Compter Network Notes For B.voc (SD)

logixfirm
NETWORKING FUNDAMENTALS
B.VOC(SD)
(AS PER SYLLABUS)
LOGIXFIRM
WE HAVE POWER TO CREATE A VIRTUAL WORLD
C,C++,JAVA,PHP,PYTHON,AURDINO,NETWORKING,DATABASE,WEBDESIGN,ALGORITHM
WEB-DEVLOPMENT, DATASCIENCE, ML, AI, SECURITY, HTML, CSS, LINUX,
AURDINO.EMBEDED-PROGRAMNG, CLOUD COMPUTING,ALGORITHM, JAVA SCRIPT,
JQUERY,DART ,C#, Dot net,
SUMMER AND WINTER INTERNSHIP/TRAINING
SYLLABUS
Logixfirm network fundamental Page 1

logixfirm
UNIT-I
Network Concept, Benefits of Network, Network classification (PAN, LAN, MAN, WAN), Peer to Peer,
Client Server architecture, Transmission media: Guided & Unguided, Network Topologies. Networking
terms: DNS, URL, client server architecture, TCP/IP, FTP, HTTP, HTTPS, SMTP, Telnet OSI and TCP/IP
Models: Layers and their basic functions and Protocols, Comparison of OSI and TCP/IP.
Networking Devices: Hubs, Switches, Routers, Bridges, Repeaters, Gateways and Modems, ADSL.
[T1][T2] [No. of Hrs. 11]
UNIT-II
Ethernet Networking: Half and Full-Duplex Ethernet, Ethernet at the Data Link Layer, Ethernet at the
Physical Layer. Switching Technologies: layer-2 switching, address learning in layer-2 switches, network
loop problems in layer-2 switched networks, Spanning-Tree Protocol, LAN switch types and working with
layer-2 switches, Wireless LAN [T1][T2] [No. of Hrs. 11]
UNIT- III
Internet layer Protocol: Internet Protocol, ICMP, ARP, RARP. IP Addressing: Different classes of IP
addresses, Sub-netting for an internet work, Classless Addressing. Comparative study of IPv4 & IPv6.
Introduction to Router Configuration. Introduction to Virtual LAN.
[T1][T2] [No. of Hrs. 11]
UNIT- IV
Transport Layer: Functions of transport layer, Difference between working of TCP and UDP. Application
Layer: Domain Name System (DNS), Remote logging, Telnet, FTP, HTTP, HTTPS. Introduction to
Network Security.
[T1][T2][No. of Hrs. 12]
Text Book(s): [T1] Tananbaum A.S, “Computer Networks” 3rd Ed. PHI, 1999
[T2] Dr. Sanjay Sharma, “A Course in Computer Network” S. K. Kataria & Sons
[T3] Todd Lammle, “CCNA Cisco Certified Network Associate Study Guide”, SYBEX.
References Book(s):
[R1] William Stallings, “Data and computer communications”, Pearson education Asia, 7th Ed., 2002.
[R2] D. E. Comer, “Internetworking with TCP/IP”, Pearson Education Asia, 2001.
[R3] Networking Complete By BPB Publication
[R4] B. A Forouzan, “Data Communications & Networking”,4th Ed, Tata McGraw Hill, 2007
UNIT- I

logixfirm
On October 24, 1995, the FNC unanimously passed a resolution defining the term Internet. This definition
was developed in consultation with the leadership of the Internet and Intellectual Property Rights (IPR)
Communities.
RESOLUTION:
"The Federal Networking Council (FNC) agrees that the following language reflects our definition of the
term "Internet". "Internet" refers to the global information system that
(i) is logically linked together by a globally unique address space based on the Internet Protocol (IP) or its
subsequent extensions/follow-ons;
(ii) is able to support communications using the Transmission Control Protocol/Internet Protocol (TCP/IP)
suite or its subsequent extensions/follow-ons, and/or other IP-compatible protocols; and
(iii) provides, uses or makes accessible, either publicly or privately, high level services layered on the
communications and related infrastructure described herein."
Internet
The internet is a type of world-wide computer network.
The internet is the collection of infinite numbers of connected computers that are spread across the world.
We can also say that, the Internet is a computer network that interconnects hundreds of millions of
computing devices throughout the world.
It is established as the largest network and sometimes called network of network that consists of
numerous academic, business and government networks, which together carry various
information.
Internet is a global computer network providing a variety of information and communication facilities,
consisting of interconnected networks using standardized communication protocols.
When two computers are connected over the Internet, they can send and receive all kinds of
information such as text, graphics, voice, video, and computer programs.
Some pieces of the Internet

Network Concept:- A network refers to two or more connected computers that can share resources such as
data, a printer, an Internet connection, applications, or a combination of these resources.

logixfirm
List of Advantages of Computer Networking

It enhances communication and availability of information. ...
It allows for more convenient resource sharing. ...
It makes file sharing easier. ...
It is highly flexible. ...
It is an inexpensive system. ...
It increases cost efficiency. ...
It boosts storage capacity.
Advantages of Computer Networks

File sharing
The major advantage of a computer network is that is allows file sharing and remote file access. A person
sitting at one workstation that is connected to a network can easily see files present on another workstation,
provided he is authorized to do so.
Resource sharing
All computers in the network can share resources such as printers, fax machines, modems, and scanners.
Better connectivity and communications
It allows users to connect and communicate with each other easily. Various communication
applications included e-mail and groupware are used. Through e-mail, members of a network can send
message and ensure safe delivery of data to other members, even in their absence.
Internet access
Computer networks provide internet service over the entire network. Every single computer attached to
the network can experience the high speed internet.
Entertainment
Many games and other means of entertainment are easily available on the internet. Furthermore,
Local Area Networks (LANs) offers and facilitates other ways of enjoyments, such as many players are
connected through LAN and play a particular game with each other from remote location.
Inexpensive system
Shared resources mean reduction in hardware costs. Shared files mean reduction in memory
requirement, which indirectly means reduction in file storage expenses. A particular software can be
installed only once on the server and made available across all connected computers at once. This saves
the expense of buying and installing the same software as many times for as many users.
Flexible access
A user can log on to a computer anywhere on the network and access his files. This offers flexibility
to the user as to where he should be during the course of his routine.
Instant and multiple access
Computer networks are multiply processed .many of users can access the same information at the same
time. Immediate commands such as printing commands can be made with the help of computer networks.
Disadvantages of Computer Networks
Lack of data security and privacy
Because there would be a huge number of people who would be using a computer network to get and
share some of their files and resources, a certain user’s security would be always at risk. There might even be
illegal activities that would occur, which you need to be careful about and aware of.

logixfirm
Presence of computer viruses and malwares

If even one computer on a network gets affected by a virus, there is a possible threat for the other systems
getting affected too. Viruses can spread on a network easily, because of the inter- connectivity of
workstations. Moreover, multiple systems with common resources are the perfect breeding ground
for viruses that multiply.
Lack of Independence
Since most networks have a centralized server and dependent clients, the client users lack any freedom
whatsoever. Centralized decision making can sometimes hinder how a client user wants to use his
own computer.
Lack of Robustness
As previously stated, if a computer network’s main server breaks down, the entire system would become
useless. Also, if it has a bridging device or a central linking server that fails, the entire network would also
come to a standstill.
Need an efficient handler
For a computer network to work efficiently and optimally, it requires high technical skills and know-how
of its operations and administration. A person just having basic skills cannot do this job. Take note that the
responsibility to handle such a system is high, as allotting permissions and passwords can be daunting.
Similarly, network configuration and connection is very tedious and cannot be done by an average
technician who does not have advanced knowledge.
Use (Applications) of Computer Networks
Financial services
Nowadays, almost all the financial services depend on the computer network. You can access the
financial services across the world. For example, a user can transfer money from one place to another by
using the electronic fund transfer feature. You can use networking in various financial areas such as
ATM, foreign exchange and credit history search.
Business
Nowadays, most of the works of businesses are done over the computers. To exchange the data and ideas,
you need an effective data and resources sharing features. To do this, you need to connect the computer
with each other through a network. For example, a person of one department of an organization can
share or access the electronic data of other department through network.
Email services
A computer network provides you the facility to send or receive mails across the globe in few seconds.
Mobile applications
By using the mobile applications, such as cellular or wireless phones, you can communicate (exchange
your views and ideas) with one other.
Directory services
It provides you the facility to store files on a centralized location to increase the speed of search operation
worldwide.
Teleconferencing
It contains voice conferencing and video conferencing which are based in networking. In
teleconferencing the participants need not to be presented at the same location.
Network classification (PAN, LAN, MAN, WAN)

logixfirm
Types of Computer Networks

LAN (Local Area Network)
• It is privately-owned networks within a single building or campus of up to a few kilometres in
size.
• They are widely used to connect personal computers and workstations in company offices and
factories to share resources (e.g., printers) and exchange information.
• LANs are easy to design and troubleshoot
• In LAN, all the machines are connected to a single cable.
• Different types of topologies such as Bus, Ring, Star and Tree are used.
• The data transfer rates for LAN is up to 10 Gbits/s.
• They transfer data at high speeds. High transmission rate are possible in LAN because of the
short distance between various computer networks.
They exist in a limited geographical area.
Advantages
➢ LAN transfers data at high speed.
➢ LAN technology is generally less expensive.
Figure 2: Local Area Network
MAN (Metropolitan Area Network)
MAN is a larger version of LAN which covers an area that is larger than the covered by LAN but
smaller than the area covered by WAN.
A metropolitan area network or MAN covers a city. The best-known example of a MAN is the cable
television network available in many cities.
MAN connects two or more LANs.
At first, the companies began jumping into the business, getting contracts from city governments
to wire up an entire city.
The next step was television programming and even entire channels designed for cable only.

logixfirm
WAN (Wide Area Network)
• WAN spans a large geographical area, often a country or region.

• WAN links different metropolitan’s countries and national boundaries there by enabling easy
communication.
• It may be located entirely with in a state or a country or it may be interconnected around the world.
• It contains a collection of machines intended for running user (i.e., application) programs. We will
follow traditional usage and call these machines hosts.
• The communication between different users of WAN is established using leased telephone lines or
satellite links and similar channels.
Wide Area Network

PAN personal area network (PAN):- is a computer network for interconnecting devices centered on an individual person's
workspace.A PAN provides data transmission among devices such as computers, smartphones, tablets and personal digital
assistants. PANs can be used for communication among the personal devices themselves, or for connecting to a higher level
network and the Internet where one master device takes up the role as gateway. A PAN may be wireless or carried over wired
interfaces such as USB.A personal area network, or PAN, is a computer network organized around an individual person within
a single building. This could be inside a small office or residence. A typical PAN would include one or more computers,
telephones, peripheral devices, video game consoles and other personal entertainment devices.

logixfirm
If multiple individuals use the same network within a residence, the network is sometimes referred to as a home area network, or
HAN. In a very typical setup, a residence will have a single wired Internet connection connected to a modem. This modem then
provides both wired and wireless connections for multiple devices. The network is typically managed from a single computer but
can be accessed from any device.
This type of network provides great flexibility. For example, it allows you to:
• Send a document to the printer in the office upstairs while you are sitting on the couch with your laptop.
• Upload a photo from your cell phone to your desktop computer.
• Watch movies from an online streaming service to your TV.
Difference between LAN, MAN and WAN.

Parameter LAN MAN WAN
Area covered Covers small area. i.e. Covers larger than LAN Covers large area
within building & smaller than WAN
Error rates Lowest Moderate Highest
Transmission speed High speed Moderate speed Low speed
Equipment cost Inexpensive Moderate expensive Most expensive
Design & maintenance Easy Moderate Difficult

logixfirm
Computer networks can be logically classified on the basis of architecture as
1) Peer-to-Peer networks and

2) Client-Server networks
Peer-to-Peer networks
Peer to Peer network

In this network group of computers is connected together so that users can share resources and
information.
There is no central location (server) for authenticating users, storing files, or accessing resources and each of
them works as both client and server.
This means that users must remember which computers in the workgroup have the shared resource
or information that they want to access.
Advantage:
➢ It is easy to setup.
➢ There is no need of any committed server as each peer acts as both server and client.
➢ The network implementation is quite cheap.
➢ The resources of a peer can be shared with other peers very easily in the network.
Disadvantage:
➢ The speed of the network decreases due to heavy usage.
➢ It is not easy to keep track of information on each computer.
➢ There is no central backup of files and folders.
➢ Network and data security are weak.
Client-Server Networks
Client/Server network
A client/server network is a system where one or more computers called clients connect to a central
computer named as server to share or use resources.
• The client requests a service from server, which may include running an application, querying
database, printing a document, performing a backup or recovery procedure. The request made by
the client is handled by server.
• A client/server network is that in which the files and resources are centralized. This means that the
server can hold them and other computers (Client) can access them.

logixfirm
• Advantage:
➢ The server system holds the shared files.
➢ The server system can be scheduled to take the file backups automatically.
➢ Network access is provided only to authorize users through user security at the server.
➢ The server system is a kind of central repository for sharing printer with clients.
➢ Internet access, e-mail routing and such other networking tasks are quite easily managed
by the server.
➢ The software applications shared by the server are accessible to the clients.
• Disadvantage:
➢ The implementation of the network is quite expensive.
➢ An NOS (Network Operating System) is essential.
➢ If server fails, the entire network crashes.
➢ There may be congestion if more than one client requests for a service at the same time.
The Client/Server computer network model is made-up of Client compters and Server compters. Now we need to
understand the terms Client and Server.
What is a Client?
A computer which is seeking any resource from another computer is a Client Computer. You can think a client as a
computer in your network, where a network user is performing some network activity. For Example: Downloading a
file from a File Server, Browsing Intranet/Internet etc. The network user normally uses a client computer to perform
his day to day work.
What is a Server?
If a computer has a resource which is served to another computer, it is a Server computer. The client establishes a
connection to a Server and accesses the services installed on the Server. A Server is not meant for a network user to
browse in internet or do spreadsheet work. A Server computer is installed with appropriate Operating System and
related Software to serve the network clients with one or more services, continuously without a break.
In a Client-Server network, high-end servers, installed with the Network Operating System (Server Operating
System) and the related software, serve the clients continuously on a network, by providing them with specific
services upon request.
Well known Server Operating System Products are Windows 2012 / Windows 2012 R2, Unix (Oracle Solaris, IBM
AIX, HP UX, FreeBSD, NetBSD, OpenBSD, SCO Unix etc), GNU/Linux (RedHat Enterprise Linux, Debian
Linux, SUSE Enterprise, Ubuntu Server, CentOS Server, Mandriva, Fedora etc.
Client-Server networks require dedicated servers. Server hardware is more costlier than normal Desktop computers.
Client-Server networks cost more than peer-to-peer networks. Network Operating System (Server Operating
System) are also costlier than Desktop Operating Systems.
Protocol
A protocol is a set of rules that governs (manages) data communications.
Protocols defines methods of communication, how to communicate, when to communicate etc.
A protocol is an agreement between the communicating parties on how communication is to proceed.
Important elements of protocols are
1. Syntax 2. Semantics 3. Timing
Syntax:- Syntax means format of data or the structure how it is presented e.g. first eight bits are for sender
address, next eight bits are for receiver address and rest of the bits for message data.
Semantics:- Semantics is the meaning of each section of bits e.g. the address bit means the route of
transmission or final destination of message.
Timing:- Timing means, at what time data can be sent and how fast data can be sent.
Some protocols also support message acknowledgement and data compression designed for reliable
and/or high-performance network communication.

logixfirm
Example: HTTP, IP, FTP etc…
A human protocol and a computer network protocol
Techniques used in data communications to transfer data

1. Connection-oriented method 2. Connectionless method
Connection-oriented method
Connection-oriented communication includes the steps of setting up a call from one computer to another,
transmitting/receiving data, and then releasing the call, just like a voice phone call.
However, the network connecting the computers is a packet switched network, unlike the phone
system's circuit switched network.
Connection-oriented communication is done in one of two ways over a packet switched network:
1. Without virtual circuits
2. With virtual circuits.
Without virtual circuits:
This is what TCP does in the Internet.
The only two machines in the Internet are aware about connection which is established between
the two computers at the endpoints.
The Internet itself, its routers and links have no information about the presence of a connection between
the two computers.
This means that all of the packets flowing between the two computers can follow different routes.
One benefit of establishing the connection is that the flow of packets from the source to the destination
can be slowed down if the Internet is congested and speeded up when congestion disappears.
Another benefit is that the endpoints can anticipate traffic between them, and agree to cooperate to
ensure the integrity and continuity of the data transfers. This allows the network to be treated as a
"stream" of data.
With virtual circuit:

This is not used in the Internet, but is used in other types of networks (eg. the "X.25" protocol, still
popular in Europe).

logixfirm
The routers within the network route all packets in one connection over the same route. The advantage
is that video and voice traffic are easier to carry, because routers can reserve memory space to
buffer the transmission.
Connectionless method
Connectionless communication is just packet switching where no call establishment and release occur.
A message is broken into packets, and each packet is transferred separately. Moreover, the packets
can travel different route to the destination since there is no connection.
Connectionless service is typically provided by the UDP (User Datagram Protocol). The packets
transferred using UDP are also called datagrams.
Transmission media: Guided & Unguided,
Transmission media:-- Transmission media can be defined as physical path between

transmitter and receiver in a data transmission system.
Or
Anything that can carry information from a source to a destination.
Transmission Media is broadly classified into the following types:-
TRANSMISSION MEDIA
MMEDIA
GUIDED MEDIA UNGUIDED

MEDIA
TWISTED COAXIAL FIBER OPTIC RADIOWAVES INFRARED

PAIR CABLE CABLE MICROWAVES
Guided media:- Transmission capacity depends critically on the medium, the length, and whether the
medium is point-to-point or multipoint (e.g. LAN). Examples are coaxial cable, twisted pair, and optical
fiber.
Twisted Pair:--
In twisted pair technology, two copper wires are strung between two points:

logixfirm
• The two wires are typically ``twisted'' together in a helix to reduce interference between the two
conductors in Twisting decreases the crosstalk interference between adjacent pairs in a cable. Typically, a
number of pairs are bundled together into a cable by wrapping them in a tough protective heath.
• Can carry both analog and digital signals. Actually, they carry only analog signals. However, the
``analog'' signals can very closely correspond to the square waves representing bits, so we often think of
them as carrying digital data.
• Data rates of several Mbps common.
• Spans distances of several kilometers.
• Data rate determined by wire thickness and length. In addition, shielding to eliminate interference from
other wires impacts signal-to-noise ratio, and ultimately, the data rate.
• Good, low-cost communication. Indeed, many sites already have twisted pair installed in offices --
existing phone lines!
Typical characteristics:
Twisted-pair can be used for both analog and digital communication. The data rate that can be supported
over a twisted-pair is inversely proportional to the square of the line length. Maximum transmission
distance of 1 Km can be achieved for data rates up to 1 Mb/s. For analog voice signals, amplifiers are
required about every 6 Km and for digital signals, repeaters are needed for about 2 Km. To reduce
interference, the twisted pair can be shielded with metallic braid.
This type of wire is known as Shielded Twisted-Pair (STP) and the other form is known as
Unshielded Twisted-Pair (UTP).
Use: The oldest and the most popular use of twisted pair are in telephony. In LAN it is commonly used for
point-to-point short distance communication (say, 100m) within a building or a room.

logixfirm
1. Unshielded Twisted Pair (UTP):

This type of cable has the ability to block interference and does not depend on a physical shield for
this purpose. It is used for telephonic applications.
Advantages:
• Least expensive
• Easy to install
• High speed capacity
Disadvantages:
• Susceptible to external interference
• Lower capacity and performance in comparison to STP
• Short distance transmission due to attenuation.
2. Shielded Twisted Pair (STP):
This type of cable consists of a special jacket to block external interference. It is used in fast-data-rate
Ethernet and in voice and data channels of telephone lines.
Advantages:
• Better performance at a higher data rate in comparison to UTP
• Eliminates crosstalk
• Comparitively faster
Disadvantages:
• Comparitively difficult to install and manufacture
• More expensive
• Bulky

logixfirm
STP Cable or Shielded Twisted Pair Cable is a pair of wires wound around each other and each pair is
placed inside a protective foil wrap to protect it from crosstalk. It is cheaper than fiber optic cables but
more expensive than UTP. Shielded Twisted Pair Cable provides better protection from crosstalk and other
interference as compared to Unshielded Twisted Pair Cable. The STP Cable price is approx Rs 50/meter.
Types of STP Cable (Shielded Twisted Pair Cable)

Category 5e: Defines a shielded cable that operates at 350 MHz and carries data up to 1000 Mbps. It
carries high-quality signal while traveling across high voltage or power cables. Cat 5e cables are used in
networking, data transfer, and telephone lines.
150 Ohm Shielded Cable: Defines a cable in which twisted pairs are individually covered in a foil shield
and again enclosed in an outer braided wire shield. The shielding helps minimize EMI and crosstalk. The
maximum signaling frequency is 16 MHz.
Characteristics of STP Cable
Characteristics Description
Maximum cable length 100 meters
bandwidth 100 Mbps
Connector type RJ-45
Cost Costlier than UTP but cheaper than fiber optic cable
Interference protection Better protection from crosstalk and external interference
Signal transmission mode Baseband
Resistance 50 ohms
There are many acronyms used on the market to describe shielded cables, from STP to F/FTP; while many
are often used synonymously, nearly all of them have different meanings. Here we provides basic
information about each style, as defined by ISO/IEC 11801:200, to clear up the confusion.

logixfirm
F/UTP (FTP)
An overall foil shield (F) with unscreened twisted pairs (UTP). This cable is very much like common UTP
cables, with the addition of foil underneath the main cable jacket. Another common name for this cable is
FTP. F/UTP cables are common in 10GBaseT applications.
S/UTP
An overall braid screen (S) with unscreened twisted pairs (UTP). This is occasionally referred to as an STP
cable, but beware: There are other shielded cables among this list that may also claim this term. To be sure,
always check to see whether your cable will have any kind of overall barrier and whether the individual
pairs have their own shield.
SF/UTP
Both an overall braid screen (S) and foil shield (F) with unscreened twisted pairs (UTP). This cable is also
occasionally referred to as an STP cable. Cables with an overall braided screen are very effective at
protecting EMI from entering or exiting the cable, but heavier, thicker and more difficult to install than its
UTP counterpart.
S/FTP
An overall braid screen (S) with foil screened twisted pairs (FTP). The ‘shield’ underneath the jacket is a
braid, and each individual pair is surrounded by its own foil barrier. The purpose of the additional foil on
individual pairs is to limit the amount of crosstalk between them.
F/FTP
An overall foil shield (F) with foil screened twisted pairs (FTP). Similar to F/UTP cables, these shielded
cables are commonly used in 10GBaseT applications.
U/FTP
No overall shielding or braid (U) with foil screened twisted pairs (FTP). This type of shielded cable is
commonly used in 10GBaseT applications as well.
To sum up
• STP cables are shielded, while UTP cables are unshielded.
• STP cables are more immune to interference and noise than UTP cables.
• STP cables are better at maximizing bandwidth compared to UTP cables.
• STP cable cost more per meter compared to UTP cables.
• STP cables are heavier per meter compared to UTP cables.
• UTP cables are more prevalent in SOHO networks while STP is used in more high-end applications.

logixfirm
BASISFOR
UTP STP
COMPARISON
Basic UTP (Unshielded twisted pair) is STP (Shielded twisted pair) is a
a cable with wires that are twisted twisted pair cable enclosed in foil
together. or mesh shield.
Noise and crosstalk High comparatively. Less susceptible to noise and
generation crosstalk.
Grounding cable Not required Necessarily required
Ease of handling Easily installed as cables are Installation of cables is difficult
smaller, lighter, and flexible. comparatively.
Cost Cheaper and does not require Moderately expensive.
much maintenance.
Data Rates Slow comparatively. Provides high data rates
Coaxial Cable
What is Coaxial Cable?
Coaxial cable is a two conductor electrical cable consisting of a center conductor and an outer conductor
with an insulating spacer between the two.
How is Coaxial Cable used?

logixfirm
Primarily, coaxial cables are used for the transmission of Radio Frequency energy. The system offers tight
control over electrical impedance. This yields excellent performance at high frequencies and superior EMI
control/shielding.
Where is Coaxial Cable used?
A broad range of applications exist for coaxial cabling. The two primary impedance values of 50 and 75
Ohms determine specific applications with 50 Ohms primarily used in data signal applications and 75
Ohms used in video signal applications.
Frequency Band Data

Coaxial products are generally intended for use in the RF frequency band as illustrated here.
Understanding Coaxial Cable
Shielding Effectiveness is the relative ability of a shield to screen out undesirable interference. In the case of a
coaxial cable, the outer conductor provides a shield to keep interfering signals from getting in and to keep
signal from leaking out to become undesirable interference for nearby devices. Shielding Effectiveness is
measured in dB with higher values indicating better shielding properties.
The table below illustrates the relative shielding properties of various shielding types. Notice as the shielding
density increases there is a correlated increase in the shielding effectiveness value. The best shielding
effectiveness value can be found in a rigid coaxial cable due to the solid tube construction of the outer jacket. In this
type of cable the limiting factor for shielding effectiveness is the quality of the connec to attachment.

logixfirm
OPTICAL FIBER
Optical fiber:- An optical fiber cable is a type of cable that has a number of optical fibers bundled
together, which are normally covered in their individual protective plastic covers. Optical cables are used to
transfer digital data signals in the form of light up to distances of hundreds of miles with higher throughput
rates than those achievable via electrical communication cables. All optical fibers use a core of hair-like
transparent silicon covered with less refractive indexed cladding to avoid light leakage to the surroundings.
Due to the extreme sensitivity of the optical fiber, it is normally covered with a high-strength, lightweight
protective materials like Kevlar.
Fiber Optic Link Components
In order to comprehend how fiber optic applications work, it is important to understand the
components of a fiber optic link. Simplistically, there are four main components in a fiber
optic link (Figure 1).
▪ Optical Transmitter
▪ Optical Fiber/Cable
▪ Connectors
▪ Optical Receiver
Figure 1: Simple Fiber Optic Link
Transmitter
The transmitter converts the electrical signals to optical. A transmitter contains a light
source such as a Light Emitting Diode (LED) or a Laser (Light Amplification by Stimulated
Emission of Radiation) diode, or a Vertical Cavity Surface Emitting Laser (VCSEL).
LED: Is used in multimode applications and has the largest spectral width that carries
the least amount of bandwidth.
VCSEL: Is also used in multimode applications with a narrower spectral width that can
carry more bandwidth than the LED.
LASER: Has the smallest spectral width, carries the most bandwidth,and is used in singlemode
applications.

logixfirm
These sources produce light at certain wavelengths depending upon the materials from which they are
made. Most fiber optic sources use wavelengths in the infrared band, specifically 850nm (1nm=10-9m),
1300nm and 1550nm. For reference, visible light operates in the 400-700nm range.
Optical Fiber/Cable
In this section, we discuss the structure and properties of an optical fiber, how it guides light, and how it is
cabled for protection.
An optical fiber is made of 3 concentric layers (see Figure 3):
▪ Core: This central section, made of silica or doped silica, is the light transmitting region of the fiber.
▪ Cladding: This is the first layer around the core. It is also made of silica, but not the same
composition as the core. This creates an optical waveguide which confines the light in the core by
total internal reflection at the core-cladding interface.
▪ Coating: The coating is the first non-optical layer around the cladding. The coating typically consists
of one or more layers of polymer that protect the silica structure against physical or environmental
damage. The coating is stripped off when the fiber is connectorized or fusion spliced.
• Buffer (not pictured): The buffer is an important feature of the fiber. It is 900 microns and helps
protect the fiber from breaking during installation and termination and is located outside of the
coating.
The light is "guided" down (see Figure 4) the core of the fiber by the optical "cladding" which has a lower
refractive index (the ratio of the velocity of light in a vacuum to its velocity in a specified medium) that traps
light in the core through "total internal reflection."
In fiber optic communications, single mode and multimode fiber constructions are used
depending on the application. In multimode fiber (Figure 5), light travels through the fiber
following different light paths called "modes." In single mode fiber, only one mode is
propagated "straight" through the fiber (Figure 6).

logixfirm
Network Topologies

logixfirm
UNGUIDED MEDIA
UNGUIDED MEDIA: An unguided transmission transmits the electromagnetic waves without using any
physical medium. Therefore it is also known as wireless transmission. In unguided media, air is
the media through which the electromagnetic energy can flow easily.
an electromagnetic wave of a frequency between about 104 and 1011 or 1012 Hz, as used for long-distance
communication.
Microwaves are electromagnetic waves with wavelengths longer than those of terahertz (THz) wavelengths, but relatively
short for radio waves. Microwaves have wavelengths approximately in the range of 30 cm (frequency = 1 GHz) to 1 mm
(300 GHz).
Infrared radiation (IR), sometimes referred to simply as infrared, is a region of the

electromagnetic radiation spectrum where wavelengths range from about 700 nanometers (nm) to 1
millimeter (mm). Infrared waves are longer than those of visible light, but shorter than those of
radio waves.
radio wave
Satellite Communication To overcome to the issue of sending signals around the earth (line-of-sight), a
satellite can be used to relay signals. The signal is sent to the satellite, which then transmits it to other
satellites or the earth. The most common (or useful) satellites are Geosynchronous satellites. Those orbit
the earth in the same synch as the rotation of the earth—they appear to hover (very high; 22,000 miles)
above the earth at the same point.
Unguided Media
Unguided media is still ‘media’ (stuff that signal travels though). The trick is that the media is usually not
directional, like air, space, etc. Because the effect is usually much wider than with guided media, there
have been a lot of regulation, licensing, and standardization of transmissions via unguided media. The
range spans:
1. VLF, 3kHz-30kHz, Very Low Frequency. Used for surface propagation.
2. LF, 30kHz-300kHz, Low Frequency. Used for surface propagation.
3. MF, 300kHz-3MHz, Middle Frequency. Used for Tropospheric propagation.
4. HF, 3MHz-30MHz, High Frequency. Used for Ionospheric propagation.
5. VHF, 30MHz-300MHz, Very High Frequency. Used for Space and Line-of-sight propagation.
6. UHF, 300Mhz-3GHz, Ultra High Frequency. Used for Space and Line-of-sight propagation.
7. SHF, 3GHz-30GHz, Super High Frequency. Used for Space propagation.
8. EHF, 30GHz-300GHz, Extremely High Frequency. Used for Space propagation. Depending on the
frequency used, there are different propagation modes.
• Surface Propagation: The transmission travels near the ground, hugging the earth.
• Tropospheric Propagation: Either line of sight, or bounding off the signal via Ionosphere.
• Ionospheric Propagation: Bouncing off the signal off Ionosphere.

logixfirm
• Line-of-sight Propagation.
• Space Propagation: signals are sent from ground to satellites, which then relay them back to earth.
Terrestrial Microwave One can arrange a series of directional microwave receivers/transmitters
(transceivers) to send signals over long distances (longer than line of sight).
.
Wave guide:-
A waveguide is an electromagnetic feed line used in microwave communications, broadcasting, and radar
installations. A waveguide consists of a rectangular or cylindrical metal tube or pipe. The electromagnetic
field propagates lengthwise. Waveguides are most often used with horn antenna s and dish antenna s.
Topologies (Network Topologies)

Network Topology is the schematic description of a network arrangement, connecting various nodes
(sender and receiver) through lines of connection.
A Network Topology is the arrangement with which computer systems or network devices are connected
to each other
Types of network topologies :

1. Bus
2. Ring
3. Star
4. Mesh
5. Tree
6. Hybrid
Bus Topology
Bus topology is a network type in which every computer and network device is connected to single
cable.
Features:
It transmits data only in one direction.
Every device is connected to a single cable.
Advantages:
It is cost effective (cheaper).
Cable required is least compared to other network topology.

logixfirm
Used in small networks.

It is easy to understand
Easy to expand joining two cables together.

Disadvantages:
Cables fails then whole network fails.
If network traffic is heavy or nodes are more the performance of the network decreases.
Cable has a limited length.
Ring Topology
It is called ring topology because it forms a ring as each computer is connected to another computer,
withthe last one connectedto the first. Exactlytwo neighboursforeach device.
Features:
A number of repeaters are used and the transmission is unidirectional.
Date is transferred in a sequential manner that is bit by bit.
Advantages:
Transmitting network is not affected by high traffic or by adding more nodes, as only the nodes having
tokens can transmit data.
Cheap to install and expand.
Disadvantages:
Troubleshooting is difficult in ring topology.
Adding or deleting the computers disturbs the network activity.
Failure of one computer disturbs the whole network.
Star Topology
In this type of topology all the computers are connected to a single hub through a cable. This hub is the
central node and all others nodes are connected to the central node.
Features:
Every node has its own dedicated connection to the hub.
Acts as a repeater for data flow.
Can be used with twisted pair, Optical Fibre or coaxial cable.
Advantages:
Fast performance with few nodes and low network traffic.
Hub can be upgraded easily.
Easy to troubleshoot.
Easy to setup and modify.
Only that node is affected which has failed rest of the nodes can work smoothly.
Disadvantages:
Cost of installation is high.

logixfirm
Expensive to use.
If the hub is affected then the whole network is stopped because all the nodes depend on the hub.
Performance is based on the .
Mesh Topology
It is a point-to-point connection to other nodes or devices.
Traffic is carried only between two devices or nodes to which it is connected.
Features:
Fully connected.
Robust.
Not flexible.
Advantages:
Each connection can carry its own data load.
It is robust.
Fault is diagnosed easily.
Provides security and privacy.
Disadvantages:
Installation and configuration is difficult.
Cabling cost is more.
Bulk wiring is required.
Tree Topology
It has a root node and all other nodes are connected to it forming a hierarchy.
It is also called hierarchical topology.
It should at least have three levels to the hierarchy.

logixfirm
Features:
Ideal if workstations are located in groups.
Used in Wide Area Network.
Advantages:
Extension of bus and star topologies.
Expansion of nodes is possible and easy.
Easily managed and maintained.
Error detection is easily done.
Disadvantages:
Heavily cabled.
Costly.
If more nodes are added maintenance is difficult.
Central hub fails then network fails.
Hybrid Topology
A network structure whose design contains more than one topology is said to be hybrid
topology.
For example if in an office in one department ring topology is used and in another star topology is used,
connecting these topologies will result in Hybrid Topology (ring topology and star topology).
Features:
It is a combination of two or more topologies
Inherits the advantages and disadvantages of the topologies included
Advantages:
Reliable as error detecting and trouble shooting is easy.
Scalable as size can be increased easily.
Flexible.
Disadvantages:
Complex in design.
Costly.
The Network Core
Network core defines the connection of different network segments together and the process to transmit the data
packets across the network.
The network core is implemented through the use of switching techniques.
The classification of switching network is shown below:

logixfirm
Switched
Networks
Circuit-Switched Packet-Switched Message-Switched

Networks Networks Networks
Datagram Virtual-Circuit
Networks Networks
Circuit Switching
Circuit switching is used in public telephone networks and is the basis for private networks built on
leased-lines.
Circuit switching was developed to handle voice traffic but also digital data (although inefficient)
With circuit switching a dedicated path is established between two stations for communication.
Switching and transmission resources within the network are reserved for the exclusive use of the circuit
for the duration of the connection.
The connection is transparent: once it is established, it appears to attach devices as if there were a
direct connection.
Communication via circuit switching involves three phases:
Circuit Establishment
Data Transfer
Circuit Disconnect
Connection path must be established before data transmission begins. Nodes must have switching
capacity and channel capacity to establish connection.

logixfirm
Circuit switching is inefficient

1. Channel capacity dedicated for duration of connection
2. If no data, capacity wasted
Set up (connection) takes time
Once connected, transfer is transparent to the users
1. Data is transmitted at a fixed data rate with no delay (except for the propagation delay)
Developed for voice traffic (phone)
1. May also be used for data traffic via modem
Interconnection of telephones within a building or office.
In circuit switching, a direct physical connection between two devices is created by space- division
switches, time-division switches, or both OR Circuit switching use any of below two technologies:
Space Division Switching
Developed for analog environment.
In a space-division switch, the path from one device to another is spatially separate from other paths.
A crossbar is the most common space-division switch. It connects n inputs to m outputs via n × m cross
points.
Crossbar switch.
Time Division Switching
In a time-division switch, the inputs are divided in time, using TDM. A control unit sends the input to
the correct output device.
Use digital time division techniques to set up and maintain virtual circuits.

logixfirm
Packet Switching
Packet switching was designed to provide a more efficient facility than circuit-switching for bursty
data traffic.
With packet switching, a station transmits data in small blocks, called packets.
At each node packets are received, stored briefly (buffered) and passed on to the next node.
1. Store and forward mechanism
Each packet contains some portion of the user data plus control info needed for proper
functioning of the network.
A key element of packet-switching networks is whether the internal operation is datagram or virtual
circuit (VC).
1. With internal VCs, a route is defined between two endpoints and all packets for that VC follow
the same route.
2. With internal diagrams, each packet is treated independently, and packets intended for the same
destination may follow different routes.
Examples of packet switching networks are X.25, Frame Relay, ATM and IP.
Station breaks long message into packets. Packets sent one at a time to the network.
Packets handled in two ways:
1. Datagram
▪ Each packet treated independently
▪ Packets can take any practical route
▪ Packets may arrive out of order
▪ Packets may go missing
▪ Up to receiver to re-order packets and recover from missing packets
2. Virtual Circuit
▪ Preplanned route established before any packets sent.
▪ Once route is established, all the packets between the two communicating parties
follow the same route through the network
▪ Call request and call accept packets establish connection (handshake)
▪ Each packet contains a Virtual Circuit Identifier (VCI) instead of destination
address
▪ No routing decisions required for each packet

logixfirm
▪ Clear request to drop circuit

▪ Not a dedicated path
Message Switching
This technique was somewhere in middle of circuit switching and packet switching.
In message switching, the whole message is treated as a data unit and is transferred in its entirety.
A switch working on message switching, first receives the whole message and buffers it until there are
resources available to transfer it to the next hop.
If the next hop is not having enough resource to accommodate large size message, the message is stored
and switch waits.
Networking terms: DNS, URL, client server architecture, TCP/IP, FTP, HTTP, HTTPS, SMTP,
Telnet OSI and TCP/IP
• Connection: In networking, a connection refers to pieces of related information that are transfered through a
network. This generally infers that a connection is built before the data transfer (by following the procedures laid
out in a protocol) and then is deconstructed at the at the end of the data transfer.
• Packet: A packet is, generally speaking, the most basic unit that is transfered over a network. When
communicating over a network, packets are the envelopes that carry your data (in pieces) from one end point to
the other.
Network Interface: A network interface can refer to any kind of software interface to networking hardware. For instance,
if you have two network cards in your computer, you can control and configure each network interface associated with
them individually.
• Port: A port is an address on a single machine that can be tied to a specific piece of software. It is not a physical
interface or location, but it allows your server to be able to communicate using more than one application.
• Firewall: A firewall is a program that decides whether traffic coming into a server or going out should be
allowed. A firewall usually works by creating rules for which type of traffic is acceptable on which ports.
Generally, firewalls block ports that are not used by a specific application on a server.
• NAT: NAT stands for network address translation. It is a way to translate requests that are incoming into a routing
server to the relevant devices or servers that it knows about in the LAN. This is usually implemented in physical
LANs as a way to route requests through one IP address to the necessary backend servers.
• VPN: VPN stands for virtual private network. It is a means of connecting separate LANs through the internet,
while maintaining privacy. This is used as a means of connecting remote systems as if they were on a local
network, often for security reasons.
OSI Model
Historically, one method of talking about the different layers of network communication is the OSI model. OSI stands for
Open Systems Interconnect.
TCP/IP Model
The TCP/IP model, more commonly known as the Internet protocol suite, is another layering model that is simpler and has
been widely adopted. It defines the four separate layers, some of which overlap with the OSI model:
Media Access Control

Media access control is a communications protocol that is used to distinguish specific devices. Each device is supposed to
get a unique MAC address during the manufacturing process that differentiates it from every other device on the internet.
Addressing hardware by the MAC address allows you to reference a device by a unique value even when the software on
top may change the name for that specific device during operation.

logixfirm
Media access control is one of the only protocols from the link layer that you are likely to interact with on a regular basis.
IP
The IP protocol is one of the fundamental protocols that allow the internet to work. IP addresses are unique on each
network and they allow machines to address each other across a network. It is implemented on the internet layer in the
IP/TCP model.
Networks can be linked together, but traffic must be routed when crossing network boundaries. This protocol assumes an
unreliable network and multiple paths to the same destination that it can dynamically change between.
There are a number of different implementations of the protocol. The most common implementation today is IPv4,
although IPv6 is growing in popularity as an alternative due to the scarcity of IPv4 addresses available and improvements
in the protocols capabilities.
ICMP
ICMP stands for internet control message protocol. It is used to send messages between devices to indicate the availability
or error conditions. These packets are used in a variety of network diagnostic tools, such as ping and traceroute.
Usually ICMP packets are transmitted when a packet of a different kind meets some kind of a problem. Basically, they are
used as a feedback mechanism for network communications.
TCP
TCP stands for transmission control protocol. It is implemented in the transport layer of the IP/TCP model and is used to
establish reliable connections.
TCP is one of the protocols that encapsulates data into packets. It then transfers these to the remote end of the connection
using the methods available on the lower layers. On the other end, it can check for errors, request certain pieces to be
resent, and reassemble the information into one logical piece to send to the application layer.
The protocol builds up a connection prior to data transfer using a system called a three-way handshake. This is a way for
the two ends of the communication to acknowledge the request and agree upon a method of ensuring data reliability.
After the data has been sent, the connection is torn down using a similar four-way handshake.
TCP is the protocol of choice for many of the most popular uses for the internet, including WWW, FTP, SSH, and email.
It is safe to say that the internet we know today would not be here without TCP.
UDP
UDP stands for user datagram protocol. It is a popular companion protocol to TCP and is also implemented in the
transport layer.
The fundamental difference between UDP and TCP is that UDP offers unreliable data transfer. It does not verify that data
has been received on the other end of the connection. This might sound like a bad thing, and for many purposes, it is.
However, it is also extremely important for some functions.
Because it is not required to wait for confirmation that the data was received and forced to resend data, UDP is much faster
than TCP. It does not establish a connection with the remote host, it simply fires off the data to that host and doesn’t care if
it is accepted or not.
Because it is a simple transaction, it is useful for simple communications like querying for network resources. It also
doesn’t maintain a state, which makes it great for transmitting data from one machine to many real-time clients. This
makes it ideal for VOIP, games, and other applications that cannot afford delays.

logixfirm
HTTP
HTTP stands for hypertext transfer protocol. It is a protocol defined in the application layer that forms the basis for
communication on the web.
HTTP defines a number of functions that tell the remote system what you are requesting. For instance, GET, POST, and
DELETE all interact with the requested data in a different way.
FTP
FTP stands for file transfer protocol. It is also in the application layer and provides a way of transferring complete files
from one host to another.
It is inherently insecure, so it is not recommended for any externally facing network unless it is implemented as a public,
download-only resource.
DNS
DNS stands for domain name system. It is an application layer protocol used to provide a human-friendly naming
mechanism for internet resources. It is what ties a domain name to an IP address and allows you to access sites by name in
your browser.
SSH
SSH stands for secure shell. It is an encrypted protocol implemented in the application layer that can be used to
communicate with a remote server in a secure way. Many additional technologies are built around this protocol because of
its end-to-end encryption and ubiquity.
There are many other protocols that we haven’t covered that are equally important. However, this should give you a good
overview of some of the fundamental technologies that make the internet and networking possible.
HTTPS:- Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure
communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted
using Transport Layer Security (TLS) or, formerly, its predecessor, Secure Sockets Layer (SSL). The protocol is therefore also often referred to
as HTTP over TLS, or HTTP over SSL.
SMTP:- Simple Mail Transfer Protocol (SMTP) is the standard protocol for email services on a TCP/IP
network. SMTP provides the ability to send and receive email messages. SMTP is an application-layer protocol that
enables the transmission and delivery of email over the Internet.
Telnet
Telnet is a client-server protocol, based on a reliable connection-oriented transport. Typically,

this protocol is used to establish a connection to Transmission Control Protocol (TCP) port number 23,
where a Telnet server application (telneted) is listening.
Protocols layers and their service model

OSI Layer Architecture
OSI model is based on a proposal developed by the International Standards Organization (ISO) as a first
steptoward international standardization ofthe protocols used in thevarious layers.
It was revised in 1995.
The model is called the OSI (Open Systems Interconnection) Reference Model because it deals with
connecting open systems—that is, systems that are open for communication with other systems.
The OSI model has seven layers.
1. Physical Layer
2. Data Link Layer
3. Network Layer

logixfirm
4. Transport Layer
5. Session Layer
6. Presentation Layer
7. Application Layer
Physical Layer
The physical layer, the lowest layer of the OSI model, is concerned with the transmission and reception
of the unstructured raw bit stream over a physical medium.
It describes the electrical/optical, mechanical, and functional interfaces to the physical medium, and carries
the signals for all of the higher layers. It provides:
Data encoding: modifies the simple digital signal pattern (1s and 0s) used by the PC to better
accommodate the characteristics of the physical medium, and to aid in bit and frame
synchronization.
Transmission technique: determines whether the encoded bits will be transmitted by baseband (digital) or
broadband (analog) signalling.
Physical medium transmission: transmits bits as electrical or optical signals appropriate for the physical
medium.
Data link Layer

The data link layer provides error-free transfer of data frames from one node to another over the physical
layer, allowing layers above it to assume virtually error-free transmission over the link.
To do this, the data link layer provides:
Link establishment and termination: establishes and terminates the logical link between two nodes.
Frame traffic control: tells the transmitting node to "back-off" (stop) when no frame buffers are available.
Frame sequencing: transmits/receives frames sequentially.
Frame acknowledgment: provides/expects frame acknowledgments. Detects and recovers from errors that

logixfirm
occur in the physical layer by retransmitting non-acknowledged frames and handling duplicate frame
receipt.
Frame delimiting: creates and recognizes frame boundaries.
Frame error checking: checks received frames for integrity.
Media access management: determines when the node "has the right" to use the physical medium.
Network Layer
The network layer controls the operation of the subnet, deciding which physical path the data should
take based on network conditions, priority of service, and other factors.
To do this, the data link layer provides:
Routing: routes frames among networks.
Subnet traffic control: routers (network layer intermediate systems) can instruct a sending station to
"throttle back" its frame transmission when the router's buffer fills up.
Frame fragmentation: if it determines that a downstream router's maximum transmission unit (MTU)
size is less than the frame size, a router can fragment a frame for transmission and re- assembly at the
destination station.
Logical-physical address mapping: translates logical addresses or names, into physical addresses.
Subnet usage accounting: has accounting functions to keep track of frames forwarded by subnet
intermediate systems, to produce billing information.
Transport Layer
The transport layer ensures that messages are delivered error-free, in sequence, and with no losses or
duplications. It relieves (release) the higher layer protocols from any concern with the transfer of data
between them and their peers.
The size and complexity of a transport protocol depends on the type of service it can get from the network
layer. For a reliable network layer with virtual circuit capability, a minimal transport layer is required. If
the network layer is unreliable and/or only supports datagrams, the transport protocol should
include extensive error detection and recovery.
The transport layer provides:
Message segmentation: accepts a message from the (session) layer above it, splits the message into
smaller units (if not already small enough), and passes the smaller units down to the network layer.
The transport layer at the destination station reassembles the message.
Message acknowledgment: provides reliable end-to-end message delivery with acknowledgments
Message traffic control: tells the transmitting station to "back-off" when no message buffers are available.
Typically, the transport layer can accept relatively large messages, but there are strict message size limits
imposed by the network (or lower) layer. Consequently, the transport layer must break up the
messages into smaller units, or frames, prepending a header to each frame.
The transport layer header information must then include control information, such as message start and
message end flags, to enable the transport layer on the other end to recognize message boundaries.
In addition, if the lower layers do not maintain sequence, the transport header must contain sequence
information to enable the transport layer on the receiving end to get the pieces back together in the right
order before handing the received message up to the layer above.
Session Layer
The session layer allows session establishment between processes running on different stations. It
provides:
Session establishment, maintenance and termination: allows two application processes on different
machines to establish, use and terminate a connection, called a session.
Session support: performs the functions that allow these processes to communicate over the network,
performing security, name recognition, logging, and so on.
Presentation Layer
The presentation layer formats the data to be presented to the application layer. It can be viewed as the

logixfirm
translator for the network. This layer may translate data from a format used by the application layer into a
common format at the sending station, then translate the common format to a format known to the
application layer at the receiving station.
The presentation layer provides:
Character code translation: for example, ASCII to EBCDIC.
Data conversion: bit order, CR-CR/LF, integer-floating point, and so on.
Data compression: reduces the number of bits that need to be transmitted on the network.
Data encryption: encrypt data for security purposes. For example, password encryption.
Application Layer
The application layer serves as the window for users and application processes to access network
services.
This layer contains a variety of commonly needed functions:
1. Resource sharing and device redirection
2. Remote file access
3. Remote printer access
4. Inter-process communication
5. Network management
6. Directory services
7. Electronic messaging (such as mail)
8. Network virtual terminals
TCP/IP Reference Model (Internet Protocol Stack layers)

Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite is the engine for the Internet
and networks worldwide.
TCP/IP either combines several OSI layers into a single layer, or does not use certain layers at all.
TCP/IP is a set of protocols developed to allow cooperating computers to share resources across the
network.
The TCP/IP model has five layers.
1. Application Layer
2. Transport Layer
3. Internet Layer
4. Data Link Layer
5. Physical Network

logixfirm
Figure 16: TCP/IP Reference Model
As we can see from the above figure, presentation and session layers are not there in TCP/IP model.
Also note that the Network Access Layer in TCP/IP model combines the functions of Data link Layer and
Physical Layer.
Application Layer
Application layer is the top most layer of four layer TCP/IP model.
Application layer is present on the top of the Transport layer.
Application layer defines TCP/IP application protocols and how host programs interface with
Transport layer services to use the network.
Application layer includes all the higher-level protocols like DNS (Domain Naming System), HTTP
(Hypertext Transfer Protocol), Telnet, SSH, FTP (File Transfer Protocol), TFTP (Trivial File Transfer
Protocol), SNMP (Simple Network Management Protocol), SMTP (Simple Mail Transfer Protocol),
DHCP (Dynamic Host Configuration Protocol), X Windows, RDP (Remote Desktop Protocol) etc.
Transport Layer
The purpose of Transport layer is to permit devices on the source and destination hosts to carry on a
conversation.
Transport layer defines the level of service and status of the connection used when transporting data.
The transport layer provides the end-to-end data transfer by delivering data from an application to its
remote peer.
The most-used transport layer protocol is the Transmission Control Protocol (TCP), which
provides:
1.Reliable delivery data
2. Duplicate data suppression
3. Congestion control
4. Flow control
Another transport layer protocol is the User Datagram Protocol (UDP), which provides:

logixfirm
Connectionless
Unreliable
Best-effort service
•UDP is used by applications that need a fast transport mechanism and can tolerate the loss of some
data.
Network Layer (Internet Layer)

The internet layer also called the network layer.
Internet layer pack data into data packets known as IP datagrams, which contain source and
destination address (logical address or IP address) information that is used to forward the datagrams
between hosts and across networks.
The Internet layer is also responsible for routing of IP datagrams.
Internet Protocol (IP) is the most important protocol in this layer.
It is a connectionless protocol that does not assume reliability from lower layers. IP does not provide
reliability, flow control or error recovery.
IP provides a routing function that attempts to deliver transmitted messages to their destination.
These message units in an IP network are called an IP datagram.
Example: IP, ICMP, IGMP, ARP, and RARP.
Network Interface Layer (Network Access Layer)
Network Access Layer defines details of how data is physically sent through the network,
including how bits are electrically or optically signalled by hardware devices that interface directly
with a network medium, such as coaxial cable, optical fiber, or twisted pair copper wire.
The protocols included in Network Access Layer are Ethernet, Token Ring, FDDI, X.25, Frame Relay
etc.
TCP/IP (Transmission Control Protocol/

OSI(Open System Interconnection)
Internet Protocol)
OSI provides layer functioning and also defines TCP/IP model is more based on protocols and
functions of all the layers. protocols are not flexible with other layers.
In OSI model the transport layer guarantees the In TCP/IP model the transport layer does not
delivery of packets guarantees delivery of packets.
Follows horizontal approach Follows vertical approach.
OSI model has a separate presentation layer TCP/IP doesn’t have a separate presentation layer
OSI is a general model. TCP/IP model cannot be used in any other
application.
Network layer of OSI model provide both The Network layer in TCP/IP model provides
connection oriented and connectionless service. connectionless service.
OSI model has a problem of fitting the protocols in TCP/IP model does not fit any protocol
the model
Protocols are hidden in OSI model and are easily In TCP/IP replacing protocol is not easy.
replaced as the technology changes.
OSI model defines services, interfaces and protocols In TCP/IP it is not clearly separated its services,
very clearly and makes clear distinction interfaces and protocols.
between them.
It has 7 layers It has 4 layers

logixfirm
Networking Devices: Hubs, Switches, Routers, Bridges, Repeaters, Gateways and Modems, ADSL
Hub: A hub, at the most basic level, is a “dumb” device that operates at the Physical layer of the OSI
model. A hub forwards all signals it receives to all connected network devices. Think of a hub as a “drunk”
– when he speaks, he speaks to all around him, even if he really only means to speak with one person.
Types of Hub
• Active Hub:- These are the hubs which have their own power supply and can clean, boost and relay the signal along
with the network. It serves both as a repeater as well as wiring centre. These are used to extend the maximum
distance between nodes.
• Passive Hub :- These are the hubs which collect wiring from nodes and power supply from active hub. These hubs
relay signals onto the network without cleaning and boosting them and can’t be used to extend the distance between
nodes.
Switch: Because the hub is something of a “drunk,” it can be an inefficient (think about the excess traffic
created) and unsecure device. Imagine if you wish to send sensitive credit card information over the
network – do you really want every node to receive your electronic signal? To alleviate this, the switch was
developed. A switch operates at the Data Link layer of the OSI model. It uses the MAC sub-layer to
forward the relevant frames of information only to the intended recipient. Messages can still be broadcast,
but this is only an option and not the normal condition. Unlike the “drunken” hub, the switch can speak
softly to one person at a time or announce to the crowd. The Network+ exam tends to test you on this
difference between a hub and switch, so keep it fresh in your mind.
Types of Bridges
• Transparent Bridges:- These are the bridge in which the stations are completely unaware of the
bridge’s existence i.e. whether or not a bridge is added or deleted from the network, reconfiguration of
the stations is unnecessary. These bridges make use of two processes i.e. bridge forwarding and bridge learning.
• Source Routing Bridges:- In these bridges, routing operation is performed by source station and the frame specifies
which route to follow. The hot can discover frame by sending a special frame called discovery frame, which spreads
through the entire network using all possible paths to destination.
Bridge: A bridge also operates at the Data Link layer (aka Layer 2) and is used to connect two (similar or
dissimilar) physical network segments together, forming a larger inter-network. It can forward packets or
reject them based on their destination (MAC) address. Note: The connected network segments must have
same network ID.
Router: The router operates at the Network layer of the OSI Model and is used to forward packets across
network segments to reach a certain destination address. Do not be confused between a router and a bridge
– a bridge simply forwards packets or frames based on their destination address from one connected
network segment to another. A router can determine where a packet should be sent to given its final
destination (IP address). Usually, routers forward packets to other routers, but sometimes routers also
forward to other pieces of network equipment. A router is usually used to connect a home computer to an
“always-on” Internet connection through the home network. To appreciate what a router really does, run
tracert to your favorite website and see how many steps (hops) are involved in getting from your computer
to the web server in question.
Gateway: A gateway is any device that serves to interface with other networks using dissimilar protocols .
For example, a gateway might interface between a home network and the Internet or between a NetBIOS
network and an IPX/SPX network. A gateway operates in any of the seven OSI layers.

logixfirm
WAP: A Wireless Access Point is a device that allows wireless devices to access and to communicate with
the network. It acts as a bridge between the wired, traditional network and other wireless devices.
Alternatively, it can act as a bridge between wireless devices and another, linked WAP. It typically
operates in the Network layer of the OSI model as a sort of router/bridge/switch combination. Note that
most WAP devices direct traffic by MAC address, making them switched.
NIC: A Network Interface Card is a device that allows a node to connect to the network, typically in the
form of a computer “card” (PCI/ISA), but also in the form of an external (think USB) device. It can either
be wired and connect to a traditional, wired network, or wireless, and connect to a WAP.
Repeater – A repeater operates at the physical layer. Its job is to regenerate the signal over the same
network before the signal becomes too weak or corrupted so as to extend the length to which the signal can
be transmitted over the same network. An important point to be noted about repeaters is that they do not
amplify the signal. When the signal becomes weak, they copy the signal bit by bit and regenerate it at the
original strength. It is a 2 port device.
Modem :-Modem is abbreviation for Modulator – Demodulator. Modems are used for data transfer
from one computer network to another computer network through telephone lines. The computer network
works in digital mode, while analog technology is used for carrying massages across phone lines.
Types of Modems
• Modems can be of several types and they can be categorized in a number of ways.
• Categorization is usually based on the following basic modem features:
1. Directional capacity: half duplex modem and full duplex modem.
2. Connection to the line: 2-wire modem and 4-wire modem.
3. Transmission mode: asynchronous modem and synchronous modem.
Half duplex and full duplex Modems

Half duplex
1. A half duplex modem permits transmission in one direction at a time.
2. If a carrier is detected on the line by the modem, I gives an indication of the incoming carrier to the DTE
through a control signal of its digital interface.
3. As long as they camel' IS being received; the modem does not give permission to the DTE to transmit
data.
Full duplex
• A full duplex modem allows simultaneous transmission in both directions.

logixfirm
• Therefore, there are two carriers on the line, one outgoing and the other incoming. Wire and 4-wire
Modems
• The line interface of the modem can have a 2-wire or a 4-wire connection to transmission medium. 4-wire
Modem
• In a 4-wire connection, one pair of wires is used for the outgoing carrier and the other pair is used for
incoming carrier.
• Full duplex and half duplex modes of data transmission are possible on a 4- wire connection.
• As the physical transmission path for each direction is separate, the same carrier frequency can be used
for both the directions.
2-wire Modem
• 2-wire modems use the same pair of wires for outgoing and incoming carriers.
• A leased 2-wireconrlection is usually cheaper than a 4-wire connection as only one pair of wires is
extended to the subscriber's premises.
• The data connection established through telephone exchange is also a 2-wire connection.
• In 2-wire modems, half duplex mode of transmission that uses the same frequency for the incoming and
outgoing carriers can be easily implemented.
• For full duplex mode of operation, it is necessary to have two transmission channels, one for transmit
direction and the other for receive direction.
• This is achieved by frequency division multiplexing of two different carrier frequencies. These carriers
are placed within the bandwidth of the speech channel.

logixfirm
Asynchronous & Synchronous Modems

Asynchronous Modem
• Asynchronous modems can handle data bytes with start and stop bits.
• There is no separate timing signal or clock between the modem and the DTE.
• The internal timing pulses are synchronized repeatedly to the leading edge of the start pulse .
Synchronous Modem
• Synchronous modems can handle a continuous stream of data bits but requires a clock signal.
• The data bits are always synchronized to the clock signal.
• There are separate clocks for the data bits being transmitted and received.
• For synchronous transmission of data bits, the DTE can use its internal clock and supply the same to the
modem.

logixfirm
Modulation techniques used for Modem:

The basic modulation techniques used by a modem to convert digital data to analog signals are :
• Amplitude shift keying (ASK).
• Frequency shift keying (FSK).
• Phase shift keying (PSK).
• Differential PSK (DPSK).
These techniques are known as the binary continuous wave (CW) modulation.
• Modems are always used in pairs. Any system whether simplex, half duplex or full duplex requires a
modem at the transmitting as well as the receiving end.
• Thus a modem acts as the electronic bridge between two worlds - the world of purely digital signals and
the established analog world.
ADSL:- Asymmetric digital subscriber line (ADSL) is a type of DSL broadband communications
technology used for connecting to the Internet. ADSL allows more data to be sent over existing copper
telephone lines (POTS), when compared to traditional modem lines. A special filter, called a microfilter, is
installed on a subscriber's telephone line to allow both ADSL and regular voice (telephone) services to be
used at the same time.
ADSL requires a special ADSL modem and subscribers must be in close geographical locations to the
provider's central office to receive ADSL service. Typically this distance is within a radius of 2 to 2.5
miles. ADSL supports data rates of from 1.5 to 9 Mbps when receiving data (known as
the downstream rate) and from 16 to 640 Kbps when sending data (known as the upstream rate).

logixfirm
UNIT-II
Ethernet Networking:
Ethernet is the traditional technology for connecting wired local area networks (LANs), enabling devices to
communicate with each other via a protocol -- a set of rules or common network language.
As a data-link layer protocol in the TCP/IP stack, Ethernet describes how network devices can format and
transmit data packets so other devices on the same local or campus area network segment can recognize, receive
and process them. An Ethernet cable is the physical, encased wiring over which the data travels.
Any device accessing a geographically localized network using a cable -- i.e., with a wired rather than wireless
connection -- likely uses Ethernet -- whether in a home, school or office setting. From businesses to gamers,
diverse end users depend on the benefits of Ethernet connectivity, including reliability and security.
Compared to wireless LAN technology, Ethernet is typically less vulnerable to disruptions -- whether from
radio wave interference, physical barriers or bandwidth hogs. It can also offer a greater degree of network

logixfirm
security and control than wireless technology, as devices must connect using physical cabling -- making it
difficult for outsiders to access network data or hijack bandwidth for unsanctioned devices.
How Ethernet works
The Institute of Electrical and Electronics Engineers Inc. (IEEE) specifies in the family of standards
called IEEE 802.3 that the Ethernet protocol touches both Layer 1 -- the physical layer -- and Layer 2 -- the data
link layer -- on the OSI network protocol model. Ethernet defines two units of transmission: packet and frame.
The frame includes not just the payload of data being transmitted, but also:
• the physical media access control (MAC) addresses of both the sender and receiver;
• VLAN tagging and quality of service information; and
• error correction information to detect transmission problems.
Each frame is wrapped in a packet that contains several bytes of information to establish the connection and
mark where the frame starts.
Engineers at Xerox first developed Ethernet in the 1970s. Ethernet initially ran over coaxial cables, while a
typical Ethernet LAN today uses special grades of twisted pair cables or fiber optic cabling. Early Ethernet
connected multiple devices into network segments through hubs -- Layer 1 devices responsible for transporting
network data -- using either a daisy chain or star topology.

logixfirm
Half –Duplex ethernet:- Legacy Ethernet is half-duplex, meaning information can move in only one direction at a
time. In a totally switched network, nodes only communicate with the switch and never directly with each other.
Switched networks also employ either twisted pair or fiber optic cabling, both of which use separate conductors for

logixfirm
sending and receiving data. In this type of environment, Ethernet stations can forgo the collision detection process
and transmit at will, since they are the only potential devices that can access the medium. This allows end stations to
transmit to the switch at the same time that the switch transmits to them, achieving a collision-free environment.
Full-Duplex Ethernet:- Ethernet switching gave rise to another advancement, full-duplex Ethernet. Full-duplex is a
data communications term that refers to the ability to send and receive data at the same time.
Ethernet at the Data Link Layer:-
At the data link layer, Ethernet specifies what the data should look like, including the header and trailer. The protocol is defined
by IEEE 802.3 and actually divides the data link layer into two sublayers: the Logical Link Control (LLC) sublayer and the
Media Access Control (MAC) sublayer.
The MAC Sublayer

802.3 specifies a sublayer within Ethernet called the Ethernet Media Access Control sublayer. This acts as an interface between
the physical layer and the higher-level services of a network interface.
Ethernet Frame vs Ethernet Packet

Technically 802.3 defines both a Media Access Control (MAC) frame and a MAC packet.
An Ethernet MAC frame includes a destination address, source address, length/type, payload plus padding and finally a frame
check sequence (FCS).
An Ethernet MAC Packet encapsulates the MAC frame, adding a preamble and a 'start of frame' delimiter.
Most texts (and engineers) will use ‘frame’ or ‘Ethernet frame’ to refer to the complete ‘Ethernet Packet’ from the preamble to
the FCS. When people refer to a packet, they will almost always be referring to an IP packet at the internet layer.
The most common form of an Ethernet PDU is summarised below.
Ethernet Fields
Ethernet Header
Preamble
Length: 7 bytes (56 bits)
The Ethernet Preamble is a series of alternating ‘1s’ and ‘0s’ which enables a receiver to synchronise with the transmitter.
Start of Frame Delimiter

Length: 1 byte (8 bits)
The start of frame delimiter indicates to the receiver the end of the preamble and therefore the beginning of the other Ethernet
header content.
Destination Address
The MAC address of the intended recipient, or recipients of the frame.
Source Address
The MAC address of the sender.
Type / Length
This field is typically used to indicate the length of the client data / payload being encapsulated. For a basic Ethernet frame, the
maximum length of the client data is 1500 bytes and the minimum is 46 bytes.

logixfirm
Ethernet Payload / Layer 3 Data / Client Data

Payload
Data from a higher layer which is being encapsulated. This is most often an IPv4 or IPv6 packet. To fit in a typical frame, the
maximum length of the packet is 1500 bytes. Therefore, we say that the layer 3 Maximum Transmission Unit (MTU) is 1500
bytes for Ethernet.
Padding
Because the minimum length of a payload is 46 bytes, if the payload is less than that then padding is added.
Ethernet Trailer
Frame Check Sequence (FCS)
The Ethernet FCS is a cyclic redundancy check which allows the recipient to check whether the data has been corrupted.
Ethernet Addresses
Ethernet frames include a source and a destination Media Access Control (MAC) address. Generally, each interface on a
network will have a MAC address – whether it’s a port on a switch, a network interface card (NIC) in a computer or a WiFi chip
in a phone. There are also special addresses for sending frames to multiple recipients.
All MAC addresses are 48 bits (6 bytes) long and are typically represented using hexadecimal (hex) notation. If the first bit of
the destination address is 0, the address is a unicast address which means that it is intended for a single recipient. If the first bit is
1 then the address indicates a group address.
Unicast MAC Addresses

Messages being sent to a single device use a unicast or individual address. It is important that each device on a network has a
unique Ethernet address so that frames get sent to the correct device. To ensure this, all ethernet hardware is assigned a globally
unique MAC address for each interface by the manufacturer.
Consequently, MAC addresses are also called burned in addresses (BIA).
Some operating systems, or software make it possibly to alter the MAC address of a given interface. This can be done for
privacy reasons, network requirements (for example, networking with virtual machines) or for more nefarious purposes.
Unicast addresses are formed of two equal parts: an Organizationally Unique Identifier for the manufacturer and an interface
specific identifier.
Organizationally Unique Identifier (OUI)

Length: 24 bits (3 bytes)
Every vendor of Ethernet equipment should have their own unique OUI which has been assigned by the IEEE.
Vendor Assigned, Interface Specific Identifier

Length: 24 bits (3 bytes)
The vendor is responsible for assigning the last 24 bits which should an identifier unique to that manufacture so that now two
devices have the same address.
Group Addresses
Other MAC addresses may be associated with none or more devices on a network.
Multicast MAC Addresses

Multicast addresses may be used to send messages to a specific group of devices on a network. The details of operation must be
configured at a higher layer. For example, the Cisco Discovery Protocol (CDP) uses multicast addresses.

logixfirm
Broadcast Addresses
The broadcast address is used to send a frame to all devices on the local area network. The broadcast address has all bits set to
‘1’ which is FF:FF:FF:FF:FF:FF in hex.
Ethernet at the Physical Layer:-
Ethernet at the Physical Layer

Ethernet operates at the link layer of TCP. It defines the physical media responsible for carrying data, the format of the data
carried by that media and the hardware addressing between those devices. Therefore, it covers both the data link and physical
layers of the OSI 7 layer model.
Ethernet defines the physical media used to carry data. The Ethernet standards are specified by the IEEE and belong to the 802.3
family of standards. They define physical properties of the cabling (for example whether it’s copper wires or a glass fibre) as
well as data speeds.
Ethernet Standards
Some of the most common Ethernet varieties are summarised below. Mbps indicates a speed in megabits per second and Gbps
indicates a speed in Gigabits per second. The term ‘BASE’ means that baseband signalling is used – the signal transmitted uses
the full bandwidth of the media.
10BASE-T
Friendly Name: Ethernet
IEEE Standard: 802.3
Speed: 10 Mbps
Material: Copper
Maximum length: 100m
100BASE-TX
Friendly Name: Fast Ethernet
IEEE Standard: 802.3u
Speed: 100Mbps
Material: Copper
1000BASE-T
Friendly Name: Gigabit Ethernet
IEEE Standard: 802.3ab
Speed: 1 Gbps
Material: Copper

logixfirm
1000BASE-X
Friendly Name: Gigabit Ethernet
IEEE Standard: 802.3z
Speed: 1 Gbps
Material: Fibre
Maximum length: depends on fibre properties: 1000BASE-SX approx. 200m to 500m and 1000BASE-LX up to 5km
10GBASE-T
Friendly Name: 10 Gig Ethernet
IEEE Standard: 802.3an
Speed: 10Gbps
Material: Copper
Unshielded Twisted Pair (UTP) Cable

UTP is a common and inexpensive choice for ethernet cabling. It is generally capable of transmitting data up to 100m. Data is
sent as ‘1s’ and ‘0s’ using electrical signals transmitted along pairs of wires which each create an electrical circuit. One wire
carries the signal in one direction and the other carries it back.
Each pair of wires is twisted together so that any electromagnetic interference (EMI) is cancelled out. This interference could be
‘crosstalk’ from the other wires which make up the table.
Most modern Ethernet cables have 8 wires – 4 pairs and are terminated with RJ-45 connectors.
Shielded Twisted Pair (STP) Cable

Twisted-pair cables can also be shielded to prevent EMI. Shielding can be applied to each pair of wires, to the whole cable (not
the individual pairs) or to both the pairs and the whole cable.
Ethernet Standards vs Cable Categories

Ethernet standards (the 802.3 family) are specified by the IEEE and define the physical and datalink layers from the interface of
one device to another. For example, on a 1000BASE-T link, the interface of the computer/device and switch as well as the
cabling used in between must adhere to the 1000BASE-T standard. Ethernet cabling is typically sold under a category system
defined by the Telecommunications Industry Association (TIA). The category defines the physical properties of the cable and
will support multiple Ethernet standards (e.g. 10BASE-T, 100BASE-TX and 1000BASE-T). Cables belonging to these
categories are commonly but not exclusively used for Ethernet data.
Cat 5 Ethernet Cable

Supported Ethernet Standards: 10BASE-T, 100BASE-TX, 1000BASE-T (although 5e is recommended for 1000BASE-T)
Maximum Speed: 1000 Mbps (under good conditions)
Maximum Bandwidth: 100 MHz
Cable type: UTP
Cat 5e Ethernet Cable

Offers improved mitigation of crosstalk compared to Cat 5 cable.

logixfirm
Supported Ethernet Standards: 10BASE-T, 100BASE-TX, 1000BASE-T

Maximum Speed: 1000 Mbps
Cable type: UTP
Cat 6 Ethernet Cable

Supported Ethernet Standards: 10BASE-T, 100BASE-TX, 1000BASE-T, 10GBASE-T
Maximum Speed: 10 Gbps
Cable type: UTP / STP
Cat 6a Ethernet Cable

Offers improved crosstalk and interference performance than Cat 6.
Supported Ethernet Standards: 10BASE-T, 100BASE-TX, 1000BASE-T, 10GBASE-T
Maximum Speed: 10 Gbps
Cable type: STP
Fibre Optic Cables

Fibre optic cabling uses a fine fibre core made of glass or plastic to carry ‘1s’ and ‘0s’ as light. The network devices on either
end will transmit the data using an LED or a laser and receive it using a photodetector. Fibre optic cables can generally support
higher data speeds than copper.
The fibre optic core is surrounded by cladding in order to create the correct refractive properties for sending light along the fibre.
To protect the fibre, a ‘buffer’ surrounds the cladding to prevent damage to the delicate materials. Finally an additional plastic
‘jacket’ may be added.
There are two principal types of fibre optic cable: single-mode and multi-mode.
Single-Mode Fibre
• Very small core diameter
• Carries a single mode of light
• More expensive
• Can carry data over longer distances
Multi-Mode Fibre
• Larger core diameter
• Carries multiple modes of light
• Less expensive
• Can only be used for shorter distances
Switching Technologies:-

logixfirm
switched communication networks are those in which data transferred from source to destination is routed
between various intermediate nodes. Switching is the technique by which nodes control or switch data to
transmit it between specific points on a network. There are 3 common switching techniques:
1. Circuit Switching
2. Packet Switching
3. Message Switching
Message Switching –
Message switching was a technique developed as an alternate to circuit switching, before packet switching
was introduced. In message switching, end users communicate by sending and receiving messages that
included the entire data to be shared. Messages are the smallest individual unit.
Also, the sender and receiver are not directly connected. There are a number of intermediate nodes transfer
data and ensure that the message reaches its destination. Message switched data networks are hence called
hop-by-hop systems.
They provide 2 distinct and important characteristics:
1. Store and forward – The intermediate nodes have the responsibility of transferring the entire
message to the next node. Hence, each node must have storage capacity. A message will only be
delivered if the next hop and the link connecting it are both available, otherwise it’ll be stored
indefinitely. A store-and-forward switch forwards a message only if sufficient resources are available
and the next hop is accepting data. This is called the store-and-forward property.
2. Message delivery – This implies wrapping the entire information in a single message and transferring
it from the source to the destination node. Each message must have a header that contains the message
routing information, including the source and destination.
Message switching network consists of transmission links (channels), store-and-forward switch nodes and
end stations as shown in the following picture:
Characteristics of message switching –

Message switching is advantageous as it enables efficient usage of network resources. Also, because of the
store-and-forward capability of intermediary nodes, traffic can be efficiently regulated and controlled.

logixfirm
Message delivery as one unit, rather than in pieces, is another benefit.
However, message switching has certain disadvantages as well. Since messages are stored indefinitely at
each intermediate node, switches require large storage capacity. Also, these are pretty slow. This is because
at each node, first there us wait till the entire message is received, then it must be stored and transmitted
after processing the next node and links to it depending on availability and channel traffic. Hence, message
switching cannot be used for real time or interactive applications like video conference.
Applications –
The store-and-forward method was implemented in telegraph message switching centres. Today, although
many major networks and systems are packet-switched or circuit switched networks, their delivery
processes can be based on message switching. For example, in most electronic mail systems the delivery
process is based on message switching, while the network is in fact either circuit-switched or packet-
switched.
layer-2 switching:-
Layer 2 switching (or Data Link layer switching) is the process of using devices’ MAC addresses on a LAN to segment
a network. Switches and bridges are used for Layer 2 switching. They break up one large collision domain into multiple
smaller ones.
In a typical LAN, all hosts are connected to one central device. In the past, the device was usually a hub. But hubs had
many disadvantages, such as not being aware of traffic that passes through them, creating one large collision domain, etc.
To overcome some of the problems with hubs, the bridges were created. They were better than hubs because they created
multiple collision domains, but they had limited number of ports. Finally, switches were created and are still widely used
today. Switches have more ports than bridges, can inspect incoming traffic and make forwarding decisions accordingly.
Each port on a switch is a separate collision domain.
Here is an example of the typical LAN network used today – the switch serves as a central device that connects all devices
together:

logixfirm
Differences between hubs and switches

To better understand the concept of packet switching based on the hardware address of a device, you need to understand
how switches differ from hubs.
First, consider the example of a LAN, with all hosts connecting to a hub:
As mentioned previously, hubs create only one collision domain, so the chance for a collision to occur is high. The hub
depicted above simply repeats the signal it receives out all ports, except the one from which the signal was received, so no
packet filtering takes place. Imagine if you had 20 hosts connected to a hub, a packet would be sent to 19 hosts, instead of
just one! This can also cause security problems, because an attacker can capture all traffic on the network.
Now consider the way the switches work. We have the same topology as above, only this we are using a switch instead of
a hub.

logixfirm
Switches increase the number of collision domains. Each port is one collision domain, which means that the chances for
collisions to occur are minimal. A switch learns which device is connected to which port and forwards a frame based on
the destination MAC address included in the frame. This reduces traffic on the LAN and enhances security.
How switches work

Each network card has a unique identifier called a Media Access Control (MAC) address. This address is used in LANs
for communication between devices on the same network segment. Devices that want to communicate need to know each
other MAC address before sending out packets. They use a process called ARP (Address Resolution Protocol) to find
out the MAC address of another device. When the hardware address of the destination host is known, the sending host has
all the required information to communicate with the remote host.
To better understand the concept of ARP, let’s take a look at the following example:
Let’s say that host A wants to communicate with host B for the first time. Host A knows the IP address of host B, but since
this is the first time the two hosts communicate, the hardware (MAC) addresses are not known. Host A uses the ARP
process to find out the MAC address of host B. The switch forwards the ARP request out all ports except the port the host
A is connected to. Host B receives the ARP request and responds with its MAC address. Host B also learns the MAC
address of host A (because host A sent its MAC address in the ARP request). The switch learns which MAC addresses are
associated with which port. For example, because host B responded with the ARP reply that included its MAC address, the
switch knows the MAC address of host B and stores that address in its MAC address table. The same is with host A, the

logixfirm
switch knows the MAC address of the host A because of the ARP request.
Now, when host A sends a packet to host B, the switch looks up in its MAC address table and forwards the frame only out
Fa0/1 port, the port on which host B is connected. Other hosts on the network will not be involved in the communication:
You can display the MAC address table of the switch by using the show mac-address-table command:
Layer 2 switches are much faster than routers because they don’t take up time looking at the Network layer
header information. Instead, they look at the frame’s hardware addresses to decide whether to forward,
flood, or drop the frame. Here are the major advantages of Layer 2 switching:
• Hardware-based bridging (using ASICs)

• Wire speed
• Low latency
• Low cost
Switches usually perform these three functions:
• Address learning – switches learn MAC addresses by examining the source MAC address of each frame
received by the switch.
• Forward/filter decisions – switches decide whether to forward or filter a frame, based on the destination
MAC address.

logixfirm
• Loop avoidance – switches use Spanning Tree Protocol (STP) to prevent network loops while still
permitting redundancy.
address learning in layer-2 switches:-

Basic Layer 2 Switching (Bridging) Functions
Ethernet switching operates at OSI Layer 2, creating dedicated network segments and interconnecting segments. Layer 2 switches have three main
functions:
MAC address learning-A Layer 2 switch learns the MAC addresses of devices
attached to each of its ports. The addresses are stored in a bridge forwarding
database.
Forwarding and filtering-Switches determine which port a frame must be sent
out to reach its destination. If the address is known, the frame is sent only on that
port; if the address is unknown, the frame is flooded to all ports except the one
from which it originated.
Loop avoidance-When the switched network has redundant loops, the switch can
prevent duplicate frames from traveling over multiple paths.
Bridging and Switching Comparison
Frame Transmission Modes
There are three primary frame-switching modes:

Cut-through-The switch checks the destination address and immediately begins
forwarding the frame. This can decrease latency.
Store and forward-The switch waits to receive the entire frame before
forwarding. The entire frame is read, and a cyclic redundancy check (CRC) is
performed. If the CRC is bad, the frame is discarded. Latency increases as a
function of frame length.
Fragment-free (modified cut-through)-The switch reads the first 64 bytes before
forwarding the frame. 64 bytes is the minimum number of bytes necessary to
detect and filter out collision frames. This is the default mode for Catalyst 1900.
How Switches Learn Addresses
A switch uses its bridge forwarding table (called a MAC table in Catalyst) address table when forwarding frames to devices. With an empty bridge
forwarding table, the switch must flood frames to all ports other than the one it arrived on. This is the least-efficient way to transmit data. Initially, the
switch MAC address table is empty. Then Station A with the MAC address sends a frame to station C. When the switch receives this frame, it does the
following:
Because the MAC table is empty, the switch must flood the frame to all other
ports (except E0, the frame origin).
The switch notes the source address of the originating device and associates it
with port E0 in its MAC address table entry. Note that the table uses the source
address to populate the table, not the destination address.
The switch continues to learn addresses in this manner, continually updating the table. As the MAC table becomes more complete, the switching
becomes more efficient, because frames are filtered to specific ports rather than being flooded out all ports.

logixfirm
Broadcast and Multicast Frames

Broadcast and multicast frames are flooded to all ports other than the originating port. Broadcast and multicast addresses never appear as a frame’s
source address, so the switch does not learn these addresses.
Basic Layer 2 Switching (Bridging) Functions Summary

Ethernet switches are Layer 2 devices that increase a network’s available
bandwidth by creating separate network segments.
Switches have three modes of frame transmission:
Cut-through-Only the destination address is checked before the frame is
forwarded.
Store and forward-The entire frame is checked before being forwarded.
Fragment-free-Only the first 64 bytes are checked before forwarding.
Switches learn, store, and use MAC addresses to determine where a frame should
be transmitted.
A frame is forwarded to a specific port only when the destination address is
known. Otherwise, it is flooded out all ports other than the one it was received on.
Redundant Topology Overview
A redundant topology has multiple connections to switches or other devices. Redundancy ensures that a single point of failure will not cause the entire
switched network to fail. However, redundancy can cause problems in a network, including broadcast storms, multiple copies of frames, and MAC
address table instability.
Broadcast Storms
The flooding of broadcast frames can cause a broadcast storm (indefinite flooding of frames) unless there is a mechanism in place to prevent it.
An example of a broadcast storm is shown in the figure and is described here:
1Host X sends a broadcast frame, which is received by switch A.
2Switch A checks the destination and floods it to the bottom Ethernet link, segment 2.
3Switch B receives the frame on the bottom port and transmits a copy to the top
segment.

logixfirm
4. Because the original frame arrives at switch B through the top segment, switch B
transmits the frame a second time. The frame now travels continuously in both
directions.
Multiple Frame Transmissions

Most protocols cannot correctly handle duplicate transmissions. Protocols that use sequence numbering assume that the sequence has recycled. Other
protocols process the duplicate frame with unpredictable results. Multiple frame transmissions occur as follows:
1Host X sends a frame to Router Y. One copy is received over the direct Ethernet
connection, segment 1. Switch A also receives a copy.
2Switch A checks the destination address. If the switch does not find an entry in the
MAC address table for Router Y, it floods the frame on all ports except the
originating port.
3Switch B receives the frame on segment
4Switch B then forwards the frame to segment 1.
Note: Router Y has now received two copies of the same frame.
Database Instability
Database instability occurs when a switch receives the same frame on different ports. The following example shows how this occurs:
1Host X sends a frame to Router Y. When the frame arrives at switch A and switch
B, they both learn the MAC address for host X and associate it with 0.
2The frame is flooded out port 1 of each switch (assuming that Router Y’s address is
unknown).
3Switch A and switch B receive the frame on port 1 and incorrectly associate host
X’s MAC address with that port.
4This process repeats indefinitely.

logixfirm
Multiple Loops
Multiple loops can occur in large switched networks. When multiple loops are present, a broadcast storm clogs the network with useless traffic. Packet
switching is adversely affected in this case and might not work at all. Layer 2 cannot prevent or correct broadcast storms.
Redundant Topology Summary

A broadcast storm occurs when broadcast messages propagate endlessly
throughout a switched network.
Multiple transmissions of the same message cause errors in most protocols.
A switch’s MAC address table becomes unstable when the switch receives the
same frame on different ports.
Layer 2 devices cannot recognize or correct looping traffic without help.
Network loop problems in layer-2 switched networks
Layer 2 Switching Loop

A switching loop occurs when more than one link exists between the source and destination devices. As explained above,
a switch always floods three types of frames; unknown unicast, multicast and broadcast.
If a switch receives any frame of these types, it will forwards that frame from all of its ports except the port on which the
frame arrived. If the switching loop exists, the forwarded frame will be switched in the network endlessly.
Let’s extend the above example. Suppose, PC0 sends a broadcast frame. Switch S1 receives this frame. Since this is a
broadcast frame, it forwards this frame from all remaining ports except the incoming port. Other switches also follow the

logixfirm
same concept. Since a loop exists between switches, the forwarded frame keeps switching between the switches endlessly.
The following image shows this situation.
Endless Cycle One

PC0 => S1 => S2 => S3 => S6 => (Server and) S5 => S4 => S1 => (PC0 and) S2 => S3 .......
Endless Cycle Two

PC0 => S1 => S4 => S5 => S6 => (Server and) S3 => S2 => S1 => (PC0 and) S4 => S5 .......
This way, a looped frame can run in the loop for a long time (hours, days, literally forever if the switches and links never
failed).
Disadvantages or side effects of the loop
When a frame loops around the network indefinitely, it is known as the broadcast storm. A broadcast storm can saturate
all bandwidth of the network by creating and forwarding the multiple copies of the same frame. It also significantly
decreases the performance of the end devices by forcing them to process duplicate copies of the same frame.
Besides this, a looping frame also makes the CAM table unstable. As explained above, when a switch receives a frame, it
checks the source address field of the frame and associates the interface or port on which the frame arrived with the MAC
address that it finds in the source address field of the frame.
If a loop exists in the network, a switch can receive the looped frame from multiple interfaces. Each time, the switch
receives the looped frame from the different interface, it assumes that the device has been moved and updates the CAM
table entry.
The following image shows how the switch S0 updates the entry of MAC address 1111.1111.1111.

logixfirm
In nutshell, a layer 2 switching loop creates three major problems; broadcast storm, duplicate frames, and unstable CAM
table. If a loop exists, a single looped frame is sufficient to decrease the performance of the entire network by consuming
the bandwidth and CPU power of the affected devices
Spanning-Tree Protocol:-
What is the STP?

STP is a protocol. It actively monitors all links of the network. To finds a redundant link, it uses an algorithm, known as
the STA (spanning-tree algorithm). The STA algorithm first creates a topology database then it finds and disables the
redundant links. Once redundant links are disabled, only the STP-chosen links remain active. If a new link is added or an
existing link is removed, the STP re-runs the STA algorithm and re-adjusts all links to reflect the change.
The below section explains how all it happens and what terminology and components the STP uses in its operation.
BPDUs
BPDUs (Bridge Protocol Data Unit) are multicast frames which switches use to share information about themselves and
their connections. Besides sharing information, switches also use BPDUs to learn the network topology, to learn which
switch is connected with which switches, and to learn whether any layer 2 switching loop exists in the learned topology or
not.
Root Bridge
A Root Bridge is the starting point of the STP network topology. To elect a Root Bridge from all switches of the network,
STP uses two parameters; a variable known as bridge priority and the MAC addresses of participating switches. A switch
that has the lowest bridge priority value, is elected as the root bridge. If the bridge priority value is the same in all
switches, the switch which has the lowest MAC address is elected as the Root Bridge.
By default, the bridge priority value is set to 32768 in all Cisco switches. Unless you change this value, a switch that has
the lowest MAC address is elected as the Root Bridge. If you want a specific switch to be elected as the Root Bridge, you
can set the bridge priority value of that switch to less than 32768.
The selection process of the Root Bridge happens each time when a network change occurs like a new switch is added in
the network topology, or an existing switch is removed or the current Root Bridge is failed. If other switches of the
network do not receive BPDUs from the Root Bridge within 20 seconds, they assume that the Root Bridge has failed. If
the current Root Bridge fails, remaining switches automatically start the election process to choose a new Root Bridge
again.
Non-Root Bridge
Except the Root Bridge, all remaining switches of the network are considered as the Non-Root Bridges. Non-Root Bridges

logixfirm
receive updates from the Root Bridge and update their STP databases relatively.
Port Cost
Based on the connected media link, STP assigns a value to each port of the network. This value is known as the port cost
value. STP uses this value to choose the single best path when multiple links are available between two switches. It selects
the port which has the lowest port cost value.
There are two sets of the port cost value. The following table lists both.
Bandwidth Old Cost Value New Cost Value
10 Gbps 1 2
1 Gbps 1 4
100 Mbps 10 19
10 Mbps 100 100
Some old series switches, like the Catalyst 1900, use the old cost value. Cisco has already discontinued these old series
switches. New series switches, like the 2960, use the new cost value. In the port selection process, the lower cost value is
always preferred over the higher cost value. For example, if two ports; F0 and F1 have cost value 2 and 4 respectively. The
port F0 will be selected.
Path Cost
Path cost is an accumulated value of the port costs from the Root Bridge to other switches in the network. It is always
calculated from the Root Bridge. Default path cost at the Root Bridge is 0. BPDU contains the path cost information.
When the Root Bridge advertises BPDU out from its interfaces, it sets the path cost to 0. The switch which receives this
BPDU increments the path cost by adding the port cost value of the port on which the BPDU arrived. For example, if the
switch receives the BPDU on the Gigabit interface then the accumulated path cost will be 4.
0 (Value which it received from the Root Bridge) + 4 (Port cost value of the interface on which it received the BPDU) = 4
Now, this switch sets the accumulated path cost (4) in the BPDU and forwards it. The next switch which is connected with
this switch follows the same rule. For example, if the next switch receives this BPDU on the Fast Ethernet port, for that
switch, the accumulated path cost will be 23.
4 (Value which is received) + 19 (Port cost value of the incoming port) = 23.
Root Port
The Root port is the port that directly connects to the Root Bridge, or has the shortest path to the Root Bridge. The shortest
path is the path that has the lowest path cost value. Remember that, a switch can go through many other switches to get the
root bridge. So it’s not always the shortest path but it is the fastest path.
Designated Ports
A designated port is the port that has the lowest port cost value to get on a given network, compared to other ports on that
segment. STP marks the designated ports as the forwarding ports. Forwarding ports are used to forward the frames.
Non-Designated Ports
A non-designated port is a port that has the higher port cost than the designated port. STP marks the non-designated port as
the blocking port. Blocking ports are used to remove loops.
STP port states
All ports on a STP running switch, go through the four different states; blocking, listening, learning, and forwarding.
Through these states, the switch not only understands the network topology but also calculates the path cost value and
based on that value elects the designated and non-designated ports. After these states, the switch is considered as the STP
convergent switch. Let’s understand each state in detail.
STP Blocking state
When we power on a switch, the switch puts all of its ports in this state. In this state, the switch only listens and processes
the BPDUs. Except the BPDUs, it drops all other frames. From the incoming BPDUs, it learns the network topology and
determines the ports which will work as the root ports, as the designated ports, and as the blocked ports.
All ports remain in this state for twenty seconds. After twenty seconds, only the root port and designated ports move into

logixfirm
the next state. Remaining ports stay in this state.

STP Listening state
In this state, ports still listen and process only BPDUs. All other frames except BPDUs are dropped. The switch double
checks the layer 2 topology to make sure that no loops occur in the network before processing the data frames. Ports
remain in this state for fifteen seconds.
STP Learning state
Only the root port and designated ports enter into the learning state from the listening state. In this state, ports still listen
and process BPDUs. However, in this state, ports start processing user frames. Switch examines the source address of user
frames and updates its CAM table but it does not forward any user frame to the destination port. Ports stay in this state for
fifteen seconds.
STP Forwarding state
In this state, the switch listens and processes both BPDUs and user frames. It uses BPDUs to monitor the network
topology. By reading the source address field of users’ frames it also builds and updates CAM table entries. This state is
also referred as the convergence.
Convergence refers to a situation in which all ports of a switch have transitioned to either forwarding or blocking mode.
During the STP converging, the switch does not forward any user frame. Usually, convergence takes place in fifty
seconds (20 seconds of the blocking state + 15 seconds of the listing state + 15 seconds of the learning state).
STP Disable state
This state applies to all ports which are either manually shut down or removed from the STP by an administrator. All
unplugged ports also remain in this state. Any port which belongs to this state does not participate in the STP operation.
STP operation in nutshell

• All switches of the STP domain, first elect a root bridge. The root bridge acts as a point of reference for all other switches
in the network. All ports of the root bridge remain in the forwarding mode.
• Once the root bridge is elected, all remaining switches select a single port that has the shortest path cost to reach the root
bridge and marked it as the root port.
• After selecting the root port, switches determine a single designated port for each connection.
• If multiple ports are connected with the same switch or LAN segment, the switch select only one port that has the lowest
path cost and marks it as the designated port.
• Once the root port and designated ports are selected, the switch blocks all remaining ports to remove any possible or
existing loop from the network.
The following image shows how the STP changes a physically looped topology into a virtually looped free topology.

logixfirm
The show spanning-tree command

To view the information about the STP operation, you can use the show spanning-tree command from the privileged-exec
mode. The output of this command can be divided into three subsets. The first set contains information about the Root
Bridge. The second set contains information about the switch itself. The third set lists the status of active interfaces that are
participating in the STP operation.
The following image shows a sample output of this command from both the root bridge switch and a member switch.

logixfirm
• On the Root Bridge, the first and second subset display the same information.
• On the Non-Root Bridge, the first subset shows information about the Root Bridge while the second subset displays
information about the switch itself.
• The bridge priority value is the sum of the default priority value and the VLAN ID.
STP variations
There are two different implementations of the STP protocol, DEC and 802.1d. Both implementations are not compatible
with each other. When you purchase a new switch for the network, make sure it supports the same variation of the STP
which your existing switches are using. Never mix the devices which are running 802.1d’s STP with the devices which are

logixfirm
running DEC’s STP, otherwise, you might run into the layer 2 looping problems. All of Cisco’s switches use 802.1d’s STP
LAN switch types
Ethernet Switches
We’ll start broad first—after all, every super hero should understand the big picture of his or her mission.
Ethernet switches, also known as LAN (local area network) switches, are an integral part of any computer
network. They can be broadly categorized into two main categories: Modular and Fixed switches.
Modular Switches
If you’re looking for expansion capabilities, modular is where it’s at. Modular switches make it possible for you
to add expansion modules as needed into the switches. These types of switches provide the best flexibility, but
come with a price because they are more complex than their fixed switch cousins. While you may have more
limited flexibility, if you’re looking for a lower entry cost, fixed switches may be a better place to start.
Fixed Switches
As their name implies, these switches typically aren’t expandable and they have a fixed number of ports. This
category can be broken down even further into unmanaged, lightly managed, and fully managed. When it
comes to network switches, the details matter.
Think of the Ninja Turtles’ Battle Shell—if Donatello hadn’t paid attention to what the turtles needed to upgrade
their ride, they’d still be stuck with their sad Turtle Van. In the same way, you don’t want to end up with the
wrong switch and delay taking your network to the next level.
Unmanaged Switches
These switches are most commonly used in home networks and small businesses. So, if you have a large
organization this won’t be the option for you. These switches can’t be modified or managed.
They plug in and instantly start doing their job—hence the reason why they can be best for home users
who don’t have the need or time for all the bells and whistles.
Partially Managed (Smart Switches)
This is a category of switches that changes at the fastest pace. As with anything in the technology world,
it doesn’t stay static for long. They straddle the middle ground because they offer basic management
features with the ability to create some levels of security, but their management interface is more
simplified than what managed switches offer.
They do offer the capability to set up options like Quality of Service (QoS) and VLANs. These can be
helpful if your organization has VoIP phones, or if you want to segment your network into work groups.
Bonus! These switches are also cheaper than their managed counterparts.
Managed Switches
If you’re looking for the switch that has it all—the highest levels of security, precision control and full
management of your network—this is the switch for you. Think of it as the Avengers’ Quinjet, which can
travel anywhere (outer space included), store useful tools for the team, and even includes an on-board
medical bay.
Managed switches are the most costly option of them all, but if your organization has a large network it
could be the best option for you. The scalability of these switches also makes them ideal if you know your
organization’s network will be growing.

logixfirm
Working with layer-2 switches,
To explain how does a switch work, let me make an introduction to the subject by explaining background of TCP/IP stack layers,
frame and the purpose of switch. This will help you to understand the exact operation of switch which is the main agenda here.
To allow communication between billions of computer devices, intermediate network devices are needed. As we know from
the How does Router work post, routers, like crossroads and road signs, properly direct packets from the source to the
destination. They look into the IP packet header searching for the destination IP address (Source and destination IP are included
in the packet header) and based on local routing table, route the packet to the next hop towards the destination. So routers
operate at Layer 3 (IP Packet is network layer – Layer 3 communication structure).
Ethernet Switch operates at Layer 2 (Data Link Layer)

Contrary to routers, Ethernet switches don’t understand IP packets but frames. As an IP packet has info for router, a frame has
info for switch. What is the purpose of a frame? We have nowadays two most common types of network access:
• Wireless medium – WiFi
• Wired Ethernet medium – we often call it Cable/Wired or simply Ethernet
Frame is a portion of information that allows for packet to traverse particular medium from one device interface to another.
Ethernet, as an example, describes many technical parameters of how devices can access the network, how cable connectors
should look, what speeds the transmission can achieve and finally how the bits and addressing are organized. So layer 2 is strictly
connected with type of medium or interface of device. Take a look at the TCP/IP communication model to localize the Layer 2

logixfirm
(Data Link Layer). The Layer 2 is where the switch operates (marked in red).
Ethernet Frame
Every IP device produces packets and they are forwarded across the network regardless of network access type. Every access
type uses its own structure to forward the data in its environment. Ethernet uses structure called Ethernet Frame. Frame
“surrounds” the packet as shown in below picture.
To transport IP packet through the Ethernet environment, Ethernet facing device adds extra bits to the front and back of the IP
packet making the frame. This bit-adding proccess is called encapsulation. The frame header contains inter alia source and
destination MAC addresses. The source MAC address is the physical address of the sending device, the destination MAC
address is the Ethernet (physical interface) address of destination device within the same Ethernet segment. Remember that the
frame is specific for ethernet segment that is why frame doesn’t last traversing many mediums and many separate ethernet
segments.
Purpose no. 2 of switch : designed for port density

You can ask: If there is computer to computer direct Ethernet connection why I need the ethernet switch? Right, but what if you
need to connect third device to the group of devices (ethernet segment)? Then you need a communication device with a particular
logic. And this is what switch is intended for.

logixfirm
Now, we need to have some devices that allow us to connect high amount of users and wired devices together. This is something
that routers are not intended for. Because routers in most situations have limited number of ports, operate with more advanced
features and they are more expensive. Let’s imagine that we need to connect small home network (4 laptops) with router to
Internet Provider ! Not possible, not enough ports!
Switch is the required medium for such requirement. Switches are considered the best network devices to wire connect high
number of ethernet devices.
So how does the switch work?

If we have computers connected to our switch we can concentrate on how does switch really work. Every device has hardcoded
physical address called MAC Address. Again, if computer sends the IP packet to another device, it encapsulates the packet with
frame using destination MAC address of device B and own MAC address as source and then sends it out. When frame arrives at
device B, it is stripped and IP packet is received but before it gets there it traverses the ethernet switch/es.

logixfirm
Switching process
When a frame arrives to a switch, the switch needs to direct the frame out through the right port, this redirection is called
switching. When a frame enters into the switchport, the switch checks the dynamic table in memory which stores Physical Port
and MAC address pairs. Switch then knows which port to use to forward the frame.
Remember: switch does not look into the IP packet and forwards frame as is based on destination MAC address.
How does the switch build the table? Switch learns the mac and port pairs in the process called MAC learning: When a frame
first arrives at the switchport, the switch checks the source MAC address within the frame and stores it next to the port number on
which it was received.
This process builds the table known as CAM (Content Addressable Memory) or TCAM (Ternary Content Addressable Memory).
And what about destination MAC addresses that are not known to the switch yet?

logixfirm
In our picture device B MAC is not known to the switch yet. If a frame directed to this device B MAC arrives on the switch port,
switch consults the TCAM table and if it does not find the MAC address- it multiplicates the frame sending it out to all the ports
except the one it was received on. All the devices that the frame was not intended for drop the frame and only device B will
interpret this frame correctly.
After device B will send back the frame to device A, switch will learn the device B MAC and will store it in the table and will
forward the frame directly to device A without having to multiply because it has the MAC and port already (1 A).
Switches and broadcast traffic

Switches treat broadcast traffic specifically. Frames with destination MAC address of all “ones” or FF:FF:FF:FF:FF:FF in
hexadecimal notation are sent unconditionally out on all ports except the one it was received on. On one hand the broadcast
traffic is very important for Ethernet operations like Address Resolution Protocol (ARP), on the other hand broadcast could be the
cause of serious network issues like broadcast storms or unwanted traffic handling or resource overutilization. That is why proper
traffic segmentation in layer 2 is very important for network security as well as reliability.
Switch and Router on the path

Having knowledge of how does switch work and how does router work, you should be able to clearly describe what is going on
with an IP packet flowing across the network. IP packet sent across the network from computer A to computer B very likely has to
pass several network segments. Some connected with Ethernet and some with WiFi. Every network segment will use different
medium access method so different frame but packet stays the same.
• Device A sending IP packet encapsulates it with Ethernet frame
• Switch switches the frame to the next device which is router, preserving the frame
• Router looks into IP header stripping (decapsulating) the frame
• After choosing right interface to route the packet encapsulates it with WiFi frame
• Wifi frame comes to device B, device decapsulates frame and interprets the IP packet

logixfirm
Wireless LAN:-
Introduction
A wireless local area network (WLAN) is a local area network (LAN) that doesn't rely on
wired Ethernet connections. A WLAN can be either an extension to a current wired network or an alternative to
it.
WLANs have data transfer speeds ranging from 1 to 54Mbps, with some manufacturers offering proprietary
108Mbps solutions. The 802.11n standard can reach 300 to 600Mbps.
Because the wireless signal is broadcast so everybody nearby can share it, several security precautions are
necessary to ensure only authorized users can access your WLAN.
A WLAN signal can be broadcast to cover an area ranging in size from a small office to a large campus. Most
commonly, a WLAN access point provides access within a radius of 65 to 300 feet.
WLAN types
Private home or small business WLAN

Commonly, a home or business WLAN employs one or two access points to broadcast a signal around a 100-
to 200-foot radius. You can find equipment for installing a home WLAN in many retail stores.
With few exceptions, hardware in this category subscribes to the 802.11a, b, or g standards (also known as Wi-
Fi); some home and office WLANs now adhere to the new 802.11n standard. Also, because of security
concerns, many home and office WLANs adhere to the Wi-Fi Protected Access 2 (WPA2) standard.
Enterprise class WLAN

An enterprise class WLAN employs a large number of individual access points to broadcast the signal to a wide
area. The access points have more features than home or small office WLAN equipment, such as better
security, authentication, remote management, and tools to help integrate with existing networks. These access
points have a larger coverage area than home or small office equipment, and are designed to work together to
cover a much larger area. This equipment can adhere to the 802.11a, b, g, or n standard, or to security-refining
standards, such as 802.1x and WPA2.

logixfirm
WLAN standards
Several standards for WLAN hardware exist:
WLAN
standard Pros Cons
• Faster data transfer rates (up to • Short range (60-100 feet)

54Mbps)
• Less able to penetrate physical barriers
802.11a • Supports more simultaneous
connections
• Less susceptible to interference
• Better at penetrating physical barriers • Slower data transfer rates (up to 11Mbps)
• Longest range (70-150 feet) • Doesn't support as many simultaneous

802.11b connections
• Hardware is usually less expensive
• More susceptible to interference
• Faster data transfer rates (up to • More susceptible to interference

54Mbps)
802.11g
• Better range than 802.11b (65-120
feet)
The 802.11n standard was recently ratified by the Institute of Electrical and Electronics
802.11n Engineers (IEEE), as compared to the previous three standards. Though specifications may
change, it is expected to allow data transfer rates up to 600Mbps, and may offer larger ranges.
Security standards
The 802.11x standards provide some basic security, but are becoming less adequate as use of wireless
networking spreads. Following are security standards that extend or replace the basic standard:
WEP (Wired Equivalent Privacy)

WEP encrypts data traffic between the wireless access point and the client computer, but doesn't actually
secure either end of the transmission. WEP's encryption level is relatively weak (only 40 to 128 bits). Many
analysts consider WEP security to be weak and easy to crack.
WPA (Wi-Fi Protected Access)

WPA implements higher security and addresses the flaws in WEP, but is intended to be only an intermediate
measure until further 802.11i security measures are developed.

logixfirm
802.1x
This standard is part of a full WPA security standard. WPA consists of a pair of smaller standards that address
different aspects of security:
• TKIP (Temporal Key Integrity Protocol encryption), which encrypts the wireless signal
• 802.1x, which handles the authentication of users to the network
Commonly, wireless systems have you log into individual wireless access points or let you access the wireless
network, but then keep you from accessing network data until you provide further authentication (e.g., VPN).
802.1x makes you authenticate to the wireless network itself, not an individual access point, and not to some
other level, such as VPN. This boosts security, because unauthorized traffic can be denied right at the wireless
access point.
WPA2/802.11i
The Wi-Fi Alliances coined the term "WPA2" for easy use by manufacturers, technicians, and end users.
However, the IEEE name of the standard itself is 802.11i. The encryption level is so high that it requires
dedicated chips on the hardware to handle it.
In practical use, WPA2 devices have interoperability with WPA devices. When not interfacing with older WPA
hardware, WPA2 devices will run strictly by the 802.11i specifications.
WPA2 consists of a pair of smaller standards that address different aspects of security:
• WPA2-Personal, which uses a pre-shared key (similar to a single password available to groups of
users, instead of a single individual); the pre-shared key is stored on the access point and the end
user's computer
• WPA2-Enterprise, which authenticates users against a centralized authentication service
IU Secure, the new IU wireless network for students, faculty, and staff, uses WPA2 Enterprise for
authentication.

logixfirm
UNIT- III
Internet layer Protocol:-
Internet Layer
The Internet layer, also known as the network layer or IP layer, accepts and delivers packets
for the network. This layer includes the powerful Internet Protocol (IP), the Address Resolution
Protocol (ARP), and the Internet Control Message Protocol (ICMP).
IP Protocol
The IP protocol and its associated routing protocols are possibly the most significant of the
entire TCP/IP suite. IP is responsible for the following:
• IP addressing – The IP addressing conventions are part of the IP protocol. Designing an

IPv4 Addressing Scheme introduces IPv4 addressing and IPv6 Addressing
Overview introduces IPv6 addressing.
• Host-to-host communications – IP determines the path a packet must take, based on the
receiving system's IP address.
• Packet formatting – IP assembles packets into units that are known as datagrams.
Datagrams are fully described in Internet Layer: Where Packets Are Prepared for
Delivery.
• Fragmentation – If a packet is too large for transmission over the network media, IP on
the sending system breaks the packet into smaller fragments. IP on the receiving system
then reconstructs the fragments into the original packet.
Oracle Solaris supports both IPv4 and IPv6 addressing formats, which are described in this
book. To avoid confusion when addressing the Internet Protocol, one of the following
conventions is used:
• When the term “IP” is used in a description, the description applies to both IPv4 and
IPv6.
• When the term “IPv4” is used in a description, the description applies only to IPv4.
• When the term “IPv6” is used in a description, the description applies only to IPv6.
ARP Protocol
The Address Resolution Protocol (ARP) conceptually exists between the data-link and Internet
layers. ARP assists IP in directing datagrams to the appropriate receiving system by mapping
Ethernet addresses (48 bits long) to known IP addresses (32 bits long).
ICMP Protocol
The Internet Control Message Protocol (ICMP) detects and reports network error conditions.
ICMP reports on the following:
• Dropped packets – Packets that arrive too fast to be processed

• Connectivity failure – A destination system cannot be reached
• Redirection – Redirecting a sending system to use another router

logixfirm
RARP(Reverse Address Resolution Protocol)

What happens if your own computer does not know its IP address, because it has no storage capacity, for example? In these
cases, the Reverse Address Resolution Protocol (RARP) can help. The RARP is the counterpart to the ARP – the Address
Resolution Protocol.
The Reverse ARP is now considered obsolete, and outdated. Newer protocols such as the Bootstrap Protocol (BOOTP) and
the Dynamic Host Configuration Protocol (DHCP) have replaced the RARP. However, it is useful to be familiar with the older
technology as well. For instance, you can still find some applications which work with RARP today. It also helps to be familiar with
the older technology in order to better understand the technology which was built on it.
What is the RARP?
The RARP is a protocol which was published in 1984 and was included in the TCP/IP protocol stack. The RARP is on the
Network Access Layer (i.e. the lowest layer of the TCP/IP protocol stack) and is thus a protocol used to send data between two
points in a network. Each network participant has two unique addresses more or less: a logical address (the IP address) and a
physical address (the MAC address). While the IP address is assigned by software, the MAC address is built into the hardware.
You have already been assigned a Media Access Control address (MAC address) by the manufacturer of your network card.
It is possible to not know your own IP address. This may happen if, for example, the device could not save the IP address
because there was insufficient memory available. In such cases, the Reverse ARP is used. This protocol can use the known
MAC address to retrieve its IP address. Therefore, its function is the complete opposite of the ARP. The ARP uses the known IP
address to determine the MAC address of the hardware.
How does the RARP work?
Who knows the IP address of a network participant if they do not know it themselves? A special RARP server does. This server,
which responds to RARP requests, can also be a normal computer in the network. However, it must have stored all MAC
addresses with their assigned IP addresses. If a network participant sends an RARP request to the network, only these special
servers can respond to it.
Since the requesting participant does not know their IP address, the data packet (i.e. the request) must be sent on the lowest
layers of the network as a broadcast. This means that the packet is sent to all participants at the same time. However, only the
RARP server will respond. If there are several of these servers, the requesting participant will only use the response that is first
received. The request-response format has a similar structure to that of the ARP.

logixfirm
In a standard IPv4 Ethernet network, the RARP messages are 28 bytes long.
The following information can be found in their respective fields:
• Hardware Address Space: These two bytes contain the type of hardware address.
• Protocol Address Space: This field, which is 2 bytes long, specifies the type of network protocol.
• Hardware Address Length: This is 8 bits and defines the length n of the hardware address.
• Protocol Address Length: This field defines the length m of the network address.
• Opcode: This field is two bytes long and defines the type of operation. An RARP request has the value 3 and the
corresponding response the value 4.
• Source Hardware Address: This is where the MAC address of the sender is stored. The actual length of this field
is n and is defined by the information under Hardware Address Length. A standard Ethernet network consists of 6 bytes.
• Source Protocol Address: This field would normally contain the IP address of the sender, but since the IP address is
not known during a request, the field remains undefined. The response, however, will contain the IP address of the
server. The length of this field is m and is dependent on the Protocol Address Length. Normally, though, the field is the
same length as an IPv4 address (i.e. 4 bytes).
• Target Hardware Address: This field contains the target’s MAC address. Since there is no specific target for an RARP
request, this field also contains the sender’s address. The server also includes the address of the requesting client in the
response. The length of this field is also n and is specifically 6 bytes long for Ethernet networks.
• Target Protocol Address: This last field remains undefined during a request and contains in the response the
information requested by the server: the participant’s IP address. The length of this field is also m, which is usually
defined as 4 bytes.
There are important differences between the ARP and RARP. First and foremost, of course, the two protocols obviously differ in
terms of their specifications. While the MAC address is known in an RARP request and is requesting the IP address, an ARP

logixfirm
request is the exact opposite. The IP address is known, and the MAC address is being requested. The two protocols are also
different in terms of the content of their operation fields: The ARP uses the value 1 for requests and 2 for responses. The
RARP on the other hand uses 3 and 4. This means that a server can recognize whether it is an ARP or RARP from the operation
code.
Issues with the Reverse ARP
The Reverse Address Resolution Protocol has some disadvantages which eventually led to it being replaced by newer ones. To
be able to use the protocol successfully, the RARP server has to be located in the same physical network. The computer sends
the RARP request on the lowest layer of the network. As a result, it is not possible for a router to forward the packet. In addition,
the RARP cannot handle subnetting because no subnet masks are sent. If the network has been divided into multiple subnets, an
RARP server must be available in each one.
In addition, the network participant only receives their own IP address through the request. As previously mentioned, a subnet
mask is not included and information about the gateway cannot be retrieved via Reverse ARP. Therefore, it is not possible to
configure the computer in a modern network. These drawbacks led to the development of BOOTP and DHCP.
ARP(Address Resolution Protocol)
Address Resolution Protocol (ARP) is one of the major protocol in the TCP/IP suit and the purpose of Address
Resolution Protocol (ARP) is to resolve an IPv4 address (32 bit Logical Address) to the physical address (48 bit
MAC Address). Network Applications at the Application Layer use IPv4 Address to communicate with another
device. But at the Datalink layer, the addressing is MAC address (48 bit Physical Address), and this address is
burned into the network card permanently. You can view your network card’s hardware address by typing the
command "ipconfig /all" at the command prompt (Without double quotes using Windows Operating Systems).
The purpose of Address Resolution Protocol (ARP) is to find out the MAC address of a device in your Local Area
Network (LAN), for the corresponding IPv4 address, which network application is trying to communicate.
Address Resolution Protocol (ARP) Message Format

logixfirm
Address Resolution Protocol (ARP) Message Format
Following are the fields in the Address Resolution Protocol (ARP) Message Format.
Hardware Type: Hardware Type field in the Address Resolution Protocol (ARP) Message specifies the type of
hardware used for the local network transmitting the Address Resolution Protocol (ARP) message. Ethernet is the
common Hardware Type and he value for Ethernet is 1. The size of this field is 2 bytes.
Protocol Type: Each protocol is assigned a number used in this field. IPv4 is 2048 (0x0800 in Hexa).
Hardware Address Length: Hardware Address Length in the Address Resolution Protocol (ARP) Message is
length in bytes of a hardware (MAC) address. Ethernet MAC addresses are 6 bytes long.
Protocol Address Length: Length in bytes of a logical address (IPv4 Address). IPv4 addresses are 4 bytes long.
Opcode: Opcode field in the Address Resolution Protocol (ARP) Message specifies the nature of the ARP message.
1 for ARP request and 2 for ARP reply.
Sender Hardware Address: Layer 2 (MAC Address) address of the device sending the message.
Sender Protocol Address: The protocol address (IPv4 address) of the device sending the message
Target Hardware Address: Layer 2 (MAC Address) of the intended receiver. This field is ignored in requests.
Target Protocol Address: The protocol address (IPv4 Address) of the intended receiver.
Working of Address Resolution Protocol (ARP)
Step 1: When a source device want to communicate with another device, source device checks its Address
Resolution Protocol (ARP) cache to find it already has a resolved MAC Address of the destination device. If it is
there, it will use that MAC Address for communication. To view your Local Address Resolution Protocol (ARP)
cache, Open Command Prompt and type command "arp -a" (Without double quotes using Windows Operating
Systems).
Step 2: If ARP resolution is not there in local cache, the source machine will generate an Address Resolution
Protocol (ARP) request message, it puts its own data link layer address as the Sender Hardware Address and its
own IPv4 Address as the Sender Protocol Address. It fills the destination IPv4 Address as the Target Protocol
Address. The Target Hardware Address will be left blank, since the machine is trying to find that.
Step 3: The source broadcast the Address Resolution Protocol (ARP) request message to the local network.
Step 4: The message is received by each device on the LAN since it is a broadcast. Each device compare the Target
Protocol Address (IPv4 Address of the machine to which the source is trying to communicate) with its own Protocol
Address (IPv4 Address). Those who do not match will drop the packet without any action.
Step 5: When the targeted device checks the Target Protocol Address, it will find a match and will generate an
Address Resolution Protocol (ARP) reply message. It takes the Sender Hardware Address and the Sender Protocol
Address fields from the Address Resolution Protocol (ARP) request message and uses these values for the Targeted
Hardware Address and Targeted Protocol Address of the reply message.

logixfirm
Step 6: The destination device will update its Address Resolution Protocol (ARP) cache, since it need to contact the
sender machine soon.
Step 7: Destination device send the Address Resolution Protocol (ARP) reply message and it will NOT be
a broadcast, but a unicast.
Step 8: The source machine will process the Address Resolution Protocol (ARP) reply from destination, it store the
Sender Hardware Address as the layer 2 address of the destination.
Step 9: The source machine will update its Address Resolution Protocol (ARP) cache with the Sender Hardware
Address and Sender Protocol Address it received from the Address Resolution Protocol (ARP) reply message.
Address Resolution Protocol Explained with an example
Let us take an example of below topology.
I am sitting at 192.168.0.84. I want to ping to 192.168.0.122, to check the network connectivity. While issuing ping
command, we never specify the MAC Address of the destination device (192.168.0.122).

logixfirm
We know that ping command works using ICMP. ICMP is encapsulated inside IP datagram and IP datagram is
encapsulated within Ethernet Frame. We need Source IP Address (my IP Address, 192.168.0.84), Destination IP
Address (192.168.0.122), Source MAC Address (my MAC Address 08:00:27:58:58:98) and Destination MAC
Address to make the Ethernet Frame for ICMP message. Source IP Address, Destination IP Address, Source MAC
Address are known at this instance, but the Destination MAC Address unknown at this instance.
To assemble the Ethernet Frame, my device must have the Destination MAC Address corresponding to the IP
Address 192.168.0.122.
We need to resolve the Destination MAC Address corresponding to the IP Address 192.168.0.122.
Step 1: Before resolving the Destination MAC Address corresponding to the IP Address 192.168.0.122, using
Address Resolution Protocol (ARP), source device checks its Address Resolution Protocol (ARP) cache to find it
already has a resolved MAC Address of the destination device. We can view the ARP cache by using the command
arp -a
The ARP cache in my computer is empty. There are no entries in my ARP cache.

logixfirm
Step 2: Now my computer need to resolve the destination MAC address using ARP. My computer will prepare an
ARP Request message and send it with a Destination MAC Address as FF:FF:FF:FF:FF:FF (Broadcast MAC
Address) to LAN Switch.
Step 3: Since the Destination MAC Address is FF:FF:FF:FF:FF:FF (Broadcast MAC Address), the LAN Switch will flood it to all the
connected ports and every device in the LAN will get a copy of it.

logixfirm
Following screen shot shows the Wireshark capture window of ARP Request message. You must compare the below screen shot with ARP
message format image at the beginning of this lesson. We can see from the below screen shot that the Destination MAC Address is
FF:FF:FF:FF:FF:FF (Broadcast MAC Address), ARP opcode is 1 (for ARP Request), and the Target MAC Address is 00:00:00:00:00:00,
which is unknown at this instance.
We can also see from the below screen shot that the Source IP Address is 192.168.0.84, Destination IP Address is 192.168.0.122, Source MAC
Address 08:00:27:58:58:98 and Destination MAC Address is 00:00:00:00:00:00.
Step 4: The ARP Request message is received by each device on the LAN since it is a broadcast. Each device compare the Target Protocol
Address (192.168.0.122), with its own IP Address. Those who do not match will drop the packet without any action.
Step 5: When the computer with the IP Address 192.168.0.122 receives the ARP Request, it must prepare an ARP Reply and send back to the
computer who sent the ARP Request. ARP Reply will be a unicast, to save Network Resources.

logixfirm
Note that the ARP Reply has the Opcodef filled as 2, which is used to identify it as a ARP Reply.
The "Sender MAC Address" field (which is marked below) in ARP Reply is the answer for ARP Request.

logixfirm
Now both the computers can update their ARP cache, so that the MAC Address to IP Address mappings can be used for a future
communication. However, after a small period of time, ARP cache is flushed to avoid incorrect mappings (IP Address of any device can
change at any time)
The ARP cache filled with a MAC address to IP Address mapping is shown below.
You have learned Address Resolution Protocol (ARP), Address Resolution Protocol (ARP) Message Format and how Address Resolution
Protocol (ARP) operate in a LAN.

logixfirm
ICMP:-
What is ICMP?
ICMP (Internet Control Message Protocol) is a protocol that network devices (e.g. routers) use to generate
error messages when network issues are preventing IP packets from getting through.
The Internet Control Message Protocol is one of the fundamental systems that make the internet work.
Although you may not have heard of ICMP, you probably have heard of one of its features: Ping. In this
guide you will learn more about this essential protocol.
The history of ICMP
ICMP is part of the TCP/IP protocol stack. It is stationed at the Internet Layer and it is an error message
standard that supports the core Internet Protocol. The original definition of ICMP was written by Jon
Postel, one of the founders of the internet. The first standard was published in April 1981 in RFC 777. This
has since been updated several times. The stable definition of the protocol is contained in RFC 792, which
was also written by Postel and was published by the Internet Engineering Taskforce in September 1981.
The purpose of ICMP
Although the lower level Internet Layer is not supposed to be concerned with connection assurance, ICMP
gives a little bit of feedback on communications when things go wrong. So, even if you use UDP,
which has a connectionless communications model, it is still possible to find out why a transmission failed.
All network-connected devices can process ICMP messages, so that includes routers as well as endpoint
devices. ICMP has been adapted so it can work with IPv6 just as thoroughly as it has served IPv4.
As this protocol resides at the Internet Layer, its messages are carried by IP packets and so exist at a
higher level than the operating structures of switches. Although the ICMP is carried within the IP packet, it
does not exist inside data-carrying packets. An ICMP packet is only generated in response to an incoming
data packet when the transmission of that inbound message fails. The error conditions that provoke an
ICMP packet are often the result of data contained in the IP header of the failed packet.
ICMP packet structure
When a router ricochet’s back an ICMP packet to report an error, it recreates all of the fields in the original
IP header of the packet that it is reporting on. So, an error collection program on the original sending
computer could analyze the header and work out exactly which of the IP packets that it sent out failed.
After the IP header, comes the three field ICMP header. These contain a code that categories the error, a
sub-code field, which refines the error code description, and then a checksum. After the ICMP field come
the first eight bytes of the payload, which are actually the Transport Layer header (TCP or UDP).

logixfirm
ICMP message codes
The first code field in the ICMP block contains some very useful information. The code is numeric and
here are some of the more interesting values that the field can have:
0 : echo reply – used for ping
3 : destination unreachable
4 : source quench – the router is overloaded
5 : redirect – use a different router
8 : echo request – used for ping
9 : router advertisement reply
10 : router solicitation
11 : time exceeded – used for traceroute
Time to Live
One of the IP header fields that is best-known for provoking an ICMP-generating error is the Time to
Live field (TTL). This field contains a number, which expresses the maximum number of routers that
the packet can pass through. This number is decreased by one, by each router that processes the
packet. If a router receives a packet with a TTL of zero, it drops that packet and sends an ICMP
message back to the originator of that failed transmission.
In the case of TTL exhaustion, the reason for a packet failing to reach its destination has nothing to do with
router problems or malformed data in the packet header. The TTL is a construct that was created to prevent
rogue packets clogging up the internet when router table errors resulted in circular paths. However, a
byproduct of this field is a very useful network administration tool: Traceroute.
See also: SolarWinds Traceroute Tools Review
Traceroute with ICMP
Traceroute is a well-known net admin tool that shows the typical path from the launching computer
through to a given destination IP address. The utility sends out a series of empty IP packets. The important
feature of each of these transmissions is the TTL value in the IP header.
The Traceroute program starts off sending a packet out with a TTL of 0. This will be dropped by the first
router that receives it, which is usually the network gateway. That router sends back an ICMP packet. The
only pieces of information that Traceroute wants from that response are the time it takes to come back
and the source address of the packet. That tells Traceroute the address of the first router on the path to

logixfirm
the destination. The program then sends out a packet with a TTL of 1. This gets through the gateway,
which decreases the TTL by 1. The router that gets the packet next sees that the TTL is zero, drops the
packet, and sends back an ICMP packet. Thus, the second router in the path is revealed and Traceroute
notes the time it took for that response to arrive. By increasing the TTL by 1 with each
transmission, Traceroute eventually builds up a map of all the links across the internet to the given
address.
Traceroute problems
Traceroute is a very simple tool that takes advantage of a pre-existing administrative function and
makes an efficient and informative utility out of it. There are a couple of weak points with Traceroute.
A network administrator will probably use the utility in order to see why a recent connection went so badly
– either slowly, or failed. However, Traceroute can’t tell you what happened in the past. It can only
give you feedback on the progress of the current route.
Routers each make their own decision over which of their neighbors offers the shortest path to the
destination IP address on a packet. However, that decision might not always be exactly the same every
time. If a router gets congested or switched off, the neighboring routers soon find out about the problem
and adjust their routing tables to work around the problem. That altered routing information gets
rippled out to all of the routers on the internet, but the problem may be fixed before all of the routers
find out about it. Then the re-adjusted route gets proliferated around the world.
An option with the command, “-j” allows you to specify the addresses of the routers that you would like
Traceroute to follow as a path. However, in order to use this facility, you would have to already know the
path that a faulty transmission took and you can only derive that information with a Traceroute
execution of exactly the same path.
So, if you experience a slow connection, the Traceroute command that you subsequently issue might
not reveal what happened because by that time. The problem that caused the delay may have been fixed
and your Traceroute path may not be the same path that the slow connection used.
Another problem with Traceroute is that it gives an interesting display on the path that your transmission
will probably take to a given destination. However, it doesn’t give you any tools to do anything with the
information that you receive. It isn’t possible to specify a path, and so if you see that one of the routers
on the internet gives a slow response time, all you can do with that is know which router is slowing your
connections. As that router doesn’t belong to your company and you can’t speed it up, you have acquired
knowledge through Traceroute but can’t act on it.
See also: Best tools for Traceroute

logixfirm
ICMP Ping
Ping uses two ICMP codes: 8 (echo request) and 0 (echo reply). When you issue the Ping command at the
prompt, the Ping program sends out an ICMP packet containing the code 8 in the Type field. The reply will
have a Type of 0. The program times the gap between sending the echo request packet and the arrival of
the reply. So, you can get the “round trip time” of a packet to the given destination and back.
The echo request packet is unusual in that it is the only ICMP packet that is sent out without being
provoked by an error. So, Ping doesn’t have to emulate an error condition in order to get an ICMP message
back. Ping has two options that allow you to specify a list of addresses for the path that the transmission
should take. These are “-j“, which suggests a route and “-k“, which dictates the route.
ICMP Ping port
You may wonder which port Ping uses. The answer is: none. If a utility allows you to “ping” a port, it is
not literally the Ping command. Instead, that utility uses a TCP or UDP packet to test a port. In truth, this
type of function is referred to as a ” port scanner” or “port checker.”
Ping can’t use ports because it is a protocol that exists at a lower level than the Transport Layer, where
ports are a major feature.
The closest method to an ICMP Ping port report that is available is to send a UDP packet to a specific
port. If that port is not active, the transmission will provoke an ICMP message from the host of type 3
(destination unreachable) subtype 3 (destination port unreachable). So, although it is possible to
provoke an ICMP message about a port, it is not possible to use the Ping mechanism to send an ICMP
packet to that port in the first place as an echo request. If you tack a port number onto the IP address in a
Ping command (i.e. ping <IP address>:<port number>) the command will not launch but will return a
syntax error instead.
Pathping
Pathping is a utility that is built into the Windows operating system and it is available in all versions
since Windows NT. This program is a combination of Ping and Traceroute, so it exploits three ICMP
message types. These are the echo request and echo reply message type (8 and 0) and the time exceeded
message type (11).
As with both Traceroute and Ping, it is possible to give a list of addresses for a suggested path as a
parameter to the command and the utility will try to send a packet to the destination via those addresses.
Pathping produces a formatted results report that shows the route and the round trip times to each router.
It will send repeated ping requests to each router in the path rather than just repeatedly contacting the
destination. That is what Ping does, or just logging each router in the path once, which is what Traceroute

logixfirm
does.
Pathping is not as resilient as Ping or Traceroute. Although every device on the internet is capable of
sending ICMP messages, not every device has its ICMP functions activated. Some router and server
owners intentionally turn off ICMP functions as a protection against hacker attack.
If an intermediate router will not use ICMP, Ping still gets through that router to test the destination. If
Traceroute encounters a router that will not send out ICMP packets, it simply progresses to the next router,
presenting a line of asterisks for the uncommunicative router. In the same situation, Pathping ends its
enquiries at the router that has ICMP disabled.
Smurf attack
The main reason that some equipment owners turn the ICMP capabilities of their devices off is that the
system can be used by hackers as a conduit for attacks. The Smurf attack is one such case.
The Smurf attack uses a reflector strategy. It doesn’t attack the target directly, but invokes other
computers and routers to send messages to the victim. The attacker works out the broadcast address used
on the network of the victim and then sends out an ICMP echo request (Ping). Each device on the network
will send an echo reply back to the router that hosts that broadcast IP address.
This attack only works on large networks. It effectively provokes a Distributed Denial of
Service (DDoS) attack from within the network, whereas most attacks are launched through remote
computers over the internet. The attack type can be prevented by turning off ICMP capabilities on the
gateway router or by filtering out the acceptance of requests carrying the network’s broadcast IP address
on packets coming into the network from a remote location.
Ping flood
A Ping flood is a DDoS strategy that overwhelms a target computer with ICMP echo requests. Some
implementations of Ping work better than other. For example, the attack is more effective if the Ping
command is launched with the “flood” option. However, this option is not available with all versions of
Ping – it is not a valid option on the version that is embedded into Windows, for example. The fact that
the flood option is not universal presents problems for hackers that want to direct remote computers
infected with a botnet controlling program to send out the Ping requests. As the flood option is rare, it is
probable that most of the devices in the botnet will be unable to launch the attack.
This attack strategy would have more success if the hacker ensured that all of the infected computers used
an attempt to launch the attack had the flood option available in their Ping implementations. One way to
ensure that would be to test computers before any attack and categorize a group that has the right form
of Ping, or to install a flood-enabled Ping on all computers that are infected by the botnet virus.

logixfirm
The simplest defense against a Ping flood is to turn off ICMP capabilities on the router. If you are
running a web server, then a web application firewall should protect you from Ping floods.
Ping of Death
The Ping of Death involves sending over-long ping request packets. The request will have a large
amount of filler on the end of it in the payload. As the datagram is too long for transmission, the Internet
Protocol processor will break up the string into chunks that are the size of the sender’s Maximum
Transmission Unit (MTU). The receiver will notice that this is an extra long packet that has been broken up
and try to reassemble the original, long packet before sending it on to its destination application. If the
length of the packet is more bytes than the size of available memory in the receiving computer, the attempt
to reassemble the packet will jam the computer.
Ping of Death is now a well-known attack type and so stateful firewalls and intrusion detection
systems can spot it and block it. As with any hacker trick that becomes known, its effectiveness is no
longer threatening. So, hackers have largely dropped the Ping of Death strategy in favor of the Ping flood.
ICMP tunnel
Routers only look at the headers of an ICMP packet, including the TCP/UDP header that might be behind
the ICMP data. So a normal packet with lots of data in it would be passed through just as long as it
had an ICMP section in it. This is potentially a backdoor for visitors to get around the authentication and
charging procedures of public networks. This is called an ICMP tunnel or Ping tunnel.
It isn’t possible to tunnel through gateways and firewalls just with the standard network Ping utility that
most people have on their computers. An ICMP tunnel would have to be programmed. This is also a
possible route into a network for a hacker. Unfortunately, for network administrators, there are a number
of free ICMP tunnel packages available for download from the internet.
As with the previous two types of ICMP attacks, Ping tunnels can be blocked by web application
firewalls, intrusion detection systems, or by simply blocking all ICMP activity at the network gateway.
Twinge attack
Twinge is a hacker attack program. It launches an ICMP flood to overwhelm a target computer. Although
all of the Ping requests that the target receives seem to have come from many different sources, they are all
actually from the same source, each with a fake source IP address in the header. Twinge is possibly just
a renamed Ping utility with the “flood” option implemented. It would make a very useful tool
for botnet owners to load up onto their zombie computers in order to launch Ping flood attacks.
Essentially, a Twinge flood is the same as a Ping flood and the solutions to protect a network from it are
the same as for the main category of DDoS attack via ICMP: turn off ICMP, install a web application

logixfirm
firewall or a stateful firewall, or install an intrusion detection system.
Path MTU discovery
The Maximum Transmission Unit (MTU) is a setting on network-compliant devices that dictates the
longest length of IP packets that the device should process. It is expressed in octets, which is an eight-
bit byte. The original MTU recommendation for the Internet Protocol was 576 octets. However, the
Ethernet standard recommends 1,500 octets and this has become the standard for all network and internet
devices.
It is possible to adjust the MTU settings on any router. So, if your packets pass through a router with a
lower MTU, each will be split into two IP packets. This slows down the delivery of your transfers
because the original packet has to be reassembled by the receiver before it can progress to Transport
Layer processing and then get passed on to the destination application.
It is also possible to specify in the IP header that splitting, which is called “fragmentation” should not be
performed on the packet. In this case, a router with an MTU that is smaller than the packet length will drop
the packet and then report back with an ICMP error notification. This error message would be of ICMP
type 3 (destination unreachable) subtype 4 (fragmentation required but “don’t fragment” flag is set).
A Path MTU discovery attempt gets around the problem of fragmented or dropped packets. If you can find
out the lowest MTU on the path that your transmission will take, you just need to set your own MTU down
to that size.
The discovery mechanism is implemented by the failure procedures outlined above. An IP packet goes out
to a destination with the payload padded to reach the sender’s MTU size and the “don’t fragment” flag
set. If that gets through, you shouldn’t have any problems with your connections to the destination that you
sent the test packet to. If the transmission provokes an ICMP error, then you would just try the test
repeatedly, reducing the packet length each time. With this, you will eventually send a packet that gets
through and the length of that packet will tell you the lowest MTU on the path to your destination.
Ping has an option to set the “don’t fragment” flag. However, this will only be effective if the Ping packet
is longer than the MTUs of the routers in its path. Ping doesn’t pad to your MTU size, so it doubtful that
a short Ping packet would ever get dropped.
The Linux-based IPutils package contains tracepath, which will perform path MTU discovery for you.
On Windows computers, you could check out the free mturoute utility.
ICMP world
The ICMP system is a very simple mechanism for reporting on transmission failure. However, it is
also one of the most powerful set of tools available to network administrators. The good news is

logixfirm
that ICMP is free and automatically available on any network-connected device. The bad news is
that ICMP can be used by hackers to form attacks or even sneak connections through firewalls.
The fact that ICMP can be used maliciously encourages a lot of risk-averse network administrators to turn
the messaging system off. This is a shame because it disables a lot of the very useful utilities that are
described in this guide.
If you run a network, and especially if you own a router that passes internet traffic, consider using stateful
firewalls and intrusion detection systems to block ICMP misuse instead of turning the messaging
protocol off completely. Investigate the settings and firmware features of your router to see whether it has
ICMP abuse resolution procedures that will allow you to continue operating ICMP on the device.
IP Addressing:
IP address is short for Internet Protocol (IP) address. An IP address is an identifier for a computer or
device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address
of the destination. Contrast with IP, which specifies the format of packets, also called datagrams, and the
addressing scheme.
The Format of an IP Address

The format of an IP address is a 32-bit numeric address written as four numbers separated by periods. Each
number can be zero to 255. For example, 1.160.10.240 could be an IP address.
Within an isolated network, you can assign IP addresses at random as long as each one is unique. However,
connecting a private network to the Internet requires using registered IP addresses (called Internet
addresses) to avoid duplicates.
Static Versus Dynamic IP Addresses

An IP address can be static or dynamic. A static IP address will never change and it is a permanent Internet
address. A dynamic IP address is a temporary address that is assigned each time a computer or device
accesses the Internet.
The four numbers in an IP address are used in different ways to identify a particular network and a host on
that network. Four regional Internet registries -- ARIN, RIPE NCC, LACNIC and APNIC-- assign Internet
addresses from the following three classes:
Class A- supports 16 million hosts on each of 126 networks
Class B- supports 65,000 hosts on each of 16,000 networks
Class C - supports 254 hosts on each of 2 million networks
The number of unassigned Internet addresses is running out, so a new classless scheme called CIDR is

logixfirm
gradually replacing the system based on classes A, B, and C and is tied to adoption of IPv6. In IPv6 the IP
address size is increased from 32 bits to 128 bits.
What is My IP Address?
To view your IP address you can use the ipconfig (IPCONFIG) command line tool. Ipconfig displays all
current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP)
and Domain Name System (DNS) settings.
To launch the command prompt from a Windows-based computer click: Start > All
Programs > Accessories > Command Prompt. Type ipconfig and press the Enter key.
You can also use Google search to find your IP address. Type "what is my IP address" as a search query
and Google will show the IP address of the computer from which the query was received as the top search
result.
Classful Addressing System

Different classes of IP addresses:-
Classes of IP addresses
TCP/IP defines five classes of IP addresses: class A, B, C, D, and E. Each class has a range of valid IP addresses.
The value of the first octet determines the class. IP addresses from the first three classes (A, B and C) can be
used for host addresses. The other two classes are used for other purposes – class D for multicast and class E
for experimental purposes.
The system of IP address classes was developed for the purpose of Internet IP addresses assignment. The
classes created were based on the network size. For example, for the small number of networks with a very
large number of hosts, the Class A was created. The Class C was created for numerous networks with small
number of hosts.
Classes of IP addresses are:
For the IP addresses from Class A, the first 8 bits (the first decimal number) represent the network part, while

logixfirm
the remaining 24 bits represent the host part. For Class B, the first 16 bits (the first two numbers) represent the
network part, while the remaining 16 bits represent the host part. For Class C, the first 24 bits represent the
network part, while the remaining 8 bits represent the host part.
Consider the following IP addresses:
• 10.50.120.7 – because this is a Class A address, the first number (10) represents the network part, while the
remainder of the address represents the host part (50.120.7). This means that, in order for devices to be on
the same network, the first number of their IP addresses has to be the same for both devices. In this case, a
device with the IP address of 10.47.8.4 is on the same network as the device with the IP address listed above.
The device with the IP address 11.5.4.3 is not on the same network, because the first number of its IP
address is different.
• 172.16.55.13 – because this is a Class B address, the first two numbers (172.16) represent the network part,
while the remainder of the address represents the host part (55.13). A device with the IP address of
172.16.254.3 is on the same network, while a device with the IP address of 172.55.54.74 isn’t.
NOTE
The system of network address ranges described here is generally bypassed today by use of the Classless
Inter-Domain Routing (CIDR) addressing.
Special IP address ranges that are used for special purposes are:
• 0.0.0.0/8 – addresses used to communicate with the local network

• 127.0.0.0/8 – loopback addresses
• 169.254.0.0/16 – link-local addresses (APIPA)
Types of IP addresses
The IP addresses are divided into three different types, based on their operational characteristics:
1. unicast IP addresses – an address of a single interface. The IP addresses of this type are used for one-to-one
communication. Unicast IP addresses are used to direct packets to a specific host. Here is an example:
In the picture above you can see that the host wants to communicate with the server. It uses the (unicast) IP

logixfirm
address of the server (192.168.0.150) to do so.
2. multicast IP addresses – used for one-to-many communication. Multicast messages are sent to IP multicast
group addresses. Routers forward copies of the packet out to every interface that has hosts subscribed to that
group address. Only the hosts that need to receive the message will process the packets. All other hosts on the
LAN will discard them. Here is an example:
R1 has sent a multicast packet destined for 224.0.0.9. This is an RIPv2 packet, and only routers on the network
should read it. R2 will receive the packet and read it. All other hosts on the LAN will discard the packet.
3. broadcast IP addresses – used to send data to all possible destinations in the broadcast domain (the one-
to-everybody communication). The broadcast address for a network has all host bits on. For example, for the
network 192.168.30.0 255.255.255.0 the broadcast address would be 192.168.0.255. Also, the IP address of
all 1’s (255.255.255.255) can be used for local broadcast. Here’s an example:

logixfirm
R1 wants to communicate with all hosts on the network and has sent a broadcast packet to the broadcast IP
address of 192.168.30.255. All hosts in the same broadcast domain will receive and process the packet.
Sub-netting for an internet work:-
Subnetting explained
Subnetting is the practice of dividing a network into two or more smaller networks. It increases routing
efficiency, enhances the security of the network and reduces the size of the broadcast domain.
Consider the following example:

logixfirm
In the picture above we have one huge network: 10.0.0.0/24. All hosts on the network are in the same subnet,
which has following disadvantages:
• a single broadcast domain – all hosts are in the same broadcast domain. A broadcast sent by any device
on the network will be processed by all hosts, creating lots of unnecessary traffic.
• network security – each device can reach any other device on the network, which can present security
problems. For example, a server containing sensitive information shouldn’t be in the same network as an
user workstation.
• organizational problems – in a large networks, different departments are usually grouped into different
subnets. For example, you can group all devices from the Accounting department in the same subnet and
then give access to sensitive financial data only to hosts from that subnet.
The network above could be subnetted like this:

logixfirm
Now, two subnets were created for different departments: 10.0.0.0/24 for Accounting and 10.1.0.0/24 for
Marketing. Devices in each subnet are now in a different broadcast domain. This will reduce the amount of
traffic flowing on the network and allow us to implement packet filtering on the router.
Subnet mask
An IP address is divided into two parts: network and host parts. For example, an IP class A address consists of 8
bits identifying the network and 24 bits identifying the host. This is because the default subnet mask for a class
A IP address is 8 bits long. (or, written in dotted decimal notation, 255.0.0.0). What does it mean? Well, like an IP
address, a subnet mask also consists of 32 bits. Computers use it to determine the network part and the host
part of an address. The 1s in the subnet mask represent a network part, the 0s a host part.
Computers works only with bits. The math used to determine a network range is binary AND.

logixfirm
Let’s say that we have the IP address of 10.0.0.1 with the default subnet mask of 8 bits (255.0.0.0).
First, we need to convert the IP address to binary:
IP address: 10.0.0.1 = 00001010.00000000.00000000.00000001

Subnet mask 255.0.0.0 = 11111111.00000000.00000000.0000000
Computers then use the AND operation to determine the network number:
The computer can then determine the size of the network. Only IP addresses that begins with 10 will be in the
same network. So, in this case, the range of addresses in this network is 10.0.0.0 – 10.255.255.255.
NOTE
A subnet mask must always be a series of 1s followed by a series of 0s.
Create subnets
There are a couple of ways to create subnets. In this article we will subnet a class C address 192.168.0.0 that, by
default, has 24 subnet bits and 8 host bits.
Before we start subnetting, we have to ask ourselves these two questions:
1. How many subnets do we need?
2x = number of subnets. x is the number of 1s in the subnet mask. With 1 subnet bit, we can have 21 or 2
subnets. With 2 bits, 22 or 4 subnets, with 3 bits, 23 or 8 subnets, etc.
2. How many hosts per subnet do we need?
2y – 2 = number of hosts per subnet. y is the number of 0s in the subnet mask.
Subnetting example
An example will help you understand the subnetting concept. Let’s say that we need to subnet a class C
address 192.168.0.0/24. We need two subnets with 50 hosts per subnet. Here is our calculation:
1. Since we need only two subnets, we need 21 subnet bits. In our case, this means that we will take one bit from
the host part. Here is the calculation:
First, we have a class C address 192.168.0.0 with the subnet mask of 24. Let’s convert them to binary:
192.168.0.0 = 11000000.10101000.00000000.00000000
255.255.255.0 = 11111111.11111111.11111111.00000000
Logixfirm network fundamental Page

100
logixfirm
We need to take covert a single zero from the host part of the subnet mask. Here is our new subnet mask:
255.255.255.128 = 11111111.11111111.11111111.10000000
Remember, the ones in the subnet mask represent the network.
2. We need 50 hosts per subnet. Since we took one bit from the host part, we are left with seven bits for the hosts. Is it
enough for 50 hosts? The formula to calculate the number of hosts is 2y – 2, with y representing the number of host bits.
Since 27 – 2 is 126, we have more than enough bits for our hosts.
3. Our network will look like this:
192.168.0.0/25 – the first subnet has the subnet number of 192.168.0.0. The range of IP addresses in this subnet
is 192.168.0.0 – 192.168.0.127.
192.168.0.128/25 – the second subnet has the subnet number of 192.168.0.128. The range of IP addresses in this subnet
is 192.168.0.128 – 192.168.0.255.
Classless Addressing:-
Classless Addressing-
• Classless Addressing is an improved IP Addressing system.

• It makes the allocation of IP Addresses more efficient.
• It replaces the older classful addressing system based on classes.
• It is also known as Classless Inter Domain Routing (CIDR).
CIDR Block-
When a user asks for specific number of IP Addresses,
• CIDR dynamically assigns a block of IP Addresses based on certain rules.

• This block contains the required number of IP Addresses as demanded by the user.
• This block of IP Addresses is called as a CIDR block.
Rules For Creating CIDR Block-
A CIDR block is created based on the following 3 rules-
Rule-01:
• All the IP Addresses in the CIDR block must be contiguous.
Rule-02:
• The size of the block must be presentable as power of 2.

• Size of the block is the total number of IP Addresses contained in the block.
• Size of any CIDR block will always be in the form 21, 22, 23, 24, 25 and so on.

101
logixfirm
Rule-03:
• First IP Address of the block must be divisible by the size of the block.
REMEMBER
If any binary pattern consisting of (m + n) bits is divided by 2n, then-
• Remainder is least significant n bits

• Quotient is most significant m bits
So, any binary pattern is divisible by 2n, if and only if its least significant n bits are 0.
Examples-
Consider a binary pattern-

01100100.00000001.00000010.01000000
(represented as 100.1.2.64)
• It is divisible by 25 since its least significant 5 bits are zero.

• It is divisible by 26 since its least significant 6 bits are zero.
• It is not divisible by 27 since its least significant 7 bits are not zero.
CIDR Notation-
CIDR IP Addresses look like-
a.b.c.d / n
• They end with a slash followed by a number called as IP network prefix.

• IP network prefix tells the number of bits used for the identification of network.
• Remaining bits are used for the identification of hosts in the network.
Example-
An example of CIDR IP Address is-

182.0.1.2 / 28
It suggests-
• 28 bits are used for the identification of network.

• Remaining 4 bits are used for the identification of hosts in the network.

102
logixfirm
CIDR (Classless inter-domain routing)

CIDR (Classless inter-domain routing) is a method of public IP address assignment. It was introduced in 1993
by Internet Engineering Task Force with the following goals:
• to deal with the IPv4 address exhaustion problem

• to slow down the growth of routing tables on Internet routers
Before CIDR, public IP addresses were assigned based on the class boundaries:
• Class A – the classful subnet mask is /8. The number of possible IP addresses is 16,777,216 (2 to the power
of 24).
• Class B – the classful subnet mask is /16. The number of addresses is 65,536
• Class C – the classful subnet mask is /24. Only 256 addresses available.
Some organizations were known to have gotten an entire Class A public IP address (for example, IBM got all the
addresses in the 9.0.0.0/8 range). Since these addresses can’t be assigned to other companies, there was a
shortage of available IPv4 addresses. Also, since IBM probably didn’t need more than 16 million IP addresses, a
lot of addresses were unused.
To combat this, the classful network scheme of allocating the IP address was abandoned. The new system was
classsless – a classful network was split into multiple smaller networks. For example, if a company needs 12
public IP addresses, it would get something like this: 190.5.4.16/28.
The number of usable IP addresses can be calculated with the following formula:
2 to the power of host bits – 2
In the example above, the company got 14 usable IP addresses from the 190.5.4.16 – 190.5.4.32 range because
there are 4 host bits and 2 to the power of 4 minus 2 is 14 The first and the last address are the network
address and the broadcast address,,respectively. All other addresses inside the range could be assigned to
Internet hosts.
Comparative study of IPv4 & IPv6.

103
logixfirm
Differences between IPv4 and IPv6

The following table summarizes the major differences between IPv4 and IPv6:
Internet Protocol Version 4-
• IPv4 short for Internet Protocol Version 4 is the fourth version of the Internet Protocol (IP).
• IP is responsible to deliver data packets from the source host to the destination host.
• This delivery is solely based on the IP Addresses in the packet headers.
• IPv4 is the first major version of IP.
• IPv4 is a connectionless protocol for use on packet-switched networks.
IPv4 Header-
The following diagram represents the IPv4 header-

104
logixfirm
Let us discuss each field of IPv4 header one by one.
1. Version-
• Version is a 4 bit field that indicates the IP version used.

• The most popularly used IP versions are version-4 (IPv4) and version-6 (IPv6).
• Only IPv4 uses the above header.
• So, this field always contains the decimal value 4.
NOTES
It is important to note-
• Datagrams belonging to different versions have different structures.

• So, they are parsed differently.
• IPv4 datagrams are parsed by version-4 parsers.
• IPv6 datagrams are parsed by version-6 parsers.

105
logixfirm
2. Header Length-
• Header length is a 4 bit field that contains the length of the IP header.
• It helps in knowing from where the actual data begins.
Minimum And Maximum Header Length-
The length of IP header always lies in the range-

[20 bytes , 60 bytes]
• The initial 5 rows of the IP header are always used.

• So, minimum length of IP header = 5 x 4 bytes = 20 bytes.
• The size of the 6th row representing the Options field vary.
• The size of Options field can go up to 40 bytes.
• So, maximum length of IP header = 20 bytes + 40 bytes = 60 bytes.
Concept of Scaling Factor-
• Header length is a 4 bit field.

• So, the range of decimal values that can be represented is [0, 15].
• But the range of header length is [20, 60].
• So, to represent the header length, we use a scaling factor of 4.
In general,
Header length = Header length field value x 4 bytes
Examples-
• If header length field contains decimal value 5 (represented as 0101), then-

Header length = 5 x 4 = 20 bytes



106
logixfirm
NOTES
• Header length and Header length field value are two different things.
• The range of header length field value is always [5, 15].
• The range of header length is always [20, 60].
While solving questions-
• If the given value lies in the range [5, 15] then it must be the header length field value.
• This is because the range of header length is always [20, 60].
3. Type Of Service-
• Type of service is a 8 bit field that is used for Quality of Service (QoS).
• The datagram is marked for giving a certain treatment using this field.
4. Total Length-
• Total length is a 16 bit field that contains the total length of the datagram (in bytes).
Total length = Header length + Payload length
• Minimum total length of datagram = 20 bytes (20 bytes header + 0 bytes data)
• Maximum total length of datagram = Maximum value of 16 bit word = 65535 bytes
5. Identification-
• Identification is a 16 bit field.

• It is used for the identification of the fragments of an original IP datagram.
When an IP datagram is fragmented,
• Each fragmented datagram is assigned the same identification number.

• This number is useful during the re assembly of fragmented datagrams.
• It helps to identify to which IP datagram, the fragmented datagram belongs to.
6. DF Bit-
• DF bit stands for Do Not Fragment bit.

• Its value may be 0 or 1.
When DF bit is set to 0,
• It grants the permission to the intermediate devices to fragment the datagram if required.

107
logixfirm
When DF bit is set to 1,
• It indicates the intermediate devices not to fragment the IP datagram at any cost.
• If network requires the datagram to be fragmented to travel further but settings does not allow its fragmentation, then it is
discarded.
• An error message is sent to the sender saying that the datagram has been discarded due to its settings.
7. MF Bit-
• MF bit stands for More Fragments bit.

• Its value may be 0 or 1.
When MF bit is set to 0,
• It indicates to the receiver that the current datagram is either the last fragment in the set or that it is the only fragment.
When MF bit is set to 1,
• It indicates to the receiver that the current datagram is a fragment of some larger datagram.
• More fragments are following.
• MF bit is set to 1 on all the fragments except the last one.
8. Fragment Offset-
• Fragment Offset is a 13 bit field.

• It indicates the position of a fragmented datagram in the original unfragmented IP datagram.
• The first fragmented datagram has a fragment offset of zero.
Fragment offset for a given fragmented datagram

= Number of data bytes ahead of it in the original unfragmented datagram
Concept Of Scaling Factor-
• We use a scaling factor of 8 for the fragment offset.

• Fragment offset field value = Fragment Offset / 8

108
logixfirm
Need Of Scaling Factor For Fragment Offset
• In IPv4 header, the total length field comprises of 16 bits.

• Total length = Header length + Payload length.
• Minimum header length = 20 bytes.
• So, maximum amount of data that can be sent in the payload field = 216 – 20 bytes.
• In worst case, a datagram containing 216 – 20 bytes of data might be fragmented in such a way
that the last fragmented datagram contains only 1 byte of data.
• Then, fragment offset for the last fragmented datagram will be (216 – 20) – 1 = 216 -21 ≅ 216
(if no scaling factor is used)
• Now, this fragment offset value of 216 can not be represented.

• This is because the fragment offset field consists of only 13 bits.
• Using 13 bits, a maximum number of 213 can be represented.
• So, to represent 216 we use the concept of scaling factor.
• Scaling factor = 216 / 213 = 23 = 8.
9. Time To Live-
• Time to live (TTL) is a 8 bit field.

• It indicates the maximum number of hops a datagram can take to reach the destination.
• The main purpose of TTL is to prevent the IP datagrams from looping around forever in a routing loop.
The value of TTL is decremented by 1 when-
• Datagram takes a hop to any intermediate device having network layer.

• Datagram takes a hop to the destination.
If the value of TTL becomes zero before reaching the destination, then datagram is discarded.
NOTES
• Both intermediate devices having network layer and destination decrements the TTL value by 1.
• If the value of TTL is found to be zero at any intermediate device, then the datagram is discarded.
• So, at any intermediate device, the value of TTL must be greater than zero to proceed further.
• If the value of TTL becomes zero at the destination, then the datagram is accepted.
• So, at the destination, the value of TTL may be greater than or equal to zero.
10. Protocol-
• Protocol is a 8 bit field.

• It tells the network layer at the destination host to which protocol the IP datagram belongs to.
• In other words, it tells the next level protocol to the network layer at the destination side.
• Protocol number of ICMP is 1, IGMP is 2, TCP is 6 and UDP is 17.

109
logixfirm
Why Protocol Number Is A Part Of IP Header?
Consider-
• An IP datagram is sent by the sender to the receiver.

• When datagram reaches at the router, it’s buffer is already full.
In such a case,
• Router does not discard the datagram directly.

• Before discarding, router checks the next level protocol number mentioned in its IP header.
• If the datagram belongs to TCP, then it tries to make room for the datagram in its buffer.
• It creates a room by eliminating one of the datagrams having lower priority.
• This is because it knows that TCP is a reliable protocol and if it discards the datagram, then it will
be sent again by the sender.
• The order in which router eliminate the datagrams from its buffer is-
ICMP > IGMP > UDP > TCP
If protocol number would have been inside the datagram, then-
• Router could not look into it.

• This is because router has only three layers- physical layer, data link layer and network layer.
That is why, protocol number is made a part of IP header.
NOTE
• Computation of header checksum includes IP header only.

• Errors in the data field are handled by the encapsulated protocol.
Checksum
12. Source IP Address-
• Source IP Address is a 32 bit field.

• It contains the logical address of the sender of the datagram.
13. Destination IP Address-
• Destination IP Address is a 32 bit field.

• It contains the logical address of the receiver of the datagram.
14. Options-
• Options is a field whose size vary from 0 bytes to 40 bytes.

110
logixfirm
• This field is used for several purposes such as-

1. Record route
2. Source routing
3. Padding
1. Record Route-
• A record route option is used to record the IP Address of the routers through which the datagram passes on its way.
• When record route option is set in the options field, IP Address of the router gets recorded in the Options field.
NOTE
The maximum number of IPv4 router addresses that can be recorded in the
Record Route option field of an IPv4 header is 9.
Explanation-
• In IPv4, size of IP Addresses = 32 bits = 4 bytes.

• Maximum size of Options field = 40 bytes.
• So, it seems maximum number of IP Addresses that can be recorded = 40 / 4 = 10.
• But some space is required to indicate the type of option being used.
• Also, some space is to be left between the IP Addresses.
• So, the space of 4 bytes is left for this purpose.
• Therefore, the maximum number of IP addresses that can be recorded = 9.
2. Source Routing-
• A source routing option is used to specify the route that the datagram must take to reach the destination.
• This option is generally used to check whether a certain path is working fine or not.
• Source routing may be loose or strict.
3. Padding-
• Addition of dummy data to fill up unused space in the transmission unit and make it conform to the standard size is
called as padding.
• Options field is used for padding.
Example-
• When header length is not a multiple of 4, extra zeroes are padded in the Options field.
• By doing so, header length becomes a multiple of 4.

111
logixfirm
• If header length = 30 bytes, 2 bytes of dummy data is added to the header.

• This makes header length = 32 bytes.
• Then, the value 32 / 4 = 8 is put in the header length field.
• In worst case, 3 bytes of dummy data might have to be padded to make the header length a multiple of 4.
What is IPv6?
IPv6 is the newest version of the IP protocol. IPv6 was developed to overcome many deficiencies of IPv4, most
notably the problem of IPv4 address exhaustion. Unlike IPv4, which has only about 4.3 billion (2 raised to power
32) available addresses, IPv6 allows for 3.4 × 10 raised to power 38 addresses.
IPv6 features
Here is a list of the most important features of IPv6:
• Large address space: IPv6 uses 128-bit addresses, which means that for each person on the Earth there are
48,000,000,000,000,000,000,000,000,000 addresses!
• Enhanced security: IPSec (Internet Protocol Security) is built into IPv6 as part of the protocol . This means
that two devices can dynamically create a secure tunnel without user intervention.
• Header improvements: the packed header used in IPv6 is simpler than the one used in IPv4. The IPv6
header is not protected by a checksum so routers do not need to calculate a checksum for every packet.
• No need for NAT: since every device has a globally unique IPv6 address, there is no need for NAT.
• Stateless address autoconfiguration: IPv6 devices can automatically configure themselves with an IPv6
address.
IPv6 address format

Unlike IPv4, which uses a dotted-decimal format with each byte ranges from 0 to 255, IPv6 uses eight groups of
four hexadecimal digits separated by colons. For example, this is a valid IPv6 address:
2340:0023:AABA:0A01:0055:5054:9ABC:ABB0
If you don’t know how to convert hexadecimal number to binary, here is a table that will help you do the
conversion:
IPv6 address shortening
The IPv6 address given above looks daunting, right? Well, there are two conventions that can help you shorten
what must be typed for an IP address:
1. a leading zero can be omitted
For example, the address listed above (2340:0023:AABA:0A01:0055:5054:9ABC:ABB0) can be shortened

to 2340:23:AABA:A01:55:5054:9ABC:ABB0

112
logixfirm
2. successive fields of zeroes can be represented as two colons (::)
For example, 2340:0000:0000:0000:0455:0000:AAAB:1121 can be written as 2340::0455:0000:AAAB:1121
NOTE
You can shorten an address this way only for one such occurrence. The reason is obvious – if you had more
than occurence of double colon you wouldn’t know how many sets of zeroes were being omitted from each
part.
Here is a couple of more examples that can help you grasp the concept of IPv6 address shortening:
Long version: 1454:0045:0000:0000:4140:0141:0055:ABBB

Shortened version: 1454:45::4140:141:55:ABBB
Long version: 0000:0000:0001:AAAA:BBBC:A222:BBBA:0001

Shortened version: ::1:AAAA:BBBC:A222:BBBA:1
Types of IPv6 addresses

Three categories of IPv6 addresses exist:
• Unicast – represents a single interface. Packets addressed to a unicast address are delivered to a single
interface.
• Anycast – identifies one or more interfaces. For example, servers that support the same function can use
the same unicast IP address. Packets sent to that IP address are forwarded to the nearest server. Anycast
addresses are used for load-balancing. Known as “one-to-nearest” address.
• Multicast – represent a dynamic group of hosts. Packets sent to this address are delivered to many
interfaces. Multicast addresses in IPv6 have a similar purpose as their counterparts in IPv4.
NOTE
IPv6 doesn’t use the broadcast method. It has been replaced with anycast and multicast addresses.
IPv6 unicast addresses

Unicast addresses represent a single interface. Packets addressed to a unicast address will be delivered to a
specific network interface.
There are three types of IPv6 unicast addresses:
• global unicast – similar to IPv4 public IP addresses. These addresses are assigned by the IANA and used on
public networks. They have a prefix of 2000::/3, (all the addresses that begin with binary 001).
• unique local – similar to IPv4 private addresses. They are used in private networks and aren’t routable on
the Internet. These addresses have a prefix of FD00::/8.
• link local – these addresses are used for sending packets over the local subnet. Routers do not
forward packets with this addresses to other subnets. IPv6 requires a link-local address to be assigned to
every network interface on which the IPv6 protocol is enabled. These addresses have a prefix of FE80::/10.
Let’s describe each of the IPv6 unicast address type in more detail.

113
logixfirm
IPv6 global unicast addresses

IPv6 global addresses are similar to IPv4 public addresses. As the name implies, they are routable on the
internet. Currently IANA has assigned only 2000::/3 addresses to the global pool.
A global IPv6 address consists of two parts:
• subnet ID – 64 bits long. Contains the site prefix (obtained from a Regional Internet Registry) and the
subnet ID (subnets within the site).
• interface ID – 64 bits long. typically composed of a part of the MAC address of the interface.
Here is a graphical representation of the two parts of an global IPv6 address:
IPv6 unique local addresses

Unique local IPv6 addresses have the similar function as IPv4 private addresses. They are not allocated by an
address registry and are not meant to be routed outside their domain. Unique local IPv6 addresses begin
with FD00::/8.
A unique local IPv6 address is constructed by appending a randomly generated 40-bit hexadecimal string to the
FD00::/8 prefix. The subnet field and interface ID are created in the same way as with global IPv6 addresses.
A graphical representation of an unique local IPv6 address:
NOTE
The original IPv6 RFCs defined a private address class called site local. This class has been deprecated and
replaced with unique local addresses.
IPv6 link-local addresses
Link-local IPv6 addresses have a smaller scope as to how far they can travel: only within a network segment that
a host is connected to. Routers will not forward packets destined to a link-local address to other links. A link-
local IPv6 address must be assigned to every network interface on which the IPv6 protocol is enabled. A host
can automatically derive its own link local IP address or the address can be manually configured.
Link-local addresses have a prefix of FE80::/10. They are mostly used for auto-address configuration and
neighbour discovery.
Here is a graphical representation of a link local IPv6 address:
IPv6 multicast addresses

Multicast addresses in IPv6 are similar to multicast addresses in IPv4. They are used to communicate with dynamic
groupings of hosts, for example all routers on the link (one-to-many distribution).

114
logixfirm
Here is a graphical representation of the IPv6 multicast packet:
IPv6 multicast addresses start with FF00::/8. After the first 8 bits there are 4 bits which represent the flag fields that
indicate the nature of specific multicast addresses. Next 4 bits indicate the scope of the IPv6 network for which the
multicast traffic is intended. Routers use the scope field to determine whether multicast traffic can be forwarded. The
remaining 112 bits of the address make up the multicast Group ID.
Some of the possible scope values are:
1 – interface-local
2 – link-local
4 – admin-local
5 – site-local
8 – organization-local
E – global
For example, the addresses that begin with FF02::/16 are multicast addresses intended to stay on the local link.
The following table lists of some of the most common link local multicast addresses:
IPv6 address prefixes

Here is a summary of the most common address prefixes in IPv6:
IPv6 interface identifier

The second part of an IPv6 unicast or anycast address is typically a 64-bit interface identifier used to identify a
host’s network interface. A 64-bit interface ID is created by inserting the hex value of FFFE in the middle of the
MAC address of the network card. Also, the 7th Bit in the first byte is flipped to a binary 1 (if the 7th bit is set to
0 it means that the MAC address is a burned-in MAC address). When this is done, the interface ID is commonly
called the modified extended unique identifier 64 (EUI-64).
For example, if the MAC address of a nework card is 00:BB:CC:DD:11:22 the interface ID would be
02BBCCFFFEDD1122.
Why is that so?

Well, first we need to flip the seventh bit from 0 to 1. MAC addresses are in hex format. The binary format of the
MAC address looks like this:

115
logixfirm
hex 00BBCCDD1122 IPv6 transition options

IPv4 and IPv6 networks are not interoperable and the number of devices that use IPv4 number is still large.
Some of these devices do not support IPv6 at all, so the migration process is necessary since IPv4 and IPv6 will
likely coexist for some time.
Many transition mechanisms have been proposes.
1. IPv4/IPv6 Dual Stacks – each device on the network is configured with both an IPv4 and IPv6
address. When two devices want to communicate, they first agree on which IP version to use.
2. NAT64 – creates mapping between two address types. e.g. by mapping multiple IPv6 addresses to one IPv4
address.
3. Tunneling – Pv4 packets are tunneled over IPv6 infrastructure or vice versa.
NOTE
Some methods of the IPv4-IPV6 transition have been deprecated, but they are still mentioned in the older
books. Some of these methods are NAT-PT and NAPT-PT.
binary 0000 0000 1011 1011 1100 1100 1101 1101 0001 0001 0010 0010
We need to flip the seventh bit:

binary 0000 0010 1011 1011 1100 1100 1101 1101 0001 0001 0010 0010
Now we have this address in hex:

hex 02BBCCDD1122
Next we need to insert FFFD in the middle of the address listed above:
hex 02BBCCFFFEDD1122
So, the interface ID is now 02BB:CCFF:FEDD:1122.
Another example, this time with the MAC address of 00000C432A35.
1. Convert to binary and flip the seventh bit to one:
binary: 0000 0010 0000 0000 0000 1100 0100 0011 0010 1010 0011 0101
2. Convert back to hex:
hex: 02000C432A35
3. Insert FFFT in the middle:
interface ID: 02000CFFFE432A35
IPv6 routing protocols

Like IPv4, IPv6 also supports routing protocols that enable routers to exchange information about connected
networks. IPv6 routing protocols can be internal (RIPng, EIGRP for IPv6…) and external (BGP).
As with IPv4, IPv6 routing protocols can be distance vector and link-state. An example of a distance vector
protocol is RIPng with hop count as the metric. An example of a link-state routing protocol is OSPF with cost as
the metric.

116
logixfirm
IPv6 supports the following routing protocols:
• RIPng (RIP New Generation)

• OSPFv3
• EIGRP for IPv6
• IS-IS for IPv6
• MP-BGP4 (Multiprotocol BGP-4)
How to configure IPv6

Cisco routers do not have IPv6 routing enabled by default. To configure IPv6 on a Cisco routers, you need to do
two things:
1. enable IPv6 routing on a Cisco router using the ipv6 unicast-routing global configuration command. This
command globally enables IPv6 and must be the first command executed on the router.
2. configure the IPv6 global unicast address on an interface using the ipv6 address address/prefix-length [eui-
64] command. If you omit omit the eui-64 parameter, you will need to configure the entire address
manually. After you enter this command, the link local address will be automatically derived.
Here is an IPv6 configuration example:

R1(config)#ipv6 unicast-routing
R1(config)#int Gi0/0
R1(config-if)#ipv6 address 2001:0BB9:AABB:1234::/64 eui-64
We can verify that the IPv6 address has been configured by using the show ipv6 interface Gi0/0 command:
R1#show ipv6 interface Gi0/0
GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::201:42FF:FE65:3E01
No Virtual link-local address(es):
Global unicast address(es):
2001:BB9:AABB:1234:201:42FF:FE65:3E01, subnet is 2001:BB9:AABB:1234::/64 [EUI]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF65:3E01
MTU is 1500 bytes
....
From the output above we can verify two things:

117
logixfirm
1. the link local IPv6 address has been automatically configured. Link local IP addresses begin with FE80::/10
and the interface ID is used for the rest of the address. Because the MAC address of the interface
is 00:01:42:65:3E01, the calculated address is FE80::201:42FF:FE65:3E01.
2. the global IPv6 address has been created using the modified EUI-64 method. Remember that IPv6 global
addresses begin with 2000::/3. So in our case, the IPv6 global address
is 2001:BB9:AABB:1234:201:42FF:FE65:3E01.
We will also create an IPv6 address on another router. This time we will enter the whole address:
R2(config-if)#ipv6 address 2001:0BB9:AABB:1234:1111:2222:3333:4444/64
Notice that the IPv6 address is in the same subnet as the one configured on R1 (2001:0BB9:AABB:1234/64).
We can test the connectivity between the devices using ping for IPv6:
R1#ping ipv6 2001:0BB9:AABB:1234:1111:2222:3333:4444
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:0BB9:AABB:1234:1111:2222:3333:4444, timeout is

2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
As you can see from the output above, the devices can communicate with each other.
Introduction to Router Configuration:-
What is IP routing?
IP routing is the process of sending packets from a host on one network to another host on a different remote
network. This process is usually done by routers. Routers examine the destination IP address of a packet ,
determine the next-hop address, and forward the packet. Routers use routing tables to determine a next hop
address to which the packet should be forwarded.
Consider the following example of IP routing:
Host A wants to communicate with host B, but host B is on another network. Host A is configured to send all
packets destined for remote networks to router R1. Router R1 receives the packets, examines the destination IP
address and forwards the packet to the outgoing interface associated with the destination network.

118
logixfirm
Default gateway
A default gateway is a router that hosts use to communicate with other hosts on remote networks. A default
gateway is used when a host doesn’t have a route entry for the specific remote network and doesn’t know how
to reach that network. Hosts can be configured to send all packets destined to remote networks to a default
gateway, which has a route to reach that network.
The following example explains the concept of a default gateway more thoroughly.
Host A has an IP address of the router R1 configured as the default gateway address. Host A is trying to
communicate with host B, a host on another, remote network. Host A looks up in its routing table to check if
there is an entry for that destination network. If the entry is not found, the host sends all data to the router R1.
Router R1 receives the packets and forwards them to host B.
Routing table
Each router maintains a routing table and stores it in RAM. A routing table is used by routers to determine the
path to the destination network. Each routing table consists of the following entries:
• network destination and subnet mask – specifies a range of IP addresses.

• remote router – IP address of the router used to reach that network.
• outgoing interface – outgoing interface the packet should go out to reach the destination network.
There are three different methods for populating a routing table:
• directly connected subnets

• using static routing
• using dynamic routing
Each of this method will be described in the following chapters.
Consider the following example. Host A wants to communicate with host B, but host B is on another network.
Host A is configured to send all packets destined for remote networks to the router. The router receives the
packets, checks the routing table to see if it has an entry for the destination address. If it does, the router
forwards the packet out the appropriate interface port. If the router doesn’t find the entry, it discards the
packet.

119
logixfirm
We can use the show ip route command from the enabled mode to display the router’s routing table.
As you can see from the output above, this router has two directly connected routes to the subnets 10.0.0.0/8
and 192.168.0.0/24. The character C in the routing table indicates that a route is a directly connected route. So
when host A sends the packet to host B, the router will look up into its routing table and find the route to the
10.0.0.0/8 network on which host B resides. The router will then use that route to route packets received from
host A to host B.
Connected, static & dynamic routes

Let’s explain the types of routes that can be found in a router’s routing table.
Connected routes
Subnets directly connected to a router’s interface are added to the router’s routing table. Interface has to have
an IP address configured and both interface status codes must be in the up and up state. A router will be able
to route all packets destined for all hosts in subnets directly connected to its active interfaces.
Consider the following example. The router has two active interfaces, Fa0/0 and Fa0/1. Each interface has been
configured with an IP address and is currently in the up-up state, so the router adds these subnets to its routing
table.

120
logixfirm
As you can see from the output above, the router has two directly connected routes to the subnets 10.0.0.0/8
and 192.168.0.0/24. The character C in the routing table indicates that a route is a directly connected route.
NOTE
You can see only connected routes in a router’s routing table by typing the show ip route connected command.
Static routes
By adding static routes, a router can learn a route to a remote network that is not directly connected to one of
its interfaces. Static routes are configured manually by typing the global configuration mode command ip route
DESTINATION_NETWORK SUBNET_MASK NEXT_HOP_IP_ADDRESS. This type of configuration is usually used in
smaller networks because of scalability reasons (you have to configure each route on each router).
A simple example will help you understand the concept of static routes.
Router A is directly connected to router B. Router B is directly connected to the subnet 10.0.1.0/24. Since that
subnet is not directly connected to Router A, the router doesn’t know how to route packets destined for that
subnet. However. you can configure that route manually on router A.
First, consider the router A’s routing table before we add the static route:

121
logixfirm
Now, we’ll use the static route command to configure router A to reach the subnet 10.0.0.0/24. The router now
has the route to reach the subnet.
The character S in the routing table indicates that a route is a statically configured route.
Another version of the ip route command exists. You don’t have to specify the next-hop IP address. You can
rather specify the exit interface of the local router. In the example above we could have typed the ip route
DEST_NETWORK NEXT_HOP_INTERFACE command to instruct router A to send all traffic destined for the subnet
out the right interface. In our case, the command would be ip route 10.0.0.0 255.255.255.0 Fa0/0.
Dynamic routes
A router can learn dynamic routes if a routing protocol is enabled. A routing protocol is used by routers to
exchange routing information with each other. Every router in the network can then use information to build its
routing table. A routing protocol can dynamicaly choose a different route if a link goes down, so this type of
routing is fault-tolerant. Also, unlike with static routing, there is no need to manually configure every route on
every router, which greatly reduces the administrative overhead. You only need to define which routes will be
advertised on a router that connect directly to the corresponding subnets – routing protocols take care of the
rest.
The disadvantage of dynamic routing is that it increases memory and CPU usage on a router, because every
router has to process received routing information and calculate its routing table.
To better understand the advantages that dynamic routing procotols bring, consider the following example:

122
logixfirm
Both routers are running a routing protocol, namely EIGRP. There is no static routes on Router A, so R1 doesn’t
know how to reach the subnet 10.0.0.0/24 that is directly connected to Router B. Router B then advertises the
subnet to Router A using EIGRP. Now Router A has the route to reach the subnet. This can be verified by typing
the show ip route command:
You can see that Router A has learned the subnet from EIGRP. The letter D in front of the route indicates that
the route has been learned through EIGRP. If the subnet 10.0.0.0/24 fails, Router B can immediately inform
Router A that the subnet is no longer reachable.
Administrative distance & metric

Administrative distance
A network can use more than one routing protocol, and routers on the network can learn about a route from
multiple sources. Routers need to find a way to select a better path when there are multiple paths available.
Administrative distance number is used by routers to find out which route is better (lower number is better). For
example, if the same route is learned from RIP and EIGRP, a Cisco router will choose the EIGRP route and stores
it in the routing table. This is because EIGRP routes have (by default) the administrative distance of 90, while RIP
route have a higher administrative distance of 120.
You can display the administrative distance of all routes on your router by typing the show ip route command:
In the case above, the router has only a single route in its routing table learned from a dynamic routing
protocols – the EIGRP route.

123
logixfirm
The following table lists the administrative distance default values:
Metric
If a router learns two different paths for the same network from the same routing protocol, it has to decide
which route is better and will be placed in the routing table. Metric is the measure used to decide which route is
better (lower number is better). Each routing protocol uses its own metric. For example, RIP uses hop counts as
a metric, while OSPF uses cost.
The following example explains the way RIP calculates its metric and why it chooses one path over another.
RIP has been configured on all routers. Router 1 has two paths to reach the subnet 10.0.0.0/24. One path is
goes through Router 2, while the other path goes through Router 3 and then Router 4. Because RIP uses the
hop count as its metric, the path through Router 1 will be used to reach the 10.0.0.0/24 subnet. This is because
that subnet is only one router away on the path. The other path will have a higher metric of 2, because the
subnet is two routers away.
NOTE
The example above can be used to illustrate a disadvantage of using RIP as a routing protocol. Imagine if the
first path through R2 was the 56k modem link, while the other path (R3-R4) is a high speed WAN link. Router
R1 would still chose the path through R2 as the best route, because RIP uses only the hop count as its metric.
The following table lists the parameters that various routing protocols use to calculate the metric:

124
logixfirm
Routing protocols
Dynamic routes are routes learned via routing protocols. Routing protocols are configured on routers with the
purpose of exchanging routing information. There are many benefits of using routing protocols in your
network, such as:
• unlike static routing, you don’t need to manually configure every route on each router in the network. You
just need to configure the networks to be advertised on a router directly connected to them.
• if a link fails and the network topology changes, routers can advertise that some routes have failed and pick
a new route to that network.
Types of routing protocols
There are two types of routing protocols:
1. Distance vector (RIP, IGRP)

2. Link state (OSPF, IS-IS)
Cisco has created its own routing protocol – EIGRP. EIGRP is considered to be an advanced distance vector
protocol, although some materials erroneously state that EIGRP is a hybrid routing protocol, a combination of
distance vector and link state.
All of the routing protocols mentioned above are interior routing protocols (IGP), which means that they are
used to exchange routing information within one autonomous system. BGP (Border Gateway Protocol) is an
example of an exterior routing protocol (EGP) which is used to exchange routing information between
autonomous systems on the Internet.
Distance vector protocols
As the name implies, distance vector routing protocols use distance to determine the best path to a remote
network. The distance is something like the number of hops (routers) to the destination network.
Distance vector protocols usually send the complete routing table to each neighbor (a neighbor is directly
connected router that runs the same routing protocol). They employ some version of Bellman-Ford algorithm
to calculate the best routes. Compared with link state routing protocols, distance vector protocols are easier to
configure and require little management, but are susceptible to routing loops and converge slower than the
link state routing protocols. Distance vector protocols also use more bandwidth because they send complete
routing table, while the link state procotols send specific updates only when topology changes occur.
RIP and EIGRP are examples of distance vector routing protocols.
Link state protocols
Link state routing protocols are the second type of routing protocols. They have the same basic purpose as
distance vector protocols, to find a best path to a destination, but use different methods to do so. Unlike
distance vector protocols, link state protocols don’t advertise the entire routing table. Instead, they advertise
information about a network toplogy (directly connected links, neighboring routers…), so that in the end all
routers running a link state protocol have the same topology database. Link state routing protocols converge
much faster than distance vector routing protocols, support classless routing, send updates using multicast
addresses and use triggered routing updates. They also require more router CPU and memory usage than
distance-vector routing protocols and can be harder to configure.
Each router running a link state routing protocol creates three different tables:

125
logixfirm
• neighbor table – the table of neighboring routers running the same link state routing protocol.
• topology table – the table that stores the topology of the entire network.
• routing table – the table that stores the best routes.
Shortest Path First algorithm is used to calculate the best route. OSPF and IS-IS are examples of link state
routing protocols.
Difference between distance vector and link state routing protocols
The following table summarizes the differences:
RIP overview
RIP (Routing Information Protocol) is one of the oldest distance vector routing protocols. It is usually used
on small networks because it is very simple to configure and maintain, but lacks some advanced features of
routing protocols like OSPF or EIGRP. Two versions of the protocol exists: version 1 and version 2. Both versions
use hop count as a metric and have the administrative distance of 120. RIP version 2 is capable of advertising
subnet masks and uses multicast to send routing updates, while version 1 doesn’t advertise subnet masks and
uses broadcast for updates. Version 2 is backwards compatible with version 1.
RIPv2 sends the entire routing table every 30 seconds, which can consume a lot of bandwidth. RIPv2 uses
multicast address of 224.0.0.9 to send routing updates, supports authentication and triggered updates (updates
that are sent when a change in the network occurs).
For example of how RIP works, consider the following figure.

126
logixfirm
Router R1 directly connects to the subnet 10.0.0.0/24. Network engineer has configured RIP on R1 to advertise
the route to this subnet. R1 sends routing updates to R2 and R3. The routing updates list the subnet, subnet
mask and metric for this route. Each router, R2 and R3, receives this update and adds the route to their
respective routing tables. Both routers list the metric of 1 because the network is only one hop away.
NOTE
Maximum hop count for a RIP route is 15. Any route with a higher hop count is considered to be unreachable.
Configuring RIPv2
Configuring RIPv2 is a pretty straightforward process. Only three steps are required:
1. enabling RIP by using the router rip global configuration command

2. instructing the router to use RIPv2 by typing the version 2 command
3. telling RIP which networks to advertise by using one or more network commands.
The first two commands are easy to comprehend, but the last command requires a little bit more thought. With
the network command you specify which interfaces will participate in the routing process. This command takes
a classful network as a parameter and enables RIP on the corresponding interfaces.Let’s configure our sample
network to use RIP.
Router R1 and R2 have directly connected subnets. We want to include these subnets in the RIP routing
process. To do that, we first need to enable RIP on both routers and then advertise these subnets using the
network command.
On router R1, in the global configuration mode, enter the router rip command to enable RIP. In the RIP
configuration mode, change the version of the protocol to 2 by using the version 2 command. Next, use
the network 10.0.0.0 command to include the Fa0/1 interface on the router R1 in the routing process.
Remember, the network command takes a classful network number as a parameter, so in this case every
interface that has an IP address that begins with 10 will be included in the RIP process (IP addresses that begins
with 10 are, by default, the class A addresses and have the default subnet mask of 255.0.0.0). For instance, if
another interface on the router had the IP address of 10.1.0.1 it would also be included in the routing process
with the network command. You also need to include the link between the two routers in the RIP routing
process. This is done by adding another network statement, network 172.16.0.0.
So, the configuration on R1 should look like this:
The configuration on R2 looks similar, but with different network number for the directly connected subnet:

127
logixfirm
You can verify that router R1 have a route to the R2’s directly connected subnet by typing the show ip
route command:
he legend lists R for all RIP routes in the routing table. Also note that the administrative distance of 120 is
shown, together with the metric of 1.

128

Compter Network Notes For B.voc (SD)

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Compter Network Notes For B.voc (SD)

Caricato da

Copyright:

Formati disponibili

logixfirm

(AS PER SYLLABUS)

Logixfirm network fundamental Page 1

Logixfirm network fundamental Page 2

Some pieces of the Internet

Logixfirm network fundamental Page 3

List of Advantages of Computer Networking

Advantages of Computer Networks

Logixfirm network fundamental Page 4

Presence of computer viruses and malwares

Network classification (PAN, LAN, MAN, WAN)

Logixfirm network fundamental Page 5

Types of Computer Networks

Figure 2: Local Area Network

MAN (Metropolitan Area Network)

Logixfirm network fundamental Page 6

WAN (Wide Area Network)

• WAN spans a large geographical area, often a country or region.

Wide Area Network

Logixfirm network fundamental Page 7

Difference between LAN, MAN and WAN.

Logixfirm network fundamental Page 8

Computer networks can be logically classified on the basis of architecture as

1) Peer-to-Peer networks and

Peer to Peer network

Logixfirm network fundamental Page 9

Logixfirm network fundamental Page 10

Example: HTTP, IP, FTP etc…

A human protocol and a computer network protocol

Techniques used in data communications to transfer data

With virtual circuit:

Logixfirm network fundamental Page 11

Transmission media: Guided & Unguided,

Transmission media:-- Transmission media can be defined as physical path between

GUIDED MEDIA UNGUIDED

TWISTED COAXIAL FIBER OPTIC RADIOWAVES INFRARED

Logixfirm network fundamental Page 12

• Data rates of several Mbps common.

• Spans distances of several kilometers.

Logixfirm network fundamental Page 13

1. Unshielded Twisted Pair (UTP):

2. Shielded Twisted Pair (STP):

Logixfirm network fundamental Page 14

Types of STP Cable (Shielded Twisted Pair Cable)

Characteristics of STP Cable

Maximum cable length 100 meters

bandwidth 100 Mbps

Connector type RJ-45

Interference protection Better protection from crosstalk and external interference

Signal transmission mode Baseband

Logixfirm network fundamental Page 15

Logixfirm network fundamental Page 16

Basic UTP (Unshielded twisted pair) is STP (Shielded twisted pair) is a

together. or mesh shield.

Noise and crosstalk High comparatively. Less susceptible to noise and

Grounding cable Not required Necessarily required

Ease of handling Easily installed as cables are Installation of cables is difficult

smaller, lighter, and flexible. comparatively.

Cost Cheaper and does not require Moderately expensive.

Data Rates Slow comparatively. Provides high data rates

What is Coaxial Cable?

Logixfirm network fundamental Page 17

Frequency Band Data