes t he t erm inals t hat do not follow t he I SDN st andards and require an adapt er t o convert t he signals. N T1 Net work t erm inat ion 1 provides physical layer specificat ions of I SDN and connect s t he end user equipm ent t o t he I SDN net w ork . N T2 Net w ork t erm inat ion 2 is t he equipm ent of service provider, such as swit ch. I t also gives im plem ent at ion at Dat a Link and Net work layer. TA Term inal adapt er convert s TE2 wiring t o TE1 wiring t hat t hen connect s t o a NT1 device t o conv ert a t wo- wir e I SDN net w or k. I SD N Re fe r e nce Point s The specificat ions t hat rule t he connect ion am ongst t he differ ent equipm ent used in I SDN net work are known as reference point s. Ther e are four r efer ence point s t hat rule t he logical int erfaces of I SDN: R r e f e r e nce point giv es t he reference point bet ween non- I SDN equipm ent ( TE2) and an adapt er. S r e fe r e nce point gives t he refer ence point bet ween t he cust om er r out er and an NT2. T r e fe r e nce point gives t he reference point bet w een NT1 and NT2 equipm ent . S and T reference point s are sam e elect rically and can ex ecut e t he sam e purpose. Ther efor e, t hey are known as an S/ T refer ence point . U r e fe r e nce point gives t he reference point bet ween NT1 equipm ent and line- t erm inat ion equipm ent in a cart er net work.
9 .3 Fr a m e Re la y
Fram e r elay is one of t he v er y prom inent WAN t echnologies of t he prior decades. The m ain driving fact or for t his is t he cost involved. Fram e r elay is a non br oadcast m ult i- access net wor k i.e. it does not send any broadcast acr oss t he net wor k. Fram e Relay is based m ainly on X.25 t echnology. I t includes all t he com ponent s of X.25which are st ill relevant in t odays com m unicat ion environm ent . Fram e Relay is com parat ively com plex t han t he ot her t echnologies in it s place. I nt r oduct ion Fram e r elay uses packet swit ching. I t does not require any encapsulat ion like HDLC or PPP. I t nor m ally doesnt work like an end t o end chart er ed line and com parat ively less pricey. Let us now look at how fram e r elay can help us in real t im e scenarios. For exam ple let s consider we have t o add 5 sit es t o account s depart m ent and we hav e only one serial port , in such a case what should we do is t he quest ion?
Here fram e r elay can pr ov e t o be of gr eat help. Though t he failure point will be one t he m oney can be saved t o a large ext ent . The figure shown below gives an overview of how a net work looks before and aft er using fram e r elay.
Figure 50: Befor e Fram e Relay
Figure 51: Aft er Fram e Relay
As now you know fr am e r elay provides a packet swit ched associat ion, it widens cost acr oss m any users. I t is presum ed t hat t he cust om er will never send t he dat a sim ult aneously. Fram e r elay m ainly offers t he below bandwidt h provisions: Acce ss Ra t e The m axim um t ransm it t ing speed of fram e r elay is known as it s access rat e. CI R CI R is not hing but t he com m it t ed inform at ion rat e which specifies t he m axim um bandwidt h t o be pr ovided. I t is gener ally t he t ypical quant it y t hat will be allowed t o t he users t o br oadcast . St r uct u r e The fram e relay st ruct ure is m ainly based on LAPD pr ot ocol. The header is 2 byt es in lengt h. The figure show n gives an overview on t he fram e r elay header st ruct ur e.
Flag
Frame Relay Header
Informatio n
FCS
Flag
DLCI
C/R
EA
DLCI
FECN
BEC N
DE
EA
Figure 52: Fram e Relay - Fram e St ruct ur e Let s us t r y t o under st and t he each field in det ail: 1. Fla g: Flag is used t o achieve high level dat a link m anagem ent which specifies t hat beginning and end of t he fram e should be in an inim it able pat t ern. 2. D LCI : DLCI is not hing but an ident ifier which is used by t he end host s t o ident ify which connect ion it belongs t o. 3. C/ R: Differ ent iat es bet ween a com m and or a r esponse 4. EA: Ext ended addr ess is used for ext ra byt es in case of incr easing t he num ber of probable addr esses. 5. FECN : FECN ( For ward Explicit Congest ion Not ificat ion bit ) is used t o r eport congest ion in t he forward direct ion. 6. BECN : BECN ( Backward Explicit Congest ion Not ificat ion bit ) is used t o r eport congest ion in t he backward direct ion. 7. D E: DE ( Discard eligibilit y) helps in ident ifying which packet s can be discarded in case t here is congest ion in t he net w ork. 8. I nfor m a t ion: Helps in ident ifying t he prot ocol like X.25, I P et c. 9. FCS: FCS is used t o ensure t hat er ror cont r ol m echanism is im plem ent ed at t he host s node. Vir t u a l Cir cu it s Fram e r elay operat es on virt ual circuit s. Virt ual circuit s help in relat ing t he large num ber of devices. A virt ual circuit helps t wo DTE devices t o com m unicat e wit h each ot her . Virt ual circuit s are m ainly of t wo t ypes i.e. per m anent and swit ched. Usually perm anent virt ual circuit s are used as t hey pr ovide a connect ion perm anent ly. I n swit ched virt ual circuit t he connect ion is est ablished ev er y t im e dat a needs t o be t ransm it t ed and is brok en once it is done. Loca l M a n a ge m e nt in t e r f a ce ( LM I ) The signaling st andard bet ween t he r out er and t he first fram e r elay swit ch is known as LMI . LMI helps in conversing by t he following infor m at ion: Ke e pa live s: Ensur es t hat dat a is flowing. M ult ica st in g: Helps is proficient circulat ion of t he r out ing inform at ion and ARP r equest s. Globa l a ddr e ssing: Helps t he fram e relay t o give global significance t o t he DLCI s.
St a t u s of v ir t u a l cir cu it s: Helps in providing t he DLCI st at us. As y ou know LMI is t he connect ion bet ween r out er and first fram e r elay swit ch it s st at us varies fr om rout er t o rout er. LMI int erfaces are of following t ypes: 1. Cisco 2. ANSI 3. Q.933 A
9 .4 ATM & Ove rla y N e t w or k s

Asynchr onous Tr ansfer Mode ( ATM) was form ed for inst ant suscept ible int erchange which provides concurr ent br oadcast of dat a. The ATM cells have a fixed 53 byt es of pack et s. ATM can also m ak e use of ext ernal clocking t o ensur e t he fast er t ransm ission of dat a. ATM uses pack et swit ching t echnology and encodes t he dat a int o fixed size cells. I t uses a connect ion orient ed represent at ion t o est ablish a virt ual circuit bet ween t o host s. The figure below shows a basic ATM net work:
Figure 53: Basic ATM Net work ATM Ce lls ATM support s a variet y of services using t he different adapt at ion layers. The differ ent t ypes of adapt at ion layers ar e AAL1, AAL2, AAL3, AAL4 and AAL5. Ther e layers ar e used for t he below m ent ioned purposes: 1. AAL1: Used for const ant bit services 2. AAL2- AAL4: Used for variable bit dat a services 3. AAL5: Used for dat a
St r uct u r e An ATM cell is a 5 byt e header and has a payload of 48 byt e. ATM m ainly has t wo t ypes of cell for m at s: 1. Net work- Net w ork int er face ( NNI ) 2. User- Net w or k I nt erface ( UNI )
The figure shown below displays t he archit ect ur e of bot h t ypes of cells. UN I ATM Ce ll GFC VPI VCI VCI HEC Payload and padding if necessary (48 bytes) Figure 54: UNI Ar chit ect ure N N I ATM Ce ll VPI VPI VCI VCI HEC Payload and padding if necessary (48 bytes) PT CLP VCI PT CLP VPI VCI
Figure 55: NNI Ar chit ect ure Each field displays t he below m ent ioned par am et ers: GFC = Generic Flow Cont rol ( 4 bit s) VPI = Virt ual Pat h I dent ifier ( 8 bit s UNI ) or ( 12 bit s NNI ) VCI = Virt ual channel ident ifier ( 16 bit s) PT = Payload Type ( 3 bit s)
CLP = Cell Loss Priorit y ( 1- bit ) HEC = Header Er ror Cont rol ( 8- bit CRC) Vir t u a l Cir cu it s Ev er y ATM cell works on virt ual circuit s which includes virt ual pat h ( VP) and virt ual channels ( VC) . Ev ery cell includes an 8- 12 bit virt ual pat h ident ifier ( VPI ) and a 16 bit virt ual circuit ident ifier ( VCI ) . These help in ident ifying t he connect ion. The use of virt ual circuit s provides t he facilit y of m ult iplexing which in t urn allows using different services. Tr a ff ic Cont r a ct Traffic cont ract is one of t he vit al concept s in ATM. Aft er set t ing up a virt ual circuit swit ches ar e infor m ed about t he t raffic class specific t o a connect ion. Traffic cont ract helps in ensuring t hat t he Qualit y of Service is guarant eed. The following variant s describe t he set of param et ers for a connect ion: 1. CBR - Const ant bit rat e- Specifies a const ant peak cell rat e. 2. VBR - Variable bit rat e- Specifies and average peak rat e 3. ABR - Available bit rat e- Specifies m inim um bit rat e. 4. UBR - Unspecified bit rat e- t raffic allot t ed t o all left broadcast capabilit y. To sust ain t raffic cont ract s, net work s norm ally em ploy " shaping" , a blend of rowing and blot t ing of cells. Tr a ff ic Sh a ping Traffic shaping usually happens at t he ent ry point of an ATM net w ork t o m ake cert ain t hat it m eet s it s t raffic cont ract .

PENetworkDatacom201 StudyMaterial

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

PENetworkDatacom201 StudyMaterial

Hochgeladen von

Copyright:

Verfügbare Formate

PE N e t w or k D a t a com 2 0 1

Infosys Product Engineering School

Ra v i Kira n Gu ndu , Mu t h u Ra k k a ppa n Ka n a ga v e lu , Anuk r it i Kha r e , Re v a t h i Ka n doj i

Date 31/ 12/ 2009

Cour se num be r Aut h or

Cou r se D e scr ipt ion

PE Net w or k Dat acom 201

Pr e - r e qu isit e s for a t t e nding cou r se :

Sugge st e d cour se dur a t ion

M odifica t ion Log

1 .1 H ow do de vice s com m unica t e ?

1 .2 Type s of N e t w or k ing Te chnologie s

SAN PAN DAN CAN -

Networking within a LAN

Figure 3: Typical Com put er Net w ork

Line a r Bus Topology

Figure 4: Linear Bus Topology Adv a nt a ge s:

Ther e ar e t wo t ypes of connect ions single ring and dual ring.

Figure 5: Ring Topology Adv a nt a ge s:

Figure 6: St ar Topology Adv a nt a ge s:

Figure 7: Mesh Topology Adv a nt a ge s:

Expensive, as t he cost involved in cabling will be m or e.

2 .1 OSI Re fe r e nce M ode l

Figure 8: OSI Refer ence Model

Fibe r Opt ic Ca ble

Figure 13: Coaxial Bus Topology

Figure 14: St ar connect ed Topology

Et he r n e t in t he OSI Re fe r e nce m ode l:

Figure 15: I EEE802.3 Reference Model

Figure 18: MAC Address

Figure 19: Token Ring Fram e

Fibe r D ist r ibut e d D a t a I nt e r fa ce ( FD D I )

Figure 23: Concent rat or Fr a m e for m a t of FD D I :

Figure 24: FDDI Fram e Form at

5 .3 Spa nning Tr e e Pr ot ocol

Redundant links Mult iple fram e copies Broadcast St orm s

VLAN Tr unk ing Pr ot ocol ( VTP)

Type s of VLAN M e m be r ships

Type s of VLAN conne ct ions

VLAN Tr unk ing M e t hods or VLAN I de nt ifica t ion M e t hods

5 .6 Por t Enca psula t ion

Subnet m ask in bit s 8 16 24 23 27

Act ual Subnet m ask 255.0.0.0 255.255.0.0 255.255.255.0 255.255.254.0 255.255.255.224

6 .2 I nt e r ne t Prot ocol Ve r sion 6 ( I Pv6 )

Ver sion 4 Bit s Payload Lengt h 16 Bit s

Traffic Class 8 Bit s

Flow Label 20 Bit s Next Hop Lim it 8 Bit s 8 Bit s

Ver sion 4 Bit s

Type Of Ser vice 8 Bit s

Tot al Lengt h 16 Bit s

Fragm ent Offset 13 Bit s

Header Checksum 16 Bit s

Source Address 32 Bit s

Dest inat ion Address 32 Bit s

Opt ions ( 0 or m or e w or ds)

Opt ion Type 8 Bit s

Opt ion Lengt h 8 Bit s Byt es)

Opt ion Dat a Variable Lengt h (0 t o 255

Hdr Ext Len

Opt ions COMPANY CONFIDENTIAL

Hdr Ext Len

Type Specific Dat a Variable Lengt h Field

Fragm ent Offset 13 Bit s