Beruflich Dokumente
Kultur Dokumente
ACN - 1
Chapter 1
Objectives
Upon completion of this chapter, student should be able to understand the followings: Dynamic Host Configuration Protocol (DHCP)(RFC2131)
ACN - 2
IP address Assignment DHCP Operations DHCP Relay Agent DHCP Common Security Attacks DHCP Configurations Private Address Space (RFC 1918) NAT Operations & Terminologies NAT Types Advantages & Disadvantages NAT Configurations
Chapter 1
IP Addressing Services
ACN - 3
Chapter 1
IP Address Assignments
Before Dynamic Host Configuration Protocol (DHCP) Hosts statically assigned (unique IP address, not possible to reuse) Required large number of address Network changes meant manual re-configuration of hosts
ACN - 4
Chapter 1
IP Address Assignments
Then came Bootstrap Protocol (BOOTP) Predecessor of DHCP. Designed to configure diskless workstations based on their MAC address BOOTP Server is configured with a table of MAC addresses and the corresponding IP addresses Same IP address is always handed to a workstation No versatility Permanent assignment Static mapping only 4 configuration parameters
ACN - 5 Chapter 1
IP Address Assignments
Then came DHCP Reduces Internet access costs when NAT/PAT is not deployed by allowing dynamic address space allocation and reuse. Static IP addresses are considerably more expensive to purchase than are automatically allocated IP addresses Minimizes time and expense of client configuration. Because DHCP is easy to configure, it minimizes operational overhead and costs associated with device configuration tasks and eases deployment by nontechnical users.
ACN - 6
Chapter 1
IP Address Assignments
Then came DHCP Means of centralized management of IP information. Because the DHCP server maintains configurations for several subnets, an administrator only needs to update a single, central server when configuration parameters change. Allows client to be assigned another address when moves to a different subnet. Supports up to 20 configuration parameters Can be run on router or server
ACN - 7
Chapter 1
DHCP allows for recovery and reallocation of network addresses through a leasing mechanism. Specifically, DHCP defines mechanisms through which clients can be assigned an IP address for a finite lease period. This lease period allows for reassignment of the IP address to another client later, or for the client to get another assignment if the client moves to another subnet. Clients may also renew leases and keep the same IP address. BOOTP does not use leases.
BOOTP provides a limited amount of information to a host. DHCP provides additional IP configuration parameters, such as WINS and domain name
Chapter 1
ACN - 8
ACN - 9
Chapter 1
Chapter 1
ACN - 11
Chapter 1
ACN - 12
Chapter 1
ACN - 13
Chapter 1
ACN - 15
Chapter 1
Chapter 1
ACN - 17
Chapter 1
ACN - 18
Chapter 1
ACN - 19
Chapter 1
ACN - 20
Chapter 1
ACN - 21
Chapter 1
ACN - 22
Chapter 1
ACN - 24
Chapter 1
ACN - 25
Chapter 1
DHCP Operation
A DHCP client may receive offers from multiple DHCP servers and can accept any one of the offers; however, the client usually accepts the first offer it receives. Additionally, the offer from the DHCP server is not a guarantee that the IP address will be allocated to the client; however, the server usually reserves the address until the client has had a chance to formally request the address.
ACN - 26
Chapter 1
DHCP Operation
The client returns a formal request for the offered IP address to the DHCP server in a DHCPREQUEST broadcast message. The formal request for the offered IP address (the DHCPREQUEST message) that is sent by the client is broadcast so that all other DHCP servers that received the DHCPDISCOVER broadcast message from the client can reclaim the IP addresses that they offered to the client. The DHCP server confirms that the IP address has been allocated to the client by returning a DHCPACK unicast message to the client.
ACN - 27 Chapter 1
DHCP Messages
DHCPDISCOVER - Client broadcast to locate available servers. DHCPOFFER - Server to client in response to DHCPDISCOVER with offer of configuration parameters. DHCPREQUEST - Client message to servers either Accepting offered parameters from one server and implicitly declining offers from all others, confirming correctness of previously allocated address after, e.g., system reboot (verification), or extending the lease on a particular network address (renewal). DHCPACK - Server to client with configuration parameters, including committed network address.
ACN - 28 Chapter 1
DHCP Messages
DHCPNAK - Server to client indicating client's notion of network address is incorrect (e.g., client has moved to new subnet) or client's lease as expired DHCPDECLINE - Client to server indicating network address is already in use. DHCPRELEASE - Client to server relinquishing network address and cancelling remaining lease.
ACN - 29
Chapter 1
DHCP Relay
In a complex hierarchical network, enterprise servers are usually contained in a server farm. These servers may provide DHCP, DNS, TFTP, and FTP services for the clients.
ACN - 30 Chapter 1
DHCP Relay
Broadcast
Broadcast
PC1 either tries to obtain an IP configuration or attempts to renew its address. In addition, other network services use broadcasts to find a TFTP server or an authentication server.
ACN - 31 Chapter 1
DHCP Relay
Broadcast
Broadcast
The solution is DHCP Relay. By configuring a helper address feature on intervening routers will forward DHCP broadcasts, and others, to the appropriate server.
ACN - 32 Chapter 1
DHCP Relay
Broadcast
To configure RTA Fa0/0 (the interface that receives the Host A broadcasts) to relay DHCP broadcasts to the DHCP server, use the following commands: RTA(config)#interface fa0/0 RTA(config-if)#ip helper-address 172.24.1.9
ACN - 33 Chapter 1
DHCP Relay
DHCP clients use IP broadcasts to find the DHCP server on the segment. What happens when the DHCP server and the client are not on the same segment and are separated by a router?
Routers, by default, will not forward broadcast packets. Since DHCP client messages use the destination IP address of 255.255.255.255 (limited broadcast), DHCP clients will not be able to send requests to a DHCP server on a different subnet The router must be configured as a DHCP relay agent in order to allow the DHCP request to go through Accomplished by implementing ip helper-address The agent will forward DHCP broadcast requests on behalf of DHCP client and unicast to the DHCP server. The DHCP Relay Agent will append its own IP address to the source IP address of the DHCP frames going to the DHCP server. This allows the DHCP server to respond via unicast to the DHCP Relay Agent. ACN - 34
Chapter 1
ACN - 36
Chapter 1
I need an IP address/mask, default gateway, and DNS server. Got it, thanks! Already got the info. All default gateway frames and DNS requests sent to Rogue.
ACN - 37
Chapter 1
ACN - 39
Chapter 1
ACN - 41
Chapter 1
ACN - 43
Chapter 1
Only one is required but up to 8 addresses may be assigned in one command line.
ACN - 44
Chapter 1
Only one is required but up to 8 addresses may be assigned in one command line.
ACN - 45
Chapter 1
ACN - 46
Chapter 1
ACN - 47
Chapter 1
Step 1
Step 2 Step 3
ACN - 49 Chapter 1
Router#
show ip dhcp binding show ip dhcp server statistics show ip dhcp pool debug ip dhcp server events
ACN - 50
Chapter 1
IP Addressing Services
ACN - 52
Chapter 1
ACN - 53
Chapter 1
ACN - 54
Chapter 1
ACN - 55
Chapter 1
Chapter 1
What is NAT?
The DHCP server assigns IP dynamic addresses to devices inside the network. NAT-enabled routers retain one or many valid Internet IP addresses outside of the network. When the client sends packets out of the network, NAT translates the internal IP address of the client to an external address. To outside users, all traffic coming to and going from the network has the same IP address or is from the same pool of addresses. NAT Private Address Public Address
ACN - 57 Chapter 1
What is NAT?
A NAT enabled device typically operates at the border of a stub network. A stub network is a network that has a single connection to its neighbor network.
ACN - 58 Chapter 1
What is NAT?
Inside Private
Outside Public
When a host on the inside network wants to access a host on the outside network, the packet is sent to the border gateway router. The border gateway router performs the NAT process, translating the inside private address to an outside public address.
ACN - 59 Chapter 1
What is NAT?
Inside Private
Outside Public
The translation process uses an internal translation table. The contents of the table will vary depending on the type of network translation being implemented. We will be looking at the use of static NAT, dynamic NAT and Port Address Translation (PAT).
ACN - 60 Chapter 1
NAT Terminology
Inside Network: Usually an organizations LAN.
NAT Terminology
Local Addresses: How a node on a network is seen by another node on the same network.
10.0.0.2
128.23.2.2
10.0.0.3
128.23.3.3
ACN - 62
Chapter 1
NAT Terminology
Global Addresses: How a node on one network is seen by a node on another network.
10.0.0.2
128.23.2.2
10.0.0.3
128.23.3.3
ACN - 63
Chapter 1
NAT Terminology
Inside Local Address: An RFC 1918 address assigned to a host on an inside network. Inside Global Address: A valid public address that the host on the inside network is assigned as it exits the router. Outside Global Address: A reachable IP address assigned to a host on the Internet. Outside Local Address: A local address assigned to a host on an outside network. (Use beyond the scope of this course).
ACN - 64 Chapter 1
Send
DA 209.165.201.1
SA 209.165.200.226
DA 209.165.201.1
SA 192.168.10.10
ACN - 65
Chapter 1
Receive
DA 209.165.200.226
SA 209.165.201.1
ACN - 66
Chapter 1
ACN - 68
Chapter 1
Static Mapping: One to one mapping of local and global addresses. The hosts able to use NAT is limited by the static assignment in the table.
Inside Local
Inside Global
10.0.0.1
10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.5
179.9.8.81
179.9.8.82 179.9.8.83 179.9.8.84 179.9.8.85
10.0.0.6
179.9.8.86
If you have allocated 6 public addresses for NAT, only these 6 users can use NAT. No other network users will have access unless you allocate another global address and add it to the table.
ACN - 70 Chapter 1
NAT Overload
Port Address Translation (PAT): Allows you to use a single Public IP address and assign it up to 65,536 inside hosts (4,000 is more realistic). Modifies the TCP/UDP source port to track inside host addresses. Tracks and translates: Source IP Address. Destination IP Address. TCP/UDP Source Port Number. These uniquely identify each connection for each stream of traffic.
ACN - 72
Chapter 1
NAT Overload
Port Address Translation (PAT):
SA 192.168.10.10:1555 DA 209.165.201.1:80 SA 209.165.200.226:1555 SA 209.165.200.226:1331 DA 209.165.201.1:80 DA 209.165.202.129:80 209.165.200.226
SA 192.168.10.11:1331
DA 209.165.202.129:80
ACN - 73
Chapter 1
NAT Overload
Port Address Translation (PAT):
209.165.200.226 SA 209.165.201.1:80 SA 209.165.201.1:80 SA 209.165.202.129:80 DA 192.168.10.10:1555 DA 192.168.10.11:1331 DA 209.165.200.226:1555
SA
DA
209.165.202.129:80
209.165.200.226:1331
ACN - 74
Chapter 1
NAT Overload
Port Address Translation (PAT): NEXT AVAILABLE PORT
192.168.10.11:1444
192.168.10.12:1444
ACN - 75
Chapter 1
ACN - 76
Chapter 1
ACN - 77
Chapter 1
ACN - 79
ACN - 80
Chapter 1
ACN - 82
Chapter 1
Chapter 1
Chapter 1
Chapter 1
Chapter 1
Chapter 1
Chapter 1
ACN - 90
Chapter 1
ACN - 91
Chapter 1
Assigned by ISP
ACN - 93
Chapter 1
ACN - 94
Chapter 1
ACN - 95
Chapter 1
ACN - 96
Chapter 1
ACN - 97
Chapter 1
ACN - 98
Chapter 1
ACN - 99
Chapter 1
Objectives
Upon completion of this chapter, student should be able to understand the followings:
WAN as compare to LAN Common WAN Devices WAN and the OSI WAN Physical Layer Terminologies & Concepts WAN Data Link Layer Concepts & Encapsulation WAN Switching Concepts Circuit Switching and Packet Switching WAN Link Connection Options WAN Design
ACN - 100
Chapter 1
Introduction to WAN
LAN: (Review)
A high speed, low-error data network covering a relatively small geographic area, up to a few thousand meters. LANs connect workstations, peripherals, terminals, and other devices in a single building or other geographically limited area. LANs typically are owned by the company or organization that uses them LANs are usually high-speed connections LANs usually controlled by single administrator LAN standards specify cabling and signaling at the physical and data link layers of the OSI. Ethernet and Token Ring are widely used LAN technologies.
ACN - 101
Chapter 1
What is a WAN?
A WAN is a data communications network that operates beyond the geographic scope of a LAN.
ACN - 102
Chapter 1
What is a WAN?
A WAN is a data communications network that operates beyond the geographic scope of a LAN.
WANs connect devices that are separated by a broader geographical area than a LAN. Concerned with moving data between LANs WANs use the carriers, such as phone companies, cable companies, and network providers (WAN Service Provider). WAN might be controlled by multiple organizations. An organization must subscribe to an outside provider to gain access to WAN carrier services. WANs use serial connections of various types to provide access over large geographic areas. Ex. V.35, X.21, EIA/TIA-232 WANs use different types of WAN technologies and protocols like Frame Relay, ATM and DSL WAN bandwidth usually less than a LAN Most often be capable of handling voice, video and data simultaneously.
ACN - 103 Chapter 1
What is a WAN?
There are other business needs that require communication among remote sites using WAN:
People in the branch offices of an organization need to be able to communicate with the central site. Organizations often want to share information with other organizations across large distances. Employees who travel frequently need to access information that resides on their corporate networks.
In addition, home computer users need to send and receive data across larger distances.
It is now common in many consumers to communicate with banks, stores, and a variety of providers of goods and services via computers. Most significant difference between LAN and WAN is the technology involved
ACN - 104 Chapter 1
WAN Devices
ACN - 105
Chapter 1
WAN Devices
WANs use numerous types of devices:
Modem A voice band modem converts and reconverts the digital signals produced by a computer into voice frequencies that can be transmitted over the analog lines of the public telephone network. Faster modems, such as cable modems and DSL modems, transmit using higher broadband frequencies. CSU/DSU Digital lines, such as T1 or T3 carrier lines, require a channel service unit (CSU) and a data service unit (DSU). The two are often combined into a single piece of equipment, called the CSU/DSU. The CSU provides termination for the digital signal and ensures connection integrity through error correction and line monitoring while the DSU converts the T-carrier line frames into frames that the LAN can interpret.
ACN - 106 Chapter 1
WAN Devices
WANs use numerous types of devices:
Access server Concentrates dial-in and dial-out communications. An access server may have a mixture of analog and digital interfaces and
support hundreds of simultaneous users.
WAN switch A multiport internetworking device used in carrier networks to support Frame Relay, ATM, or X.25and operate at the data link layer of the OSI model. Router Provides internetworking and WAN access interface ports that are used to connect to the service provider network.
These interfaces may be serial connections or other WAN interfaces and may require an external device such as, a DSU/CSU or modem (analog, cable, or DSL), to connect to the service provider
ACN - 107 Chapter 1
WAN Devices
WANs use numerous types of devices (contd):
Core router A router that resides within the middle or backbone of the WAN rather than at its periphery.
To fulfill this role, a router must be able to support the highest speed in use in the WAN core, and it must be able to forward IP packets at full speed on all of those interfaces.
ACN - 108
Chapter 1
Modems
ACN - 109
Chapter 1
External CSU/DSU
To T1 circuit
To router
ACN - 110
Chapter 1
The CSU/DSU may also be built into the interface card in the router.
ACN - 111
Chapter 1
In relation to the OSI reference model, WAN operations focus on Layer 1 and Layer 2.
ACN - 112
Chapter 1
ACN - 116
Chapter 1
WAN Terminologies
LAN B
Digital Signal sends to DCE via serial cable
3 Last mile 4
ACN - 117
1
Chapter 1
1.
3.
2.
4.
ACN - 118 Chapter 1
The local loops data-carrying capacity can vary from 56kbps to several gigabits per second. (next)
ACN - 119 Chapter 1
SONET: Synchronous Optical NETwork (US version by ANSI) ACN - 120 Chapter 1
ACN - 121
Chapter 1
ACN - 122
Chapter 1
ACN - 123
Chapter 1
ACN - 124
Chapter 1
ACN - 125
Chapter 1
Data Link layer protocols define how the data is encapsulated as well as how it is transported between sites.
ACN - 126
Chapter 1
A number of technologies for the transport of data exist. While the encapsulation will vary with the technology, most use the ISO HDLC standard or a modification of it.
ACN - 127 Chapter 1
WAN Encapsulation
Data from the network layer is passed to the data link layer for delivery on a physical link, which is normally point-to-point on a WAN connection
ACN - 128
Chapter 1
WAN Encapsulation
HDLC was first proposed in 1979 and for this reason, most framing protocols which were developed afterwards are based on it. The data link layer builds a frame around the network layer data so that the necessary checks and controls can be applied. To ensure that the correct encapsulation protocol is used, the Layer 2 encapsulation type used for each router serial interface must be configured.
ACN - 129
Chapter 1
WAN Encapsulation
The choice of encapsulation protocols depends on the WAN technology and the equipment. Most framing is based on the HDLC standard. The data is encapsulated with some form of header information and an FCS field. The entire frame is then encapsulated with Flag fields to indicate the beginning and end of the frame. FLAG HEADER DATA FCS FLAG
It is important to note that most vendors (Cisco included) use their own proprietary version of HDLC on HDLC links between their own products.
ACN - 130 Chapter 1
WAN Encapsulation
Examining the Frame:
The frame always starts and ends with an 8-bit flag field to indicate the beginning and end of the frame. The bit pattern is 01111110. (0x7E)
ACN - 131 Chapter 1
WAN Encapsulation
Examining the Frame:
The address field may not needed for WAN links, depending upon the technology. The address may be 1 or 2 bytes long.
ACN - 132 Chapter 1
WAN Encapsulation
Examining the Frame:
The control field is protocol dependent. It usually indicates whether the content of the data is control information or Network layer data (1 Byte).
ACN - 133 Chapter 1
WAN Encapsulation
Examining the Frame: The address and control fields form the header information in the standard HDLC frame. Both PPP and Cisco HDLC add the Protocol field to the header to identify the Layer 3 protocol of the encapsulated data.
ACN - 135
Chapter 1
ACN - 139
Chapter 1
ACN - 140
Chapter 1
ACN - 144
Chapter 1
ACN - 145
ACN - 147
Chapter 1
Point-to-point links are usually more expensive than shared services such as Frame Relay.
A router serial port is required for each leased line connection. A CSU/DSU and the actual circuit from the service provider are also required.
ACN - 148
Chapter 1
Power limitation to help prevent crosstalk, the FCC has limited the power a modem is allowed to output over the phone line. This power limitation has the effect of reducing your possible speed to 53Kbps.
ACN - 149 Chapter 1
The advantages of modem and analog lines are simplicity, availability, and low implementation cost. The disadvantages are the low data rates and a relatively long connection time.
The dedicated circuit has little delay or jitter for point-to-point traffic, but voice or video traffic does not operate adequately at these low bit rates.
ACN - 150 Chapter 1
ACN - 151
Chapter 1
Primary Rate Interface (PRI) - ISDN is also available for larger installations. PRI delivers 23 B channels with 64 kb/s and one D channel with 64 kb/s in North America, for a total bit rate of up to 1.544 Mb/s.
ACN - 152
In Europe, and other parts of the world, ISDN PRI provides 30 B channels and one D channel, for a total of 2.048 Mb/s. In North America, PRI corresponds to a T1 connection. The rate of international PRI corresponds to an E1 or J1 connection.
Chapter 1
Another common application of ISDN is to provide additional capacity as needed on a leased line connection.
The leased line is sized to carry average traffic loads while ISDN is added during peak demand periods.
ISDN is also used as a backup if the leased line fails. With PRI ISDN, multiple B channels can be connected between two endpoints.
This allows for videoconferencing and high-bandwidth data connections with no latency or jitter. However, multiple connections can be very expensive over long distances.
ACN - 153 Chapter 1
ACN - 154
Chapter 1
The packet-switching technologies used in today's WAN networks include Frame Relay, ATM, and legacy X.25. X.25
X.25 is a legacy network-layer protocol. Typical X.25 applications are point-of-sale card readers. X.25 speeds vary from 2400 b/s up to 2 Mb/s. However, public networks are usually low capacity and rarely exceeding 64 kb/s. X.25 networks are now in dramatic decline. They are still in use in many portions of the developing world.
ACN - 155
ACN - 156
Chapter 1
Small, fixed-length cells are well suited for carrying voice and video traffic because this traffic is intolerant of delay.
ATM was designed to be extremely scalable and can support link speeds of T1/E1 to OC-12 (622 Mb/s) and higher. ATM offers both PVCs and SVCs,
ACN - 157
ACN - 158
Chapter 1
ACN - 160
Chapter 1
ACN - 161
Chapter 1
Satellite Internet - Typically used by rural users where cable and DSL are not available.
A satellite dish provides two-way (upload and download) data communications. The upload speed is about one-tenth of the download speed. To access satellite Internet services, subscribers need a satellite dish, two modems (uplink and downlink), and coaxial cables between the dish and the modem.
ACN - 162
Chapter 1
ACN - 163
Chapter 1
VPN Benefits:
Cost savings - VPNs enable organizations to use the global Internet to connect remote offices and users to the corporate site, thus eliminating expensive dedicated WAN links. Security - VPNs provide the security by using encryption and authentication protocols that protect data. Scalability - Because VPNs use the Internet infrastructure within ISPs and devices, it is easy to add new users. Compatibility with broadband technology - VPN is supported by broadband service providers such as DSL and cable.
ACN - 164
Chapter 1
Remote-access VPNs - Remote-access VPNs enable individual hosts, such as telecommuters, mobile users, and extranet consumers, to access a company network securely over the Internet.
Each host typically has VPN client software loaded or uses a webbased client.
ACN - 165
Chapter 1
ACN - 166
Chapter 1
WAN Design
Three-Layer Design Model
As networks grow star and mesh topologies become impractical Network with 10 countries and 5 cities in each requires 1225 links in full mesh Same network in star would require hub router to have 50 interfaces Hierarchical network design advantages Scalability Ease of Implementation Ease of Troubleshooting Predictability Protocol Support Manageability
ACN - 168 Chapter 1
WAN Design
Three-Layer Design Model (cont.)
Three-layer hierarchical design Similar to PSTN LANs in star topology connect to form areas Areas joined to form regions Regions linked by core links Contains majority of traffic locally Each LAN provides local services Central LAN responsible for area-wide service
ACN - 169
Chapter 1
WAN Design
Three-Layer Design Model (cont.)
Core Layer of hierarchical design model Used to move traffic between regions Carries variety of traffic Redundant high-speed links are common No packet manipulation Usually on ATM or leased-line technology Distribution Layer of design model Address or area aggregation Departmental or workgroup access to core layer Broadcast/multicast domain definition Virtual LAN (VLAN routing) Media transitions Security Campus backbone and connection routers Provides policy-based connectivity Remote access to network Links are usually Frame Relay or ATM
Chapter 1
ACN - 170
WAN Design
Three-Layer Design Model (cont.)
Layer where end users connect Might use access control lists for users Connects LANs into the WAN Isolates broadcast traffic to the workgroup Can be dialup, leased line, or Frame Relay
ACN - 171
Chapter 1
WAN Design
Other WAN Design Considerations
Internet traffic must be considered in WAN design Each branch might connect to Internet independently If traffic is low the Internet connection can be used for all traffic (no separate WAN) Server locations should be addressed
ACN - 172
Chapter 1
Chapter Summary
In this chapter, you should have learned:
WAN as compare to LAN Common WAN Devices WAN and the OSI WAN Physical Layer Terminologies & Concepts WAN Data Link Layer Concepts & Encapsulation WAN Switching Concepts Circuit Switching and Packet Switching WAN Link Connection Options
ACN - 173
Chapter 1
Objectives
Upon completion of this chapter, student should be able to understand the followings: Overview of Serial Communication & Standards TDM/STDM DTE & DCE HDLC Encapsulation Introduction to PPP & its Layered Architecture PPP Frame Structure PPP Session Establishment PPP Authentication: PAP, CHAP PPP Configurations
ACN - 175 Chapter 1
A parallel connection sends the bits over more wires simultaneously. In the 25-pin parallel port on your PC, there are 8 data wires to carry 8 bits simultaneously.
The parallel link theoretically transfers data eight times faster than a serial connection.
In reality, it is often the case that serial links can be clocked considerably faster than parallel links, and they achieve a higher data rate
Two factors that affect parallel communications: clock skew and crosstalk interference.
Chapter 1
ACN - 176
Interference
ACN - 177
Chapter 1
ACN - 178
Chapter 1
ACN - 179
HSSI is used to connect routers on LANs with WANs over high-speed lines such as T3 lines.
Chapter 1
A process called Time-Division Multiplexing (TDM) is deployed to carry multiple sources of information using one common channel, or signal, and then the reconstruction of the original streams at the remote end. TDM divides the media into multiple time slots and interleaves bytes of data from multiple conversations, assigning each conversation one or more time slots TDM functions at physical layer, it has no regard for the type of information it carries.
ACN - 180 Chapter 1
ACN - 181
Chapter 1
DTE-DCE
ACN - 182
Chapter 1
DTE-DCE
Serial connections have a data terminal equipment (DTE) device at one end and a data communications equipment (DCE) device at the other end. DTE device is usually the CPE is often the companys border router that connects to the service providers network through a leased line. uses external clock and is usually provided by DCE Ex. Router, Frame relay access device DCE is usually the service providers device. (SPE) convert the data from DTE into a form acceptable by the service providers network. uses an internal clock Ex. modem or CSU/DSU. Remote DCE device receives the signal and decodes it back into a sequence of bits that sent to the remote DTE device.
ACN - 183 Chapter 1
DTE-DCE
If two DTEs must be connected together, like two computers or two routers in the lab, a special cable called a null-modem cable is necessary to eliminate the need for a DCE. For synchronous connections, where a clock signal is needed, either an external device or one of the DTEs must generate the clock signal. The clock signal is to align the transmitting and receiving ends so that they agree on how data will be transmitted and received.
ACN - 184 Chapter 1
HDLC Encapsulation
High-level Data Link Control (HDLC): HDLC is a bit-oriented, synchronous, Data Link layer protocol developed by the International Organization for Standardization (ISO). Developed from IBMs Synchronous Data Link Control (SDLC) standard proposed in the 1970s. Provides both connection-oriented and connectionless service. Defines a Layer 2 framing structure that allows for flow control and error control through the use of acknowledgments. Uses a frame delimiter, or flag, to mark the beginning and the end of each frame.
ACN - 185 Chapter 1
HDLC Encapsulation
HDLC is used when connecting two devices manufactured from the same vendor. HDLC does not support multiple protocols on a single link, as it does not have a way to indicate which protocol is being carried. Point-to-point Protocol (PPP) is an open standard encapsulation used in a multivendor environment PPP uses HDLC as a basis for encapsulating datagrams.
ACN - 186 Chapter 1
HDLC Encapsulation
Cisco High-level Data Link Control (Cisco HDLC): Cisco has developed an extension to the HDLC protocol to solve an inability to provide multiprotocol support. Cisco HLDC is proprietary and is the default encapsulation on a Cisco device WAN port. Cisco HDLC frames contain a field for identifying the network protocol being encapsulated.
ACN - 187
Chapter 1
Configuring HDLC
The default encapsulation method used by Cisco devices on synchronous serial lines is Cisco HDLC. Cisco HDLC is a point-to-point protocol that can be used on leased lines between two Cisco devices. When communicating with a non-Cisco device, PPP is a more viable option.
ACN - 188
Chapter 1
Configuring HDLC
Verify the encapsulation on the serial interface: R1#show interface serial0/0/0 Serial0/0/0 is up, line protocol is up Hardware is GT96K Serial Internet address is 10.1.1.1/30 MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set
ACN - 189
Chapter 1
PPP
PPP was developed based on the ISO High-Level Data Link Control (HDLC) protocol The Point-to-Point Protocol (PPP) is an industry standard method of utilizing point-to-point links to transport multi-protocol datagrams including AppleTalk, DECnet, IP and IPX. Note: HDLC is the default serial encapsulation method when you connect two Cisco routers. Cisco HDLC can only work with other Cisco devices. However, when you need to connect to a non-Cisco router, you should use PPP encapsulation. PPP includes many features not available in HDLC: The link quality management feature monitors the quality of the link. If too many errors are detected, PPP takes the link down. PPP supports PAP and CHAP authentication.
ACN - 191
Chapter 1
PPP
IP IPX Many Others
Network Layer
Network Control Protocol (NCP) Point-to-Point Protocol (PPP) Link Control Protocol (LCP) Synchronous or Asynchronous Physical Medium
Physical Layer
PPP is a Data Link Layer protocol that provides a standard method for transporting multiprotocol datagrams over point-to-point links. PPP can be configured on multiple types of interfaces: Asynchronous serial Synchronous serial High-Speed Serial Interface (HSSI) ACN - 192 Integrated Services Digital Network (ISDN) Chapter 1
Network Control Protocols (NCPs) Data Link Layer Link Control Protocol (LCP) Synchronous or Asynchronous Physical Medium Physical Layer
PPP has a layered architecture: Link Control Protocol (LCP): To establish, configure and test the connection. Network Control Protocols (NCPs): A family of protocols to establish and configure Network Layer protocols. ACN - 193
Chapter 1
ACN - 194
Chapter 1
194
195
ACN - 196
Chapter 1
196
ACN - 197
Chapter 1
197
For every network layer protocol used, a separate Network Control Protocol (NCP) is provided. Ex. Ex. IP uses the IP Control Protocol (IPCP), IPX uses the Novell IPX Control Protocol (IPXCP). NCPs include functional fields containing standardized codes to indicate the network layer protocol type that PPP encapsulates.
ACN - 198 Chapter 1
Notice how the PPP frame has been modeled very closely on the standard HDLC frame. The protocol field contains specific codes.
ACN - 199 Chapter 1
Flag: indicates the beginning or end of a frame and consists of the binary sequence 01111110 to identify a PPP frame. The value is set to 0x7E (01111110) to signify the start and end of a PPP frame. In successive PPP frames, only a single Flag character is used. Address: Consists of the standard broadcast address, which is the binary sequence 11111111 (0xFF). PPP does not assign individual station addresses but rather dealing with a direct link between 2 devices.
ACN - 200
Chapter 1
Control: set to 00000011. This provides a connectionless link service that does not require you to establish data links or link stations. On point-to-point link, the destination node does not need to be addressed. Therefore, for PPP, the address field is set to 0xFF, the broadcast address.
ACN - 201
Chapter 1
Protocol: identify the protocol of the datagram encapsulated in the Data field.
ACN - 202
Chapter 1
Data: Zero or more bytes of payload that contains either data or control information, depending on the frame type. For regular PPP data frames the network-layer packet is encapsulated here. For control frames, the control information fields are placed here instead. The default maximum length of data field is 1500 byte FCS (Frame Check Sequence) A checksum computed over the frame to provide basic protection against errors in transmission. This is a CRC code similar to the one used for other layer two protocol error protection schemes such as the one used in Ethernet. It can be either 16 bits or 32 ACN - bits in size (default is 16 bits). 203 Chapter 1
ACN - 204
Chapter 1
ACN - 205
Chapter 1
ACN - 206
Chapter 1
Phase 1 Link Establishment: In this phase each PPP device sends LCP frames to configure and test the data link. LCP frames contain a configuration option field that allows devices to negotiate the use of options such as: The maximum transmission unit (MTU) Compression of certain PPP fields The link-authentication protocol.
Chapter 1
ACN - 207
If a configuration option is not included in an LCP packet, the default value is assumed. Before any network layer packets can be exchanged, LCP must first open the connection and negotiate the configuration parameters. This phase is complete when a configuration acknowledgment frame has been sent and received.
Chapter 1
ACN - 208
ACN - 209
Chapter 1
As part of this phase, LCP also allows for an optional linkquality determination test. The link is tested to determine whether the link quality is good enough to bring up network layer protocols.
Chapter 1
ACN - 210
PPP permits multiple Network layer protocols to operate on the same communications link. For every Network layer protocol used, PPP uses a separate NCP module. IP uses the IPCP module. IP Version 6 uses the IPv6CP module. IPX uses the IPXCP module. ACN - 211 Chapter 1
In this phase the PPP devices send NCP packets to choose and configure one or more network layer protocols (e.g. IP). Once each of the chosen network layer protocols has been configured, packets from each network layer protocol can be sent over the link. If LCP closes the link, it informs the network layer protocols so that they can take appropriate action.
Chapter 1
ACN - 212
Link-maintenance frames manage and debug a link (Code-Reject, Protocol-Reject, Echo-Request, Echo-Reply, and Discard-Request)
Echo-Request, Echo-Reply, and Discard-Request - These frames can be used for testing the link.
ACN - 213 Chapter 1
ACN - 214
Chapter 1
ACN - 215
Chapter 1
ACN - 217
Chapter 1
ACN - 218
Chapter 1
ACN - 219
Chapter 1
The show interfaces command reveals the LCP and NCP states under PPP configuration. The PPP link remains configured for communications until LCP or NCP frames close the link or until an inactivity timer expires or a user intervenes.
ACN - 220 Chapter 1
ACN - 221
Chapter 1
ACN - 222
Chapter 1
ACN - 223
Chapter 1
1. Remote router sends its username and password to Central router 2. Central router evaluates Remote routers username and password against its local database. If it is matches, it accepts the connection. If no, it rejects the connection
ACN - 224
Chapter 1
1. Establish PPP Link 2. Configuration request for PAP authentication. 3. Configuration ACK. 4. SantaCruz sends the SantaCruz username and SantCruzpass password configured for the interface. 5. HQ looks up the received name, retrieves the password and compares configured to received.
2
3 4
ACK2
5 6
NACK
Chapter 1
Chapter 1
1. Central router sending a CHAP challenge to Remote router 2. Remote router validates Central router; Remote router sends the response to Central router 3. Central router validates Remote router; Central router establishes or rejects the link
ACN - 228 Chapter 1
SantaCruz calls HQ and establishes a ppp link. A CHAP challenge packet is built by the HQ router with the following characteristics: 01 = challenge packet type identifier. ID = sequential number that identifies the challenge. random = a reasonably random number generated by the router. HQ = the authentication name of the challenger.
Chapter 1
ACN - 229
CHAP Challenge
The ID and random values are kept on the HQ router or the called router. The challenge packet is sent to the calling router. A list of outstanding challenges is maintained.
ACN - 230
Chapter 1
CHAP Challenge
Receive CHAP Challenge
The name HQ is used to look up the password. The ID value, the random value and the password are fed into the MD5 hash generator. The result is the one-way MD5-hashed CHAP challenge that will be sent back in the CHAP response.
Chapter 1
ACN - 231
CHAP Challenge
CHAP Response
The response packet is assembled and sent. 02 = CHAP response packet type identifier. ID = copied from the challenge packet. hash = the output from the MD5 hash generator. SantaCruz = the hostname of the responding device. (From the hostname command or the
ppp chap hostname command).
Chapter 1
ACN - 232
CHAP Challenge
Receive CHAP Response
The ID is used to find the original challenge packet. The name is used to look up the password from a configured name or a security server. The original ID, the original random value and the password are fed into the MD5 hash generator.
Chapter 1
ACN - 233
CHAP Challenge
Receive CHAP Response
The hash value received in the response packet is then compared to the calculated MD5 hash value. CHAP authentication succeeds if the calculated and the received hash values are equal.
ACN - 234
Chapter 1
CHAP Challenge
Success OR Failure
03 Welcome In
If authentication is successful, a CHAP success packet is built from the following components: 03 = CHAP success message type. ID = copied from the response packet. Welcome In is simply a text message providing a userreadable explanation.
Chapter 1
ACN - 235
CHAP Challenge
Success OR Failure
03 Welcome In
04
Authentication Failed
If authentication fails, a CHAP failure packet is built from the following components: 04 = CHAP failure message type. ID = copied from the response packet. Authentication failure or other text message, providing a user-readable explanation.
Chapter 1
ACN - 236
ACN - 237
Chapter 1
Configuring PPP
Configuring PPP
Router#configure terminal Router(config)#interface serial 0/0 Router(config-if)#encapsulation ppp
ACN - 239
Chapter 1
Configuring PPP
DTE .2/S0 172.25.3.0/24 Serial DCE .1/S0
ACN - 240
Chapter 1
Verifying PPP
LCP NCP
ACN - 241
Chapter 1
Configuring PAP
Rtr(config)# username remote-host password remotepassword This needs to match the ppp pap sent-username on the remote host. Rtr(config-if)# ppp pap sent-username this-host username password this-host-password The passwords do not need to match between the remote and the host. It should not need to be the same as the enable-secret password. Router(config-if)#ppp authentication {chap | chap pap | pap chap | pap} Two choices: first choice | second choice If both methods are enabled, then the first method specified will be requested during link negotiation. If the peer suggests using the second method or simply refuses the first method, then the second method will be tried.
ACN - 242 Chapter 1
Configuring PAP
DTE .2/S0
hostname SantaCruz username HQ password HQpass
172.25.3.0/24 Serial
DCE .1/S0
hostname HQ username SantaCruz password SantaCruzpass interface Serial0 ip address 172.25.3.1 255.255.255.0 encapsulation ppp ppp authentication pap ppp pap sent-username HQ password HQpass
interface Serial0 ip address 172.25.3.2 255.255.255.0 encapsulation ppp ppp authentication pap ppp pap sent-username SantaCruz password SantaCruzpass
Notes: sent-username and password must match remote username and password. Hostnames are not involved.
ACN - 243 Chapter 1
Configuring CHAP
DTE .2/S0
hostname
172.25.3.0/24 Serial
DCE .1/S0
hostname
username ppp chap hostname SantaCruz (optional) interface Serial0 ip address 172.25.3.2 255.255.255.0 encapsulation ppp ppp authentication chap
HQ
username SantaCruz password boardwalk ppp chap hostname HQ (optional) interface Serial0 ip address 172.25.3.1 255.255.255.0 encapsulation ppp ppp authentication chap
Notes: Hostnames are involved, unless the ppp chap hostname command is used, and must match remote routers username command. Passwords are case-sensitive and must match ACN - 244 Chapter 1
In some environments, it may be necessary to bundle multiple serial links to act as single link with aggregated bandwidth.
ACN - 245
Chapter 1
PPP Multilink is common with ISDN. Prior to MLP, two or more ISDN B channels could not be used in a standardized way while ensuring sequencing. MLP is most effective when used with ISDN. We will see how this is done when we discuss ISDN.
Chapter 1
ACN - 246
Configuring Compression
Router(config)#interface serial 0/0 Router(config-if)#encapsulation ppp Router(config-if)#compress [predictor|stac|mppc] Point-to-point software compression can be configured on serial interfaces that use PPP encapsulation. Compression is performed in software and might significantly affect system performance. Compression is not recommended if most of the traffic consists of compressed files. To configure compression over PPP.
ACN - 247
Chapter 1
Error Detection
Router(config)#interface serial 0/0 Router(config-if)#encapsulation ppp Router(config-if)#ppp quality percentage
Link Quality Monitoring (LQM) is available on all serial interfaces running PPP. LQM will monitor the link quality, and if the quality drops below a configured percentage, the link will be taken down. The percentages are calculated for both the incoming and outgoing directions.
ACN - 248
Chapter 1
Load Balancing
Router(config)#interface serial 0/0 Router(config-if)#encapsulation ppp Router(config-if)#ppp multilink
Multilink PPP provides load balancing over the router interfaces that PPP uses.
Packet fragmentation and sequencing, as specified in RFC 1717, splits the load for PPP and sends fragments over parallel circuits.
In some cases, this bundle of multilink PPP pipes functions as a single logical link, improving throughput and reducing latency between peer routers.
Prior to MLP, two or more ISDN B channels could not be used in a standardized way while ensuring sequencing. MLP is most effective when used with ISDN.
ACN - 249 Chapter 1
The debug ppp negotiation command enables you to view the PPP negotiation transactions, identify the problem or stage when the error occurs, and develop a resolution. During PPP negotiation, the link goes through several phases, as shown. The end result is that PPP is either up or down.
ACN - 250
Chapter 1
The debug ppp authentication command displays the authentication exchange sequence. With two-way authentication configured, each router authenticates the other. Messages appear for both the authenticating process and the process of being authenticated.
ACN - 251 Chapter 1
Summary
Upon completion of this chapter, student should be able to understand the followings: Overview of Serial Communication & Standards TDM/STDM DTE & DCE HDLC Encapsulation Introduction to PPP & its Layered Architecture PPP Frame Structure PPP Session Establishment PPP Authentication: PAP, CHAP PPP Configurations
ACN - 252 Chapter 1
ACN - 253
Chapter 1
Objectives
Upon Completion of this chapter, student should be able to understand the followings: Introduction to Frame Relay Frame Relay Operation and Virtual Circuits Frame Relay Encapsulation Frame Relay Topologies Frame Relay Addressing & Mapping Frame Relay Configurations Frame Relay Advanced Concepts
Paying for Frame Relay Bandwidth & Flow Control Solving Reachability Issues
ACN - 254 Chapter 1
Frame Relay
ACN - 255
Chapter 1
ACN - 257
Chapter 1
ACN - 258
Chapter 1
Only use 7 of 24
ACN - 259
Chapter 1
Only use 5 of 24
4
ACN - 260
Chapter 1
256 Kb
56 Kb
Providers Network
ACN - 261
Chapter 1
ACN - 262
Chapter 1
Chapter 1
ACN - 265
Chapter 1
ACN - 266
Chapter 1
ACN - 267
Chapter 1
Virtual Circuits
The connection through a Frame Relay network between two DTEs is called a virtual circuit (VC). The circuits are virtual because there is no direct electrical connection from end to end. The connection is logical & data moves from end-to-end without a direct electrical circuit Bandwidth shared among multiple users. Any single site can communicate with any other single site without using multiple dedicated physical lines. Two types: Switched (SVC): Dynamic call set up and disappears when done. Permanent (PVC): Preconfigured by the provider and ACN - 268
Chapter 1
Virtual Circuits
Any single site can communicate with any other single site without using multiple dedicated physical lines. Toronto Vancouver
Windsor
ACN - 269
Each site only pays for their connection to the providers DCE.
Chapter 1
Virtual Circuits
VCs are identified by DLCIs. (or in English.Virtual Circuits are identified by Data Link Connection Identifiers). Permanent Virtual Circuit = PVC. Switched Virtual Circuit = SVC. DLCI values are assigned by the Frame Relay service provider. DLCI is used to route Frame Relay traffic. Frame Relay DLCIs only have local significance. It simply identifies a VC to the equipment at an endpoint and is only unique on the physical channel where they reside The DLCI value itself is not unique in the providers Frame Relay WAN.
ACN - 270 Chapter 1
ACN - 271
Chapter 1
ACN - 272
Chapter 1
22
23 24 25
1
2 3 4
119
309 721 432
Each Frame Relay switch will have a table that is used to build the virtual circuit. As the frame moves through the switch, the DLCI is adjusted to follow the predetermined path through the network.
ACN - 273 Chapter 1
ACN - 274
Chapter 1
Vancouver
432
119
Chapter 1
Chapter 1
256 Kb
56 Kb
Providers Network
ACN - 277
Chapter 1
ACN - 278
Chapter 1
ACN - 279
Chapter 1
ACN - 280
Chapter 1
6
7
ACN - 281
15
24
Chapter 1
ACN - 282
Chapter 1
ACN - 284
Chapter 1
ACN - 285
When R2 has a packet to transmit, it must know which DLCI to put in the header at Layer 2. Chapter 1
4. When the frame is read by the Frame Relay switch, it will be switched over to the PVC identified by DLCI 302.
ACN - 286 Chapter 1
ACN - 287
Chapter 1
ACN - 288
Chapter 1
ACN - 290
Chapter 1
ACN - 292
Chapter 1
ACN - 293
Chapter 1
ACN - 294
Chapter 1
ACN - 295
Chapter 1
Frame Relay
ACN - 296
Chapter 1
The default encapsulation is Cisco HDLC. Use IETF if connecting to another vendors router.
3. Set the bandwidth. Use the bandwidth command to set the bandwidth for OSPF and EIGRP routing protocols. 4. Set the LMI type (optional). (Auto detects the LMI)
frame-relay lmi-type [cisco | ansi | q833a]
ACN - 297 Chapter 1
ACN - 298
Chapter 1
Once the interfaces are enabled with the no shutdown command: The Frame Relay switch and the router exchange LMI status messages that announce the DLCIs to the router. IARP maps the remote Layer 3 address to the local DLCI. Routers can exchange data.
ACN - 299 Chapter 1
LMI
IARP
OSPF EIGRP
ACN - 300
Chapter 1
ACN - 301
Chapter 1
ACN - 302
Chapter 1
ACN - 303
Chapter 1
Command
Allow broadcasts
Local DLCI
ACN - 304
Chapter 1
Frame Relay (and x.25 and ATM) is a non-broadcast multiple access (NBMA) network. It does not support multicast or broadcast traffic. Using the broadcast keyword is a simplified way to forward routing updates. Allows broadcasts and multicasts over the PVC. In effect, it turns the broadcast into a unicast do that the other node gets the routing updates.
ACN - 305
Chapter 1
ACN - 306
Chapter 1
ACN - 307
Chapter 1
R1 and R3 know about R2. R1 and R3 dont know about each other.
ACN - 308
Chapter 1
ACN - 309
ACN - 310
Chapter 1
ACN - 311
Chapter 1
Frame Relay
ACN - 312
Chapter 1
ACN - 313
Chapter 1
ACN - 314
Chapter 1
ACN - 315
Chapter 1
ACN - 317
Chapter 1
ACN - 318
Chapter 1
ACN - 319
Chapter 1
ACN - 320
Chapter 1
While Frame Relay Switch A is placing a large frame on interface 1, other frames for this interface are queued.
ACN - 321
Chapter 1
When the queue is sent, down stream devices are warned of the queue by setting the FECN bit in the header of the frame that was received on the congested link.
ACN - 322 Chapter 1
Upstream devices are warned of the queue by setting the BECN bit in the header of any frames sent on the congested link. Each upstream device receives the BECN frame.
ACN - 323 Chapter 1
Even though a device may not have contributed to the congestion, it still receives the BECN frame. Each device that provides input to the switch is instructed to reduce the rate at which it is sending packets.
ACN - 324 Chapter 1
ACN - 326
Chapter 1
Of course, with split horizon disabled, the protection it affords against routing loops is lost. Split horizon is only an issue with distance vector routing protocols like RIP and EIGRP. It has no effect on link state routing protocols like OSPF.
ACN - 328 Chapter 1
Frame Relay
ACN - 331
Chapter 1
ACN - 333
Also note that the DLCI number is used as the sub-interface number.
Chapter 1
ACN - 334
Chapter 1
ACN - 335
Chapter 1