Thursday, June 16, 2011

Chapter 1: Network Fundamentals Review (Part02)

Network Devices

Add a note hereThe main devices that interconnect networks are hubs, switches, and routers, as described in the following sections.


Note

Add a note hereMany other devices can be used in networks to provide specific functionality; these devices are introduced in the appropriate chapters in this book. For example, security devices, including firewalls, are discussed in Chapter 10, “Evaluating Security Solutions for the Network.”

Add a note here Terminology: Domains, Bandwidth, Unicast, Broadcast, and Multicast

Add a note hereThe following is some terminology related to the operation of network devices:

  • Add a note hereA domain is a specific part of a network.

  • Add a note here Bandwidth is the amount of data that can be carried across a network in a given time period.

  • Add a note here Unicast data is data meant for a specific device.

  • Add a note here Broadcast data is data meant for all devices; a special broadcast address indicates this.

  • Add a note here Multicast data is data destined for a specific group of devices; again, a special address indicates this.

  • Add a note hereA bandwidth domain, known as a collision domain for Ethernet LANs, includes all devices that share the same bandwidth.

  • Add a note hereA broadcast domain includes all devices that receive each others’ broadcasts (and multicasts).

Add a note hereDevices in the same bandwidth domain are also in the same broadcast domain; however, devices in the same broadcast domain can be in different bandwidth domains.

Add a note here Hubs

Add a note hereA typical Ethernet LAN uses unshielded twisted-pair (UTP) cables with RJ-45 connectors (which are slightly bigger than telephone RJ-11 connectors). Because these cables have only two ends, you need an intermediary device to connect more than two computers. That device is a hub.

Add a note hereA hub works at Layer 1 and connects multiple devices so that they are logically all on one LAN.

Add a note hereA hub has no intelligence—it sends all data received on any port to all the other ports. Consequently, devices connected through a hub receive everything that the other devices send, whether or not it was meant for them. This is analogous to being in a room with lots of people—if you speak, everyone can hear you. If more than one person speaks at a time, everyone just hears noise.

Add a note hereAll devices connected to a hub are in one collision domain and one broadcast domain.


Note

Add a note hereA hub just repeats all the data received on any port to all the other ports; thus, hubs are also known as repeaters.

Add a note here Switches

Add a note hereJust as having many people in a room trying to speak can result in nobody hearing anything intelligible, using hubs in anything but a small network is not efficient. To improve performance, LANs are usually divided into multiple smaller LANs interconnected by a Layer 2 LAN switch. The devices connected to a switch again appear as they are all on one LAN, but this time, multiple conversations between devices connected through the switch can happen simultaneously.


Note

Add a note hereThis section discusses Layer 2 LAN switches. The later section “Switching Types” introduces Layer 3 switching.

Add a note hereLAN switches are Layer 2 devices and have some intelligence—they send data to a port only if the data needs to go there. A device connected to a switch port does not receive any of the information addressed to devices on other ports. Therefore, the main advantage of using a switch instead of a hub is that the traffic received by a device is reduced because only frames addressed to a specific device are forwarded to the port on which that device is connected.

Add a note hereSwitches read the source and destination MAC addresses in the frames and therefore can keep track of who is where, and who is talking to whom, and send data only where it needs to go. However, if the switch receives a frame whose destination address indicates that it is a broadcast (information meant for everyone) or multicast (information meant for a group), by default it sends the frame out all ports (except for the one on which it was received).

Add a note hereAll devices connected to one switch port are in the same collision domain, but devices connected to different ports are in different collision domains. By default, all devices connected to a switch are in the same broadcast domain.

Add a note hereSwitches do not allow devices on different logical LANs to communicate with each other; this requires a router, as described in the next section.

Add a note here Routers

Add a note here A router goes one step further than a switch. It is a Layer 3 device that has much more intelligence than a hub or switch. By using logical Layer 3 addresses, routers allow devices on different LANs to communicate with each other and with distant devices—for example, those connected through the Internet or through a WAN. Examples of logical Layer 3 addresses include TCP/IP’s IP addresses and Novell’s IPX addresses.

Add a note hereA device connected to a router does not receive any of the information meant just for devices on other ports, or broadcasts (destined for all networks) from devices on other ports.

Add a note hereThe router reads the source and destination logical addresses in the packets and therefore keeps track of who is where, and who is talking to whom, and sends data only where it needs to go. It supports communication between LANs, but it blocks broadcasts (destined for all networks).

Add a note hereAll devices connected to one router port are in the same collision domain, but devices connected to different ports are in different collision domains.

Add a note hereAll the devices connected to one router port are in the same broadcast domain, but devices connected to different ports are in different broadcast domains. Routers block broadcasts (destined for all networks) and multicasts by default; routers forward only unicast packets (destined for a specific device) and packets of a special type called directed broadcasts.


Note

Add a note hereIP multicast technology, which enables multicast packets to be sent throughout a network, is described in Chapter 4, “Designing Basic Campus and Data Center Networks.”


Note

Add a note hereAn IP-directed broadcast is an IP packet that is destined for all devices on an IP subnet. IP subnets are described in the “Addressing” section later in this chapter.

Add a note hereThe fact that a router does not forward broadcasts (destined for all networks) is a significant difference between a router and a switch, and it helps control the amount of traffic on the network. For example, many protocols, such as IP, might use broadcasts for routing protocol advertisements, discovering servers, and so on. These broadcasts are a necessary part of local LAN traffic, but they are not required on other LANs and can even overwhelm slower WANs. Routers can generate broadcasts themselves if necessary (for example, to send a routing protocol advertisement), but do not pass on a received broadcast.

Add a note hereRouting operation is discussed further in the “Routing” section, later in this chapter.


Note

Add a note here The concepts of unicast, multicast, and broadcast apply to Layer 2 and Layer 3 separately. Although a router does not forward any type of frame, it can forward a unicast, multicast, or directed broadcast packet that it received in a frame. A switch, however, can forward a unicast, multicast, or broadcast frame.


Introduction to the TCP/IP Suite

Add a note hereAs mentioned earlier, TCP/IP is the most widely used protocol suite. The relationship between the five layers of the TCP/IP protocol suite and the seven layers of the OSI model is illustrated in Figure 1-4.

Image from book
Add a note hereFigure 1-4: TCP/IP Protocol Suite

Add a note hereThe five layers of the TCP/IP suite are the application layer, transport layer, Internet layer, data link layer, and physical layer.


Note

Add a note hereThe data link and physical layers are sometimes grouped as one layer, called the network interface layer.

Add a note hereThe TCP/IP application layer includes the functionality of the OSI application, presentation, and session layers. Applications defined in the TCP/IP suite include the following:

  • Add a note here FTP and Trivial File Transfer Protocol (TFTP): Transfer files between devices.

  • Add a note here SMTP and POP3: Provide e-mail services.

  • Add a note here HTTP: Transfers information to and from a World Wide Web server through web browser software.

  • Add a note here Telnet: Emulates a terminal to connect to devices.

  • Add a note here Domain Name System (DNS): Translates network device names into network addresses and vice versa.

  • Add a note here Simple Network Management Protocol (SNMP): Used for network management, including setting threshold values and reporting network errors.

  • Add a note here Dynamic Host Configuration Protocol (DHCP): Assigns dynamic IP addressing information to devices as they require it.

Add a note hereThe transport layer and Internet layer protocols are detailed in the following sections.

Add a note hereThe data link and physical layers can support a wide variety of LANs and WANs (including those discussed in the “LANs and WANs” section, earlier in this chapter). A data link layer protocol related to the TCP/IP suite is described in the later “TCP/IP-Related Data Link Layer Protocol” section.

Add a note here TCP/IP Transport Layer Protocols

Add a note hereThe TCP/IP transport layer includes the following two protocols:

  • Add a note here Transmission Control Protocol (TCP): Provides connection-oriented, end-to-end reliable transmission. Before sending any data, TCP on the source device establishes a connection with TCP on the destination device, ensuring that both sides are synchronized. Data is acknowledged; any data not received properly is retransmitted. FTP is an example of an application that uses TCP to guarantee that the data sent from one device to another is received successfully.

  • Add a note here User Datagram Protocol (UDP): Provides connectionless, best-effort unacknowledged data transmission. In other words, UDP does not ensure that all the segments arrive at the destination undamaged. UDP does not have the overhead of TCP related to establishing the connection and acknowledging the data. However, this means that upper-layer protocols or the user must determine whether all the data arrived successfully, and retransmit if necessary. TFTP is an example of an application that uses UDP. When all the segments have arrived at the destination, TFTP computes the file check sequence and reports the results to the user. If an error occurs, the user must send the entire file again.


Note

Add a note hereDNS is an example of an application layer protocol that may use either TCP or UDP, depending on the function it is performing.

Add a note here TCP and UDP, being at the transport layer, send segments. Figure 1-5 illustrates the fields in a UDP segment and in a TCP segment.

Click to collapse
Add a note hereFigure 1-5: UDP Segment Headers Contain at Least 8 Bytes, Whereas TCP Segment Headers Contain at Least 20 Bytes

Add a note hereThe UDP segment fields are as follows:

  • Add a note here Source and destination port numbers (16 bits each): Identify the upper-layer protocol (the application) in the sending and receiving devices.

  • Add a note here Length (16 bits): The total number of 32-bit words in the header and the data.

  • Add a note here Checksum (16 bits): The checksum of the header and data fields, used to ensure that the segment is received correctly.

  • Add a note here Data (variable length): The upper-layer data (the application data).

Add a note hereThe TCP segment fields are as follows:

  • Add a note here Source and destination port numbers (16 bits each): Identify the upper-layer protocol (the application) in the sending and receiving hosts.

  • Add a note here Sequence and acknowledgment numbers (32 bits each): Ensure the correct order of the received data and that the data reached the destination.

  • Add a note here Header length (4 bits): The number of 32-bit words in the header.

  • Add a note here Reserved (6 bits): For future use, set to 0.

  • Add a note here Code bits (6 bits): Indicates different types of segments. For example, the SYN (synchronize) bit is used for setting up a session, the ACK (acknowledge) bit is used for acknowledging a segment, and the FIN (finish) bit is used for closing a session.

  • Add a note here Window size (16 bits): The number of octets that the receiving device is willing to accept before it must send an acknowledgment.


    Note

    Add a note hereAn octet is 8 bits of data.

  • Add a note here Checksum (16 bits): The checksum of the header and data fields, used to ensure that the segment is received correctly.

  • Add a note here Urgent (16 bits): Indicates the end of urgent data.

  • Add a note here Option (0 or 32 bits): Only one option is currently defined: the maximum TCP segment size.

  • Add a note here Data (variable): The upper-layer data (the application data).

Add a note hereNotice that the UDP header is much smaller than the TCP header. UDP does not need the sequencing, acknowledgment, or windowing fields, because it does not establish and maintain connections.

Add a note herePort number operation, which is the same for both TCP and UDP, is described in the next section. Following that section, the operation of sequence and acknowledgment numbers and windowing are described; these are crucial to understanding TCP operation.

Port Numbers

Add a note hereWell-known, or standardized, port numbers are assigned to applications so that different implementations of the TCP/IP protocol suite can interoperate. Well-known port numbers are numbers up to 1023; examples include the following:

  • Add a note here FTP: TCP port 20 (data) and port 21 (control)

  • Add a note here TFTP: UDP port 69

  • Add a note here SMTP: TCP port 25

  • Add a note here POP3: TCP port 110

  • Add a note here HTTP: TCP port 80

  • Add a note here Telnet: TCP port 23

  • Add a note here DNS: TCP and UDP port 53

  • Add a note here SNMP: UDP port 161

Add a note here Port numbers from 1024 through 49151 are called registered port numbers; these are registered for use by other applications. The dynamic ports numbers are those from 49152 through 65535; these can be dynamically assigned by hosts as source port numbers when they create and end sessions.

Add a note hereFor example, Figure 1-6 illustrates a device in Toronto that is opening a Telnet session (TCP port 23) with a device in London. Note that the source port from Toronto is 50051. Toronto records this Telnet session with London as port 50051 to distinguish it from any other Telnet sessions it might have running (because simultaneous multiple Telnet sessions can be running on a device). The London device receives port number 23 and therefore knows that this is a Telnet session. In its reply, it uses a destination port of 50051, which Toronto knows is the Telnet session it opened with London.

Click to collapse
Add a note hereFigure 1-6: Source and Destination Port Numbers Indicate the Application Being Used

TCP Sequencing, Acknowledgment, and Windowing

Add a note hereTo illustrate TCP operation, this section follows a TCP session as it is established, data is sent, and the session is closed.

Add a note hereThe TCP three-way handshake is shown in Figure 1-7.

Image from book
Add a note hereFigure 1-7: Three-Way Handshake Establishes a TCP Session

Add a note here In this example, a user in Toronto wants to establish a TCP session with a device in London to start a Telnet session. The first step in the handshake involves the initiator, Toronto, sending a segment with the SYN bit set—this indicates that it wants to start a session and synchronize with London. This segment also includes the initial sequence number that Toronto is using—21 in this example.

Add a note hereAssuming that the device in London is willing to establish the session, it returns a segment that also has the SYN bit set. In addition, this segment has the ACK bit set because London is acknowledging that it successfully received a segment from Toronto. The acknowledgment number is set to 22, indicating that London is now expecting to receive segment 22 and therefore that it successfully received number 21. This is known as an expectational acknowledgment. The new segment includes the initial sequence number that London is using—75 in this example.

Add a note hereFinally, Toronto replies with an acknowledgment segment, sequence number 22 (as London is expecting), and acknowledgment number 76, indicating that it is now expecting number 76 and therefore has successfully received number 75. The session is now established, and data can be exchanged between Toronto and London.


Note

Add a note hereThe sequence and acknowledgment numbers specify octet numbers, not segment numbers. For ease of illustration, this example assumes that a segment is 1 octet of data. This is not the case in real life, but it simplifies the example so that the concepts are easier to understand.

Add a note hereThe window size field in the segment controls the flow of the session. It indicates how many octets a device is willing to accept before it must send an acknowledgment. Because each host can have different flow restrictions (for example, one host might be very busy and therefore require that a smaller amount of data be sent at one time), each side of the session can have different window sizes, as illustrated in Figure 1-8.

Click to collapse
Add a note hereFigure 1-8: Window Size Indicates the Number of Octets a Device Is Willing to Accept Before It Sends an Acknowledgment

Add a note here In this example, the window size on Toronto is set to 3, and on London it is set to 2. When Toronto sends data to London, it can send 2 octets before it must wait for an acknowledgment. When London sends data to Toronto, it can send 3 octets before it must wait for an acknowledgment.


Note

Add a note hereThe window size specifies the number of octets that can be sent, not the number of segments. For ease of illustration, this example assumes that a segment is 1 octet of data. This is not the case in real life, but it again simplifies the example so that the concepts are easier to understand. The window sizes shown in the example are also small for ease of explanation. In reality, the window size would be much larger, allowing a lot of data to be sent between acknowledgments.

Add a note hereAfter all the data for the session is sent, the session can be closed. The process is similar to how it was established, using a handshake. In this case, four steps are used, as illustrated in Figure 1-9.

Click to collapse
Add a note hereFigure 1-9: Four-Way Handshake Closes a TCP Session

Add a note hereIn this example, Toronto wants to close its Telnet session with London. The first step in the handshake involves Toronto sending a segment with the FIN bit set, indicating that it wants to finish the session. This segment also includes the sequence number that Toronto is currently using—107 in this example.

Add a note here London immediately acknowledges the request. This segment has the ACK bit set with the acknowledgment number set to 108, indicating that London successfully received number 107. This segment includes the sequence number that London is currently using—322 in this example. London then informs its Telnet application that half of the session, the connection from Toronto, is now closed.

Add a note hereWhen the application on the London device requests that the other half of the connection (to Toronto) be closed, London sends a new segment with the FIN bit set, indicating that it wants to close the session.

Add a note hereFinally, Toronto replies with an acknowledgment segment with acknowledgment number 323 (indicating that it has successfully received number 322). The session is now closed in both directions.

Add a note here TCP/IP Internet Layer Protocols

Add a note hereThe TCP/IP Internet layer corresponds to the OSI network layer and includes the IP-routed protocol, as well as a protocol for message and error reporting.

Protocols

Add a note here The protocols at this layer include the following:

  • Add a note here IP: Provides connectionless, best-effort delivery of datagrams through the network. A unique IP address—a logical address—is assigned to each interface of each device in the network. IP and IP addresses are introduced later in this chapter and are described in more detail in Appendix B, “IPv4 Supplement.”


    Note

    Add a note hereTwo versions of IP currently exist: IP version 4 (IPv4) and the emerging IP version 6 (IPv6). In this book, the term IP refers to IPv4. IPv6 is introduced in Chapter 6, “Designing IP Addressing in the Network.”

  • Add a note here Internet Control Message Protocol (ICMP): Sends messages and error reports through the network. For example, the ping application included in most TCP/IP protocol suites sends an ICMP echo message to a destination, which then replies with an ICMP echo reply message. Ping provides confirmation that the destination can be reached and gives a measure of how long packets are taking to travel between the source and destination.


Note

Add a note hereThese protocols are all at the TCP/IP Internet layer, corresponding to the OSI model network layer, Layer 3. They run on top of the TCP/IP physical and data link layers, Layers 1 and 2.


Note

Add a note hereYou might have heard people refer to IP as a “LAN protocol”; this is because they configure IP on PCs that are attached to LANs. However, IP is, in fact, a network layer protocol—it runs on top of any LAN or WAN.

IP Datagrams

Add a note here Figure 1-10 illustrates the fields of an IP datagram.

Click to collapse
Add a note hereFigure 1-10: An IP Datagram Contains at Least 20 Bytes

Add a note here The IP datagram fields are as follows:

  • Add a note here Version (4 bits): Identifies the IP version—in this case, version 4.

  • Add a note here Header length (4 bits): The number of 32-bit words in the header (including the options).

  • Add a note here Type of service (ToS) (8 bits): Specifies how the datagram should be handled within the network. These bits mark traffic for a specific quality of service (QoS), which is further described in Chapter 4.

  • Add a note here Total length (16 bits): The total number of octets in the header and data fields.

  • Add a note here Identification (16 bits), flags (3 bits), and fragment offset (13 bits): Handle cases where a large datagram must be fragmented—split into multiple packets—to go through a network that cannot handle datagrams of that size.

  • Add a note here Time to Live (TTL) (8 bits): Ensures that datagrams do not loop endlessly in the network; this field must be decremented by 1 by each router that the datagram passes through.

  • Add a note here Protocol (8 bits): Indicates the upper-layer (Layer 4, the transport layer) protocol that the data is for. Therefore, this field might indicate the type of segment that the datagram is carrying, similar to how the port number field in the UDP and TCP segments indicates the type of application that the segment is carrying. A protocol number of 6 means that the datagram is carrying a TCP segment, whereas a protocol number of 17 means that the datagram is carrying a UDP segment. The protocol may have other values, such as a value indicating that traffic from a specific routing protocol is being carried inside the datagram.

  • Add a note here Header checksum (16 bits): Ensures that the header is received correctly.

  • Add a note here Source and destination IP addresses (32 bits each): Logical IP addresses assigned to the source and destination of the datagram, respectively. IP addresses are introduced later in this chapter, in the “Addressing” section.

  • Add a note here IP options and padding (variable length; 0 or a multiple of 32 bits): Used for network testing and debugging.

  • Add a note here Data (variable): The upper-layer (transport layer) data.

Add a note here TCP/IP-Related Data Link Layer Protocol

Add a note hereThe TCP/IP data link layer corresponds to the OSI data link layer. It includes the Address Resolution Protocol (ARP) to request the MAC address (the data link layer physical address) for a given IP address. The returned MAC address is used as the destination address in the frames that encapsulate the packets of data being routed to the destination IP address.


Routing

Add a note hereThis section examines how routers work and introduces routing tables and routing protocols. Routers work at the OSI model network layer. The main functions of a router are first to determine the best path that each packet should take to get to its destination and second to send the packet on its way. Sending the packet out the appropriate interface, along the best path, is also called switching the packet because the packet is encapsulated in a new frame, with the appropriate framing information.

Add a note hereTherefore, a router’s job is much like that of a worker at a post office. The postal worker looks at the address label on the letter (the network layer address on the packet), determines which way the letter (the packet) should be sent, and then sends it. The comparison between the post office and a router is illustrated in Figure 1-11.

Click to collapse
Add a note hereFigure 1-11: A Router Behaves Much Like a Worker at a Post Office

Note

Add a note here This discussion of routers is concerned with the traditional role of routers in a network, at the OSI model network layer. Routers are now taking on more functions—for example, in QoS and security areas; these other functions are described in the relevant chapters throughout this book.

Add a note here Routers Work at the Lower Three OSI Layers

Add a note hereThe router doesn’t care what is in the higher layers—what kind of data is in the packet. The router is just responsible for sending the packet the correct way. The router does have to be concerned with the data link and physical layers, though, because it might have to receive and send data on different media. For example, a packet received on an Ethernet LAN might have to be sent out on a Frame Relay WAN, requiring the router to know how to communicate on both these types of media. In terms of layers, therefore, a router unencapsulates received data up to the network layer and then encapsulates the data again into the appropriate frame and bit types. This process is illustrated in Figure 1-12, where the PC on the left is sending data to the PC on the right. The routers have determined that the path marked with the arrows is the best path between the PCs.

Click to collapse
Add a note hereFigure 1-12: Router Works at the Network Layer

Add a note hereIn this figure, notice that only the two PCs care about the upper layers, whereas all the routers in the path concern themselves with only the lower three layers.

Add a note here Routing Tables

Add a note hereTo determine the best path on which to send a packet, a router must know where the packet’s destination network is.

Add a note here However routes are learned, routers keep the best path (or multiple best paths) to each destination in a routing table. A routing table contains a list of all the networks that a router knows how to reach. For each network, the routing table typically contains the following items:

  • Add a note hereHow the route to the network was learned (for example, statically or by using a routing protocol).

  • Add a note hereThe network address of the router from which the route to the network was learned (if applicable).

  • Add a note hereThe interface (port) on the router through which the network can be reached.

  • Add a note hereThe metric of the route. The metric is a measurement, such as the number of other routers that the path goes through, that routing protocols use when determining the best path.


Note

Add a note hereThe path that the router determines is the best depends on the routing protocol in use. For example, some routing protocols define best as the path that goes through the fewest other routers (the fewest hops), whereas others define best as the path with the highest bandwidth.

Add a note hereFor example, in the network shown in Figure 1-13, the metric used is hops—the number of other routers between this router and the destination network. Both routers know about all three networks. Router X, on the left, knows about networks A and B because it is connected to them (hence the metric of 0) and knows about network C from Router Y (hence the metric of 1). Router Y, on the right, knows about networks B and C because it is connected to them (hence the metric of 0) and knows about network A from Router X (hence the metric of 1).

Image from book
Add a note hereFigure 1-13: Routers Keep Routing Information in Routing Tables

Add a note here Routing Protocols

Add a note here Routers use routing protocols to exchange routing information. Routing protocols allow routers to learn from other routers the networks that are available so that data can be sent in the correct direction. Remember that two routers communicating with each other must use the same routing protocol or they can’t understand each other.

Add a note hereThe TCP/IP protocol suite includes the following routing protocols:

  • Add a note hereRouting Information Protocol (RIP), versions 1 and 2 (RIPv1 and RIPv2)

  • Add a note hereEnhanced Interior Gateway Routing Protocol (EIGRP)

  • Add a note hereOpen Shortest Path First (OSPF)

  • Add a note hereIntegrated Intermediate System-to-Intermediate System (IS-IS)

  • Add a note hereBorder Gateway Protocol (BGP) Version 4 (BGP-4)


Note

Add a note hereThese routing protocols are discussed further in Chapter 7, “Selecting Routing Protocols for the Network.”

Add a note hereThe previous sections introduced the basics of routing and how routers learn about the available networks so that data can be sent along the correct path. Routers look at the packet’s destination address to determine where the packet is going so that they can then select the best route to get the packet there. The following section discusses these addresses.

No comments:

Post a Comment