Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
NETWORKING FUNDAMENTALS
B.VOC(SD)
LOGIXFIRM
WE HAVE POWER TO CREATE A VIRTUAL WORLD
C,C++,JAVA,PHP,PYTHON,AURDINO,NETWORKING,DATABASE,WEBDESIGN,ALGORITHM
WEB-DEVLOPMENT, DATASCIENCE, ML, AI, SECURITY, HTML, CSS, LINUX,
AURDINO.EMBEDED-PROGRAMNG, CLOUD COMPUTING,ALGORITHM, JAVA SCRIPT,
JQUERY,DART ,C#, Dot net,
SUMMER AND WINTER INTERNSHIP/TRAINING
SYLLABUS
UNIT-I
Network Concept, Benefits of Network, Network classification (PAN, LAN, MAN, WAN), Peer to Peer,
Client Server architecture, Transmission media: Guided & Unguided, Network Topologies. Networking
terms: DNS, URL, client server architecture, TCP/IP, FTP, HTTP, HTTPS, SMTP, Telnet OSI and TCP/IP
Models: Layers and their basic functions and Protocols, Comparison of OSI and TCP/IP.
Networking Devices: Hubs, Switches, Routers, Bridges, Repeaters, Gateways and Modems, ADSL.
[T1][T2] [No. of Hrs. 11]
UNIT-II
Ethernet Networking: Half and Full-Duplex Ethernet, Ethernet at the Data Link Layer, Ethernet at the
Physical Layer. Switching Technologies: layer-2 switching, address learning in layer-2 switches, network
loop problems in layer-2 switched networks, Spanning-Tree Protocol, LAN switch types and working with
layer-2 switches, Wireless LAN [T1][T2] [No. of Hrs. 11]
UNIT- III
Internet layer Protocol: Internet Protocol, ICMP, ARP, RARP. IP Addressing: Different classes of IP
addresses, Sub-netting for an internet work, Classless Addressing. Comparative study of IPv4 & IPv6.
Introduction to Router Configuration. Introduction to Virtual LAN.
[T1][T2] [No. of Hrs. 11]
UNIT- IV
Transport Layer: Functions of transport layer, Difference between working of TCP and UDP. Application
Layer: Domain Name System (DNS), Remote logging, Telnet, FTP, HTTP, HTTPS. Introduction to
Network Security.
[T1][T2][No. of Hrs. 12]
Text Book(s): [T1] Tananbaum A.S, “Computer Networks” 3rd Ed. PHI, 1999
[T2] Dr. Sanjay Sharma, “A Course in Computer Network” S. K. Kataria & Sons
[T3] Todd Lammle, “CCNA Cisco Certified Network Associate Study Guide”, SYBEX.
References Book(s):
[R1] William Stallings, “Data and computer communications”, Pearson education Asia, 7th Ed., 2002.
[R2] D. E. Comer, “Internetworking with TCP/IP”, Pearson Education Asia, 2001.
[R3] Networking Complete By BPB Publication
[R4] B. A Forouzan, “Data Communications & Networking”,4th Ed, Tata McGraw Hill, 2007
UNIT- I
On October 24, 1995, the FNC unanimously passed a resolution defining the term Internet. This definition
was developed in consultation with the leadership of the Internet and Intellectual Property Rights (IPR)
Communities.
RESOLUTION:
"The Federal Networking Council (FNC) agrees that the following language reflects our definition of the
term "Internet". "Internet" refers to the global information system that
(i) is logically linked together by a globally unique address space based on the Internet Protocol (IP) or its
subsequent extensions/follow-ons;
(ii) is able to support communications using the Transmission Control Protocol/Internet Protocol (TCP/IP)
suite or its subsequent extensions/follow-ons, and/or other IP-compatible protocols; and
(iii) provides, uses or makes accessible, either publicly or privately, high level services layered on the
communications and related infrastructure described herein."
Internet
The internet is a type of world-wide computer network.
The internet is the collection of infinite numbers of connected computers that are spread across the world.
We can also say that, the Internet is a computer network that interconnects hundreds of millions of
computing devices throughout the world.
It is established as the largest network and sometimes called network of network that consists of
numerous academic, business and government networks, which together carry various
information.
Internet is a global computer network providing a variety of information and communication facilities,
consisting of interconnected networks using standardized communication protocols.
When two computers are connected over the Internet, they can send and receive all kinds of
information such as text, graphics, voice, video, and computer programs.
MAN is a larger version of LAN which covers an area that is larger than the covered by LAN but
smaller than the area covered by WAN.
A metropolitan area network or MAN covers a city. The best-known example of a MAN is the cable
television network available in many cities.
MAN connects two or more LANs.
At first, the companies began jumping into the business, getting contracts from city governments
to wire up an entire city.
The next step was television programming and even entire channels designed for cable only.
If multiple individuals use the same network within a residence, the network is sometimes referred to as a home area network, or
HAN. In a very typical setup, a residence will have a single wired Internet connection connected to a modem. This modem then
provides both wired and wireless connections for multiple devices. The network is typically managed from a single computer but
can be accessed from any device.
This type of network provides great flexibility. For example, it allows you to:
• Send a document to the printer in the office upstairs while you are sitting on the couch with your laptop.
• Upload a photo from your cell phone to your desktop computer.
• Watch movies from an online streaming service to your TV.
Peer-to-Peer networks
Client-Server Networks
Client/Server network
A client/server network is a system where one or more computers called clients connect to a central
computer named as server to share or use resources.
• The client requests a service from server, which may include running an application, querying
database, printing a document, performing a backup or recovery procedure. The request made by
the client is handled by server.
• A client/server network is that in which the files and resources are centralized. This means that the
server can hold them and other computers (Client) can access them.
• Advantage:
➢ The server system holds the shared files.
➢ The server system can be scheduled to take the file backups automatically.
➢ Network access is provided only to authorize users through user security at the server.
➢ The server system is a kind of central repository for sharing printer with clients.
➢ Internet access, e-mail routing and such other networking tasks are quite easily managed
by the server.
➢ The software applications shared by the server are accessible to the clients.
• Disadvantage:
➢ The implementation of the network is quite expensive.
➢ An NOS (Network Operating System) is essential.
➢ If server fails, the entire network crashes.
➢ There may be congestion if more than one client requests for a service at the same time.
The Client/Server computer network model is made-up of Client compters and Server compters. Now we need to
understand the terms Client and Server.
What is a Client?
A computer which is seeking any resource from another computer is a Client Computer. You can think a client as a
computer in your network, where a network user is performing some network activity. For Example: Downloading a
file from a File Server, Browsing Intranet/Internet etc. The network user normally uses a client computer to perform
his day to day work.
What is a Server?
If a computer has a resource which is served to another computer, it is a Server computer. The client establishes a
connection to a Server and accesses the services installed on the Server. A Server is not meant for a network user to
browse in internet or do spreadsheet work. A Server computer is installed with appropriate Operating System and
related Software to serve the network clients with one or more services, continuously without a break.
In a Client-Server network, high-end servers, installed with the Network Operating System (Server Operating
System) and the related software, serve the clients continuously on a network, by providing them with specific
services upon request.
Well known Server Operating System Products are Windows 2012 / Windows 2012 R2, Unix (Oracle Solaris, IBM
AIX, HP UX, FreeBSD, NetBSD, OpenBSD, SCO Unix etc), GNU/Linux (RedHat Enterprise Linux, Debian
Linux, SUSE Enterprise, Ubuntu Server, CentOS Server, Mandriva, Fedora etc.
Client-Server networks require dedicated servers. Server hardware is more costlier than normal Desktop computers.
Client-Server networks cost more than peer-to-peer networks. Network Operating System (Server Operating
System) are also costlier than Desktop Operating Systems.
Protocol
A protocol is a set of rules that governs (manages) data communications.
Protocols defines methods of communication, how to communicate, when to communicate etc.
A protocol is an agreement between the communicating parties on how communication is to proceed.
Important elements of protocols are
1. Syntax 2. Semantics 3. Timing
Syntax:- Syntax means format of data or the structure how it is presented e.g. first eight bits are for sender
address, next eight bits are for receiver address and rest of the bits for message data.
Semantics:- Semantics is the meaning of each section of bits e.g. the address bit means the route of
transmission or final destination of message.
Timing:- Timing means, at what time data can be sent and how fast data can be sent.
Some protocols also support message acknowledgement and data compression designed for reliable
and/or high-performance network communication.
Connection-oriented method
Connection-oriented communication includes the steps of setting up a call from one computer to another,
transmitting/receiving data, and then releasing the call, just like a voice phone call.
However, the network connecting the computers is a packet switched network, unlike the phone
system's circuit switched network.
Connection-oriented communication is done in one of two ways over a packet switched network:
1. Without virtual circuits
2. With virtual circuits.
Without virtual circuits:
This is what TCP does in the Internet.
The only two machines in the Internet are aware about connection which is established between
the two computers at the endpoints.
The Internet itself, its routers and links have no information about the presence of a connection between
the two computers.
This means that all of the packets flowing between the two computers can follow different routes.
One benefit of establishing the connection is that the flow of packets from the source to the destination
can be slowed down if the Internet is congested and speeded up when congestion disappears.
Another benefit is that the endpoints can anticipate traffic between them, and agree to cooperate to
ensure the integrity and continuity of the data transfers. This allows the network to be treated as a
"stream" of data.
The routers within the network route all packets in one connection over the same route. The advantage
is that video and voice traffic are easier to carry, because routers can reserve memory space to
buffer the transmission.
Connectionless method
Connectionless communication is just packet switching where no call establishment and release occur.
A message is broken into packets, and each packet is transferred separately. Moreover, the packets
can travel different route to the destination since there is no connection.
Connectionless service is typically provided by the UDP (User Datagram Protocol). The packets
transferred using UDP are also called datagrams.
Guided media:- Transmission capacity depends critically on the medium, the length, and whether the
medium is point-to-point or multipoint (e.g. LAN). Examples are coaxial cable, twisted pair, and optical
fiber.
Twisted Pair:--
In twisted pair technology, two copper wires are strung between two points:
• The two wires are typically ``twisted'' together in a helix to reduce interference between the two
conductors in Twisting decreases the crosstalk interference between adjacent pairs in a cable. Typically, a
number of pairs are bundled together into a cable by wrapping them in a tough protective heath.
• Can carry both analog and digital signals. Actually, they carry only analog signals. However, the
``analog'' signals can very closely correspond to the square waves representing bits, so we often think of
them as carrying digital data.
• Data rate determined by wire thickness and length. In addition, shielding to eliminate interference from
other wires impacts signal-to-noise ratio, and ultimately, the data rate.
• Good, low-cost communication. Indeed, many sites already have twisted pair installed in offices --
existing phone lines!
Typical characteristics:
Twisted-pair can be used for both analog and digital communication. The data rate that can be supported
over a twisted-pair is inversely proportional to the square of the line length. Maximum transmission
distance of 1 Km can be achieved for data rates up to 1 Mb/s. For analog voice signals, amplifiers are
required about every 6 Km and for digital signals, repeaters are needed for about 2 Km. To reduce
interference, the twisted pair can be shielded with metallic braid.
This type of wire is known as Shielded Twisted-Pair (STP) and the other form is known as
Unshielded Twisted-Pair (UTP).
Use: The oldest and the most popular use of twisted pair are in telephony. In LAN it is commonly used for
point-to-point short distance communication (say, 100m) within a building or a room.
This type of cable consists of a special jacket to block external interference. It is used in fast-data-rate
Ethernet and in voice and data channels of telephone lines.
Advantages:
• Better performance at a higher data rate in comparison to UTP
• Eliminates crosstalk
• Comparitively faster
Disadvantages:
• Comparitively difficult to install and manufacture
• More expensive
• Bulky
STP Cable or Shielded Twisted Pair Cable is a pair of wires wound around each other and each pair is
placed inside a protective foil wrap to protect it from crosstalk. It is cheaper than fiber optic cables but
more expensive than UTP. Shielded Twisted Pair Cable provides better protection from crosstalk and other
interference as compared to Unshielded Twisted Pair Cable. The STP Cable price is approx Rs 50/meter.
Characteristics Description
Cost Costlier than UTP but cheaper than fiber optic cable
Resistance 50 ohms
There are many acronyms used on the market to describe shielded cables, from STP to F/FTP; while many
are often used synonymously, nearly all of them have different meanings. Here we provides basic
information about each style, as defined by ISO/IEC 11801:200, to clear up the confusion.
F/UTP (FTP)
An overall foil shield (F) with unscreened twisted pairs (UTP). This cable is very much like common UTP
cables, with the addition of foil underneath the main cable jacket. Another common name for this cable is
FTP. F/UTP cables are common in 10GBaseT applications.
S/UTP
An overall braid screen (S) with unscreened twisted pairs (UTP). This is occasionally referred to as an STP
cable, but beware: There are other shielded cables among this list that may also claim this term. To be sure,
always check to see whether your cable will have any kind of overall barrier and whether the individual
pairs have their own shield.
SF/UTP
Both an overall braid screen (S) and foil shield (F) with unscreened twisted pairs (UTP). This cable is also
occasionally referred to as an STP cable. Cables with an overall braided screen are very effective at
protecting EMI from entering or exiting the cable, but heavier, thicker and more difficult to install than its
UTP counterpart.
S/FTP
An overall braid screen (S) with foil screened twisted pairs (FTP). The ‘shield’ underneath the jacket is a
braid, and each individual pair is surrounded by its own foil barrier. The purpose of the additional foil on
individual pairs is to limit the amount of crosstalk between them.
F/FTP
An overall foil shield (F) with foil screened twisted pairs (FTP). Similar to F/UTP cables, these shielded
cables are commonly used in 10GBaseT applications.
U/FTP
No overall shielding or braid (U) with foil screened twisted pairs (FTP). This type of shielded cable is
commonly used in 10GBaseT applications as well.
To sum up
• STP cables are shielded, while UTP cables are unshielded.
• STP cables are more immune to interference and noise than UTP cables.
• STP cables are better at maximizing bandwidth compared to UTP cables.
• STP cable cost more per meter compared to UTP cables.
• STP cables are heavier per meter compared to UTP cables.
• UTP cables are more prevalent in SOHO networks while STP is used in more high-end applications.
BASISFOR
UTP STP
COMPARISON
a cable with wires that are twisted twisted pair cable enclosed in foil
generation crosstalk.
much maintenance.
Coaxial Cable
Coaxial cable is a two conductor electrical cable consisting of a center conductor and an outer conductor
with an insulating spacer between the two.
How is Coaxial Cable used?
Primarily, coaxial cables are used for the transmission of Radio Frequency energy. The system offers tight
control over electrical impedance. This yields excellent performance at high frequencies and superior EMI
control/shielding.
Where is Coaxial Cable used?
A broad range of applications exist for coaxial cabling. The two primary impedance values of 50 and 75
Ohms determine specific applications with 50 Ohms primarily used in data signal applications and 75
Ohms used in video signal applications.
Shielding Effectiveness is the relative ability of a shield to screen out undesirable interference. In the case of a
coaxial cable, the outer conductor provides a shield to keep interfering signals from getting in and to keep
signal from leaking out to become undesirable interference for nearby devices. Shielding Effectiveness is
measured in dB with higher values indicating better shielding properties.
The table below illustrates the relative shielding properties of various shielding types. Notice as the shielding
density increases there is a correlated increase in the shielding effectiveness value. The best shielding
effectiveness value can be found in a rigid coaxial cable due to the solid tube construction of the outer jacket. In this
type of cable the limiting factor for shielding effectiveness is the quality of the connec to attachment.
OPTICAL FIBER
Optical fiber:- An optical fiber cable is a type of cable that has a number of optical fibers bundled
together, which are normally covered in their individual protective plastic covers. Optical cables are used to
transfer digital data signals in the form of light up to distances of hundreds of miles with higher throughput
rates than those achievable via electrical communication cables. All optical fibers use a core of hair-like
transparent silicon covered with less refractive indexed cladding to avoid light leakage to the surroundings.
Due to the extreme sensitivity of the optical fiber, it is normally covered with a high-strength, lightweight
protective materials like Kevlar.
Fiber Optic Link Components
In order to comprehend how fiber optic applications work, it is important to understand the
components of a fiber optic link. Simplistically, there are four main components in a fiber
optic link (Figure 1).
▪ Optical Transmitter
▪ Optical Fiber/Cable
▪ Connectors
▪ Optical Receiver
Transmitter
The transmitter converts the electrical signals to optical. A transmitter contains a light
source such as a Light Emitting Diode (LED) or a Laser (Light Amplification by Stimulated
Emission of Radiation) diode, or a Vertical Cavity Surface Emitting Laser (VCSEL).
LED: Is used in multimode applications and has the largest spectral width that carries
the least amount of bandwidth.
VCSEL: Is also used in multimode applications with a narrower spectral width that can
carry more bandwidth than the LED.
LASER: Has the smallest spectral width, carries the most bandwidth,and is used in singlemode
applications.
These sources produce light at certain wavelengths depending upon the materials from which they are
made. Most fiber optic sources use wavelengths in the infrared band, specifically 850nm (1nm=10-9m),
1300nm and 1550nm. For reference, visible light operates in the 400-700nm range.
Optical Fiber/Cable
In this section, we discuss the structure and properties of an optical fiber, how it guides light, and how it is
cabled for protection.
▪ Core: This central section, made of silica or doped silica, is the light transmitting region of the fiber.
▪ Cladding: This is the first layer around the core. It is also made of silica, but not the same
composition as the core. This creates an optical waveguide which confines the light in the core by
total internal reflection at the core-cladding interface.
▪ Coating: The coating is the first non-optical layer around the cladding. The coating typically consists
of one or more layers of polymer that protect the silica structure against physical or environmental
damage. The coating is stripped off when the fiber is connectorized or fusion spliced.
• Buffer (not pictured): The buffer is an important feature of the fiber. It is 900 microns and helps
protect the fiber from breaking during installation and termination and is located outside of the
coating.
The light is "guided" down (see Figure 4) the core of the fiber by the optical "cladding" which has a lower
refractive index (the ratio of the velocity of light in a vacuum to its velocity in a specified medium) that traps
light in the core through "total internal reflection."
In fiber optic communications, single mode and multimode fiber constructions are used
depending on the application. In multimode fiber (Figure 5), light travels through the fiber
following different light paths called "modes." In single mode fiber, only one mode is
propagated "straight" through the fiber (Figure 6).
Network Topologies
UNGUIDED MEDIA
UNGUIDED MEDIA: An unguided transmission transmits the electromagnetic waves without using any
physical medium. Therefore it is also known as wireless transmission. In unguided media, air is
the media through which the electromagnetic energy can flow easily.
an electromagnetic wave of a frequency between about 104 and 1011 or 1012 Hz, as used for long-distance
communication.
Microwaves are electromagnetic waves with wavelengths longer than those of terahertz (THz) wavelengths, but relatively
short for radio waves. Microwaves have wavelengths approximately in the range of 30 cm (frequency = 1 GHz) to 1 mm
(300 GHz).
radio wave
Satellite Communication To overcome to the issue of sending signals around the earth (line-of-sight), a
satellite can be used to relay signals. The signal is sent to the satellite, which then transmits it to other
satellites or the earth. The most common (or useful) satellites are Geosynchronous satellites. Those orbit
the earth in the same synch as the rotation of the earth—they appear to hover (very high; 22,000 miles)
above the earth at the same point.
Unguided Media
Unguided media is still ‘media’ (stuff that signal travels though). The trick is that the media is usually not
directional, like air, space, etc. Because the effect is usually much wider than with guided media, there
have been a lot of regulation, licensing, and standardization of transmissions via unguided media. The
range spans:
1. VLF, 3kHz-30kHz, Very Low Frequency. Used for surface propagation.
2. LF, 30kHz-300kHz, Low Frequency. Used for surface propagation.
3. MF, 300kHz-3MHz, Middle Frequency. Used for Tropospheric propagation.
4. HF, 3MHz-30MHz, High Frequency. Used for Ionospheric propagation.
5. VHF, 30MHz-300MHz, Very High Frequency. Used for Space and Line-of-sight propagation.
6. UHF, 300Mhz-3GHz, Ultra High Frequency. Used for Space and Line-of-sight propagation.
7. SHF, 3GHz-30GHz, Super High Frequency. Used for Space propagation.
8. EHF, 30GHz-300GHz, Extremely High Frequency. Used for Space propagation. Depending on the
frequency used, there are different propagation modes.
• Surface Propagation: The transmission travels near the ground, hugging the earth.
• Tropospheric Propagation: Either line of sight, or bounding off the signal via Ionosphere.
• Ionospheric Propagation: Bouncing off the signal off Ionosphere.
• Line-of-sight Propagation.
• Space Propagation: signals are sent from ground to satellites, which then relay them back to earth.
Terrestrial Microwave One can arrange a series of directional microwave receivers/transmitters
(transceivers) to send signals over long distances (longer than line of sight).
.
Wave guide:-
A waveguide is an electromagnetic feed line used in microwave communications, broadcasting, and radar
installations. A waveguide consists of a rectangular or cylindrical metal tube or pipe. The electromagnetic
field propagates lengthwise. Waveguides are most often used with horn antenna s and dish antenna s.
Bus Topology
Bus topology is a network type in which every computer and network device is connected to single
cable.
Features:
It transmits data only in one direction.
Every device is connected to a single cable.
Advantages:
It is cost effective (cheaper).
Cable required is least compared to other network topology.
Features:
A number of repeaters are used and the transmission is unidirectional.
Date is transferred in a sequential manner that is bit by bit.
Advantages:
Transmitting network is not affected by high traffic or by adding more nodes, as only the nodes having
tokens can transmit data.
Cheap to install and expand.
Disadvantages:
Troubleshooting is difficult in ring topology.
Adding or deleting the computers disturbs the network activity.
Failure of one computer disturbs the whole network.
Star Topology
In this type of topology all the computers are connected to a single hub through a cable. This hub is the
central node and all others nodes are connected to the central node.
Features:
Every node has its own dedicated connection to the hub.
Acts as a repeater for data flow.
Can be used with twisted pair, Optical Fibre or coaxial cable.
Advantages:
Fast performance with few nodes and low network traffic.
Hub can be upgraded easily.
Easy to troubleshoot.
Easy to setup and modify.
Only that node is affected which has failed rest of the nodes can work smoothly.
Disadvantages:
Cost of installation is high.
Expensive to use.
If the hub is affected then the whole network is stopped because all the nodes depend on the hub.
Performance is based on the .
Mesh Topology
It is a point-to-point connection to other nodes or devices.
Traffic is carried only between two devices or nodes to which it is connected.
Features:
Fully connected.
Robust.
Not flexible.
Advantages:
Each connection can carry its own data load.
It is robust.
Fault is diagnosed easily.
Provides security and privacy.
Disadvantages:
Installation and configuration is difficult.
Cabling cost is more.
Bulk wiring is required.
Tree Topology
It has a root node and all other nodes are connected to it forming a hierarchy.
It is also called hierarchical topology.
It should at least have three levels to the hierarchy.
Features:
Ideal if workstations are located in groups.
Used in Wide Area Network.
Advantages:
Extension of bus and star topologies.
Expansion of nodes is possible and easy.
Easily managed and maintained.
Error detection is easily done.
Disadvantages:
Heavily cabled.
Costly.
If more nodes are added maintenance is difficult.
Central hub fails then network fails.
Hybrid Topology
A network structure whose design contains more than one topology is said to be hybrid
topology.
For example if in an office in one department ring topology is used and in another star topology is used,
connecting these topologies will result in Hybrid Topology (ring topology and star topology).
Features:
It is a combination of two or more topologies
Inherits the advantages and disadvantages of the topologies included
Advantages:
Reliable as error detecting and trouble shooting is easy.
Scalable as size can be increased easily.
Flexible.
Disadvantages:
Complex in design.
Costly.
The Network Core
Network core defines the connection of different network segments together and the process to transmit the data
packets across the network.
The network core is implemented through the use of switching techniques.
The classification of switching network is shown below:
Switched
Networks
Datagram Virtual-Circuit
Networks Networks
Circuit Switching
Circuit switching is used in public telephone networks and is the basis for private networks built on
leased-lines.
Circuit switching was developed to handle voice traffic but also digital data (although inefficient)
With circuit switching a dedicated path is established between two stations for communication.
Switching and transmission resources within the network are reserved for the exclusive use of the circuit
for the duration of the connection.
The connection is transparent: once it is established, it appears to attach devices as if there were a
direct connection.
Communication via circuit switching involves three phases:
Circuit Establishment
Data Transfer
Circuit Disconnect
Connection path must be established before data transmission begins. Nodes must have switching
capacity and channel capacity to establish connection.
In a time-division switch, the inputs are divided in time, using TDM. A control unit sends the input to
the correct output device.
Use digital time division techniques to set up and maintain virtual circuits.
Packet Switching
Packet switching was designed to provide a more efficient facility than circuit-switching for bursty
data traffic.
With packet switching, a station transmits data in small blocks, called packets.
At each node packets are received, stored briefly (buffered) and passed on to the next node.
1. Store and forward mechanism
Each packet contains some portion of the user data plus control info needed for proper
functioning of the network.
A key element of packet-switching networks is whether the internal operation is datagram or virtual
circuit (VC).
1. With internal VCs, a route is defined between two endpoints and all packets for that VC follow
the same route.
2. With internal diagrams, each packet is treated independently, and packets intended for the same
destination may follow different routes.
Examples of packet switching networks are X.25, Frame Relay, ATM and IP.
Station breaks long message into packets. Packets sent one at a time to the network.
Packets handled in two ways:
1. Datagram
▪ Each packet treated independently
▪ Packets can take any practical route
▪ Packets may arrive out of order
▪ Packets may go missing
▪ Up to receiver to re-order packets and recover from missing packets
2. Virtual Circuit
▪ Preplanned route established before any packets sent.
▪ Once route is established, all the packets between the two communicating parties
follow the same route through the network
▪ Call request and call accept packets establish connection (handshake)
▪ Each packet contains a Virtual Circuit Identifier (VCI) instead of destination
address
▪ No routing decisions required for each packet
Message Switching
This technique was somewhere in middle of circuit switching and packet switching.
In message switching, the whole message is treated as a data unit and is transferred in its entirety.
A switch working on message switching, first receives the whole message and buffers it until there are
resources available to transfer it to the next hop.
If the next hop is not having enough resource to accommodate large size message, the message is stored
and switch waits.
Networking terms: DNS, URL, client server architecture, TCP/IP, FTP, HTTP, HTTPS, SMTP,
Telnet OSI and TCP/IP
• Connection: In networking, a connection refers to pieces of related information that are transfered through a
network. This generally infers that a connection is built before the data transfer (by following the procedures laid
out in a protocol) and then is deconstructed at the at the end of the data transfer.
• Packet: A packet is, generally speaking, the most basic unit that is transfered over a network. When
communicating over a network, packets are the envelopes that carry your data (in pieces) from one end point to
the other.
Network Interface: A network interface can refer to any kind of software interface to networking hardware. For instance,
if you have two network cards in your computer, you can control and configure each network interface associated with
them individually.
• Port: A port is an address on a single machine that can be tied to a specific piece of software. It is not a physical
interface or location, but it allows your server to be able to communicate using more than one application.
• Firewall: A firewall is a program that decides whether traffic coming into a server or going out should be
allowed. A firewall usually works by creating rules for which type of traffic is acceptable on which ports.
Generally, firewalls block ports that are not used by a specific application on a server.
• NAT: NAT stands for network address translation. It is a way to translate requests that are incoming into a routing
server to the relevant devices or servers that it knows about in the LAN. This is usually implemented in physical
LANs as a way to route requests through one IP address to the necessary backend servers.
• VPN: VPN stands for virtual private network. It is a means of connecting separate LANs through the internet,
while maintaining privacy. This is used as a means of connecting remote systems as if they were on a local
network, often for security reasons.
OSI Model
Historically, one method of talking about the different layers of network communication is the OSI model. OSI stands for
Open Systems Interconnect.
TCP/IP Model
The TCP/IP model, more commonly known as the Internet protocol suite, is another layering model that is simpler and has
been widely adopted. It defines the four separate layers, some of which overlap with the OSI model:
Addressing hardware by the MAC address allows you to reference a device by a unique value even when the software on
top may change the name for that specific device during operation.
Media access control is one of the only protocols from the link layer that you are likely to interact with on a regular basis.
IP
The IP protocol is one of the fundamental protocols that allow the internet to work. IP addresses are unique on each
network and they allow machines to address each other across a network. It is implemented on the internet layer in the
IP/TCP model.
Networks can be linked together, but traffic must be routed when crossing network boundaries. This protocol assumes an
unreliable network and multiple paths to the same destination that it can dynamically change between.
There are a number of different implementations of the protocol. The most common implementation today is IPv4,
although IPv6 is growing in popularity as an alternative due to the scarcity of IPv4 addresses available and improvements
in the protocols capabilities.
ICMP
ICMP stands for internet control message protocol. It is used to send messages between devices to indicate the availability
or error conditions. These packets are used in a variety of network diagnostic tools, such as ping and traceroute.
Usually ICMP packets are transmitted when a packet of a different kind meets some kind of a problem. Basically, they are
used as a feedback mechanism for network communications.
TCP
TCP stands for transmission control protocol. It is implemented in the transport layer of the IP/TCP model and is used to
establish reliable connections.
TCP is one of the protocols that encapsulates data into packets. It then transfers these to the remote end of the connection
using the methods available on the lower layers. On the other end, it can check for errors, request certain pieces to be
resent, and reassemble the information into one logical piece to send to the application layer.
The protocol builds up a connection prior to data transfer using a system called a three-way handshake. This is a way for
the two ends of the communication to acknowledge the request and agree upon a method of ensuring data reliability.
After the data has been sent, the connection is torn down using a similar four-way handshake.
TCP is the protocol of choice for many of the most popular uses for the internet, including WWW, FTP, SSH, and email.
It is safe to say that the internet we know today would not be here without TCP.
UDP
UDP stands for user datagram protocol. It is a popular companion protocol to TCP and is also implemented in the
transport layer.
The fundamental difference between UDP and TCP is that UDP offers unreliable data transfer. It does not verify that data
has been received on the other end of the connection. This might sound like a bad thing, and for many purposes, it is.
However, it is also extremely important for some functions.
Because it is not required to wait for confirmation that the data was received and forced to resend data, UDP is much faster
than TCP. It does not establish a connection with the remote host, it simply fires off the data to that host and doesn’t care if
it is accepted or not.
Because it is a simple transaction, it is useful for simple communications like querying for network resources. It also
doesn’t maintain a state, which makes it great for transmitting data from one machine to many real-time clients. This
makes it ideal for VOIP, games, and other applications that cannot afford delays.
HTTP
HTTP stands for hypertext transfer protocol. It is a protocol defined in the application layer that forms the basis for
communication on the web.
HTTP defines a number of functions that tell the remote system what you are requesting. For instance, GET, POST, and
DELETE all interact with the requested data in a different way.
FTP
FTP stands for file transfer protocol. It is also in the application layer and provides a way of transferring complete files
from one host to another.
It is inherently insecure, so it is not recommended for any externally facing network unless it is implemented as a public,
download-only resource.
DNS
DNS stands for domain name system. It is an application layer protocol used to provide a human-friendly naming
mechanism for internet resources. It is what ties a domain name to an IP address and allows you to access sites by name in
your browser.
SSH
SSH stands for secure shell. It is an encrypted protocol implemented in the application layer that can be used to
communicate with a remote server in a secure way. Many additional technologies are built around this protocol because of
its end-to-end encryption and ubiquity.
There are many other protocols that we haven’t covered that are equally important. However, this should give you a good
overview of some of the fundamental technologies that make the internet and networking possible.
HTTPS:- Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure
communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted
using Transport Layer Security (TLS) or, formerly, its predecessor, Secure Sockets Layer (SSL). The protocol is therefore also often referred to
as HTTP over TLS, or HTTP over SSL.
SMTP:- Simple Mail Transfer Protocol (SMTP) is the standard protocol for email services on a TCP/IP
network. SMTP provides the ability to send and receive email messages. SMTP is an application-layer protocol that
enables the transmission and delivery of email over the Internet.
Telnet
4. Transport Layer
5. Session Layer
6. Presentation Layer
7. Application Layer
Physical Layer
The physical layer, the lowest layer of the OSI model, is concerned with the transmission and reception
of the unstructured raw bit stream over a physical medium.
It describes the electrical/optical, mechanical, and functional interfaces to the physical medium, and carries
the signals for all of the higher layers. It provides:
Data encoding: modifies the simple digital signal pattern (1s and 0s) used by the PC to better
accommodate the characteristics of the physical medium, and to aid in bit and frame
synchronization.
Transmission technique: determines whether the encoded bits will be transmitted by baseband (digital) or
broadband (analog) signalling.
Physical medium transmission: transmits bits as electrical or optical signals appropriate for the physical
medium.
occur in the physical layer by retransmitting non-acknowledged frames and handling duplicate frame
receipt.
Frame delimiting: creates and recognizes frame boundaries.
Frame error checking: checks received frames for integrity.
Media access management: determines when the node "has the right" to use the physical medium.
Network Layer
The network layer controls the operation of the subnet, deciding which physical path the data should
take based on network conditions, priority of service, and other factors.
To do this, the data link layer provides:
Routing: routes frames among networks.
Subnet traffic control: routers (network layer intermediate systems) can instruct a sending station to
"throttle back" its frame transmission when the router's buffer fills up.
Frame fragmentation: if it determines that a downstream router's maximum transmission unit (MTU)
size is less than the frame size, a router can fragment a frame for transmission and re- assembly at the
destination station.
Logical-physical address mapping: translates logical addresses or names, into physical addresses.
Subnet usage accounting: has accounting functions to keep track of frames forwarded by subnet
intermediate systems, to produce billing information.
Transport Layer
The transport layer ensures that messages are delivered error-free, in sequence, and with no losses or
duplications. It relieves (release) the higher layer protocols from any concern with the transfer of data
between them and their peers.
The size and complexity of a transport protocol depends on the type of service it can get from the network
layer. For a reliable network layer with virtual circuit capability, a minimal transport layer is required. If
the network layer is unreliable and/or only supports datagrams, the transport protocol should
include extensive error detection and recovery.
The transport layer provides:
Message segmentation: accepts a message from the (session) layer above it, splits the message into
smaller units (if not already small enough), and passes the smaller units down to the network layer.
The transport layer at the destination station reassembles the message.
Message acknowledgment: provides reliable end-to-end message delivery with acknowledgments
Message traffic control: tells the transmitting station to "back-off" when no message buffers are available.
Typically, the transport layer can accept relatively large messages, but there are strict message size limits
imposed by the network (or lower) layer. Consequently, the transport layer must break up the
messages into smaller units, or frames, prepending a header to each frame.
The transport layer header information must then include control information, such as message start and
message end flags, to enable the transport layer on the other end to recognize message boundaries.
In addition, if the lower layers do not maintain sequence, the transport header must contain sequence
information to enable the transport layer on the receiving end to get the pieces back together in the right
order before handing the received message up to the layer above.
Session Layer
The session layer allows session establishment between processes running on different stations. It
provides:
Session establishment, maintenance and termination: allows two application processes on different
machines to establish, use and terminate a connection, called a session.
Session support: performs the functions that allow these processes to communicate over the network,
performing security, name recognition, logging, and so on.
Presentation Layer
The presentation layer formats the data to be presented to the application layer. It can be viewed as the
translator for the network. This layer may translate data from a format used by the application layer into a
common format at the sending station, then translate the common format to a format known to the
application layer at the receiving station.
The presentation layer provides:
Character code translation: for example, ASCII to EBCDIC.
Data conversion: bit order, CR-CR/LF, integer-floating point, and so on.
Data compression: reduces the number of bits that need to be transmitted on the network.
Data encryption: encrypt data for security purposes. For example, password encryption.
Application Layer
The application layer serves as the window for users and application processes to access network
services.
This layer contains a variety of commonly needed functions:
1. Resource sharing and device redirection
2. Remote file access
3. Remote printer access
4. Inter-process communication
5. Network management
6. Directory services
7. Electronic messaging (such as mail)
8. Network virtual terminals
As we can see from the above figure, presentation and session layers are not there in TCP/IP model.
Also note that the Network Access Layer in TCP/IP model combines the functions of Data link Layer and
Physical Layer.
Application Layer
Application layer is the top most layer of four layer TCP/IP model.
Application layer is present on the top of the Transport layer.
Application layer defines TCP/IP application protocols and how host programs interface with
Transport layer services to use the network.
Application layer includes all the higher-level protocols like DNS (Domain Naming System), HTTP
(Hypertext Transfer Protocol), Telnet, SSH, FTP (File Transfer Protocol), TFTP (Trivial File Transfer
Protocol), SNMP (Simple Network Management Protocol), SMTP (Simple Mail Transfer Protocol),
DHCP (Dynamic Host Configuration Protocol), X Windows, RDP (Remote Desktop Protocol) etc.
Transport Layer
The purpose of Transport layer is to permit devices on the source and destination hosts to carry on a
conversation.
Transport layer defines the level of service and status of the connection used when transporting data.
The transport layer provides the end-to-end data transfer by delivering data from an application to its
remote peer.
The most-used transport layer protocol is the Transmission Control Protocol (TCP), which
provides:
1.Reliable delivery data
2. Duplicate data suppression
3. Congestion control
4. Flow control
Another transport layer protocol is the User Datagram Protocol (UDP), which provides:
Connectionless
Unreliable
Best-effort service
•UDP is used by applications that need a fast transport mechanism and can tolerate the loss of some
data.
Networking Devices: Hubs, Switches, Routers, Bridges, Repeaters, Gateways and Modems, ADSL
Hub: A hub, at the most basic level, is a “dumb” device that operates at the Physical layer of the OSI
model. A hub forwards all signals it receives to all connected network devices. Think of a hub as a “drunk”
– when he speaks, he speaks to all around him, even if he really only means to speak with one person.
Types of Hub
• Active Hub:- These are the hubs which have their own power supply and can clean, boost and relay the signal along
with the network. It serves both as a repeater as well as wiring centre. These are used to extend the maximum
distance between nodes.
• Passive Hub :- These are the hubs which collect wiring from nodes and power supply from active hub. These hubs
relay signals onto the network without cleaning and boosting them and can’t be used to extend the distance between
nodes.
Switch: Because the hub is something of a “drunk,” it can be an inefficient (think about the excess traffic
created) and unsecure device. Imagine if you wish to send sensitive credit card information over the
network – do you really want every node to receive your electronic signal? To alleviate this, the switch was
developed. A switch operates at the Data Link layer of the OSI model. It uses the MAC sub-layer to
forward the relevant frames of information only to the intended recipient. Messages can still be broadcast,
but this is only an option and not the normal condition. Unlike the “drunken” hub, the switch can speak
softly to one person at a time or announce to the crowd. The Network+ exam tends to test you on this
difference between a hub and switch, so keep it fresh in your mind.
Types of Bridges
• Transparent Bridges:- These are the bridge in which the stations are completely unaware of the
bridge’s existence i.e. whether or not a bridge is added or deleted from the network, reconfiguration of
the stations is unnecessary. These bridges make use of two processes i.e. bridge forwarding and bridge learning.
• Source Routing Bridges:- In these bridges, routing operation is performed by source station and the frame specifies
which route to follow. The hot can discover frame by sending a special frame called discovery frame, which spreads
through the entire network using all possible paths to destination.
Bridge: A bridge also operates at the Data Link layer (aka Layer 2) and is used to connect two (similar or
dissimilar) physical network segments together, forming a larger inter-network. It can forward packets or
reject them based on their destination (MAC) address. Note: The connected network segments must have
same network ID.
Router: The router operates at the Network layer of the OSI Model and is used to forward packets across
network segments to reach a certain destination address. Do not be confused between a router and a bridge
– a bridge simply forwards packets or frames based on their destination address from one connected
network segment to another. A router can determine where a packet should be sent to given its final
destination (IP address). Usually, routers forward packets to other routers, but sometimes routers also
forward to other pieces of network equipment. A router is usually used to connect a home computer to an
“always-on” Internet connection through the home network. To appreciate what a router really does, run
tracert to your favorite website and see how many steps (hops) are involved in getting from your computer
to the web server in question.
Gateway: A gateway is any device that serves to interface with other networks using dissimilar protocols .
For example, a gateway might interface between a home network and the Internet or between a NetBIOS
network and an IPX/SPX network. A gateway operates in any of the seven OSI layers.
WAP: A Wireless Access Point is a device that allows wireless devices to access and to communicate with
the network. It acts as a bridge between the wired, traditional network and other wireless devices.
Alternatively, it can act as a bridge between wireless devices and another, linked WAP. It typically
operates in the Network layer of the OSI model as a sort of router/bridge/switch combination. Note that
most WAP devices direct traffic by MAC address, making them switched.
NIC: A Network Interface Card is a device that allows a node to connect to the network, typically in the
form of a computer “card” (PCI/ISA), but also in the form of an external (think USB) device. It can either
be wired and connect to a traditional, wired network, or wireless, and connect to a WAP.
Repeater – A repeater operates at the physical layer. Its job is to regenerate the signal over the same
network before the signal becomes too weak or corrupted so as to extend the length to which the signal can
be transmitted over the same network. An important point to be noted about repeaters is that they do not
amplify the signal. When the signal becomes weak, they copy the signal bit by bit and regenerate it at the
original strength. It is a 2 port device.
Modem :-Modem is abbreviation for Modulator – Demodulator. Modems are used for data transfer
from one computer network to another computer network through telephone lines. The computer network
works in digital mode, while analog technology is used for carrying massages across phone lines.
Types of Modems
• Modems can be of several types and they can be categorized in a number of ways.
• Categorization is usually based on the following basic modem features:
1. Directional capacity: half duplex modem and full duplex modem.
2. Connection to the line: 2-wire modem and 4-wire modem.
3. Transmission mode: asynchronous modem and synchronous modem.
Full duplex
• A full duplex modem allows simultaneous transmission in both directions.
• Therefore, there are two carriers on the line, one outgoing and the other incoming. Wire and 4-wire
Modems
• The line interface of the modem can have a 2-wire or a 4-wire connection to transmission medium. 4-wire
Modem
• In a 4-wire connection, one pair of wires is used for the outgoing carrier and the other pair is used for
incoming carrier.
• Full duplex and half duplex modes of data transmission are possible on a 4- wire connection.
• As the physical transmission path for each direction is separate, the same carrier frequency can be used
for both the directions.
2-wire Modem
• 2-wire modems use the same pair of wires for outgoing and incoming carriers.
• A leased 2-wireconrlection is usually cheaper than a 4-wire connection as only one pair of wires is
extended to the subscriber's premises.
• The data connection established through telephone exchange is also a 2-wire connection.
• In 2-wire modems, half duplex mode of transmission that uses the same frequency for the incoming and
outgoing carriers can be easily implemented.
• For full duplex mode of operation, it is necessary to have two transmission channels, one for transmit
direction and the other for receive direction.
• This is achieved by frequency division multiplexing of two different carrier frequencies. These carriers
are placed within the bandwidth of the speech channel.
Synchronous Modem
• Synchronous modems can handle a continuous stream of data bits but requires a clock signal.
• The data bits are always synchronized to the clock signal.
• There are separate clocks for the data bits being transmitted and received.
• For synchronous transmission of data bits, the DTE can use its internal clock and supply the same to the
modem.
ADSL:- Asymmetric digital subscriber line (ADSL) is a type of DSL broadband communications
technology used for connecting to the Internet. ADSL allows more data to be sent over existing copper
telephone lines (POTS), when compared to traditional modem lines. A special filter, called a microfilter, is
installed on a subscriber's telephone line to allow both ADSL and regular voice (telephone) services to be
used at the same time.
ADSL requires a special ADSL modem and subscribers must be in close geographical locations to the
provider's central office to receive ADSL service. Typically this distance is within a radius of 2 to 2.5
miles. ADSL supports data rates of from 1.5 to 9 Mbps when receiving data (known as
the downstream rate) and from 16 to 640 Kbps when sending data (known as the upstream rate).
UNIT-II
Ethernet Networking:
Ethernet is the traditional technology for connecting wired local area networks (LANs), enabling devices to
communicate with each other via a protocol -- a set of rules or common network language.
As a data-link layer protocol in the TCP/IP stack, Ethernet describes how network devices can format and
transmit data packets so other devices on the same local or campus area network segment can recognize, receive
and process them. An Ethernet cable is the physical, encased wiring over which the data travels.
Any device accessing a geographically localized network using a cable -- i.e., with a wired rather than wireless
connection -- likely uses Ethernet -- whether in a home, school or office setting. From businesses to gamers,
diverse end users depend on the benefits of Ethernet connectivity, including reliability and security.
Compared to wireless LAN technology, Ethernet is typically less vulnerable to disruptions -- whether from
radio wave interference, physical barriers or bandwidth hogs. It can also offer a greater degree of network
security and control than wireless technology, as devices must connect using physical cabling -- making it
difficult for outsiders to access network data or hijack bandwidth for unsanctioned devices.
The Institute of Electrical and Electronics Engineers Inc. (IEEE) specifies in the family of standards
called IEEE 802.3 that the Ethernet protocol touches both Layer 1 -- the physical layer -- and Layer 2 -- the data
link layer -- on the OSI network protocol model. Ethernet defines two units of transmission: packet and frame.
The frame includes not just the payload of data being transmitted, but also:
• the physical media access control (MAC) addresses of both the sender and receiver;
Each frame is wrapped in a packet that contains several bytes of information to establish the connection and
mark where the frame starts.
Engineers at Xerox first developed Ethernet in the 1970s. Ethernet initially ran over coaxial cables, while a
typical Ethernet LAN today uses special grades of twisted pair cables or fiber optic cabling. Early Ethernet
connected multiple devices into network segments through hubs -- Layer 1 devices responsible for transporting
network data -- using either a daisy chain or star topology.
Half –Duplex ethernet:- Legacy Ethernet is half-duplex, meaning information can move in only one direction at a
time. In a totally switched network, nodes only communicate with the switch and never directly with each other.
Switched networks also employ either twisted pair or fiber optic cabling, both of which use separate conductors for
sending and receiving data. In this type of environment, Ethernet stations can forgo the collision detection process
and transmit at will, since they are the only potential devices that can access the medium. This allows end stations to
transmit to the switch at the same time that the switch transmits to them, achieving a collision-free environment.
Full-Duplex Ethernet:- Ethernet switching gave rise to another advancement, full-duplex Ethernet. Full-duplex is a
data communications term that refers to the ability to send and receive data at the same time.
At the data link layer, Ethernet specifies what the data should look like, including the header and trailer. The protocol is defined
by IEEE 802.3 and actually divides the data link layer into two sublayers: the Logical Link Control (LLC) sublayer and the
Media Access Control (MAC) sublayer.
Ethernet Fields
Ethernet Header
Preamble
Length: 7 bytes (56 bits)
The Ethernet Preamble is a series of alternating ‘1s’ and ‘0s’ which enables a receiver to synchronise with the transmitter.
Destination Address
The MAC address of the intended recipient, or recipients of the frame.
Source Address
The MAC address of the sender.
Type / Length
This field is typically used to indicate the length of the client data / payload being encapsulated. For a basic Ethernet frame, the
maximum length of the client data is 1500 bytes and the minimum is 46 bytes.
Padding
Because the minimum length of a payload is 46 bytes, if the payload is less than that then padding is added.
Ethernet Trailer
Frame Check Sequence (FCS)
The Ethernet FCS is a cyclic redundancy check which allows the recipient to check whether the data has been corrupted.
Ethernet Addresses
Ethernet frames include a source and a destination Media Access Control (MAC) address. Generally, each interface on a
network will have a MAC address – whether it’s a port on a switch, a network interface card (NIC) in a computer or a WiFi chip
in a phone. There are also special addresses for sending frames to multiple recipients.
All MAC addresses are 48 bits (6 bytes) long and are typically represented using hexadecimal (hex) notation. If the first bit of
the destination address is 0, the address is a unicast address which means that it is intended for a single recipient. If the first bit is
1 then the address indicates a group address.
Group Addresses
Other MAC addresses may be associated with none or more devices on a network.
Broadcast Addresses
The broadcast address is used to send a frame to all devices on the local area network. The broadcast address has all bits set to
‘1’ which is FF:FF:FF:FF:FF:FF in hex.
Ethernet Standards
Some of the most common Ethernet varieties are summarised below. Mbps indicates a speed in megabits per second and Gbps
indicates a speed in Gigabits per second. The term ‘BASE’ means that baseband signalling is used – the signal transmitted uses
the full bandwidth of the media.
10BASE-T
Friendly Name: Ethernet
IEEE Standard: 802.3
Speed: 10 Mbps
Material: Copper
Maximum length: 100m
100BASE-TX
Friendly Name: Fast Ethernet
IEEE Standard: 802.3u
Speed: 100Mbps
Material: Copper
Maximum length: 100m
1000BASE-T
Friendly Name: Gigabit Ethernet
IEEE Standard: 802.3ab
Speed: 1 Gbps
Material: Copper
Maximum length: 100m
1000BASE-X
Friendly Name: Gigabit Ethernet
IEEE Standard: 802.3z
Speed: 1 Gbps
Material: Fibre
Maximum length: depends on fibre properties: 1000BASE-SX approx. 200m to 500m and 1000BASE-LX up to 5km
10GBASE-T
Friendly Name: 10 Gig Ethernet
IEEE Standard: 802.3an
Speed: 10Gbps
Material: Copper
Maximum length: 100m
Single-Mode Fibre
• Very small core diameter
• Carries a single mode of light
• More expensive
• Can carry data over longer distances
Multi-Mode Fibre
• Larger core diameter
• Carries multiple modes of light
• Less expensive
• Can only be used for shorter distances
Switching Technologies:-
switched communication networks are those in which data transferred from source to destination is routed
between various intermediate nodes. Switching is the technique by which nodes control or switch data to
transmit it between specific points on a network. There are 3 common switching techniques:
1. Circuit Switching
2. Packet Switching
3. Message Switching
Message Switching –
Message switching was a technique developed as an alternate to circuit switching, before packet switching
was introduced. In message switching, end users communicate by sending and receiving messages that
included the entire data to be shared. Messages are the smallest individual unit.
Also, the sender and receiver are not directly connected. There are a number of intermediate nodes transfer
data and ensure that the message reaches its destination. Message switched data networks are hence called
hop-by-hop systems.
They provide 2 distinct and important characteristics:
1. Store and forward – The intermediate nodes have the responsibility of transferring the entire
message to the next node. Hence, each node must have storage capacity. A message will only be
delivered if the next hop and the link connecting it are both available, otherwise it’ll be stored
indefinitely. A store-and-forward switch forwards a message only if sufficient resources are available
and the next hop is accepting data. This is called the store-and-forward property.
2. Message delivery – This implies wrapping the entire information in a single message and transferring
it from the source to the destination node. Each message must have a header that contains the message
routing information, including the source and destination.
Message switching network consists of transmission links (channels), store-and-forward switch nodes and
end stations as shown in the following picture:
However, message switching has certain disadvantages as well. Since messages are stored indefinitely at
each intermediate node, switches require large storage capacity. Also, these are pretty slow. This is because
at each node, first there us wait till the entire message is received, then it must be stored and transmitted
after processing the next node and links to it depending on availability and channel traffic. Hence, message
switching cannot be used for real time or interactive applications like video conference.
Applications –
The store-and-forward method was implemented in telegraph message switching centres. Today, although
many major networks and systems are packet-switched or circuit switched networks, their delivery
processes can be based on message switching. For example, in most electronic mail systems the delivery
process is based on message switching, while the network is in fact either circuit-switched or packet-
switched.
layer-2 switching:-
Layer 2 switching (or Data Link layer switching) is the process of using devices’ MAC addresses on a LAN to segment
a network. Switches and bridges are used for Layer 2 switching. They break up one large collision domain into multiple
smaller ones.
In a typical LAN, all hosts are connected to one central device. In the past, the device was usually a hub. But hubs had
many disadvantages, such as not being aware of traffic that passes through them, creating one large collision domain, etc.
To overcome some of the problems with hubs, the bridges were created. They were better than hubs because they created
multiple collision domains, but they had limited number of ports. Finally, switches were created and are still widely used
today. Switches have more ports than bridges, can inspect incoming traffic and make forwarding decisions accordingly.
Each port on a switch is a separate collision domain.
Here is an example of the typical LAN network used today – the switch serves as a central device that connects all devices
together:
First, consider the example of a LAN, with all hosts connecting to a hub:
As mentioned previously, hubs create only one collision domain, so the chance for a collision to occur is high. The hub
depicted above simply repeats the signal it receives out all ports, except the one from which the signal was received, so no
packet filtering takes place. Imagine if you had 20 hosts connected to a hub, a packet would be sent to 19 hosts, instead of
just one! This can also cause security problems, because an attacker can capture all traffic on the network.
Now consider the way the switches work. We have the same topology as above, only this we are using a switch instead of
a hub.
Switches increase the number of collision domains. Each port is one collision domain, which means that the chances for
collisions to occur are minimal. A switch learns which device is connected to which port and forwards a frame based on
the destination MAC address included in the frame. This reduces traffic on the LAN and enhances security.
To better understand the concept of ARP, let’s take a look at the following example:
Let’s say that host A wants to communicate with host B for the first time. Host A knows the IP address of host B, but since
this is the first time the two hosts communicate, the hardware (MAC) addresses are not known. Host A uses the ARP
process to find out the MAC address of host B. The switch forwards the ARP request out all ports except the port the host
A is connected to. Host B receives the ARP request and responds with its MAC address. Host B also learns the MAC
address of host A (because host A sent its MAC address in the ARP request). The switch learns which MAC addresses are
associated with which port. For example, because host B responded with the ARP reply that included its MAC address, the
switch knows the MAC address of host B and stores that address in its MAC address table. The same is with host A, the
switch knows the MAC address of the host A because of the ARP request.
Now, when host A sends a packet to host B, the switch looks up in its MAC address table and forwards the frame only out
Fa0/1 port, the port on which host B is connected. Other hosts on the network will not be involved in the communication:
You can display the MAC address table of the switch by using the show mac-address-table command:
Layer 2 switches are much faster than routers because they don’t take up time looking at the Network layer
header information. Instead, they look at the frame’s hardware addresses to decide whether to forward,
flood, or drop the frame. Here are the major advantages of Layer 2 switching:
• Address learning – switches learn MAC addresses by examining the source MAC address of each frame
received by the switch.
• Forward/filter decisions – switches decide whether to forward or filter a frame, based on the destination
MAC address.
• Loop avoidance – switches use Spanning Tree Protocol (STP) to prevent network loops while still
permitting redundancy.
Ethernet switching operates at OSI Layer 2, creating dedicated network segments and interconnecting segments. Layer 2 switches have three main
functions:
MAC address learning-A Layer 2 switch learns the MAC addresses of devices
attached to each of its ports. The addresses are stored in a bridge forwarding
database.
Forwarding and filtering-Switches determine which port a frame must be sent
out to reach its destination. If the address is known, the frame is sent only on that
port; if the address is unknown, the frame is flooded to all ports except the one
from which it originated.
Loop avoidance-When the switched network has redundant loops, the switch can
prevent duplicate frames from traveling over multiple paths.
Bridging and Switching Comparison
A switch uses its bridge forwarding table (called a MAC table in Catalyst) address table when forwarding frames to devices. With an empty bridge
forwarding table, the switch must flood frames to all ports other than the one it arrived on. This is the least-efficient way to transmit data. Initially, the
switch MAC address table is empty. Then Station A with the MAC address sends a frame to station C. When the switch receives this frame, it does the
following:
Because the MAC table is empty, the switch must flood the frame to all other
ports (except E0, the frame origin).
The switch notes the source address of the originating device and associates it
with port E0 in its MAC address table entry. Note that the table uses the source
address to populate the table, not the destination address.
The switch continues to learn addresses in this manner, continually updating the table. As the MAC table becomes more complete, the switching
becomes more efficient, because frames are filtered to specific ports rather than being flooded out all ports.
Broadcast Storms
The flooding of broadcast frames can cause a broadcast storm (indefinite flooding of frames) unless there is a mechanism in place to prevent it.
An example of a broadcast storm is shown in the figure and is described here:
1Host X sends a broadcast frame, which is received by switch A.
2Switch A checks the destination and floods it to the bottom Ethernet link, segment 2.
3Switch B receives the frame on the bottom port and transmits a copy to the top
segment.
4. Because the original frame arrives at switch B through the top segment, switch B
transmits the frame a second time. The frame now travels continuously in both
directions.
Database Instability
Database instability occurs when a switch receives the same frame on different ports. The following example shows how this occurs:
1Host X sends a frame to Router Y. When the frame arrives at switch A and switch
B, they both learn the MAC address for host X and associate it with 0.
2The frame is flooded out port 1 of each switch (assuming that Router Y’s address is
unknown).
3Switch A and switch B receive the frame on port 1 and incorrectly associate host
X’s MAC address with that port.
4This process repeats indefinitely.
Multiple Loops
Multiple loops can occur in large switched networks. When multiple loops are present, a broadcast storm clogs the network with useless traffic. Packet
switching is adversely affected in this case and might not work at all. Layer 2 cannot prevent or correct broadcast storms.
same concept. Since a loop exists between switches, the forwarded frame keeps switching between the switches endlessly.
The following image shows this situation.
This way, a looped frame can run in the loop for a long time (hours, days, literally forever if the switches and links never
failed).
Disadvantages or side effects of the loop
When a frame loops around the network indefinitely, it is known as the broadcast storm. A broadcast storm can saturate
all bandwidth of the network by creating and forwarding the multiple copies of the same frame. It also significantly
decreases the performance of the end devices by forcing them to process duplicate copies of the same frame.
Besides this, a looping frame also makes the CAM table unstable. As explained above, when a switch receives a frame, it
checks the source address field of the frame and associates the interface or port on which the frame arrived with the MAC
address that it finds in the source address field of the frame.
If a loop exists in the network, a switch can receive the looped frame from multiple interfaces. Each time, the switch
receives the looped frame from the different interface, it assumes that the device has been moved and updates the CAM
table entry.
The following image shows how the switch S0 updates the entry of MAC address 1111.1111.1111.
In nutshell, a layer 2 switching loop creates three major problems; broadcast storm, duplicate frames, and unstable CAM
table. If a loop exists, a single looped frame is sufficient to decrease the performance of the entire network by consuming
the bandwidth and CPU power of the affected devices
Spanning-Tree Protocol:-
receive updates from the Root Bridge and update their STP databases relatively.
Port Cost
Based on the connected media link, STP assigns a value to each port of the network. This value is known as the port cost
value. STP uses this value to choose the single best path when multiple links are available between two switches. It selects
the port which has the lowest port cost value.
There are two sets of the port cost value. The following table lists both.
Bandwidth Old Cost Value New Cost Value
10 Gbps 1 2
1 Gbps 1 4
100 Mbps 10 19
10 Mbps 100 100
Some old series switches, like the Catalyst 1900, use the old cost value. Cisco has already discontinued these old series
switches. New series switches, like the 2960, use the new cost value. In the port selection process, the lower cost value is
always preferred over the higher cost value. For example, if two ports; F0 and F1 have cost value 2 and 4 respectively. The
port F0 will be selected.
Path Cost
Path cost is an accumulated value of the port costs from the Root Bridge to other switches in the network. It is always
calculated from the Root Bridge. Default path cost at the Root Bridge is 0. BPDU contains the path cost information.
When the Root Bridge advertises BPDU out from its interfaces, it sets the path cost to 0. The switch which receives this
BPDU increments the path cost by adding the port cost value of the port on which the BPDU arrived. For example, if the
switch receives the BPDU on the Gigabit interface then the accumulated path cost will be 4.
0 (Value which it received from the Root Bridge) + 4 (Port cost value of the interface on which it received the BPDU) = 4
Now, this switch sets the accumulated path cost (4) in the BPDU and forwards it. The next switch which is connected with
this switch follows the same rule. For example, if the next switch receives this BPDU on the Fast Ethernet port, for that
switch, the accumulated path cost will be 23.
4 (Value which is received) + 19 (Port cost value of the incoming port) = 23.
Root Port
The Root port is the port that directly connects to the Root Bridge, or has the shortest path to the Root Bridge. The shortest
path is the path that has the lowest path cost value. Remember that, a switch can go through many other switches to get the
root bridge. So it’s not always the shortest path but it is the fastest path.
Designated Ports
A designated port is the port that has the lowest port cost value to get on a given network, compared to other ports on that
segment. STP marks the designated ports as the forwarding ports. Forwarding ports are used to forward the frames.
Non-Designated Ports
A non-designated port is a port that has the higher port cost than the designated port. STP marks the non-designated port as
the blocking port. Blocking ports are used to remove loops.
STP port states
All ports on a STP running switch, go through the four different states; blocking, listening, learning, and forwarding.
Through these states, the switch not only understands the network topology but also calculates the path cost value and
based on that value elects the designated and non-designated ports. After these states, the switch is considered as the STP
convergent switch. Let’s understand each state in detail.
STP Blocking state
When we power on a switch, the switch puts all of its ports in this state. In this state, the switch only listens and processes
the BPDUs. Except the BPDUs, it drops all other frames. From the incoming BPDUs, it learns the network topology and
determines the ports which will work as the root ports, as the designated ports, and as the blocked ports.
All ports remain in this state for twenty seconds. After twenty seconds, only the root port and designated ports move into
The following image shows how the STP changes a physically looped topology into a virtually looped free topology.
• On the Root Bridge, the first and second subset display the same information.
• On the Non-Root Bridge, the first subset shows information about the Root Bridge while the second subset displays
information about the switch itself.
• The bridge priority value is the sum of the default priority value and the VLAN ID.
STP variations
There are two different implementations of the STP protocol, DEC and 802.1d. Both implementations are not compatible
with each other. When you purchase a new switch for the network, make sure it supports the same variation of the STP
which your existing switches are using. Never mix the devices which are running 802.1d’s STP with the devices which are
running DEC’s STP, otherwise, you might run into the layer 2 looping problems. All of Cisco’s switches use 802.1d’s STP
Ethernet Switches
We’ll start broad first—after all, every super hero should understand the big picture of his or her mission.
Ethernet switches, also known as LAN (local area network) switches, are an integral part of any computer
network. They can be broadly categorized into two main categories: Modular and Fixed switches.
Modular Switches
If you’re looking for expansion capabilities, modular is where it’s at. Modular switches make it possible for you
to add expansion modules as needed into the switches. These types of switches provide the best flexibility, but
come with a price because they are more complex than their fixed switch cousins. While you may have more
limited flexibility, if you’re looking for a lower entry cost, fixed switches may be a better place to start.
Fixed Switches
As their name implies, these switches typically aren’t expandable and they have a fixed number of ports. This
category can be broken down even further into unmanaged, lightly managed, and fully managed. When it
comes to network switches, the details matter.
Think of the Ninja Turtles’ Battle Shell—if Donatello hadn’t paid attention to what the turtles needed to upgrade
their ride, they’d still be stuck with their sad Turtle Van. In the same way, you don’t want to end up with the
wrong switch and delay taking your network to the next level.
Unmanaged Switches
These switches are most commonly used in home networks and small businesses. So, if you have a large
organization this won’t be the option for you. These switches can’t be modified or managed.
They plug in and instantly start doing their job—hence the reason why they can be best for home users
who don’t have the need or time for all the bells and whistles.
Partially Managed (Smart Switches)
This is a category of switches that changes at the fastest pace. As with anything in the technology world,
it doesn’t stay static for long. They straddle the middle ground because they offer basic management
features with the ability to create some levels of security, but their management interface is more
simplified than what managed switches offer.
They do offer the capability to set up options like Quality of Service (QoS) and VLANs. These can be
helpful if your organization has VoIP phones, or if you want to segment your network into work groups.
Bonus! These switches are also cheaper than their managed counterparts.
Managed Switches
If you’re looking for the switch that has it all—the highest levels of security, precision control and full
management of your network—this is the switch for you. Think of it as the Avengers’ Quinjet, which can
travel anywhere (outer space included), store useful tools for the team, and even includes an on-board
medical bay.
Managed switches are the most costly option of them all, but if your organization has a large network it
could be the best option for you. The scalability of these switches also makes them ideal if you know your
organization’s network will be growing.
To explain how does a switch work, let me make an introduction to the subject by explaining background of TCP/IP stack layers,
frame and the purpose of switch. This will help you to understand the exact operation of switch which is the main agenda here.
To allow communication between billions of computer devices, intermediate network devices are needed. As we know from
the How does Router work post, routers, like crossroads and road signs, properly direct packets from the source to the
destination. They look into the IP packet header searching for the destination IP address (Source and destination IP are included
in the packet header) and based on local routing table, route the packet to the next hop towards the destination. So routers
operate at Layer 3 (IP Packet is network layer – Layer 3 communication structure).
Frame is a portion of information that allows for packet to traverse particular medium from one device interface to another.
Ethernet, as an example, describes many technical parameters of how devices can access the network, how cable connectors
should look, what speeds the transmission can achieve and finally how the bits and addressing are organized. So layer 2 is strictly
connected with type of medium or interface of device. Take a look at the TCP/IP communication model to localize the Layer 2
(Data Link Layer). The Layer 2 is where the switch operates (marked in red).
Ethernet Frame
Every IP device produces packets and they are forwarded across the network regardless of network access type. Every access
type uses its own structure to forward the data in its environment. Ethernet uses structure called Ethernet Frame. Frame
“surrounds” the packet as shown in below picture.
To transport IP packet through the Ethernet environment, Ethernet facing device adds extra bits to the front and back of the IP
packet making the frame. This bit-adding proccess is called encapsulation. The frame header contains inter alia source and
destination MAC addresses. The source MAC address is the physical address of the sending device, the destination MAC
address is the Ethernet (physical interface) address of destination device within the same Ethernet segment. Remember that the
frame is specific for ethernet segment that is why frame doesn’t last traversing many mediums and many separate ethernet
segments.
Now, we need to have some devices that allow us to connect high amount of users and wired devices together. This is something
that routers are not intended for. Because routers in most situations have limited number of ports, operate with more advanced
features and they are more expensive. Let’s imagine that we need to connect small home network (4 laptops) with router to
Internet Provider ! Not possible, not enough ports!
Switch is the required medium for such requirement. Switches are considered the best network devices to wire connect high
number of ethernet devices.
Switching process
When a frame arrives to a switch, the switch needs to direct the frame out through the right port, this redirection is called
switching. When a frame enters into the switchport, the switch checks the dynamic table in memory which stores Physical Port
and MAC address pairs. Switch then knows which port to use to forward the frame.
Remember: switch does not look into the IP packet and forwards frame as is based on destination MAC address.
How does the switch build the table? Switch learns the mac and port pairs in the process called MAC learning: When a frame
first arrives at the switchport, the switch checks the source MAC address within the frame and stores it next to the port number on
which it was received.
This process builds the table known as CAM (Content Addressable Memory) or TCAM (Ternary Content Addressable Memory).
And what about destination MAC addresses that are not known to the switch yet?
In our picture device B MAC is not known to the switch yet. If a frame directed to this device B MAC arrives on the switch port,
switch consults the TCAM table and if it does not find the MAC address- it multiplicates the frame sending it out to all the ports
except the one it was received on. All the devices that the frame was not intended for drop the frame and only device B will
interpret this frame correctly.
After device B will send back the frame to device A, switch will learn the device B MAC and will store it in the table and will
forward the frame directly to device A without having to multiply because it has the MAC and port already (1 A).
• Switch switches the frame to the next device which is router, preserving the frame
• After choosing right interface to route the packet encapsulates it with WiFi frame
• Wifi frame comes to device B, device decapsulates frame and interprets the IP packet
Wireless LAN:-
Introduction
A wireless local area network (WLAN) is a local area network (LAN) that doesn't rely on
wired Ethernet connections. A WLAN can be either an extension to a current wired network or an alternative to
it.
WLANs have data transfer speeds ranging from 1 to 54Mbps, with some manufacturers offering proprietary
108Mbps solutions. The 802.11n standard can reach 300 to 600Mbps.
Because the wireless signal is broadcast so everybody nearby can share it, several security precautions are
necessary to ensure only authorized users can access your WLAN.
A WLAN signal can be broadcast to cover an area ranging in size from a small office to a large campus. Most
commonly, a WLAN access point provides access within a radius of 65 to 300 feet.
WLAN types
With few exceptions, hardware in this category subscribes to the 802.11a, b, or g standards (also known as Wi-
Fi); some home and office WLANs now adhere to the new 802.11n standard. Also, because of security
concerns, many home and office WLANs adhere to the Wi-Fi Protected Access 2 (WPA2) standard.
WLAN standards
Several standards for WLAN hardware exist:
WLAN
standard Pros Cons
• Better at penetrating physical barriers • Slower data transfer rates (up to 11Mbps)
The 802.11n standard was recently ratified by the Institute of Electrical and Electronics
802.11n Engineers (IEEE), as compared to the previous three standards. Though specifications may
change, it is expected to allow data transfer rates up to 600Mbps, and may offer larger ranges.
Security standards
The 802.11x standards provide some basic security, but are becoming less adequate as use of wireless
networking spreads. Following are security standards that extend or replace the basic standard:
802.1x
This standard is part of a full WPA security standard. WPA consists of a pair of smaller standards that address
different aspects of security:
• TKIP (Temporal Key Integrity Protocol encryption), which encrypts the wireless signal
Commonly, wireless systems have you log into individual wireless access points or let you access the wireless
network, but then keep you from accessing network data until you provide further authentication (e.g., VPN).
802.1x makes you authenticate to the wireless network itself, not an individual access point, and not to some
other level, such as VPN. This boosts security, because unauthorized traffic can be denied right at the wireless
access point.
WPA2/802.11i
The Wi-Fi Alliances coined the term "WPA2" for easy use by manufacturers, technicians, and end users.
However, the IEEE name of the standard itself is 802.11i. The encryption level is so high that it requires
dedicated chips on the hardware to handle it.
In practical use, WPA2 devices have interoperability with WPA devices. When not interfacing with older WPA
hardware, WPA2 devices will run strictly by the 802.11i specifications.
WPA2 consists of a pair of smaller standards that address different aspects of security:
• WPA2-Personal, which uses a pre-shared key (similar to a single password available to groups of
users, instead of a single individual); the pre-shared key is stored on the access point and the end
user's computer
IU Secure, the new IU wireless network for students, faculty, and staff, uses WPA2 Enterprise for
authentication.
UNIT- III
Internet layer Protocol:-
Internet Layer
The Internet layer, also known as the network layer or IP layer, accepts and delivers packets
for the network. This layer includes the powerful Internet Protocol (IP), the Address Resolution
Protocol (ARP), and the Internet Control Message Protocol (ICMP).
IP Protocol
The IP protocol and its associated routing protocols are possibly the most significant of the
entire TCP/IP suite. IP is responsible for the following:
Oracle Solaris supports both IPv4 and IPv6 addressing formats, which are described in this
book. To avoid confusion when addressing the Internet Protocol, one of the following
conventions is used:
• When the term “IP” is used in a description, the description applies to both IPv4 and
IPv6.
• When the term “IPv4” is used in a description, the description applies only to IPv4.
• When the term “IPv6” is used in a description, the description applies only to IPv6.
ARP Protocol
The Address Resolution Protocol (ARP) conceptually exists between the data-link and Internet
layers. ARP assists IP in directing datagrams to the appropriate receiving system by mapping
Ethernet addresses (48 bits long) to known IP addresses (32 bits long).
ICMP Protocol
The Internet Control Message Protocol (ICMP) detects and reports network error conditions.
ICMP reports on the following:
The Reverse ARP is now considered obsolete, and outdated. Newer protocols such as the Bootstrap Protocol (BOOTP) and
the Dynamic Host Configuration Protocol (DHCP) have replaced the RARP. However, it is useful to be familiar with the older
technology as well. For instance, you can still find some applications which work with RARP today. It also helps to be familiar with
the older technology in order to better understand the technology which was built on it.
The RARP is a protocol which was published in 1984 and was included in the TCP/IP protocol stack. The RARP is on the
Network Access Layer (i.e. the lowest layer of the TCP/IP protocol stack) and is thus a protocol used to send data between two
points in a network. Each network participant has two unique addresses more or less: a logical address (the IP address) and a
physical address (the MAC address). While the IP address is assigned by software, the MAC address is built into the hardware.
You have already been assigned a Media Access Control address (MAC address) by the manufacturer of your network card.
It is possible to not know your own IP address. This may happen if, for example, the device could not save the IP address
because there was insufficient memory available. In such cases, the Reverse ARP is used. This protocol can use the known
MAC address to retrieve its IP address. Therefore, its function is the complete opposite of the ARP. The ARP uses the known IP
address to determine the MAC address of the hardware.
Who knows the IP address of a network participant if they do not know it themselves? A special RARP server does. This server,
which responds to RARP requests, can also be a normal computer in the network. However, it must have stored all MAC
addresses with their assigned IP addresses. If a network participant sends an RARP request to the network, only these special
servers can respond to it.
Since the requesting participant does not know their IP address, the data packet (i.e. the request) must be sent on the lowest
layers of the network as a broadcast. This means that the packet is sent to all participants at the same time. However, only the
RARP server will respond. If there are several of these servers, the requesting participant will only use the response that is first
received. The request-response format has a similar structure to that of the ARP.
In a standard IPv4 Ethernet network, the RARP messages are 28 bytes long.
The following information can be found in their respective fields:
• Hardware Address Space: These two bytes contain the type of hardware address.
• Protocol Address Space: This field, which is 2 bytes long, specifies the type of network protocol.
• Hardware Address Length: This is 8 bits and defines the length n of the hardware address.
• Protocol Address Length: This field defines the length m of the network address.
• Opcode: This field is two bytes long and defines the type of operation. An RARP request has the value 3 and the
corresponding response the value 4.
• Source Hardware Address: This is where the MAC address of the sender is stored. The actual length of this field
is n and is defined by the information under Hardware Address Length. A standard Ethernet network consists of 6 bytes.
• Source Protocol Address: This field would normally contain the IP address of the sender, but since the IP address is
not known during a request, the field remains undefined. The response, however, will contain the IP address of the
server. The length of this field is m and is dependent on the Protocol Address Length. Normally, though, the field is the
same length as an IPv4 address (i.e. 4 bytes).
• Target Hardware Address: This field contains the target’s MAC address. Since there is no specific target for an RARP
request, this field also contains the sender’s address. The server also includes the address of the requesting client in the
response. The length of this field is also n and is specifically 6 bytes long for Ethernet networks.
• Target Protocol Address: This last field remains undefined during a request and contains in the response the
information requested by the server: the participant’s IP address. The length of this field is also m, which is usually
defined as 4 bytes.
There are important differences between the ARP and RARP. First and foremost, of course, the two protocols obviously differ in
terms of their specifications. While the MAC address is known in an RARP request and is requesting the IP address, an ARP
request is the exact opposite. The IP address is known, and the MAC address is being requested. The two protocols are also
different in terms of the content of their operation fields: The ARP uses the value 1 for requests and 2 for responses. The
RARP on the other hand uses 3 and 4. This means that a server can recognize whether it is an ARP or RARP from the operation
code.
The Reverse Address Resolution Protocol has some disadvantages which eventually led to it being replaced by newer ones. To
be able to use the protocol successfully, the RARP server has to be located in the same physical network. The computer sends
the RARP request on the lowest layer of the network. As a result, it is not possible for a router to forward the packet. In addition,
the RARP cannot handle subnetting because no subnet masks are sent. If the network has been divided into multiple subnets, an
RARP server must be available in each one.
In addition, the network participant only receives their own IP address through the request. As previously mentioned, a subnet
mask is not included and information about the gateway cannot be retrieved via Reverse ARP. Therefore, it is not possible to
configure the computer in a modern network. These drawbacks led to the development of BOOTP and DHCP.
Address Resolution Protocol (ARP) is one of the major protocol in the TCP/IP suit and the purpose of Address
Resolution Protocol (ARP) is to resolve an IPv4 address (32 bit Logical Address) to the physical address (48 bit
MAC Address). Network Applications at the Application Layer use IPv4 Address to communicate with another
device. But at the Datalink layer, the addressing is MAC address (48 bit Physical Address), and this address is
burned into the network card permanently. You can view your network card’s hardware address by typing the
command "ipconfig /all" at the command prompt (Without double quotes using Windows Operating Systems).
The purpose of Address Resolution Protocol (ARP) is to find out the MAC address of a device in your Local Area
Network (LAN), for the corresponding IPv4 address, which network application is trying to communicate.
Following are the fields in the Address Resolution Protocol (ARP) Message Format.
Hardware Type: Hardware Type field in the Address Resolution Protocol (ARP) Message specifies the type of
hardware used for the local network transmitting the Address Resolution Protocol (ARP) message. Ethernet is the
common Hardware Type and he value for Ethernet is 1. The size of this field is 2 bytes.
Protocol Type: Each protocol is assigned a number used in this field. IPv4 is 2048 (0x0800 in Hexa).
Hardware Address Length: Hardware Address Length in the Address Resolution Protocol (ARP) Message is
length in bytes of a hardware (MAC) address. Ethernet MAC addresses are 6 bytes long.
Protocol Address Length: Length in bytes of a logical address (IPv4 Address). IPv4 addresses are 4 bytes long.
Opcode: Opcode field in the Address Resolution Protocol (ARP) Message specifies the nature of the ARP message.
1 for ARP request and 2 for ARP reply.
Sender Hardware Address: Layer 2 (MAC Address) address of the device sending the message.
Sender Protocol Address: The protocol address (IPv4 address) of the device sending the message
Target Hardware Address: Layer 2 (MAC Address) of the intended receiver. This field is ignored in requests.
Target Protocol Address: The protocol address (IPv4 Address) of the intended receiver.
Step 1: When a source device want to communicate with another device, source device checks its Address
Resolution Protocol (ARP) cache to find it already has a resolved MAC Address of the destination device. If it is
there, it will use that MAC Address for communication. To view your Local Address Resolution Protocol (ARP)
cache, Open Command Prompt and type command "arp -a" (Without double quotes using Windows Operating
Systems).
Step 2: If ARP resolution is not there in local cache, the source machine will generate an Address Resolution
Protocol (ARP) request message, it puts its own data link layer address as the Sender Hardware Address and its
own IPv4 Address as the Sender Protocol Address. It fills the destination IPv4 Address as the Target Protocol
Address. The Target Hardware Address will be left blank, since the machine is trying to find that.
Step 3: The source broadcast the Address Resolution Protocol (ARP) request message to the local network.
Step 4: The message is received by each device on the LAN since it is a broadcast. Each device compare the Target
Protocol Address (IPv4 Address of the machine to which the source is trying to communicate) with its own Protocol
Address (IPv4 Address). Those who do not match will drop the packet without any action.
Step 5: When the targeted device checks the Target Protocol Address, it will find a match and will generate an
Address Resolution Protocol (ARP) reply message. It takes the Sender Hardware Address and the Sender Protocol
Address fields from the Address Resolution Protocol (ARP) request message and uses these values for the Targeted
Hardware Address and Targeted Protocol Address of the reply message.
Step 6: The destination device will update its Address Resolution Protocol (ARP) cache, since it need to contact the
sender machine soon.
Step 7: Destination device send the Address Resolution Protocol (ARP) reply message and it will NOT be
a broadcast, but a unicast.
Step 8: The source machine will process the Address Resolution Protocol (ARP) reply from destination, it store the
Sender Hardware Address as the layer 2 address of the destination.
Step 9: The source machine will update its Address Resolution Protocol (ARP) cache with the Sender Hardware
Address and Sender Protocol Address it received from the Address Resolution Protocol (ARP) reply message.
I am sitting at 192.168.0.84. I want to ping to 192.168.0.122, to check the network connectivity. While issuing ping
command, we never specify the MAC Address of the destination device (192.168.0.122).
We know that ping command works using ICMP. ICMP is encapsulated inside IP datagram and IP datagram is
encapsulated within Ethernet Frame. We need Source IP Address (my IP Address, 192.168.0.84), Destination IP
Address (192.168.0.122), Source MAC Address (my MAC Address 08:00:27:58:58:98) and Destination MAC
Address to make the Ethernet Frame for ICMP message. Source IP Address, Destination IP Address, Source MAC
Address are known at this instance, but the Destination MAC Address unknown at this instance.
To assemble the Ethernet Frame, my device must have the Destination MAC Address corresponding to the IP
Address 192.168.0.122.
We need to resolve the Destination MAC Address corresponding to the IP Address 192.168.0.122.
Step 1: Before resolving the Destination MAC Address corresponding to the IP Address 192.168.0.122, using
Address Resolution Protocol (ARP), source device checks its Address Resolution Protocol (ARP) cache to find it
already has a resolved MAC Address of the destination device. We can view the ARP cache by using the command
arp -a
The ARP cache in my computer is empty. There are no entries in my ARP cache.
Step 2: Now my computer need to resolve the destination MAC address using ARP. My computer will prepare an
ARP Request message and send it with a Destination MAC Address as FF:FF:FF:FF:FF:FF (Broadcast MAC
Address) to LAN Switch.
Step 3: Since the Destination MAC Address is FF:FF:FF:FF:FF:FF (Broadcast MAC Address), the LAN Switch will flood it to all the
connected ports and every device in the LAN will get a copy of it.
Following screen shot shows the Wireshark capture window of ARP Request message. You must compare the below screen shot with ARP
message format image at the beginning of this lesson. We can see from the below screen shot that the Destination MAC Address is
FF:FF:FF:FF:FF:FF (Broadcast MAC Address), ARP opcode is 1 (for ARP Request), and the Target MAC Address is 00:00:00:00:00:00,
which is unknown at this instance.
We can also see from the below screen shot that the Source IP Address is 192.168.0.84, Destination IP Address is 192.168.0.122, Source MAC
Address 08:00:27:58:58:98 and Destination MAC Address is 00:00:00:00:00:00.
Step 4: The ARP Request message is received by each device on the LAN since it is a broadcast. Each device compare the Target Protocol
Address (192.168.0.122), with its own IP Address. Those who do not match will drop the packet without any action.
Step 5: When the computer with the IP Address 192.168.0.122 receives the ARP Request, it must prepare an ARP Reply and send back to the
computer who sent the ARP Request. ARP Reply will be a unicast, to save Network Resources.
Note that the ARP Reply has the Opcodef filled as 2, which is used to identify it as a ARP Reply.
The "Sender MAC Address" field (which is marked below) in ARP Reply is the answer for ARP Request.
Now both the computers can update their ARP cache, so that the MAC Address to IP Address mappings can be used for a future
communication. However, after a small period of time, ARP cache is flushed to avoid incorrect mappings (IP Address of any device can
change at any time)
The ARP cache filled with a MAC address to IP Address mapping is shown below.
You have learned Address Resolution Protocol (ARP), Address Resolution Protocol (ARP) Message Format and how Address Resolution
Protocol (ARP) operate in a LAN.
ICMP:-
What is ICMP?
ICMP (Internet Control Message Protocol) is a protocol that network devices (e.g. routers) use to generate
error messages when network issues are preventing IP packets from getting through.
The Internet Control Message Protocol is one of the fundamental systems that make the internet work.
Although you may not have heard of ICMP, you probably have heard of one of its features: Ping. In this
guide you will learn more about this essential protocol.
ICMP is part of the TCP/IP protocol stack. It is stationed at the Internet Layer and it is an error message
standard that supports the core Internet Protocol. The original definition of ICMP was written by Jon
Postel, one of the founders of the internet. The first standard was published in April 1981 in RFC 777. This
has since been updated several times. The stable definition of the protocol is contained in RFC 792, which
was also written by Postel and was published by the Internet Engineering Taskforce in September 1981.
Although the lower level Internet Layer is not supposed to be concerned with connection assurance, ICMP
gives a little bit of feedback on communications when things go wrong. So, even if you use UDP,
which has a connectionless communications model, it is still possible to find out why a transmission failed.
All network-connected devices can process ICMP messages, so that includes routers as well as endpoint
devices. ICMP has been adapted so it can work with IPv6 just as thoroughly as it has served IPv4.
As this protocol resides at the Internet Layer, its messages are carried by IP packets and so exist at a
higher level than the operating structures of switches. Although the ICMP is carried within the IP packet, it
does not exist inside data-carrying packets. An ICMP packet is only generated in response to an incoming
data packet when the transmission of that inbound message fails. The error conditions that provoke an
ICMP packet are often the result of data contained in the IP header of the failed packet.
When a router ricochet’s back an ICMP packet to report an error, it recreates all of the fields in the original
IP header of the packet that it is reporting on. So, an error collection program on the original sending
computer could analyze the header and work out exactly which of the IP packets that it sent out failed.
After the IP header, comes the three field ICMP header. These contain a code that categories the error, a
sub-code field, which refines the error code description, and then a checksum. After the ICMP field come
the first eight bytes of the payload, which are actually the Transport Layer header (TCP or UDP).
The first code field in the ICMP block contains some very useful information. The code is numeric and
here are some of the more interesting values that the field can have:
3 : destination unreachable
10 : router solicitation
Time to Live
One of the IP header fields that is best-known for provoking an ICMP-generating error is the Time to
Live field (TTL). This field contains a number, which expresses the maximum number of routers that
the packet can pass through. This number is decreased by one, by each router that processes the
packet. If a router receives a packet with a TTL of zero, it drops that packet and sends an ICMP
message back to the originator of that failed transmission.
In the case of TTL exhaustion, the reason for a packet failing to reach its destination has nothing to do with
router problems or malformed data in the packet header. The TTL is a construct that was created to prevent
rogue packets clogging up the internet when router table errors resulted in circular paths. However, a
byproduct of this field is a very useful network administration tool: Traceroute.
Traceroute is a well-known net admin tool that shows the typical path from the launching computer
through to a given destination IP address. The utility sends out a series of empty IP packets. The important
feature of each of these transmissions is the TTL value in the IP header.
The Traceroute program starts off sending a packet out with a TTL of 0. This will be dropped by the first
router that receives it, which is usually the network gateway. That router sends back an ICMP packet. The
only pieces of information that Traceroute wants from that response are the time it takes to come back
and the source address of the packet. That tells Traceroute the address of the first router on the path to
the destination. The program then sends out a packet with a TTL of 1. This gets through the gateway,
which decreases the TTL by 1. The router that gets the packet next sees that the TTL is zero, drops the
packet, and sends back an ICMP packet. Thus, the second router in the path is revealed and Traceroute
notes the time it took for that response to arrive. By increasing the TTL by 1 with each
transmission, Traceroute eventually builds up a map of all the links across the internet to the given
address.
Traceroute problems
Traceroute is a very simple tool that takes advantage of a pre-existing administrative function and
makes an efficient and informative utility out of it. There are a couple of weak points with Traceroute.
A network administrator will probably use the utility in order to see why a recent connection went so badly
– either slowly, or failed. However, Traceroute can’t tell you what happened in the past. It can only
give you feedback on the progress of the current route.
Routers each make their own decision over which of their neighbors offers the shortest path to the
destination IP address on a packet. However, that decision might not always be exactly the same every
time. If a router gets congested or switched off, the neighboring routers soon find out about the problem
and adjust their routing tables to work around the problem. That altered routing information gets
rippled out to all of the routers on the internet, but the problem may be fixed before all of the routers
find out about it. Then the re-adjusted route gets proliferated around the world.
An option with the command, “-j” allows you to specify the addresses of the routers that you would like
Traceroute to follow as a path. However, in order to use this facility, you would have to already know the
path that a faulty transmission took and you can only derive that information with a Traceroute
execution of exactly the same path.
So, if you experience a slow connection, the Traceroute command that you subsequently issue might
not reveal what happened because by that time. The problem that caused the delay may have been fixed
and your Traceroute path may not be the same path that the slow connection used.
Another problem with Traceroute is that it gives an interesting display on the path that your transmission
will probably take to a given destination. However, it doesn’t give you any tools to do anything with the
information that you receive. It isn’t possible to specify a path, and so if you see that one of the routers
on the internet gives a slow response time, all you can do with that is know which router is slowing your
connections. As that router doesn’t belong to your company and you can’t speed it up, you have acquired
knowledge through Traceroute but can’t act on it.
ICMP Ping
Ping uses two ICMP codes: 8 (echo request) and 0 (echo reply). When you issue the Ping command at the
prompt, the Ping program sends out an ICMP packet containing the code 8 in the Type field. The reply will
have a Type of 0. The program times the gap between sending the echo request packet and the arrival of
the reply. So, you can get the “round trip time” of a packet to the given destination and back.
The echo request packet is unusual in that it is the only ICMP packet that is sent out without being
provoked by an error. So, Ping doesn’t have to emulate an error condition in order to get an ICMP message
back. Ping has two options that allow you to specify a list of addresses for the path that the transmission
should take. These are “-j“, which suggests a route and “-k“, which dictates the route.
You may wonder which port Ping uses. The answer is: none. If a utility allows you to “ping” a port, it is
not literally the Ping command. Instead, that utility uses a TCP or UDP packet to test a port. In truth, this
type of function is referred to as a ” port scanner” or “port checker.”
Ping can’t use ports because it is a protocol that exists at a lower level than the Transport Layer, where
ports are a major feature.
The closest method to an ICMP Ping port report that is available is to send a UDP packet to a specific
port. If that port is not active, the transmission will provoke an ICMP message from the host of type 3
(destination unreachable) subtype 3 (destination port unreachable). So, although it is possible to
provoke an ICMP message about a port, it is not possible to use the Ping mechanism to send an ICMP
packet to that port in the first place as an echo request. If you tack a port number onto the IP address in a
Ping command (i.e. ping <IP address>:<port number>) the command will not launch but will return a
syntax error instead.
Pathping
Pathping is a utility that is built into the Windows operating system and it is available in all versions
since Windows NT. This program is a combination of Ping and Traceroute, so it exploits three ICMP
message types. These are the echo request and echo reply message type (8 and 0) and the time exceeded
message type (11).
As with both Traceroute and Ping, it is possible to give a list of addresses for a suggested path as a
parameter to the command and the utility will try to send a packet to the destination via those addresses.
Pathping produces a formatted results report that shows the route and the round trip times to each router.
It will send repeated ping requests to each router in the path rather than just repeatedly contacting the
destination. That is what Ping does, or just logging each router in the path once, which is what Traceroute
does.
Pathping is not as resilient as Ping or Traceroute. Although every device on the internet is capable of
sending ICMP messages, not every device has its ICMP functions activated. Some router and server
owners intentionally turn off ICMP functions as a protection against hacker attack.
If an intermediate router will not use ICMP, Ping still gets through that router to test the destination. If
Traceroute encounters a router that will not send out ICMP packets, it simply progresses to the next router,
presenting a line of asterisks for the uncommunicative router. In the same situation, Pathping ends its
enquiries at the router that has ICMP disabled.
Smurf attack
The main reason that some equipment owners turn the ICMP capabilities of their devices off is that the
system can be used by hackers as a conduit for attacks. The Smurf attack is one such case.
The Smurf attack uses a reflector strategy. It doesn’t attack the target directly, but invokes other
computers and routers to send messages to the victim. The attacker works out the broadcast address used
on the network of the victim and then sends out an ICMP echo request (Ping). Each device on the network
will send an echo reply back to the router that hosts that broadcast IP address.
This attack only works on large networks. It effectively provokes a Distributed Denial of
Service (DDoS) attack from within the network, whereas most attacks are launched through remote
computers over the internet. The attack type can be prevented by turning off ICMP capabilities on the
gateway router or by filtering out the acceptance of requests carrying the network’s broadcast IP address
on packets coming into the network from a remote location.
Ping flood
A Ping flood is a DDoS strategy that overwhelms a target computer with ICMP echo requests. Some
implementations of Ping work better than other. For example, the attack is more effective if the Ping
command is launched with the “flood” option. However, this option is not available with all versions of
Ping – it is not a valid option on the version that is embedded into Windows, for example. The fact that
the flood option is not universal presents problems for hackers that want to direct remote computers
infected with a botnet controlling program to send out the Ping requests. As the flood option is rare, it is
probable that most of the devices in the botnet will be unable to launch the attack.
This attack strategy would have more success if the hacker ensured that all of the infected computers used
an attempt to launch the attack had the flood option available in their Ping implementations. One way to
ensure that would be to test computers before any attack and categorize a group that has the right form
of Ping, or to install a flood-enabled Ping on all computers that are infected by the botnet virus.
The simplest defense against a Ping flood is to turn off ICMP capabilities on the router. If you are
running a web server, then a web application firewall should protect you from Ping floods.
Ping of Death
The Ping of Death involves sending over-long ping request packets. The request will have a large
amount of filler on the end of it in the payload. As the datagram is too long for transmission, the Internet
Protocol processor will break up the string into chunks that are the size of the sender’s Maximum
Transmission Unit (MTU). The receiver will notice that this is an extra long packet that has been broken up
and try to reassemble the original, long packet before sending it on to its destination application. If the
length of the packet is more bytes than the size of available memory in the receiving computer, the attempt
to reassemble the packet will jam the computer.
Ping of Death is now a well-known attack type and so stateful firewalls and intrusion detection
systems can spot it and block it. As with any hacker trick that becomes known, its effectiveness is no
longer threatening. So, hackers have largely dropped the Ping of Death strategy in favor of the Ping flood.
ICMP tunnel
Routers only look at the headers of an ICMP packet, including the TCP/UDP header that might be behind
the ICMP data. So a normal packet with lots of data in it would be passed through just as long as it
had an ICMP section in it. This is potentially a backdoor for visitors to get around the authentication and
charging procedures of public networks. This is called an ICMP tunnel or Ping tunnel.
It isn’t possible to tunnel through gateways and firewalls just with the standard network Ping utility that
most people have on their computers. An ICMP tunnel would have to be programmed. This is also a
possible route into a network for a hacker. Unfortunately, for network administrators, there are a number
of free ICMP tunnel packages available for download from the internet.
As with the previous two types of ICMP attacks, Ping tunnels can be blocked by web application
firewalls, intrusion detection systems, or by simply blocking all ICMP activity at the network gateway.
Twinge attack
Twinge is a hacker attack program. It launches an ICMP flood to overwhelm a target computer. Although
all of the Ping requests that the target receives seem to have come from many different sources, they are all
actually from the same source, each with a fake source IP address in the header. Twinge is possibly just
a renamed Ping utility with the “flood” option implemented. It would make a very useful tool
for botnet owners to load up onto their zombie computers in order to launch Ping flood attacks.
Essentially, a Twinge flood is the same as a Ping flood and the solutions to protect a network from it are
the same as for the main category of DDoS attack via ICMP: turn off ICMP, install a web application
The Maximum Transmission Unit (MTU) is a setting on network-compliant devices that dictates the
longest length of IP packets that the device should process. It is expressed in octets, which is an eight-
bit byte. The original MTU recommendation for the Internet Protocol was 576 octets. However, the
Ethernet standard recommends 1,500 octets and this has become the standard for all network and internet
devices.
It is possible to adjust the MTU settings on any router. So, if your packets pass through a router with a
lower MTU, each will be split into two IP packets. This slows down the delivery of your transfers
because the original packet has to be reassembled by the receiver before it can progress to Transport
Layer processing and then get passed on to the destination application.
It is also possible to specify in the IP header that splitting, which is called “fragmentation” should not be
performed on the packet. In this case, a router with an MTU that is smaller than the packet length will drop
the packet and then report back with an ICMP error notification. This error message would be of ICMP
type 3 (destination unreachable) subtype 4 (fragmentation required but “don’t fragment” flag is set).
A Path MTU discovery attempt gets around the problem of fragmented or dropped packets. If you can find
out the lowest MTU on the path that your transmission will take, you just need to set your own MTU down
to that size.
The discovery mechanism is implemented by the failure procedures outlined above. An IP packet goes out
to a destination with the payload padded to reach the sender’s MTU size and the “don’t fragment” flag
set. If that gets through, you shouldn’t have any problems with your connections to the destination that you
sent the test packet to. If the transmission provokes an ICMP error, then you would just try the test
repeatedly, reducing the packet length each time. With this, you will eventually send a packet that gets
through and the length of that packet will tell you the lowest MTU on the path to your destination.
Ping has an option to set the “don’t fragment” flag. However, this will only be effective if the Ping packet
is longer than the MTUs of the routers in its path. Ping doesn’t pad to your MTU size, so it doubtful that
a short Ping packet would ever get dropped.
The Linux-based IPutils package contains tracepath, which will perform path MTU discovery for you.
On Windows computers, you could check out the free mturoute utility.
ICMP world
The ICMP system is a very simple mechanism for reporting on transmission failure. However, it is
also one of the most powerful set of tools available to network administrators. The good news is
that ICMP is free and automatically available on any network-connected device. The bad news is
that ICMP can be used by hackers to form attacks or even sneak connections through firewalls.
The fact that ICMP can be used maliciously encourages a lot of risk-averse network administrators to turn
the messaging system off. This is a shame because it disables a lot of the very useful utilities that are
described in this guide.
If you run a network, and especially if you own a router that passes internet traffic, consider using stateful
firewalls and intrusion detection systems to block ICMP misuse instead of turning the messaging
protocol off completely. Investigate the settings and firmware features of your router to see whether it has
ICMP abuse resolution procedures that will allow you to continue operating ICMP on the device.
IP Addressing:
IP address is short for Internet Protocol (IP) address. An IP address is an identifier for a computer or
device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address
of the destination. Contrast with IP, which specifies the format of packets, also called datagrams, and the
addressing scheme.
gradually replacing the system based on classes A, B, and C and is tied to adoption of IPv6. In IPv6 the IP
address size is increased from 32 bits to 128 bits.
What is My IP Address?
To view your IP address you can use the ipconfig (IPCONFIG) command line tool. Ipconfig displays all
current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP)
and Domain Name System (DNS) settings.
To launch the command prompt from a Windows-based computer click: Start > All
Programs > Accessories > Command Prompt. Type ipconfig and press the Enter key.
You can also use Google search to find your IP address. Type "what is my IP address" as a search query
and Google will show the IP address of the computer from which the query was received as the top search
result.
Classes of IP addresses
TCP/IP defines five classes of IP addresses: class A, B, C, D, and E. Each class has a range of valid IP addresses.
The value of the first octet determines the class. IP addresses from the first three classes (A, B and C) can be
used for host addresses. The other two classes are used for other purposes – class D for multicast and class E
for experimental purposes.
The system of IP address classes was developed for the purpose of Internet IP addresses assignment. The
classes created were based on the network size. For example, for the small number of networks with a very
large number of hosts, the Class A was created. The Class C was created for numerous networks with small
number of hosts.
For the IP addresses from Class A, the first 8 bits (the first decimal number) represent the network part, while
the remaining 24 bits represent the host part. For Class B, the first 16 bits (the first two numbers) represent the
network part, while the remaining 16 bits represent the host part. For Class C, the first 24 bits represent the
network part, while the remaining 8 bits represent the host part.
• 10.50.120.7 – because this is a Class A address, the first number (10) represents the network part, while the
remainder of the address represents the host part (50.120.7). This means that, in order for devices to be on
the same network, the first number of their IP addresses has to be the same for both devices. In this case, a
device with the IP address of 10.47.8.4 is on the same network as the device with the IP address listed above.
The device with the IP address 11.5.4.3 is not on the same network, because the first number of its IP
address is different.
• 172.16.55.13 – because this is a Class B address, the first two numbers (172.16) represent the network part,
while the remainder of the address represents the host part (55.13). A device with the IP address of
172.16.254.3 is on the same network, while a device with the IP address of 172.55.54.74 isn’t.
NOTE
The system of network address ranges described here is generally bypassed today by use of the Classless
Inter-Domain Routing (CIDR) addressing.
Special IP address ranges that are used for special purposes are:
Types of IP addresses
The IP addresses are divided into three different types, based on their operational characteristics:
1. unicast IP addresses – an address of a single interface. The IP addresses of this type are used for one-to-one
communication. Unicast IP addresses are used to direct packets to a specific host. Here is an example:
In the picture above you can see that the host wants to communicate with the server. It uses the (unicast) IP
2. multicast IP addresses – used for one-to-many communication. Multicast messages are sent to IP multicast
group addresses. Routers forward copies of the packet out to every interface that has hosts subscribed to that
group address. Only the hosts that need to receive the message will process the packets. All other hosts on the
LAN will discard them. Here is an example:
R1 has sent a multicast packet destined for 224.0.0.9. This is an RIPv2 packet, and only routers on the network
should read it. R2 will receive the packet and read it. All other hosts on the LAN will discard the packet.
3. broadcast IP addresses – used to send data to all possible destinations in the broadcast domain (the one-
to-everybody communication). The broadcast address for a network has all host bits on. For example, for the
network 192.168.30.0 255.255.255.0 the broadcast address would be 192.168.0.255. Also, the IP address of
all 1’s (255.255.255.255) can be used for local broadcast. Here’s an example:
R1 wants to communicate with all hosts on the network and has sent a broadcast packet to the broadcast IP
address of 192.168.30.255. All hosts in the same broadcast domain will receive and process the packet.
Subnetting explained
Subnetting is the practice of dividing a network into two or more smaller networks. It increases routing
efficiency, enhances the security of the network and reduces the size of the broadcast domain.
In the picture above we have one huge network: 10.0.0.0/24. All hosts on the network are in the same subnet,
which has following disadvantages:
• a single broadcast domain – all hosts are in the same broadcast domain. A broadcast sent by any device
on the network will be processed by all hosts, creating lots of unnecessary traffic.
• network security – each device can reach any other device on the network, which can present security
problems. For example, a server containing sensitive information shouldn’t be in the same network as an
user workstation.
• organizational problems – in a large networks, different departments are usually grouped into different
subnets. For example, you can group all devices from the Accounting department in the same subnet and
then give access to sensitive financial data only to hosts from that subnet.
Now, two subnets were created for different departments: 10.0.0.0/24 for Accounting and 10.1.0.0/24 for
Marketing. Devices in each subnet are now in a different broadcast domain. This will reduce the amount of
traffic flowing on the network and allow us to implement packet filtering on the router.
Subnet mask
An IP address is divided into two parts: network and host parts. For example, an IP class A address consists of 8
bits identifying the network and 24 bits identifying the host. This is because the default subnet mask for a class
A IP address is 8 bits long. (or, written in dotted decimal notation, 255.0.0.0). What does it mean? Well, like an IP
address, a subnet mask also consists of 32 bits. Computers use it to determine the network part and the host
part of an address. The 1s in the subnet mask represent a network part, the 0s a host part.
Computers works only with bits. The math used to determine a network range is binary AND.
Let’s say that we have the IP address of 10.0.0.1 with the default subnet mask of 8 bits (255.0.0.0).
First, we need to convert the IP address to binary:
Computers then use the AND operation to determine the network number:
The computer can then determine the size of the network. Only IP addresses that begins with 10 will be in the
same network. So, in this case, the range of addresses in this network is 10.0.0.0 – 10.255.255.255.
NOTE
A subnet mask must always be a series of 1s followed by a series of 0s.
Create subnets
There are a couple of ways to create subnets. In this article we will subnet a class C address 192.168.0.0 that, by
default, has 24 subnet bits and 8 host bits.
2x = number of subnets. x is the number of 1s in the subnet mask. With 1 subnet bit, we can have 21 or 2
subnets. With 2 bits, 22 or 4 subnets, with 3 bits, 23 or 8 subnets, etc.
Subnetting example
An example will help you understand the subnetting concept. Let’s say that we need to subnet a class C
address 192.168.0.0/24. We need two subnets with 50 hosts per subnet. Here is our calculation:
1. Since we need only two subnets, we need 21 subnet bits. In our case, this means that we will take one bit from
the host part. Here is the calculation:
First, we have a class C address 192.168.0.0 with the subnet mask of 24. Let’s convert them to binary:
192.168.0.0 = 11000000.10101000.00000000.00000000
255.255.255.0 = 11111111.11111111.11111111.00000000
We need to take covert a single zero from the host part of the subnet mask. Here is our new subnet mask:
255.255.255.128 = 11111111.11111111.11111111.10000000
2. We need 50 hosts per subnet. Since we took one bit from the host part, we are left with seven bits for the hosts. Is it
enough for 50 hosts? The formula to calculate the number of hosts is 2y – 2, with y representing the number of host bits.
Since 27 – 2 is 126, we have more than enough bits for our hosts.
192.168.0.0/25 – the first subnet has the subnet number of 192.168.0.0. The range of IP addresses in this subnet
is 192.168.0.0 – 192.168.0.127.
192.168.0.128/25 – the second subnet has the subnet number of 192.168.0.128. The range of IP addresses in this subnet
is 192.168.0.128 – 192.168.0.255.
Classless Addressing:-
Classless Addressing-
CIDR Block-
Rule-01:
Rule-02:
Rule-03:
• First IP Address of the block must be divisible by the size of the block.
REMEMBER
So, any binary pattern is divisible by 2n, if and only if its least significant n bits are 0.
Examples-
CIDR Notation-
a.b.c.d / n
Example-
It suggests-
Before CIDR, public IP addresses were assigned based on the class boundaries:
• Class A – the classful subnet mask is /8. The number of possible IP addresses is 16,777,216 (2 to the power
of 24).
• Class B – the classful subnet mask is /16. The number of addresses is 65,536
• Class C – the classful subnet mask is /24. Only 256 addresses available.
Some organizations were known to have gotten an entire Class A public IP address (for example, IBM got all the
addresses in the 9.0.0.0/8 range). Since these addresses can’t be assigned to other companies, there was a
shortage of available IPv4 addresses. Also, since IBM probably didn’t need more than 16 million IP addresses, a
lot of addresses were unused.
To combat this, the classful network scheme of allocating the IP address was abandoned. The new system was
classsless – a classful network was split into multiple smaller networks. For example, if a company needs 12
public IP addresses, it would get something like this: 190.5.4.16/28.
The number of usable IP addresses can be calculated with the following formula:
In the example above, the company got 14 usable IP addresses from the 190.5.4.16 – 190.5.4.32 range because
there are 4 host bits and 2 to the power of 4 minus 2 is 14 The first and the last address are the network
address and the broadcast address,,respectively. All other addresses inside the range could be assigned to
Internet hosts.
• IPv4 short for Internet Protocol Version 4 is the fourth version of the Internet Protocol (IP).
• IP is responsible to deliver data packets from the source host to the destination host.
• This delivery is solely based on the IP Addresses in the packet headers.
• IPv4 is the first major version of IP.
• IPv4 is a connectionless protocol for use on packet-switched networks.
IPv4 Header-
1. Version-
NOTES
It is important to note-
2. Header Length-
• Header length is a 4 bit field that contains the length of the IP header.
• It helps in knowing from where the actual data begins.
In general,
Examples-
NOTES
It is important to note-
• Header length and Header length field value are two different things.
• The range of header length field value is always [5, 15].
• The range of header length is always [20, 60].
• If the given value lies in the range [5, 15] then it must be the header length field value.
• This is because the range of header length is always [20, 60].
3. Type Of Service-
• Type of service is a 8 bit field that is used for Quality of Service (QoS).
• The datagram is marked for giving a certain treatment using this field.
4. Total Length-
• Total length is a 16 bit field that contains the total length of the datagram (in bytes).
• Minimum total length of datagram = 20 bytes (20 bytes header + 0 bytes data)
• Maximum total length of datagram = Maximum value of 16 bit word = 65535 bytes
5. Identification-
6. DF Bit-
• It grants the permission to the intermediate devices to fragment the datagram if required.
• It indicates the intermediate devices not to fragment the IP datagram at any cost.
• If network requires the datagram to be fragmented to travel further but settings does not allow its fragmentation, then it is
discarded.
• An error message is sent to the sender saying that the datagram has been discarded due to its settings.
7. MF Bit-
• It indicates to the receiver that the current datagram is either the last fragment in the set or that it is the only fragment.
• It indicates to the receiver that the current datagram is a fragment of some larger datagram.
• More fragments are following.
• MF bit is set to 1 on all the fragments except the last one.
8. Fragment Offset-
9. Time To Live-
If the value of TTL becomes zero before reaching the destination, then datagram is discarded.
NOTES
It is important to note-
• Both intermediate devices having network layer and destination decrements the TTL value by 1.
• If the value of TTL is found to be zero at any intermediate device, then the datagram is discarded.
• So, at any intermediate device, the value of TTL must be greater than zero to proceed further.
• If the value of TTL becomes zero at the destination, then the datagram is accepted.
• So, at the destination, the value of TTL may be greater than or equal to zero.
10. Protocol-
Consider-
In such a case,
NOTE
It is important to note-
Checksum
14. Options-
1. Record Route-
• A record route option is used to record the IP Address of the routers through which the datagram passes on its way.
• When record route option is set in the options field, IP Address of the router gets recorded in the Options field.
NOTE
The maximum number of IPv4 router addresses that can be recorded in the
Record Route option field of an IPv4 header is 9.
Explanation-
2. Source Routing-
• A source routing option is used to specify the route that the datagram must take to reach the destination.
• This option is generally used to check whether a certain path is working fine or not.
• Source routing may be loose or strict.
3. Padding-
• Addition of dummy data to fill up unused space in the transmission unit and make it conform to the standard size is
called as padding.
• Options field is used for padding.
Example-
• When header length is not a multiple of 4, extra zeroes are padded in the Options field.
• By doing so, header length becomes a multiple of 4.
What is IPv6?
IPv6 is the newest version of the IP protocol. IPv6 was developed to overcome many deficiencies of IPv4, most
notably the problem of IPv4 address exhaustion. Unlike IPv4, which has only about 4.3 billion (2 raised to power
32) available addresses, IPv6 allows for 3.4 × 10 raised to power 38 addresses.
IPv6 features
• Large address space: IPv6 uses 128-bit addresses, which means that for each person on the Earth there are
48,000,000,000,000,000,000,000,000,000 addresses!
• Enhanced security: IPSec (Internet Protocol Security) is built into IPv6 as part of the protocol . This means
that two devices can dynamically create a secure tunnel without user intervention.
• Header improvements: the packed header used in IPv6 is simpler than the one used in IPv4. The IPv6
header is not protected by a checksum so routers do not need to calculate a checksum for every packet.
• No need for NAT: since every device has a globally unique IPv6 address, there is no need for NAT.
• Stateless address autoconfiguration: IPv6 devices can automatically configure themselves with an IPv6
address.
If you don’t know how to convert hexadecimal number to binary, here is a table that will help you do the
conversion:
The IPv6 address given above looks daunting, right? Well, there are two conventions that can help you shorten
what must be typed for an IP address:
NOTE
You can shorten an address this way only for one such occurrence. The reason is obvious – if you had more
than occurence of double colon you wouldn’t know how many sets of zeroes were being omitted from each
part.
Here is a couple of more examples that can help you grasp the concept of IPv6 address shortening:
• Unicast – represents a single interface. Packets addressed to a unicast address are delivered to a single
interface.
• Anycast – identifies one or more interfaces. For example, servers that support the same function can use
the same unicast IP address. Packets sent to that IP address are forwarded to the nearest server. Anycast
addresses are used for load-balancing. Known as “one-to-nearest” address.
• Multicast – represent a dynamic group of hosts. Packets sent to this address are delivered to many
interfaces. Multicast addresses in IPv6 have a similar purpose as their counterparts in IPv4.
NOTE
IPv6 doesn’t use the broadcast method. It has been replaced with anycast and multicast addresses.
• global unicast – similar to IPv4 public IP addresses. These addresses are assigned by the IANA and used on
public networks. They have a prefix of 2000::/3, (all the addresses that begin with binary 001).
• unique local – similar to IPv4 private addresses. They are used in private networks and aren’t routable on
the Internet. These addresses have a prefix of FD00::/8.
• link local – these addresses are used for sending packets over the local subnet. Routers do not
forward packets with this addresses to other subnets. IPv6 requires a link-local address to be assigned to
every network interface on which the IPv6 protocol is enabled. These addresses have a prefix of FE80::/10.
Let’s describe each of the IPv6 unicast address type in more detail.
• subnet ID – 64 bits long. Contains the site prefix (obtained from a Regional Internet Registry) and the
subnet ID (subnets within the site).
• interface ID – 64 bits long. typically composed of a part of the MAC address of the interface.
A unique local IPv6 address is constructed by appending a randomly generated 40-bit hexadecimal string to the
FD00::/8 prefix. The subnet field and interface ID are created in the same way as with global IPv6 addresses.
NOTE
The original IPv6 RFCs defined a private address class called site local. This class has been deprecated and
replaced with unique local addresses.
IPv6 link-local addresses
Link-local IPv6 addresses have a smaller scope as to how far they can travel: only within a network segment that
a host is connected to. Routers will not forward packets destined to a link-local address to other links. A link-
local IPv6 address must be assigned to every network interface on which the IPv6 protocol is enabled. A host
can automatically derive its own link local IP address or the address can be manually configured.
Link-local addresses have a prefix of FE80::/10. They are mostly used for auto-address configuration and
neighbour discovery.
IPv6 multicast addresses start with FF00::/8. After the first 8 bits there are 4 bits which represent the flag fields that
indicate the nature of specific multicast addresses. Next 4 bits indicate the scope of the IPv6 network for which the
multicast traffic is intended. Routers use the scope field to determine whether multicast traffic can be forwarded. The
remaining 112 bits of the address make up the multicast Group ID.
1 – interface-local
2 – link-local
4 – admin-local
5 – site-local
8 – organization-local
E – global
For example, the addresses that begin with FF02::/16 are multicast addresses intended to stay on the local link.
The following table lists of some of the most common link local multicast addresses:
For example, if the MAC address of a nework card is 00:BB:CC:DD:11:22 the interface ID would be
02BBCCFFFEDD1122.
1. IPv4/IPv6 Dual Stacks – each device on the network is configured with both an IPv4 and IPv6
address. When two devices want to communicate, they first agree on which IP version to use.
2. NAT64 – creates mapping between two address types. e.g. by mapping multiple IPv6 addresses to one IPv4
address.
3. Tunneling – Pv4 packets are tunneled over IPv6 infrastructure or vice versa.
NOTE
Some methods of the IPv4-IPV6 transition have been deprecated, but they are still mentioned in the older
books. Some of these methods are NAT-PT and NAPT-PT.
binary 0000 0000 1011 1011 1100 1100 1101 1101 0001 0001 0010 0010
Next we need to insert FFFD in the middle of the address listed above:
hex 02BBCCFFFEDD1122
binary: 0000 0010 0000 0000 0000 1100 0100 0011 0010 1010 0011 0101
hex: 02000C432A35
As with IPv4, IPv6 routing protocols can be distance vector and link-state. An example of a distance vector
protocol is RIPng with hop count as the metric. An example of a link-state routing protocol is OSPF with cost as
the metric.
1. enable IPv6 routing on a Cisco router using the ipv6 unicast-routing global configuration command. This
command globally enables IPv6 and must be the first command executed on the router.
2. configure the IPv6 global unicast address on an interface using the ipv6 address address/prefix-length [eui-
64] command. If you omit omit the eui-64 parameter, you will need to configure the entire address
manually. After you enter this command, the link local address will be automatically derived.
R1(config)#int Gi0/0
We can verify that the IPv6 address has been configured by using the show ipv6 interface Gi0/0 command:
R1#show ipv6 interface Gi0/0
FF02::1
FF02::2
FF02::1:FF65:3E01
....
1. the link local IPv6 address has been automatically configured. Link local IP addresses begin with FE80::/10
and the interface ID is used for the rest of the address. Because the MAC address of the interface
is 00:01:42:65:3E01, the calculated address is FE80::201:42FF:FE65:3E01.
2. the global IPv6 address has been created using the modified EUI-64 method. Remember that IPv6 global
addresses begin with 2000::/3. So in our case, the IPv6 global address
is 2001:BB9:AABB:1234:201:42FF:FE65:3E01.
We will also create an IPv6 address on another router. This time we will enter the whole address:
R2(config-if)#ipv6 address 2001:0BB9:AABB:1234:1111:2222:3333:4444/64
Notice that the IPv6 address is in the same subnet as the one configured on R1 (2001:0BB9:AABB:1234/64).
We can test the connectivity between the devices using ping for IPv6:
R1#ping ipv6 2001:0BB9:AABB:1234:1111:2222:3333:4444
!!!!!
As you can see from the output above, the devices can communicate with each other.
What is IP routing?
IP routing is the process of sending packets from a host on one network to another host on a different remote
network. This process is usually done by routers. Routers examine the destination IP address of a packet ,
determine the next-hop address, and forward the packet. Routers use routing tables to determine a next hop
address to which the packet should be forwarded.
Host A wants to communicate with host B, but host B is on another network. Host A is configured to send all
packets destined for remote networks to router R1. Router R1 receives the packets, examines the destination IP
address and forwards the packet to the outgoing interface associated with the destination network.
Default gateway
A default gateway is a router that hosts use to communicate with other hosts on remote networks. A default
gateway is used when a host doesn’t have a route entry for the specific remote network and doesn’t know how
to reach that network. Hosts can be configured to send all packets destined to remote networks to a default
gateway, which has a route to reach that network.
The following example explains the concept of a default gateway more thoroughly.
Host A has an IP address of the router R1 configured as the default gateway address. Host A is trying to
communicate with host B, a host on another, remote network. Host A looks up in its routing table to check if
there is an entry for that destination network. If the entry is not found, the host sends all data to the router R1.
Router R1 receives the packets and forwards them to host B.
Routing table
Each router maintains a routing table and stores it in RAM. A routing table is used by routers to determine the
path to the destination network. Each routing table consists of the following entries:
Consider the following example. Host A wants to communicate with host B, but host B is on another network.
Host A is configured to send all packets destined for remote networks to the router. The router receives the
packets, checks the routing table to see if it has an entry for the destination address. If it does, the router
forwards the packet out the appropriate interface port. If the router doesn’t find the entry, it discards the
packet.
We can use the show ip route command from the enabled mode to display the router’s routing table.
As you can see from the output above, this router has two directly connected routes to the subnets 10.0.0.0/8
and 192.168.0.0/24. The character C in the routing table indicates that a route is a directly connected route. So
when host A sends the packet to host B, the router will look up into its routing table and find the route to the
10.0.0.0/8 network on which host B resides. The router will then use that route to route packets received from
host A to host B.
Connected routes
Subnets directly connected to a router’s interface are added to the router’s routing table. Interface has to have
an IP address configured and both interface status codes must be in the up and up state. A router will be able
to route all packets destined for all hosts in subnets directly connected to its active interfaces.
Consider the following example. The router has two active interfaces, Fa0/0 and Fa0/1. Each interface has been
configured with an IP address and is currently in the up-up state, so the router adds these subnets to its routing
table.
As you can see from the output above, the router has two directly connected routes to the subnets 10.0.0.0/8
and 192.168.0.0/24. The character C in the routing table indicates that a route is a directly connected route.
NOTE
You can see only connected routes in a router’s routing table by typing the show ip route connected command.
Static routes
By adding static routes, a router can learn a route to a remote network that is not directly connected to one of
its interfaces. Static routes are configured manually by typing the global configuration mode command ip route
DESTINATION_NETWORK SUBNET_MASK NEXT_HOP_IP_ADDRESS. This type of configuration is usually used in
smaller networks because of scalability reasons (you have to configure each route on each router).
A simple example will help you understand the concept of static routes.
Router A is directly connected to router B. Router B is directly connected to the subnet 10.0.1.0/24. Since that
subnet is not directly connected to Router A, the router doesn’t know how to route packets destined for that
subnet. However. you can configure that route manually on router A.
First, consider the router A’s routing table before we add the static route:
Now, we’ll use the static route command to configure router A to reach the subnet 10.0.0.0/24. The router now
has the route to reach the subnet.
The character S in the routing table indicates that a route is a statically configured route.
Another version of the ip route command exists. You don’t have to specify the next-hop IP address. You can
rather specify the exit interface of the local router. In the example above we could have typed the ip route
DEST_NETWORK NEXT_HOP_INTERFACE command to instruct router A to send all traffic destined for the subnet
out the right interface. In our case, the command would be ip route 10.0.0.0 255.255.255.0 Fa0/0.
Dynamic routes
A router can learn dynamic routes if a routing protocol is enabled. A routing protocol is used by routers to
exchange routing information with each other. Every router in the network can then use information to build its
routing table. A routing protocol can dynamicaly choose a different route if a link goes down, so this type of
routing is fault-tolerant. Also, unlike with static routing, there is no need to manually configure every route on
every router, which greatly reduces the administrative overhead. You only need to define which routes will be
advertised on a router that connect directly to the corresponding subnets – routing protocols take care of the
rest.
The disadvantage of dynamic routing is that it increases memory and CPU usage on a router, because every
router has to process received routing information and calculate its routing table.
To better understand the advantages that dynamic routing procotols bring, consider the following example:
Both routers are running a routing protocol, namely EIGRP. There is no static routes on Router A, so R1 doesn’t
know how to reach the subnet 10.0.0.0/24 that is directly connected to Router B. Router B then advertises the
subnet to Router A using EIGRP. Now Router A has the route to reach the subnet. This can be verified by typing
the show ip route command:
You can see that Router A has learned the subnet from EIGRP. The letter D in front of the route indicates that
the route has been learned through EIGRP. If the subnet 10.0.0.0/24 fails, Router B can immediately inform
Router A that the subnet is no longer reachable.
A network can use more than one routing protocol, and routers on the network can learn about a route from
multiple sources. Routers need to find a way to select a better path when there are multiple paths available.
Administrative distance number is used by routers to find out which route is better (lower number is better). For
example, if the same route is learned from RIP and EIGRP, a Cisco router will choose the EIGRP route and stores
it in the routing table. This is because EIGRP routes have (by default) the administrative distance of 90, while RIP
route have a higher administrative distance of 120.
You can display the administrative distance of all routes on your router by typing the show ip route command:
In the case above, the router has only a single route in its routing table learned from a dynamic routing
protocols – the EIGRP route.
Metric
If a router learns two different paths for the same network from the same routing protocol, it has to decide
which route is better and will be placed in the routing table. Metric is the measure used to decide which route is
better (lower number is better). Each routing protocol uses its own metric. For example, RIP uses hop counts as
a metric, while OSPF uses cost.
The following example explains the way RIP calculates its metric and why it chooses one path over another.
RIP has been configured on all routers. Router 1 has two paths to reach the subnet 10.0.0.0/24. One path is
goes through Router 2, while the other path goes through Router 3 and then Router 4. Because RIP uses the
hop count as its metric, the path through Router 1 will be used to reach the 10.0.0.0/24 subnet. This is because
that subnet is only one router away on the path. The other path will have a higher metric of 2, because the
subnet is two routers away.
NOTE
The example above can be used to illustrate a disadvantage of using RIP as a routing protocol. Imagine if the
first path through R2 was the 56k modem link, while the other path (R3-R4) is a high speed WAN link. Router
R1 would still chose the path through R2 as the best route, because RIP uses only the hop count as its metric.
The following table lists the parameters that various routing protocols use to calculate the metric:
Routing protocols
Dynamic routes are routes learned via routing protocols. Routing protocols are configured on routers with the
purpose of exchanging routing information. There are many benefits of using routing protocols in your
network, such as:
• unlike static routing, you don’t need to manually configure every route on each router in the network. You
just need to configure the networks to be advertised on a router directly connected to them.
• if a link fails and the network topology changes, routers can advertise that some routes have failed and pick
a new route to that network.
Cisco has created its own routing protocol – EIGRP. EIGRP is considered to be an advanced distance vector
protocol, although some materials erroneously state that EIGRP is a hybrid routing protocol, a combination of
distance vector and link state.
All of the routing protocols mentioned above are interior routing protocols (IGP), which means that they are
used to exchange routing information within one autonomous system. BGP (Border Gateway Protocol) is an
example of an exterior routing protocol (EGP) which is used to exchange routing information between
autonomous systems on the Internet.
As the name implies, distance vector routing protocols use distance to determine the best path to a remote
network. The distance is something like the number of hops (routers) to the destination network.
Distance vector protocols usually send the complete routing table to each neighbor (a neighbor is directly
connected router that runs the same routing protocol). They employ some version of Bellman-Ford algorithm
to calculate the best routes. Compared with link state routing protocols, distance vector protocols are easier to
configure and require little management, but are susceptible to routing loops and converge slower than the
link state routing protocols. Distance vector protocols also use more bandwidth because they send complete
routing table, while the link state procotols send specific updates only when topology changes occur.
Link state routing protocols are the second type of routing protocols. They have the same basic purpose as
distance vector protocols, to find a best path to a destination, but use different methods to do so. Unlike
distance vector protocols, link state protocols don’t advertise the entire routing table. Instead, they advertise
information about a network toplogy (directly connected links, neighboring routers…), so that in the end all
routers running a link state protocol have the same topology database. Link state routing protocols converge
much faster than distance vector routing protocols, support classless routing, send updates using multicast
addresses and use triggered routing updates. They also require more router CPU and memory usage than
distance-vector routing protocols and can be harder to configure.
Each router running a link state routing protocol creates three different tables:
• neighbor table – the table of neighboring routers running the same link state routing protocol.
• topology table – the table that stores the topology of the entire network.
• routing table – the table that stores the best routes.
Shortest Path First algorithm is used to calculate the best route. OSPF and IS-IS are examples of link state
routing protocols.
RIP overview
RIP (Routing Information Protocol) is one of the oldest distance vector routing protocols. It is usually used
on small networks because it is very simple to configure and maintain, but lacks some advanced features of
routing protocols like OSPF or EIGRP. Two versions of the protocol exists: version 1 and version 2. Both versions
use hop count as a metric and have the administrative distance of 120. RIP version 2 is capable of advertising
subnet masks and uses multicast to send routing updates, while version 1 doesn’t advertise subnet masks and
uses broadcast for updates. Version 2 is backwards compatible with version 1.
RIPv2 sends the entire routing table every 30 seconds, which can consume a lot of bandwidth. RIPv2 uses
multicast address of 224.0.0.9 to send routing updates, supports authentication and triggered updates (updates
that are sent when a change in the network occurs).
Router R1 directly connects to the subnet 10.0.0.0/24. Network engineer has configured RIP on R1 to advertise
the route to this subnet. R1 sends routing updates to R2 and R3. The routing updates list the subnet, subnet
mask and metric for this route. Each router, R2 and R3, receives this update and adds the route to their
respective routing tables. Both routers list the metric of 1 because the network is only one hop away.
NOTE
Maximum hop count for a RIP route is 15. Any route with a higher hop count is considered to be unreachable.
Configuring RIPv2
Configuring RIPv2 is a pretty straightforward process. Only three steps are required:
The first two commands are easy to comprehend, but the last command requires a little bit more thought. With
the network command you specify which interfaces will participate in the routing process. This command takes
a classful network as a parameter and enables RIP on the corresponding interfaces.Let’s configure our sample
network to use RIP.
Router R1 and R2 have directly connected subnets. We want to include these subnets in the RIP routing
process. To do that, we first need to enable RIP on both routers and then advertise these subnets using the
network command.
On router R1, in the global configuration mode, enter the router rip command to enable RIP. In the RIP
configuration mode, change the version of the protocol to 2 by using the version 2 command. Next, use
the network 10.0.0.0 command to include the Fa0/1 interface on the router R1 in the routing process.
Remember, the network command takes a classful network number as a parameter, so in this case every
interface that has an IP address that begins with 10 will be included in the RIP process (IP addresses that begins
with 10 are, by default, the class A addresses and have the default subnet mask of 255.0.0.0). For instance, if
another interface on the router had the IP address of 10.1.0.1 it would also be included in the routing process
with the network command. You also need to include the link between the two routers in the RIP routing
process. This is done by adding another network statement, network 172.16.0.0.
The configuration on R2 looks similar, but with different network number for the directly connected subnet:
You can verify that router R1 have a route to the R2’s directly connected subnet by typing the show ip
route command:
he legend lists R for all RIP routes in the routing table. Also note that the administrative distance of 120 is
shown, together with the metric of 1.