Chapter 1: Building a Simple Network

Cisco Press

To understand how networks function, you need to become familiar with the basic elements of a network. This chapter explains networks by introducing fundamental computer and network concepts and the characteristics, functions, benefits, metrics, and attributes used to describe network features and performance. This chapter also introduces the Open System Interconnection (OSI) reference model, data communications terms and concepts, and the TCP/IP protocol, which serves as the de facto standard for most of today's computer networks. Finally, this chapter provides you with an opportunity to connect two PCs in a point-to-point serial network.

What Is a Network?

The first task in understanding how to build a computer network is defining what a network is and understanding how it is used to help a business meet its objectives. A network is a connected collection of devices and end systems, such as computers and servers, that can communicate with each other.

Networks carry data in many types of environments, including homes, small businesses, and large enterprises. In a large enterprise, a number of locations might need to communicate with each other, and you can describe those locations as follows:

  • Main office: A main office is a site where everyone is connected via a network and where the bulk of corporate information is located. A main office can have hundreds or even thousands of people who depend on network access to do their jobs. A main office might use several connected networks, which can span many floors in an office building or cover a campus that contains several buildings.

  • Remote locations: A variety of remote access locations use networks to connect to the main office or to each other.

  • Branch offices: In branch offices, smaller groups of people work and communicate with each other via a network. Although some corporate information might be stored at a branch office, it is more likely that branch offices have local network resources, such as printers, but must access information directly from the main office.

  • Home offices: When individuals work from home, the location is called a home office. Home office workers often require on-demand connections to the main or branch offices to access information or to use network resources such as file servers.

  • Mobile users: Mobile users connect to the main office network while at the main office, at the branch office, or traveling. The network access needs of mobile users are based on where the mobile users are located.

Figure 1-1 shows some of the common locations of networks that can be used to connect users to business applications.

Figure 1-1

Figure 1-1

Network Locations

Many different types and locations of networks exist. You might use a network in your home or home office to communicate via the Internet, to locate information, to place orders for merchandise, and to send messages to friends. You might have work in a small office that is set up with a network that connects other computers and printers in the office. You might work in a large enterprise in which many computers, printers, storage devices, and servers communicate and store information from many departments over large geographic areas. All of these networks share many common components.

Common Physical Components of a Network

The physical components are the hardware devices that are interconnected to form a computer network. Depending on the size of the network, the number and size of these components varies, but most computer networks consist of the basic components shown in Figure 1-2.

Figure 1-2

Figure 1-2

Common Network Components

These are the four major categories of physical components in a computer network:

  • Personal computers (PCs): The PCs serve as endpoints in the network, sending and receiving data.

  • Interconnections: The interconnections consist of components that provide a means for data to travel from one point to another point in the network. This category includes components such as the following:

    • Network interface cards (NICs) that translate the data produced by the computer into a format that can be transmitted over the local network

    • Network media, such as cables or wireless media, that provide the means by which the signals are transmitted from one networked device to another

    • Connectors that provide the connection points for the media

  • Switches: Switches are devices that provide network attachment to the end systems and intelligent switching of the data within the local network.

  • Routers: Routers interconnect networks and choose the best paths between networks.

Interpreting a Network Diagram

When designing and describing a computer network, you use a drawing or diagram to describe the physical components and how they are interconnected.

The network diagram uses common symbols to capture information related to the network for planning, reference, and troubleshooting purposes. The amount of information and the details of that information differ from organization to organization. The network topology is commonly represented by a series of lines and icons. Figure 1-3 shows a typical network diagram.

In this diagram:

  • A cloud represents the Internet or WAN connection.

  • A cylinder with arrows represents a router.

  • A rectangular box with arrows represents a workgroup switch.

  • A tower PC represents a server.

  • A laptop or computer and monitor represent an end user PC.

  • A straight line represents an Ethernet link.

  • A Z-shaped line represents a serial link.

Figure 1-3

Figure 1-3

Typical Network Diagram

Other information can be included as space allows. For example, it is sometimes desirable to identify the interface on a device in the format of s0/0/0 for a serial interface or fa0/0 for a Fast Ethernet interface. It is also common to include the network address of the segment in the format such as 10.1.1.0/24, where 10.1.1.0 indicates the network address and /24 indicates the subnet mask.

Resource-Sharing Functions and Benefits

The main functions of computer networks in business today are to simplify and streamline business processes through the use of data and application sharing. Networks enable end users to share both information and hardware resources. By providing this interconnection between the users and common sets of data, businesses can make more efficient use of their resources. The major resources that are shared in a computer network include the following:

  • Data and applications: When users are connected through a network, they can share files and even software application programs, making data more easily available and promoting more efficient collaboration on work projects.

  • Physical resources: The resources that can be shared include both input devices, such as cameras, and output devices, such as printers.

  • Network storage: Today the network makes storage available to users in several ways. Direct attached storage (DAS) directly connects physical storage to a PC or a shared server. Network attached storage (NAS) makes storage available through a special network appliance. Finally, storage area networks (SAN) provide a network of storage devices.

  • Backup devices: A network can also include backup devices, such as tape drives, that provide a central means to save files from multiple computers. Network storage is also used to provide archive capability, business continuance, and disaster recovery.

Figure 1-4 shows some common shared resources.

Figure 1-4

Figure 1-4

Shared Resources

The overall benefit to users who are connected by a network is an efficiency of operation through commonly available components used in everyday tasks, sharing files, printing, and storing data. This efficiency results in reduced expenditures and increased productivity.

In recent years, the open access to devices that was once pervasive in networking has been replaced with a need for caution. There have been many well-advertised acts of "cyber vandalism," in which both end systems and network devices have been broken into; therefore, the need for network security has to be balanced with the need for connectivity.

Network User Applications

The key to utilizing multiple resources on a data network is having applications that are aware of these communication mechanisms. Although many applications are available for users in a network environment, some applications are common to nearly all users.

The most common network user applications include the following:

  • E-mail: E-mail is a valuable application for most network users. Users can communicate information (messages and files) electronically in a timely manner, to not only other users in the same network but also other users outside the network (suppliers, information resources, and customers, for example). Examples of e-mail programs include Microsoft Outlook and Eudora by Qualcomm.

  • Web browser: A web browser enables access to the Internet through a common interface. The Internet provides a wealth of information and has become vital to the productivity of both home and business users. Communicating with suppliers and customers, handling orders and fulfillment, and locating information are now routinely done electronically over the Internet, which saves time and increases overall productivity. The most commonly used browsers are Microsoft Internet Explorer, Netscape Navigator, Mozilla, and Firefox.

  • Instant messaging: Instant messaging started in the personal user-to-user space; however, it soon provided considerable benefit in the corporate world. Now many instant messaging applications, such as those provided by AOL and Yahoo!, provide data encryption and logging, features essential for corporate use.

  • Collaboration: Working together as individuals or groups is greatly facilitated when the collaborators are on a network. Individuals creating separate parts of an annual report or a business plan, for example, can either transmit their data files to a central resource for compilation or use a workgroup software application to create and modify the entire document, without any exchange of paper. One of the best-known traditional collaboration software programs is Lotus Notes. A more modern web-based collaboration application is a wiki.

  • Database: This type of application enables users on a network to store information in central locations (such as storage devices) so that others on the network can easily retrieve selected information in the formats that are most useful to them. Some of the most common databases used in enterprises today are Oracle and Microsoft SQL Server.

The Impact of User Applications on the Network

The key to user applications is that they enable users to be connected to one another through the various types of software. As a business begins to rely on these applications as part of the day-to-day business process, the network that the applications operate in becomes a critical part of the business. A special relationship exists between these applications and the network. The applications can affect network performance, and network performance can affect applications. Therefore, you need to understand some common interactions between user applications and the network. Figure 1-5 characterizes some of the interactions for different types of applications.

Figure 1-5

Figure 1-5

Application Interaction

Historically, when the interaction between the network and the applications that ran on the network was considered, bandwidth was the main concern. Batch applications such as FTP, TFTP, and inventory updates, which simply used the network to transfer bulk data between systems, would be initiated by a user and then run to completion by the software with no further direct human interaction. Bandwidth was important but not critical because little human interaction occurred. As long as the time the application took to complete did not become excessive, no one really cared.

Interactive applications, such as Enterprise Resource Planning (ERP) software, perform tasks, such as inventory inquiries and database updates, that require more human interaction. The user requests some type of information from the server and then waits for a reply. With these types of applications, bandwidth becomes more important because users are intolerant of slow responses. However, application response is not solely dependant on the bandwidth of the network; the server and storage devices also play a part. However, in cases where the network becomes a problem, other features such as quality of service (QoS) can alleviate some bandwidth limitations by giving the traffic from interactive applications preference over batch applications.

Another type of application that can be affected heavily by the network is a real-time application. Like interactive applications, real-time applications such as Voice over IP (VoIP) and video applications involve human interaction. Because of the amount of information that is transmitted, bandwidth is critical. In addition, because these applications are time-critical, latency (delay through the network) is critical. Even variations in the amount of latency (jitter) can affect the application. Not only is proper bandwidth mandatory, but QoS is also mandatory. VoIP and video applications must be given the highest priority.

In today's environment, the end user is bombarded with ads indicating how much money can be saved by converting to VoIP and how installation is as easy as dropping a VoIP router into the network. Although this is often true in the home network, it can result in disaster in a small office network. Applications that used to work start to run so slowly that they are unusable, for example, when someone is on the phone, and voice quality is poor. This type of implementation does not provide enough bandwidth to the Internet, nor does it provide a proper QoS scheme.

Both issues can be overcome with proper network design.

Characteristics of a Network

Many characteristics are commonly used to describe and compare various network designs. When you are determining how to build a network, each of these characteristics must be considered along with the applications that will be running on the network. The key to building the best network is to achieve a balance of these characteristics.

Networks can be described and compared according to network performance and structure, as follows:

  • Speed: Speed is a measure of how fast data is transmitted over the network. A more precise term would be data rate.

  • Cost: Cost indicates the general cost of components, installation, and maintenance of the network.

  • Security: Security indicates how secure the network is, including the data that is transmitted over the network. The subject of security is important and constantly evolving. You should consider security whenever you take actions that affect the network.

  • Availability: Availability is a measure of the probability that the network will be available for use when required. For networks that are meant to be used 24 hours a day, 7 days a week, 365 days a year, availability is calculated by dividing the time it is actually available by the total time in a year and then multiplying by 100 to get a percentage.

    For example, if a network is unavailable for 15 minutes a year because of network outages, its percentage availability can be calculated as follows:

    ([Number of minutes in a year – downtime] / [Number of minutes in a year]) * 100 = Percentage availability

    ([525600 – 15] / [525600]) * 100 = 99.9971

  • Scalability: Scalability indicates how well the network can accommodate more users and data transmission requirements. If a network is designed and optimized for just the current requirements, it can be very expensive and difficult to meet new needs when the network grows.

  • Reliability: Reliability indicates the dependability of the components (routers, switches, PCs, and so on) that make up the network. Reliability is often measured as a probability of failure, or mean time between failures (MTBF).

  • Topology: Networks have two types of topologies: the physical topology, which is the arrangement of the cable, network devices, and end systems (PCs and servers), and the logical topology, which is the path that the data signals take through the physical topology.

These characteristics and attributes provide a means to compare different networking solutions. Increasingly, features such as security, availability, scalability, and reliability have become the focus of many network designs because of the importance of the network to the business process.

Physical Versus Logical Topologies

Building a reliable and scalable network depends on the physical and logical topology. Topology defines the interconnection method used between devices including the layout of the cabling and the primary and backup paths used in data transmissions. As previously mentioned, each type of network has both a physical and a logical topology.

Physical Topologies

The physical topology of a network refers to the physical layout of the devices and cabling. You must match the appropriate physical topology to the type of cabling that will be installed. Therefore, understanding the type of cabling used is important to understanding each type of physical topology. Here are the three primary categories of physical topologies:

  • Bus: Computers and other network devices are cabled together in a line.

  • Ring: Computers and other network devices are cabled together with the last device connected to the first to form a circle, or ring. This category includes both ring and dual-ring topologies.

  • Star: A central cabling device connects the computers and other network devices. This category includes both star and extended-star topologies.

Figure 1-6 shows some common physical topologies used in networking.

Figure 1-6

Figure 1-6

Common Physical Topologies

Logical Topologies

The logical topology of a network refers to the logical paths that the signals use to travel from one point on the network to another—that is, the way in which data accesses the network media and transmits packets across it.

The physical and logical topologies of a network can be the same. For example, in a network physically shaped as a linear bus, the data travels along the length of the cable. Therefore, the network has both a physical bus topology and a logical bus topology.

On the other hand, a network can have quite different physical and logical topologies. For example, a physical topology in the shape of a star, in which cable segments connect all computers to a central hub, can have a logical ring topology. Remember that in a ring, the data travels from one computer to the next, and inside the hub, the wiring connections are such that the signal actually travels around in a circle from one port to the next, creating a logical ring. Therefore, you cannot always predict how data travels in a network simply by observing its physical layout.

Star topology is by far the most common implementation of LANs today. Ethernet uses a logical bus topology in either a physical bus or a physical star. An Ethernet hub is an example of a physical star topology with a logical bus topology.

Figure 1-7 shows some common logical topologies used in networking.

Figure 1-7

Figure 1-7

Common Logical Topologies

Bus Topology

The bus topology is commonly referred to as a linear bus; all of the devices on a bus topology are effectively connected by one single cable.

As illustrated in Figure 1-8, in a bus topology, a cable proceeds from one computer to the next like a bus line going through a city. The main cable segment must end with a terminator that absorbs the signal when it reaches the end of the line or wire. If no terminator exists, the electrical signal representing the data bounces back at the end of the wire, causing errors in the network. An example of a physical bus topology is a Thicknet Ethernet cable running through the length of a building with devices taped into it, though this is an antiquated connection method that is no longer used. An example of a logical bus topology is an Ethernet hub.

Figure 1-8

Figure 1-8

Bus Topology

Star and Extended-Star Topologies

The star topology is the most common physical topology in Ethernet LANs. When a star network is expanded to include an additional network device that is connected to the main network devices, the topology is referred to as an extended-star topology. The following sections describe both the star and extended-star topologies.

Star Topology

When installed, the star topology resembles spokes in a bicycle wheel. It is made up of a central connection point that is a device, such as a hub, switch, or router, where all the cabling segments actually meet. Each device on the network is connected to the central device with its own cable.

Although a physical star topology costs more to implement than the physical bus topology, the advantages of a physical star topology make it worth the additional cost. Each device is connected to the central device with its own wire, so that if that cable has a problem, only that one device is affected, and the rest of the network remains operational. This benefit is important and is the reason why almost every newly designed Ethernet LAN has a physical star topology. Figure 1-9 depicts a star topology with all transmissions going through a single point.

Extended-Star Topology

A common deployment of an extended-star topology is in a hierarchical design such as a WAN or an Enterprise or a Campus LAN. Figure 1-10 shows the topology of an extended star.

Figure 1-9

Figure 1-9

Topology

Figure 1-10

Figure 1-10

Extended Star Topology

The problem with the pure extended-star topology is that if the central node point fails, large portions of the network can become isolated. For this reason, most extended-star topologies employ a redundant connection to a separate set of connection devices to prevent isolation in the event of a device failure.

Ring Topologies

As the name implies, in a ring topology all the devices on a network are connected in the form of a ring or circle. Unlike the physical bus topology, a ring type of topology has no beginning or end that needs to be terminated. Data is transmitted in a way that is different from the logical bus topology. In one implementation, a "token" travels around the ring, stopping at each device. If a device wants to transmit data, it adds that data and the destination address to the token. The token then continues around the ring until it finds the destination device, which takes the data out of the token. The advantage of using this type of method is that no collisions of data packets occur. Two types of ring topology exist: single-ring and dual-ring.

Single-Ring Topology

In a single-ring topology, all the devices on the network share a single cable, and the data travels in one direction only. Each device waits its turn to send data over the network. The single ring, however, is susceptible to a single failure, stopping the entire ring from functioning. Figure 1-11 shows the traffic flow in a single-ring topology.

Figure 1-11

Figure 1-11

Traffic Flow in a Single-Ring Topology

Dual-Ring Topology

In a dual-ring topology, two rings allow data to be sent in both directions. This setup creates redundancy (fault tolerance), meaning that if one ring fails, data can be transmitted on the other ring. Figure 1-12 shows the traffic flow in a typical dual-ring topology.

Figure 1-12

Figure 1-12

Traffic Flow in a Dual-Ring Topology

Mesh and Partial-Mesh Topologies

Another type of topology that is similar to the star topology is mesh topology. Mesh topology provides redundancy between devices in a star topology. A network can be fully meshed or partially meshed depending on the level of redundancy needed. This type of topology helps improve network availability and reliability. However, it increases cost and can limit scalability, so you need to exercise care when meshing.

Full-Mesh Topology

The full-mesh topology connects all devices (or nodes) to one another for redundancy and fault tolerance. Implementing a full-mesh topology is expensive and difficult. This method is the most resistant to failures because the failure of any single link does not affect reachability in the network.

Figure 1-13 shows the connections in a full-mesh topology.

Figure 1-13

Figure 1-13

Full-Mesh Topology

Partial-Mesh Topology

In a partial-mesh topology, at least one device maintains multiple connections to all other devices, without having all other devices fully meshed. This method trades off the cost of meshing all devices by allowing the network designer to choose which nodes are the most critical and appropriately interconnect them.

Figure 1-14 shows an example of a partial-mesh topology.

Figure 1-14

Figure 1-14

Partial-Mesh Topology

Connection to the Internet

Another key component for most business users today is a connection to the Internet. An Internet connection is a WAN connection, but small- to medium-sized computer networks can use various methods and topologies to interconnect to the Internet.

You have three common methods of connecting the small office to the Internet. Digital subscriber line (DSL) uses the existing telephone lines as the infrastructure to carry the signal. Cable uses the cable television (CATV) infrastructure. Serial uses the classic digital local loops.

In the case of DSL and cable, the incoming lines are terminated into a modem that converts the incoming digital encoding into a digital format for the router to process. In the case of serial this is done by channel service unit (CSU)/digital service unit (DSU). In all three cases (DSL, cable, and serial), the digital output is sent to a router that is part of the customer premises equipment (CPE). Figure 1-15 shows the equipment placement for these different connection methods.

Figure 1-15

Figure 1-15

Common Internet Connections Methods

Summary of Exploring the Functions of Networking

The key purpose of this section was to get a basic understanding of the key components in a computer network and how the network is used by business. The main points are as follows:

  • A network is a connected collection of computing devices that communicate with each other to carry data in homes, small businesses, and enterprise environments.

  • You have four major categories of physical components in a computer network: the computer, interconnections, switches, and routers.

  • The major resources that are shared in a computer network include data and applications, physical resources, storage devices, and backup devices.

  • The most common network user applications include e-mail, web browsers, instant messaging, collaboration, and databases.

  • The terms that describe networks include characteristics around network performance and structure such as speed, cost, security, availability, scalability, reliability, and topology.

  • A physical topology describes the layout for wiring the physical devices, while a logical topology describes how information flows to devices within the networks.

  • In a physical bus topology, a single cable connects all the devices together.

  • In a physical star topology, each device in the network is connected to central device with its own cable.

  • When a star network is expanded to include additional networking devices that are connected to the main networking device, it is called an extended-star topology.

  • In a ring topology, all the hosts are connected to one another in the form of a ring or circle. A dual-ring topology provides a second ring for redundancy.

  • A full-mesh topology connects all devices to each other for redundancy, while a partial-mesh topology provides multiple connections for only some devices.

Securing the Network

Security is a fundamental component of every network design. When planning, building, and operating a network, you should understand the importance of a strong security policy. How important is it to have a strong network security policy? The Computer Security Institute (CSI) produced a report from the "Computer Crime and Security Survey" that provided an updated look at the impact of computer crime in the United States. One of the major participants was the San Francisco Federal Bureau of Investigation (FBI) Computer Intrusion Squad. Based on responses from over 700 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions, and universities, the survey confirms that the threat from computer crime and other information security breaches continues unabated and that the financial toll is mounting.

The application of an effective security policy is the most important step that an organization must take to protect itself. An effective security policy is the foundation for all of the activities undertaken to secure network resources.

Need for Network Security

In the past, hackers were highly skilled programmers who understood the intricacies of computer communications and how to exploit vulnerabilities. Today almost anyone can become a hacker by downloading tools from the Internet. These sophisticated attack tools and generally open networks have generated an increased need for network security and dynamic security policies.

The easiest way to protect a network from an outside attack is to close it off completely from the outside world. A closed network provides connectivity only to trusted known parties and sites; a closed network does not allow a connection to public networks. Figure 1-16 shows an example of a closed network.

Because they have no Internet connectivity, networks designed in this way can be considered safe from Internet attacks. However, internal threats still exist. The CSI in San Francisco, California, estimates that 60 to 80 percent of network misuse comes from inside the enterprise where the misuse has taken place.

Today, corporate networks require access to the Internet and other public networks. Most of these networks have several access points to public and other private networks, as shown in Figure 1-17. Securing open networks is important.

Figure 1-16

Figure 1-16

Closed Network

As previously mentioned, one of the challenges to security is that hacking a network has become easier for those with little or no computer skills. Figure 1-18 illustrates how the increasing sophistication of hacking tools and the decreasing skill needed to use these tools have combined to pose increasing threats to open networks.

Figure 1-17

Figure 1-17

Open Network

Figure 1-18

Figure 1-18

Hacking Skills Matrix

With the development of large open networks, security threats have increased significantly in the past 20 years. Hackers have discovered more network vulnerabilities, and because you can now download applications that require little or no hacking knowledge to implement, applications intended for troubleshooting and maintaining and optimizing networks can, in the wrong hands, be used maliciously and pose severe threats.

Balancing Network Security Requirements

The overall security challenge is to find a balance between two important needs: open networks to support evolving business requirements and freedom-of-information initiatives versus the protection of private, personal, and strategic business information. Figure 1-19 shows the relationship between expanding the business value and increasing security risks.

Security has moved to the forefront of network management and implementation. The survival of many businesses depends on allowing open access to network resources and ensuring that data and resources are as secure as possible. The escalating importance of e-business and the need for private data to traverse potentially unsafe public networks both increase the need for the development and implementation of a corporate-wide network security policy. Establishing a network security policy should be the first step in changing a network over to a secure infrastructure.

Figure 1-19

Figure 1-19

Security Challenge

The Internet has created expectations for a company to build stronger relationships with customers, suppliers, partners, and employees. E-business challenges companies to become more agile and competitive. The benefit of this challenge is that new applications for e-commerce, supply chain management, customer care, workforce optimization, and e-learning have been created. These applications streamline and improve processes, lowering costs while increasing turnaround times and user satisfaction.

As enterprise network managers open their networks to more users and applications, they also expose the networks to greater risks. The result has been an increase in business security requirements. Security must be included as a fundamental component of any e-business strategy.

E-business requires mission-critical networks that can accommodate ever-increasing constituencies and ever-increasing demands on capacity and performance. These networks also need to handle voice, video, and data traffic as networks converge into multiservice environments.

Adversaries, Hacker Motivations, and Classes of Attack

To defend against attacks on information and information systems, organizations must define the threat in these three terms:

  • Adversaries: Potential adversaries might include nation-states, terrorists, criminals, hackers, disgruntled employees, and corporate competitors.

  • Hacker motivations: Hackers' motivations might include intelligence gathering, the theft of intellectual property, denial of service (DoS), the embarrassment of the company or clients, or the challenge of exploiting a notable target.

  • Classes of attack: Classes of attack might include passive monitoring of communications, active network attacks, close-in attacks, exploitation by insiders, and attacks through the service provider.

Information systems and networks offer attractive targets and should be resistant to attack from the full range of threat agents, from hackers to nation-states. A system must be able to limit damage and recover rapidly when attacks occur.

Classes of Attack

There are five classes of attack:

  • Passive: Passive attacks include traffic analysis, monitoring of unprotected communications, decrypting weakly encrypted traffic, and capturing authentication information such as passwords. Passive interception of network operations enables adversaries to see upcoming actions. Passive attacks result in the disclosure of information or data files to an attacker without the consent or knowledge of the user. Examples include the disclosure of personal information such as credit card numbers and medical files.

  • Active: Active attacks include attempts to circumvent or break protection features, to introduce malicious code, and to steal or modify information. These attacks are mounted against a network backbone, exploit information in transit, electronically penetrate an enclave, or attack an authorized remote user during an attempt to connect to an enclave. Active attacks result in the disclosure or dissemination of data files, DoS, or modification of data.

  • Close-in: Close-in attacks consist of regular individuals attaining close physical proximity to networks, systems, or facilities for the purpose of modifying, gathering, or denying access to information. Close physical proximity is achieved through surreptitious entry into the network, open access, or both.

  • Insider: Insider attacks can be malicious or nonmalicious. Malicious insiders intentionally eavesdrop, steal, or damage information; use information in a fraudulent manner; or deny access to other authorized users. Nonmalicious attacks typically result from carelessness, lack of knowledge, or intentional circumvention of security for such reasons as performing a task.

  • Distributed: Distribution attacks focus on the malicious modification of hardware or software at the factory or during distribution. These attacks introduce malicious code such as a back door to a product to gain unauthorized access to information or to a system function at a later date.

Mitigating Common Threats

Improper and incomplete network device installation is an often-overlooked security threat that, if left unaddressed, can have dire results. Software-based security measures alone cannot prevent premeditated or even accidental network damage caused by poor installation. The following sections describe how to mitigate common security threats to Cisco routers and switches.

Physical Installations

Hardware threats involve threats of physical damage to the router or switch hardware. Mission-critical Cisco network equipment should be located in wiring closets or in computer or telecommunications rooms that meet these minimum requirements:

  • The room must be locked with only authorized personnel allowed access.

  • The room should not be accessible via a dropped ceiling, raised floor, window, ductwork, or point of entry other than the secured access point.

  • If possible, use electronic access control with all entry attempts logged by security systems and monitored by security personnel.

  • If possible, security personnel should monitor activity via security cameras with automatic recording.

Environmental threats, such as temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry), also require mitigation. Take these actions to limit environmental damage to Cisco network devices:

  • Supply the room with dependable temperature and humidity control systems. Always verify the recommended environmental parameters of the Cisco network equipment with the supplied product documentation.

  • Remove any sources of electrostatic and magnetic interference in the room.

  • If possible, remotely monitor and alarm the environmental parameters of the room.

Electrical threats, such as voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss, can be limited by adhering to these guidelines:

  • Install uninterruptible power supply (UPS) systems for mission-critical Cisco network devices.

  • Install backup generator systems for mission-critical supplies.

  • Plan for and initiate regular UPS or generator testing and maintenance procedures based on the manufacturer-suggested preventative maintenance schedule.

  • Install redundant power supplies on critical devices.

  • Monitor and alarm power-related parameters at the power supply and device levels.

Maintenance threats include poor handling of key electronic components, electrostatic discharge (ESD), lack of critical spares, poor cabling, poor labeling, and so on. Maintenance-related threats are a broad category that includes many items. Follow the general rules listed here to prevent maintenance-related threats:

  • Clearly label all equipment cabling and secure the cabling to equipment racks to prevent accidental damage, disconnection, or incorrect termination.

  • Use cable runs, raceways, or both to traverse rack-to-ceiling or rack-to-rack connections.

  • Always follow ESD procedures when replacing or working with internal router and switch device components.

  • Maintain a stock of critical spares for emergency use.

  • Do not leave a console connected to and logged into any console port. Always log off administrative interfaces when leaving a station.

  • Do not rely upon a locked room as the only necessary protection for a device. Always remember that no room is ever totally secure. After intruders are inside a secure room, nothing is left to stop them from connecting a terminal to the console port of a Cisco router or switch.

Reconnaissance Attacks

Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. Reconnaissance is also known as information gathering and, in most cases, precedes an actual access or DoS attack. First, the malicious intruder typically conducts a ping sweep of the target network to determine which IP addresses are alive. Then the intruder determines which services or ports are active on the live IP addresses. From this information, the intruder queries the ports to determine the type and version of the application and operating system running on the target host.

Reconnaissance is somewhat analogous to a thief investigating a neighborhood for vulnerable homes, such as an unoccupied residence or a house with an easy-to-open door or window. In many cases, intruders look for vulnerable services that they can exploit later when less likelihood that anyone is looking exists.

Access Attacks

Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information.

Password Attacks

A password attack usually refers to repeated attempts to identify a user account, password, or both. These repeated attempts are called brute-force attacks. Password attacks are implemented using other methods, too, including Trojan horse programs, IP spoofing, and packet sniffers.

A security risk lies in the fact that passwords are stored as plaintext. You need to encrypt passwords to overcome risks. On most systems, passwords are processed through an encryption algorithm that generates a one-way hash on passwords. You cannot reverse a one-way hash back to its original text. Most systems do not decrypt the stored password during authentication; they store the one-way hash. During the login process, you supply an account and password, and the password encryption algorithm generates a one-way hash. The algorithm compares this hash to the hash stored on the system. If the hashes are the same, the algorithm assumes that the user supplied the proper password.

Remember that passing the password through an algorithm results in a password hash. The hash is not the encrypted password, but rather a result of the algorithm. The strength of the hash is that the hash value can be recreated only with the original user and password information and that retrieving the original information from the hash is impossible. This strength makes hashes perfect for encoding passwords for storage. In granting authorization, the hashes, rather than the plain password, are calculated and compared.

Password attack threat-mitigation methods include these guidelines:

  • Do not allow users to have the same password on multiple systems. Most users have the same password for each system they access, as well as for their personal systems.

  • Disable accounts after a specific number of unsuccessful logins. This practice helps to prevent continuous password attempts.

  • Do not use plaintext passwords. Use either a one-time password (OTP) or an encrypted password.

  • Use strong passwords. Strong passwords are at least eight characters long and contain uppercase letters, lowercase letters, numbers, and special characters. Many systems now provide strong password support and can restrict users to strong passwords only.

Summary of Securing the Network

Security is an important part of any computer network. When you are building a network, a strong security policy should be part of the foundation. The following items represent a summary of considerations for building a strong security policy:

  • Sophisticated attack tools and open networks continue to generate an increased need for network security policies and infrastructure to protect organizations from internally and externally based attacks.

  • Organizations must balance network security needs against e-business processes, legal issues, and government policies. Establishing a network security policy is the first step in changing a network over to a secure infrastructure.

  • The strategy of information assurance affects network architecture.

  • Providing physical installation security for network devices is very important.

  • Network devices should be protected against password attacks through controlled access methods and strong passwords.

References

For additional information regarding network security, refer to these resources:

  • Much of the material in this lesson comes from readily available documents provided by many government agencies.

  • The Information Assurance Technical Framework Forum (IATFF) is a National Security Agency (NSA)–sponsored outreach activity created to foster dialog aimed at seeking solutions for information assurance problems. The IATFF website can be found at http://www.iatf.net.

Understanding the Host-to-Host Communications Model

The Open Systems Interconnection (OSI) reference model was created to help define how network processes function in general, including the various components of networks and transmission of data. Understanding the structure and purpose of the OSI model is central to understanding how one host communicates with another. This section introduces the OSI model and describes each of its layers. Remember that this is a reference model to provide a framework for building protocols and to help people understand the process around network communications and not a communications standard in itself.


Note - This section is a discussion of the OSI reference model and not the OSI protocol.


No matter what type of connectivity, operating system, or network services interconnect computers and computer networks, the fact still remains that for these devices to communicate, some rules must exist. Like any system of communication, rules govern how the communication must take place. Also, some medium for the communication to take place over exists. For example, a language has rules for the formation of sentences using basic words. This language can be used for verbal communication, using air as the medium, or written communication, using paper as the medium.

Most languages have rules that specify how words are put together and then how they are spoken or written. In many western languages, words are written from left to right, but in some eastern languages words are written from right to left or even top to bottom. To be able to effectively communicate, you must understand how to read the words and in what order to read them.

Many of the computers and operating systems within an organization are manufactured by different companies and use different types of programs to operate; however, if these systems are going to communicate with one another, they must use a common set of rules for data communications. The rules that define how systems talk to one another are called protocols.

Many internetworking protocols can be used to establish communications paths between systems, and each of these protocols provides very similar functions. To provide a way to establish some common and open rules for building a data communications protocol, the International Organization for Standardization (ISO) created the OSI reference model.

The following sections describe the purpose of the OSI reference model and the TCP/IP protocol stack. You also learn how the OSI reference model facilitates data communication.

OSI Reference Model

The OSI reference model is the primary model for network communications. The early development of LANs, MANs, and WANs was chaotic in many ways. The early 1980s saw tremendous increases in the number and sizes of networks. As companies realized that they could save money and gain productivity by using networking technology, they added networks and expanded existing networks as rapidly as new network technologies and products were introduced.

By the mid-1980s, companies began to experience difficulties from all the expansions they had made. It became more difficult for networks using different specifications and implementations to communicate with each other. The companies realized that they needed to move away from proprietary networking systems, those systems that are privately developed, owned, and controlled.


Note - In the computer industry, proprietary is the opposite of open. Proprietary means that one company or a small group of companies controls all usage of the technology. Open means that free usage of the technology is available to the public.


To address the problem of networks being incompatible and unable to communicate with each other, the ISO researched different network schemes. As a result of this research, the ISO created a model that would help vendors create networks that would be compatible with, and operate with, other networks.

The OSI reference model, released in 1984, was the descriptive scheme that the ISO created. It provided vendors with a set of standards that ensured greater compatibility and interoperability between the various types of network technologies produced by companies around the world. Although other models exist, most network vendors today relate their products to the OSI reference model, especially when they want to educate customers on the use of their products. The OSI model is considered the best tool available for teaching people about sending and receiving data on a network.

The OSI reference model has seven layers, as shown in Figure 1-20, each illustrating a particular network function. This separation of networking functions is called layering. The OSI reference model defines the network functions that occur at each layer. More importantly, the OSI reference model facilitates an understanding of how information travels throughout a network. In addition, the OSI reference model describes how data travels from application programs (for example, spreadsheets), through a network medium, to an application program located in another computer, even if the sender and receiver are connected using different network media.

Figure 1-20

Figure 1-20

OSI Reference Model

Dividing the network into these seven layers provides these advantages:

  • Reduces complexity: It breaks network communication into smaller, simpler parts.

  • Standardizes interfaces: It standardizes network components to allow multiple vendor development and support.

  • Facilitates modular engineering: It allows different types of network hardware and software to communicate with each other.

  • Ensures interoperable technology: It prevents changes in one layer from affecting the other layers, allowing for quicker development.

  • Accelerates evolution: It provides for effective updates and improvements to individual components without affecting other components or having to rewrite the entire protocol.

  • Simplifies teaching and learning: It breaks network communication into smaller components to make learning easier.

The practice of moving information between computers is divided into seven techniques in the OSI reference model.

Each OSI layer contains a set of functions performed by programs to enable data to travel from a source to a destination on a network. The following sections provide brief descriptions of each layer in the OSI reference model.

Layer 7: The Application Layer

The application layer is the OSI layer that is closest to the user. This layer provides network services to the user's applications. It differs from the other layers in that it does not provide services to any other OSI layer, but only to applications outside the OSI reference model. The application layer establishes the availability of intended communication partners and synchronizes and establishes agreement on procedures for error recovery and control of data integrity.

Layer 6: The Presentation Layer

The presentation layer ensures the information that the application layer of one system sends out is readable by the application layer of another system. For example, a PC program communicates with another computer, one using extended binary coded decimal interchange code (EBCDIC) and the other using ASCII to represent the same characters. If necessary, the presentation layer might be able to translate between multiple data formats by using a common format.

Layer 5: The Session Layer

The session layer establishes, manages, and terminates sessions between two communicating hosts. It provides its services to the presentation layer. The session layer also synchronizes dialogue between the presentation layers of the two hosts and manages their data exchange. For example, web servers have many users, so many communication processes are open at a given time. Therefore, keeping track of which user communicates on which path is important. In addition to session regulation, the session layer offers provisions for efficient data transfer, class of service, and exception reporting of session layer, presentation layer, and application layer problems.

Layer 4: The Transport Layer

The transport layer segments data from the sending host's system and reassembles the data into a data stream on the receiving host's system. For example, business users in large corporations often transfer large files from field locations to a corporate site. Reliable delivery of the files is important, so the transport layer breaks down large files into smaller segments that are less likely to incur transmission problems.

The boundary between the transport layer and the session layer can be thought of as the boundary between application protocols and data-flow protocols. Whereas the application, presentation, and session layers are concerned with application issues, the lower four layers are concerned with data-transport issues.

The transport layer attempts to provide a data-transport service that shields the upper layers from transport implementation details. Specifically, issues such as reliability of transport between two hosts are the concern of the transport layer. In providing communication service, the transport layer establishes, maintains, and properly terminates virtual circuits. Transport error detection and recovery and information flow control provide reliable service.

Layer 3: The Network Layer

The network layer provides connectivity and path selection between two host systems that might be located on geographically separated networks. The growth of the Internet has increased the number of users accessing information from sites around the world, and the network layer manages this connectivity.

Layer 2: The Data Link Layer

The data link layer defines how data is formatted for transmission and how access to the network is controlled. This layer is responsible for defining how devices on a common media communicate with one another, including addressing and control signaling between devices.

Layer 1: The Physical Layer

The physical layer defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating the physical link between end systems. Characteristics such as voltage levels, timing of voltage changes, physical data rates, maximum transmission distances, physical connectors, and other similar attributes are defined by physical layer specifications.

Data Communications Process

All communications on a network originate at a source and are sent to a destination. A networking protocol using all or some of the layers listed in the OSI reference model move data between devices. Recall that Layer 7 is the part of the protocol that communicates with the application, and Layer 1 is the part of a protocol that communicates with the media. A data frame is able to travel across a computer network because of the layers of the protocol. The process of moving data from one device in a network is accomplished by passing information from applications down the protocol stack, adding an appropriate header at each layer of the model. This method of passing data down the stack and adding headers and trailers is called encapsulation. After the data is encapsulated and passed across the network, the receiving device removes the information added, using the messages in the header as directions as to how to pass the data up the stack to the appropriate application.

Data encapsulation is an important concept to networks. It is the function of like layers on each device, called peer layers, to communicate critical parameters such as addressing and control information.

Although encapsulation seems like an abstract concept, it is actually quite simple. Imagine that you want to send a coffee mug to a friend in another city. How will the mug get there? Basically, it will be transported on the road or through the air. You can't go outside and set the mug on the road or throw it up in the air and expect it to get there. You need a service to pick it up and deliver it. So, you call your favorite parcel carrier and give them the mug. But, that's not all. Here's the complete process:

Step 1Pack the mug in a box.
Step 2Place an address label on the box so the carrier knows where to deliver it.
Step 3Give the box to a parcel carrier.
Step 4The carrier drives it down the road toward its final destination.

This process is similar to the encapsulation method that protocol stacks use to send data across networks. After the package arrives, your friend has to reverse the process. He takes the package from the carrier, reads the label to see who it's from, and finally opens the box and removes the mug. The reverse of the encapsulation process is known as de-encapsulation. The next sections describe the encapsulation and de-encapsulation processes.

Encapsulation

As indicated in the previous section, encapsulation on a data network is similar to the process of sending that mug. However, instead of sending a coffee mug to a friend, you send information from an application from one device to another. The information sent on a network is referred to as data or data packets.

Encapsulation wraps data with the necessary protocol information before network transit. Therefore, as the data moves down through the layers of the OSI reference model, each OSI layer adds a header (and a trailer, if applicable) to the data before passing it down to a lower layer. The headers and trailers contain control information for the network devices and receiver to ensure proper delivery of the data and to ensure that the receiver can correctly interpret the data.

Figure 1-21 illustrates how encapsulation occurs. It shows the manner in which data travels through the layers. These steps occur to encapsulate data:

Step 1The user data is sent from an application to the application layer.
Step 2The application layer adds the application layer header (Layer 7 header) to the user data. The Layer 7 header and the original user data become the data that is passed down to the presentation layer.
Step 3The presentation layer adds the presentation layer header (Layer 6 header) to the data. This then becomes the data that is passed down to the session layer.
Step 4The session layer adds the session layer header (Layer 5 header) to the data. This then becomes the data that is passed down to the transport layer.
Step 5The transport layer adds the transport layer header (Layer 4 header) to the data. This then becomes the data that is passed down to the network layer.
Step 6The network layer adds the network layer header (Layer 3 header) to the data. This then becomes the data that is passed down to the data link layer.
Step 7The data link layer adds the data link layer header and trailer (Layer 2 header and trailer) to the data. A Layer 2 trailer is usually the frame check sequence (FCS), which is used by the receiver to detect whether the data is in error. This then becomes the data that is passed down to the physical layer.
Step 8The physical layer then transmits the bits onto the network media as defined by the media type.

Figure 1-21

Figure 1-21

Data Encapsulation

De-Encapsulation

When the remote device receives a sequence of bits, the physical layer at the remote device passes the bits to the data link layer for manipulation. The data link layer performs the following process, referred to as de-encapsulation:

Step 1It checks the data link trailer (the FCS) to see if the data is in error.
Step 2If the data is in error, it is discarded.
Step 3If the data is not in error, the data link layer reads and interprets the control information in the data link header.
Step 4It strips the data link header and trailer and then passes the remaining data up to the network layer based on the control information in the data link header.

Each subsequent layer performs a similar de-encapsulation process, as shown in Figure 1-22.

Think of de-encapsulation as the process of reading the address on a package to see whether it is for you and then opening and removing the contents of the package if it is addressed to you.

Figure 1-22

Figure 1-22

De-Encapsulation

Peer-to-Peer Communication

For data to travel from the source to the destination, each layer of the OSI reference model at the source must communicate with its peer layer at the destination. This form of communication is referred to as peer-to-peer communication. During this process, the protocols at each layer exchange information, called protocol data units (PDU), between peer layers, as shown in Figure 1-23.

Data packets on a network originate at a source and then travel to a destination. Each layer depends on the service function of the OSI layer below it. To provide this service, the lower layer uses encapsulation to put the PDU from the upper layer into its data field. It then adds whatever headers the layer needs to perform its function. As the data moves down through Layers 7 through 5 of the OSI reference model, additional headers are added. The grouping of data at the Layer 4 PDU is called a segment.

The network layer provides a service to the transport layer, and the transport layer presents data to the internetwork subsystem. The network layer moves the data through the internetwork by encapsulating the data and attaching a header to create a datagram (the Layer 3 PDU). The header contains information required to complete the transfer, such as source and destination logical addresses.

Figure 1-23

Figure 1-23

Peer-to-Peer Communication

The data link layer provides a service to the network layer by encapsulating the network layer datagram in a frame (the Layer 2 PDU). The frame header contains the physical addresses required to complete the data link functions, and the frame trailer contains the FCS.

The physical layer provides a service to the data link layer, encoding the data link frame into a pattern of 1s and 0s (bits) for transmission on the medium (usually a wire) at Layer 1.

Network devices such as hubs, switches, and routers work at the lower three layers. Hubs are at Layer 1, switches are at Layer 2, and routers are at Layer 3.

The TCP/IP Protocol Stack

The TCP/IP suite is a layered model similar to the OSI reference model. Its name is actually a combination of two individual protocols, Transmission Control Protocol (TCP) and Internet Protocol (IP). It is divided into layers, each of which performs specific functions in the data communication process.

Both the OSI model and the TCP/IP stack were developed by different organizations at approximately the same time as a means to organize and communicate the components that guide the transmission of data.

Although the OSI reference model is universally recognized, the historical and technical open standard of the Internet is the TCP/IP protocol stack. The TCP/IP protocol stack, shown in Figure 1-24, varies slightly from the OSI reference model.

Figure 1-24

Figure 1-24

TCP/IP Protocol Stack

The TCP/IP protocol stack has four layers. Note that although some of the layers in the TCP/IP protocol stack have the same names as layers in the OSI reference model, the layers have different functions in each model, as is described in the following list:

  • Application layer: The application layer handles high-level protocols, including issues of representation, encoding, and dialog control. The TCP/IP model combines all application-related issues into one layer and ensures that this data is properly packaged for the next layer.

  • Transport layer: The transport layer deals with QoS issues of reliability, flow control, and error correction. One of its protocols, TCP, provides for reliable network communications.

  • Internet layer: The purpose of the Internet layer is to send source datagrams from any network on the internetwork and have them arrive at the destination, regardless of the path they took to get there.

  • Network access layer: The name of this layer is broad and somewhat confusing. It is also called the host-to-network layer. It includes the LAN and WAN protocols and all the details in the OSI physical and data link layers.

OSI Model Versus TCP/IP Stack

Both similarities and differences exist between the TCP/IP protocol stack and the OSI reference model. Figure 1-25 offers a side-by-side comparison of the two models.

Similarities between the TCP/IP protocol stack and the OSI reference model include the following:

  • Both have application layers, though they include different services.

  • Both have comparable transport and network layers.

  • Both assume packet-switched technology, not circuit-switched. (Analog telephone calls are an example of circuit-switched technology.)

Figure 1-25

Figure 1-25

OSI Model Versus TCP/IP

The differences that exist between the TCP/IP protocol stack and the OSI reference model include the following:

  • TCP/IP combines the presentation and session layers into its application layer.

  • TCP/IP combines the OSI data link and physical layers into the network access layer.

TCP/IP protocols are the standards around which the Internet developed, so the TCP/IP protocol stack gains credibility just because of its protocols. In contrast, networks are not typically built on the OSI reference model, even though the OSI reference model is used as a guide.

Summary of Understanding the Host-to-Host Communications Model

This following summarizes the host-to-host communications model key points:

  • The OSI reference model defines the network functions that occur at each layer.

  • The physical layer defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating the physical link between end systems.

  • The data link layer defines how data is formatted for transmission.

  • The network layer provides connectivity and path selection between two host systems that might be located on geographically separated networks.

  • The transport layer segments data from the system of the sending host and reassembles the data into a data stream on the system of the receiving host.

  • The session layer establishes, manages, and terminates sessions between two communicating hosts.

  • The presentation layer ensures that the information sent at the application layer of one system is readable by the application layer of another system.

  • The application layer provides network services, such as e-mail, file transfer, and web services, to applications of the users.

  • The information sent on a network is referred to as data or data packets. If one computer wants to send data to another computer, the data must first be packaged by a process called encapsulation.

  • When the remote device receives a sequence of bits, the physical layer at the remote devices passes the bits of data up the protocol stack for manipulation. This process is referred to as de-encapsulation.

  • TCP/IP is now the most widely used protocol for a number of reasons, including its flexible addressing scheme, usability by most operating systems and platforms, its many tools and utilities, and the need to be connected to the Internet.

  • The components of the TCP/IP stack are the network access, Internet, transport, and application layers.

  • The OSI reference model and the TCP/IP stack are similar in structure and function, with correlation at the physical, data link, network, and transport layers. The OSI reference model divides the application layer of the TCP/IP stack into three separate layers.

Understanding TCP/IP's Internet Layer

Among the protocols included in the TCP/IP protocol stack are a network layer protocol and a transport layer protocol. The internetworking layer handles the routing of packets of data by using IP addresses to identify each device on the network. Each computer, router, printer, or any other device attached to a network has its own unique IP address that routes packets of data.

Each IP address has a specific structure, and various classes of IP addresses exist. In addition, subnetworks and subnet masks play a role in IP addressing schemes, and different routing functions and protocols are involved in transmitting data from one network node to another using IP addresses.

The various aspects of IP addressing include calculations for constructing an IP address, classes of IP addresses designated for specific routing purposes, and public versus private IP addresses. Also, two different types of IP addresses exist: IP version 4 (IPv4) and IP version 6 (IPv6). The 32-bit IPv4 address type is currently the most common, but the 128-bit IPv6 address is also in use and will probably become the more common address type over time. This lesson describes 32-bit IPv4 addressing, except where IPv6 is explicitly identified.

How do end systems initially obtain their IP address information? Although manual assignment of IP address information is possible, it does not scale and is a barrier to deployment and maintenance of networks. Therefore, protocols for the automatic assignment of IP address information have evolved and now provide this essential function without end user intervention. This lesson describes how IP address protocols function.

IP Network Addressing

Just as you use addresses to identify the specific locations of homes and businesses so that mail can reach them efficiently, you use IP addresses to identify the location of specific devices on a network so that data can be sent correctly to those locations. IP addressing has various aspects, including the calculations for constructing an IP address, the classes of IP addresses designated for specific routing purposes, and public versus private IP addresses.

Learning how IP addresses are structured and how they function in the operation of a network provides an understanding of how data is transmitted through Layer 3 internetworking devices using TCP/IP. To facilitate the routing of packets over a network, the TCP/IP protocol suite uses a 32-bit logical address known as an IP address. This address must be unique for each device in the internetwork.

The header of the Internet layer of TCP/IP is known as the IP header. Figure 1-26 shows the layout of the IP header.

Figure 1-26

Figure 1-26

IP Header

Note that each IP datagram carries this header, which includes a source IP address and destination IP address that identify the source and destination network and host.

An IP address is a hierarchical address, and it consists of two parts:

  • The high order, or leftmost, bits specify the network address component (network ID) of the address.

  • The low order, or rightmost, bits specify the host address component (host ID) of the address.

Every physical or virtual LAN on the corporate internetwork is seen as a single network that must be reached before an individual host within that company can be contacted. Each LAN has a unique network address. The hosts that populate that network share those same bits, but each host is identified by the uniqueness of the remaining bits. Like a group of houses along the same road, the street address is the same, but the house number is unique.

Figure 1-27 illustrates a sample IP addressing scheme in an internetwork.

Figure 1-27

Figure 1-27

IP Addressing

The IP address is 32 bits in length and is binary in nature, but it is expressed in a format that can be easily understood by the human brain. Basically, the 32 bits are broken into 4 sections of 8 bits each, known as octets or bytes. Each of these octets is then converted into decimal numbers between 0 and 255, and each octet is separated from the following one by dots. Figure 1-28 illustrates the format of an IP address using 172.16.122.204 as an example.

Figure 1-28

Figure 1-28

IP Address Format

The IP address format is known as dotted decimal notation. Figure 1-28 shows how the dotted decimal address is derived from the 32-bit binary value:

  • Sample address: 172.16.122.204.

  • Each bit in the octet has a binary weight (such as 128, 64, 32, 16, 8, 4, 2, and 1), and when all the bits are on, the sum is 255.

  • The minimum decimal value for an octet is 0; it contains all 0s.

  • The maximum decimal value for an octet is 255; it contains all 1s.

While many computers might share the same network address, combining the network address with a host address uniquely identifies any device connected to the network.

IP Address Classes

When IP was first developed, no classes of addresses existed, because it was assumed that 254 networks would be more than enough for an internetwork of academic, military, and research computers.

As the number of networks grew, the IP addresses were broken into categories called classes to accommodate different sizes of networks and to aid in identifying them. These classes are illustrated in Figure 1-29.

Assigning IP addresses to classes is known as classful addressing. The allocation of addresses is managed by a central authority, the American Registry for Internet Numbers (ARIN), which you can go to at http://www.arin.net for more information about network numbers.

Figure 1-29

Figure 1-29

Address Classes

Five IP address classes are used, as follows:

  • Class A: The Class A address category was designed to support extremely large networks. A Class A address uses only the first octet to indicate the network address. The remaining three octets are used for host addresses.

    The first bit of a Class A address is always 0; therefore, the lowest number that can be represented is 00000000 (decimal 0), and the highest number that can be represented is 01111111 (decimal 127). However, these two network numbers, 0 and 127, are reserved and cannot be used as a network address. Any address that starts with a value between 1 and 126 in the first octet, then, is a Class A address.


Note - The 127.0.0.0 network is reserved for loopback testing (routers or local machines can use this address to send packets to themselves). Therefore, it cannot be assigned to a network.


  • Class B: The Class B address category was designed to support the needs of moderate- to large-sized networks. A Class B address uses two of the four octets to indicate the network address. The other two octets specify host addresses.

    The first 2 bits of the first octet of a Class B address are always binary 10. The remaining 6 bits might be populated with either 1s or 0s. Therefore, the lowest number that can be represented with a Class B address is 10000000 (decimal 128), and the highest number that can be represented is 10111111 (decimal 191). Any address that starts with a value in the range of 128 to 191 in the first octet is a Class B address.

  • Class C: The Class C address category is the most commonly used of the original address classes. This address category was intended to support a lot of small networks.

    A Class C address begins with binary 110. Therefore, the lowest number that can be represented is 11000000 (decimal 192), and the highest number that can be represented is 11011111 (decimal 223). If an address contains a number in the range of 192 to 223 in the first octet, it is a Class C address.

  • Class D: The Class D address category was created to enable multicasting in an IP address. A multicast address is a unique network address that directs packets with that destination address to predefined groups of IP addresses. Therefore, a single station can simultaneously transmit a single stream of datagrams to multiple recipients.

    The Class D address category, much like the other address categories, is mathematically constrained. The first 4 bits of a Class D address must be 1110. Therefore, the first octet range for Class D addresses is 11100000 to 11101111, or 224 to 239. An IP address that starts with a value in the range of 224 to 239 in the first octet is a Class D address.

    As illustrated in Figure 1-30, Class D addresses (multicast addresses) include the following range of network numbers: 224.0.0.0 to 239.255.255.255.

  • Class E: Although a Class E address category has been defined, the Internet Engineering Task Force (IETF) reserves the addresses in this class for its own research. Therefore, no Class E addresses have been released for use in the Internet. The first 4 bits of a Class E address are always set to 1111. Therefore, the first octet range for Class E addresses is 11110000 to 11111111, or 240 to 255.

Figure 1-30

Figure 1-30

Multicast Addresses

Within each class, the IP address is divided into a network address (or network identifier, network ID) and the host address (or host identifier, host ID). The number of networks and hosts vary by class. A bit or bit sequence at the start of each address, known as the high order bits, determines the class of the address, as shown in Figure 1-31.

Figure 1-31

Figure 1-31

Address Classification

Figure 1-31 shows how the bits in the first octet identify the address class. The router uses the first bits to identify how many bits it must match to interpret the network portion of the address (based on the standard address class). Table 1-1 lists the characteristics of Class A, B, and C addresses that address network devices.

Table 1-1 IP Address Classes

Class A AddressClass B AddressClass C Address
The first bit is 0.The first 2 bits are 10.The first 3 bits are 110.
Range of network numbers: 1.0.0.0 to 126.0.0.0.Range of network numbers: 128.0.0.0 to 191.255.0.0.Range of network numbers: 192.0.0.0 to 223.255.255.0.
Number of possible networks: 127 (1 through 126 are usable; 127 is reserved).Number of possible networks: 16,384.Number of possible networks: 2,097,152.
Number of possible values in the host portion: 16,777,216.*Number of possible values in the host portion: 65,536. *Number of possible values in the host portion: 256.*
*The number of usable hosts is two less than the total number possible because the host portion must be nonzero and cannot be all 1s.

Network and Broadcast Addresses

Certain IP addresses are reserved and cannot be assigned to individual devices on a network. These reserved addresses include a network address, which identifies the network itself, and a broadcast address, which is used for broadcasting packets to all the devices on a network.

An IP address that has binary 0s in all host bit positions is reserved for the network address. Therefore, as a Class A network example, 10.0.0.0 is the IP address of the network containing the host 10.1.2.3. A router uses the network IP address when it searches its IP route table for the destination network location. As a Class B network example, the IP address 172.16.0.0 is a network address, as shown in the Figure 1-32.

Figure 1-32

Figure 1-32

Network Address

The decimal numbers that fill the first two octets in a Class B network address are assigned. The last two octets contain 0s because those 16 bits are for host numbers and are used for devices that are attached to the network. The IP address in the example (172.16.0.0) is reserved for the network address; it is never used as an address for any device that is attached to it. An example of an IP address for a device on the 172.16.0.0 network would be 172.16.16.1. In this example, 172.16 is the network-address portion and 16.1 is the host-address portion.

If you wanted to send data to all the devices on a network, you would need to use a network broadcast address. Broadcast IP addresses end with binary 1s in the entire host part of the address (the host field), as shown in Figure 1-33.

For the network in the example (172.16.0.0), in which the last 16 bits make up the host field (or host part of the address), the broadcast that is sent out to all devices on that network includes a destination address of 172.16.255.255.

Figure 1-33

Figure 1-33

Network Broadcast Address

The network broadcast is also known as a directed broadcast and is capable of being routed, because the longest match in the routing table would match the network bits. Because the host bits would not be known, the router would forward this out all the interfaces that were members of the major 172.16.0.0 network. Directed broadcast can be used to perform a DoS attack against routed networks. This behavior is not the default for Cisco routers, however.

If an IP device wants to communicate with all devices on all networks, it sets the destination address to all 1s (255.255.255.255) and transmits the packet. This address can be used, for example, by hosts that do not know their network number and are asking some server for it, as with Reverse Address Resolution Protocol (RARP) or DHCP. This form of broadcast is never capable of being routed, because RFC 1812 prohibits the forwarding of an all networks broadcast. For this reason, an all networks broadcast is called a local broadcast because it stays local to the LAN segment or VLAN.

The network portion of an IP address is also referred to as the network ID. It is important because hosts on a network can only directly communicate with devices in the same network. If they need to communicate with devices with interfaces assigned to some other network ID, a Layer 3 internetworking device that can route data between the networks is needed. This is true even when the devices share the same physical media segment or VLAN.

A network ID enables a router to put a packet onto the appropriate network segment. The host ID helps the router deliver the Layer 2 frame, encapsulating the packet to a specific host on the network. As a result, the IP address is mapped to the correct MAC address, which is needed by the Layer 2 process on the router to address the frame.

Specific guidelines exist for assigning IP addresses in a network. First, each device or interface must have a nonzero host number. Figure 1-34 shows devices and routers with IP addresses assigned.

Figure 1-34

Figure 1-34

Host Addresses

Each wire is identified with the network address. This value is not assigned, but it is assumed. A value of 0 means "this network" or "the wire itself" (for example, 172.16.0.0). This is the information used by the router to identify each network. The routing table contains entries for network or wire addresses; it usually does not contain any information about hosts.

As soon as the network portion is determined by the classification, you can determine the total number of hosts on the network by summing all available 1 and 0 combinations of the remaining address bits and subtracting 2. You must subtract 2 because an address consisting of all 0 bits specifies the network, and an address of all 1 bits is used for network broadcasts.

The same result can be derived by using the following formula:

2N – 2 (where N is the number of bits in the host portion)

Figure 1-35 illustrates a Class B network, 172.16.0.0. In a Class B network, 16 bits are used for the host portion. Applying the formula 2N – 2 (in this case, 216 – 2 = 65,534) results in 65,534 usable host addresses.

All classful addresses have only a network portion and host portion. So, the router(s) within the internetwork know it only as a single network, and no detailed knowledge of the internal hosts is required. All datagrams addressed to network 172.16.0.0 are treated the same, regardless of the third and fourth octets of the address.

Figure 1-35

Figure 1-35

Determining the Available Host Addresses

Each class of a network allows a fixed number of hosts. In a Class A network, the first octet is assigned for the network, leaving the last three octets to be assigned to hosts. The first host address in each network (all 0s) is reserved for the actual network address, and the final host address in each network (all 1s) is reserved for broadcasts. The maximum number of hosts in a Class A network is 224 – 2 (subtracting the network and broadcast reserved addresses), or 16,777,214.

In a Class B network, the first two octets are assigned for the network, leaving the final two octets to be assigned to hosts. The maximum number of hosts in a Class B network is 216 – 2, or 65,534.

In a Class C network, the first three octets are assigned for the network. This leaves the final octet to be assigned to hosts, so the maximum number of hosts is 28 – 2, or 254.

Just as local broadcasts and directed broadcasts are special network addresses, you also find a special host address known as the loopback address that is used to test the TCP/IP stack on a host. This address is 127.0.0.1.

Another common special host address that many people run into is the autoconfiguration IP address assigned when neither a statically nor a dynamically configured IP address is found on startup. Hosts supporting IPv4 link-local addresses (RFC 3927) generate an address in the 169.254.X.X/16 prefix range. The address can be used only for local network connectivity and operates with many caveats, one of which is that it is not routed. These addresses are usually encountered when a host fails to obtain an address via startup using DHCP.

Public and Private IP Addresses

Some networks connect to each other through the Internet, whereas others are private. Public and private IP addresses are required, therefore, for both of these network types.

Internet stability depends directly on the uniqueness of publicly used network addresses. Therefore, some mechanism is needed to ensure that addresses are, in fact, unique. This responsibility originally rested within an organization known as the InterNIC (Internet Network Information Center). This organization was succeeded by the Internet Assigned Numbers Authority (IANA). IANA carefully manages the remaining supply of IP addresses to ensure that duplication of publicly used addresses does not occur. Such duplication would cause instability in the Internet and compromise its capability to deliver datagrams to networks using the duplicated addresses.

To obtain an IP address or block of addresses, you must contact an Internet service provider (ISP). The ISP allocates addresses from the range assigned by their upstream registry or their appropriate regional registry, which is managed by IANA, as follows:

  • Asia Pacific Network Information Center (APNIC)

  • American Registry for Internet Numbers (ARIN)

  • Réseaux IP Europens Network Coordination Centre (RIPE NCC)

With the rapid growth of the Internet, public IP addresses began to run out, so new addressing schemes such as classless interdomain routing (CIDR) and IPv6 were developed to help solve the problem. CIDR and IPv6 are discussed later in this chapter in the "Address Exhaustion" section.

Although Internet hosts require a globally unique IP address, private hosts that are not connected to the Internet can use any valid address, as long as it is unique within the private network. Because many private networks exist alongside public networks, grabbing "just any address" is strongly discouraged. Therefore, the IETF defined 3 blocks of IP addresses (1 Class A network, 16 Class B networks, and 256 Class C networks) in RFC 1918 for private, internal use. Addresses in this range are not routed on the Internet backbone, as shown in Table 1-2. Internet routers are configured to discard private addresses as defined by RFC 1918.

Table 1-2 Private IP Addresses

ClassRFC 1918 Internal Address Range
A10.0.0.0 to 10.255.255.255
B172.16.0.0 to 172.31.255.255
C192.168.0.0 to 192.168.255.255

If you are addressing a nonpublic intranet, these private addresses can be used instead of globally unique addresses. If you want to connect a network using private addresses to the Internet, however, it is necessary to translate the private addresses to public addresses. This translation process is referred to as Network Address Translation (NAT). A router is often the network device that performs NAT.

Address Exhaustion

The growth of the Internet has resulted in enormous demands for IP addresses. This section describes the capabilities of IPv4 in relation to that demand.

When TCP/IP was first introduced in the 1980s, it relied on a two-level addressing scheme, which at the time offered adequate scalability. The architects of TCP/IP could not have predicted that their protocol would eventually sustain a global network of information, commerce, and entertainment. Twenty years ago, IPv4 offered an addressing strategy that, although scalable for a time, eventually resulted in an inefficient allocation of addresses.

The Class A and B addresses make up 75 percent of the IPv4 address space, but a relative handful of organizations (fewer than 17,000) can be assigned a Class A or B network number. Class C network addresses are far more numerous than Class A and B addresses, although they account for only 12.5 percent of the possible 4 billion IP addresses, as shown in Figure 1-36.

Unfortunately, Class C addresses are limited to 254 hosts, which does not meet the needs of larger organizations that cannot acquire a Class A or B address.

Figure 1-36

Figure 1-36

IP Address Allocation

As early as 1992, the IETF identified two specific concerns:

  • The Class B address category was on the verge of depletion, and the remaining, unassigned IPv4 network addresses were nearly depleted at the time.

  • As more Class C networks came online to accommodate the rapid and substantial increase in the size of the Internet, the resulting flood of new network information threatened the capability of Internet routers to cope effectively.

Over the past 20 years, numerous extensions to IPv4 have been developed to improve the efficiency with which the 32-bit address space can be used.

In addition, an even more extendable and scalable version of IP, IPv6, has been defined and developed. An IPv6 address is a 128-bit binary value, which can be displayed as 32 hexadecimal digits. It provides 3.4 x 1038 IP addresses. This version of IP should provide sufficient addresses for future Internet growth needs. Table 1-3 compares IPv4 and IPv6 addresses.

Table 1-3 IPv6 Addresses

VersionIPv4IPv6
Number of octets4 octets16 octets
Binary representation of address11000000.10101000.11001001.0111000111010001.11011100.11001001.01110001.11010001.11011100.110011001.01110001.11010001.11011100.11001001.01110001.11010001.11011100.11001001.01110001
Notation of address192.168.201.113A524:72D3:2C80:DD02:0029:EC7A:002B:EA73
Total number of addresses available4,294,467,295 IP addresses3.4 x 1038 IP addresses

After years of planning and development, IPv6 is slowly being implemented in select networks. Eventually, IPv6 might replace IPv4 as the dominant internetwork protocol.

Another solution to the shortage of public IP addresses is a different kind of routing. CIDR is a new addressing scheme for the Internet that allows for more efficient allocation of IP addresses than the old Class A, B, and C address scheme allows.

First introduced in 1993 and later deployed in 1994, CIDR dramatically improved the scalability and efficiency of IPv4 in the following ways:

  • It replaced classful addressing with a more flexible and less wasteful scheme.

  • It provided enhanced route aggregation, also known as supernetting. As the Internet grows, routers on the Internet require huge memory tables to store all the routing information. Supernetting helps reduce the size of router memory tables by combining and summarizing multiple routing information entries into one single entry. This reduces the size of router memory tables and also allows for faster table lookup.

A CIDR network address looks like this:

192.168.54.0/23

The 192.168.54.0 is the network address itself and the /23 means that the first 23 bits are the network part of the address, leaving the last 9 bits for specific host addresses. The effect of CIDR is to aggregate, or combine, multiple classful networks into a single larger network. This aggregation reduces the number of entries required in the IP routing tables and allows the provisioning a larger number of hosts within the network. Both are done without using a network ID from the next larger classful address group.

With the CIDR approach, if you need more than 254 host addresses, you can be assigned a /23 address instead of wasting a whole Class B address that supports 65,534 hosts.

Figure 1-37 shows an example of using CIDR. Company XYZ asks for an address block from its ISP, not a central authority. The ISP evaluates company XYZ's needs and allocates address space from its own large CIDR block of addresses. CIDR blocks can be, and are, assigned by the regional authorities to governments, service providers, enterprises, and organizations.

Figure 1-37

Figure 1-37

CIDR Addressing


Note - Figure 1-37 shows an example using private IP addresses as defined in RFC 1918. These addresses would never be used by an ISP for CIDR, but they are shown here merely as an illustration. Public addresses are not used in this example for security reasons.


In this example, the ISP owns the 192.168.0.0/16 address block. The ISP announces only this single 192.168.0.0/16 address to the Internet (even though this address block actually consists of many Class C networks). The ISP assigns the smaller 192.168.54.0/23 address block within the larger 192.168.0.0/16 address block to the XYZ company. This assignment allows the XYZ company to have a network that can have up to 510 hosts (29 – 2 = 510), or that network can be subdivided into multiple smaller subnets by the XYZ company.

Providers assume the burden of managing address space in a classless system. With this system, Internet routers keep only one summary route, or supernet route, to the provider's network, and only the individual provider keeps routes that are more specific to its own customer networks. This method drastically reduces the size of internetwork routing tables.

Dynamic Host Configuration Protocol

Host addresses are assigned to devices either manually or automatically. Automated methods make administration of devices easier, so they are the ones most often employed. Several automated methods that use protocols for assigning IP addresses exist, and DHCP is the most popular of those methods.

DHCP is a protocol used to assign IP addresses automatically and to set TCP/IP stack configuration parameters, such as the subnet mask, default router, and Domain Name System (DNS) servers for a host. DHCP is also used to provide other configuration information as necessary, including the length of time the address has been allocated to the host. DHCP consists of two components: a protocol for delivering host-specific configuration parameters from a DHCP server to a host and a mechanism for allocating network addresses to hosts. DCHP addresses are usually obtained on startup, and Figure 1-38 shows the communication that takes place to obtain the address.

Using DHCP, a host can obtain an IP address quickly and dynamically. All that is required is a defined range of IP addresses on a DHCP server. As hosts come online, they contact the DHCP server and request address information. The DHCP server selects an address and allocates it to that host. The address is only "leased" to the host, so the host periodically contacts the DHCP server to extend the lease. This lease mechanism ensures that hosts that have been moved or are switched off for extended periods of time do not hold on to addresses that they are not using. The addresses are returned to the address pool by the DHCP server to be reallocated as necessary.

DHCP is a protocol specified by RFC 2131, superseding RFC 1541. DHCP is based on the Bootstrap Protocol (BOOTP), which it has effectively superseded.

IP addresses can also be assigned statically by configuring the host manually.

Domain Name System

Another important parameter used in TCP/IP is DNS. DNS is a mechanism for converting symbolic names into IP addresses. The DNS application frees users of IP networks from the burden of having to remember IP addresses. Without this freedom, the Internet would not be as popular or as usable as it is.

The DNS address is a server that provides the DNS services. The address is typically assigned during the DCHP address assignment or can be assigned manually.

Figure 1-38

Figure 1-38

DHCP Request

Using Common Host Tools to Determine the IP Address of a Host

Most operating systems provide a series of tools that can be used to verify host addresses and DNS addresses

For a Microsoft Windows device the Network Connections tab under System setup enables you to set and view the IP address configured on the PC. As shown in Figure 1-39, this PC is configured to obtain the address from a DHCP server.

Figure 1-39

Figure 1-39

TCP/IP Properties

To determine the actual address of the device, the command ipconfig can be used from the command line to display all current TCP/IP network configuration values and refresh DHCP and DNS settings. Used without parameters, ipconfig displays the IP address, subnet mask, and default gateway for all adapters. Figure 1-40 shows an example of an IPCONFIG output.

Figure 1-40

Figure 1-40

IPCONFIG Output

You can run ipconfig with various flags to determine exactly what output should be displayed. The syntax flags are as follows:

ipconfig [/all] [/renew [Adapter]] [/release [Adapter]] [/flushdns] [/displaydns]  [/registerdns] [/showclassid Adapter] [/setclassid Adapter [ClassID]]

The parameters are as follows:

  • /all: Displays the full TCP/IP configuration for all adapters. Without this parameter, ipconfig displays only the IP address, subnet mask, and default gateway values for each adapter. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dialup connections.

  • /renew [Adapter]: Renews DHCP configuration for all adapters (if an adapter is not specified) or for a specific adapter if the Adapter parameter is included. This parameter is available only on computers with adapters that are configured to obtain an IP address automatically. To specify an adapter name, type the adapter name that appears when you use ipconfig without parameters.

  • /release [Adapter]: Sends a DHCPRELEASE message to the DHCP server to release the current DHCP configuration and discard the IP address configuration for either all adapters (if an adapter is not specified) or for a specific adapter if the Adapter parameter is included. This parameter disables TCP/IP for adapters configured to obtain an IP address automatically. To specify an adapter name, type the adapter name that appears when you use ipconfig without parameters.

  • /flushdns: Flushes and resets the contents of the DNS client resolver cache. During DNS troubleshooting, you can use this procedure to discard negative cache entries from the cache, as well as any other entries that have been added dynamically.

  • /displaydns: Displays the contents of the DNS client resolver cache, which includes both entries preloaded from the local hosts file and any recently obtained resource records for name queries resolved by the computer. The DNS client service uses this information to resolve frequently queried names quickly, before querying its configured DNS servers.

  • /registerdns: Initiates manual dynamic registration for the DNS names and IP addresses that are configured at a computer. You can use this parameter to troubleshoot a failed DNS name registration or resolve a dynamic update problem between a client and the DNS server without rebooting the client computer. The DNS settings in the advanced properties of the TCP/IP protocol determine which names are registered in DNS.

  • /showclassid Adapter: Displays the DHCP class ID for a specified adapter. To see the DHCP class ID for all adapters, use the asterisk (*) wildcard character in place of Adapter. This parameter is available only on computers with adapters that are configured to obtain an IP address automatically.

  • /setclassid Adapter [ClassID]: Configures the DHCP class ID for a specified adapter. To set the DHCP class ID for all adapters, use the asterisk (*) wildcard character in place of Adapter. This parameter is available only on computers with adapters that are configured to obtain an IP address automatically. If a DHCP class ID is not specified, the current class ID is removed.

  • /?: Displays help at the command prompt.

Summary of TCP/IP's Internet Layer

The following list summarizes key points about TCP/IP's Internet layer:

  • IP network addresses consist of two parts: the network ID and the host ID.

  • IPv4 addresses have 32 bits that are divided into octets and are generally shown in dotted decimal form (for example, 192.168.54.18).

  • IPv4 addresses are divided into A, B, and C classes to be assigned to user devices.

  • Classes D and E are used for multicast and research, respectively.

  • The first few bits of an address determine the class.

  • Certain IP addresses (network and broadcast) are reserved and cannot be assigned to individual network devices.

  • Internet hosts require a unique public IP address, but private hosts can have any valid private address that is unique within the private network.

  • DCHP assigns IP addresses and parameters to host devices automatically.

  • DNS is a TCP/IP application that resolves domain names like Cisco.com into IP addresses to be used by the application.

  • Hosts provide tools that can be used to verify the IP addresses of the device. Windows tools are Network Connections and IPCONFIG.

Understanding TCP/IP's Transport and Application Layers

When computers communicate with one another, certain rules, or protocols, are required to allow them to transmit and receive data in an orderly fashion. Throughout the world, the most widely adopted protocol suite is TCP/IP. Understanding how TCP/IP functions is important for a larger understanding of how data is transmitted in network environments.

The way in which IP delivers a packet of data across a network is a fundamental concept in the TCP/IP architecture used in large networks. Understanding how data is transmitted via IP is central to understanding how the TCP/IP suite of protocols functions overall. This, in turn, adds to an understanding of how data that is communicated across networks can be prioritized, restricted, secured, optimized, and maintained. This lesson describes the sequence of steps in IP packet delivery and the concepts and structures involved, such as packets, datagrams, and protocol fields, to provide a view of how data is transmitted over large networks.

For the Internet and internal networks to function correctly, data must be delivered reliably. You can ensure reliable delivery of data through development of the application and by using the services provided by the network protocol. In the OSI reference model, the transport layer manages the process of reliable data delivery. The transport layer hides details of any network-dependent information from the higher layers by providing transparent data transfer. The User Datagram Protocol (UDP) and TCP operate between the transport layer and the application layer. Learning how UDP and TCP function between the network layer and the application layer provides a more complete understanding of how data is transmitted in a TCP/IP networking environment. This section describes the function of the transport layer and how UDP and TCP operate.

The Transport Layer

Residing between the application and network layers, the transport layer, Layer 4, is in the core of the TCP/IP layered network architecture. The transport layer has the critical role of providing communication services directly to the application processes running on different hosts. Learning how the transport layer functions provides an understanding of how data is transmitted in a TCP/IP networking environment.

The transport layer protocol places a header on data that is received from the application layer. The purpose of this protocol is to identify the application from which the data was received and create segments to be passed down to the Internet layer. Some transport layer protocols also perform two additional functions: flow control (provided by sliding windows) and reliability (provided by sequence numbers and acknowledgments). Flow control is a mechanism that enables the communicating hosts to negotiate how much data is transmitted each time. Reliability provides a mechanism for guaranteeing the delivery of each packet.

Two protocols are provided at the transport layer:

  • TCP: A connection-oriented, reliable protocol. In a connection-oriented environment, a connection is established between both ends before transfer of information can begin. TCP is responsible for breaking messages into segments, reassembling them at the destination station, resending anything that is not received, and reassembling messages from the segments. TCP supplies a virtual circuit between end user applications.

  • UDP: A connectionless and unacknowledged protocol. Although UDP is responsible for transmitting messages, no checking for segment delivery is provided at this layer. UDP depends on upper-layer protocols for reliability.

When devices communicate with one another, they exchange a series of messages. To understand and act on these messages, devices must agree on the format and the order of the messages exchanged, as well as the actions taken on the transmission or receipt of a message.

An example of a how a protocol can be used to provide this functionality is a conversation exchange between a student and a teacher in a classroom:

  1. The teacher is lecturing on a particular subject. The teacher stops to ask, "Are there any questions?" This question is a broadcast message to all students.
  2. You raise your hand. This action is an implicit message back to the teacher.
  3. The teacher responds with "Yes, what is your question?" Here, the teacher has acknowledged your message and signals you to send your next message.
  4. You ask your question. You transmit your message to the teacher.
  5. The teacher hears your question and answers it. The teacher receives your message and transmits a reply back to you.
  6. You nod to the teacher that you understand the answer. You acknowledge receipt of the message from the teacher.
  7. The teacher asks if everything is all clear.

The transmission and receipt of messages and a set of conventional actions taken when sending and receiving these messages are at the heart of this question-and-answer protocol.

TCP provides transparent transfer of data between end systems using the services of the network layer below to move packets between the two communicating systems. TCP is a transport layer protocol. IP is a network layer protocol.

Similar to the OSI reference model, TCP/IP separates a full network protocol suite into a number of tasks. Each layer corresponds to a different facet of communication. Conceptually, you can envision TCP/IP as a protocol stack.

The services provided by TCP run in the host computers at either end of a connection, not in the network. Therefore, TCP is a protocol for managing end-to-end connections. Because end-to-end connections can exist across a series of point-to-point connections, these end-to-end connections are called virtual circuits. The characteristics of TCP are as follows:

  • Connection-oriented: Two computers set up a connection to exchange data. The end systems synchronize with one another to manage packet flows and adapt to congestion in the network.

  • Full-duplex operation: A TCP connection is a pair of virtual circuits, one in each direction. Only the two synchronized end systems can use the connection.

  • Error checking: A checksum technique verifies that packets are not corrupted.

  • Sequencing: Packets are numbered so that the destination can reorder packets and determine if a packet is missing.

  • Acknowledgments: Upon receipt of one or more packets, the receiver returns an acknowledgment to the sender indicating that it received the packets. If packets are not acknowledged, the sender can retransmit the packets or terminate the connection if the sender thinks the receiver is no longer on the connection.

  • Flow control: If the sender is overflowing the buffer of the receiver by transmitting too quickly, the receiver drops packets. Failed acknowledgments alert the sender to slow down or stop sending. The receiver can also lower the flow to slow the sender down.

  • Packet recovery services: The receiver can request retransmission of a packet. If packet receipt is not acknowledged, the sender resends the packets.

TCP is a reliable transport layer protocol. Reliable data delivery services are critical for applications such as file transfers, database services, transaction processing, and other mission-critical applications in which delivery of every packet must be guaranteed.

An analogy to TCP protocol services would be sending certified mail through the postal service. For example, someone who lives in Lexington, Kentucky, wants to send this book to a friend in New York City, New York, but for some reason, the postal service handles only letters. The sender could rip the pages out and put each one in a separate envelope. To ensure the receiver reassembles the book correctly, the sender numbers each envelope. Then, the sender addresses the envelopes and sends the first envelope certified mail. The postal service delivers the first envelope by any truck and any route. Upon delivery of that envelope, the carrier must get a signature from the receiver and return that certificate of delivery to the sender.

The sender mails several envelopes on the same day. The postal service again delivers each envelope by any truck using any route. The sender returns to the post office each day sending several envelopes each requiring a return receipt. The receiver signs a separate receipt for each envelope in the batch as they are received. If one envelope is lost in transit, the sender would not receive a certificate of delivery for that numbered envelope. The sender might have already sent the pages that follow the missing one, but would still be able to resend the missing page. After receiving all the envelopes, the receiver puts the pages in the right order and pastes them back together to make the book. TCP provides these levels of services.

UDP is another transport layer protocol that was added to the TCP/IP protocol suite. This transport layer protocol uses a smaller header and does not provide the reliability available with TCP.

The early IP suite consisted only of TCP and IP, although IP was not differentiated as a separate service. However, some end user applications needed timeliness rather than accuracy. In other words, speed was more important than packet recovery. In real-time voice or video transfers, a few lost packets are tolerable. Recovering packets creates excessive overhead that reduces performance.

To accommodate this type of traffic, TCP architects redesigned the protocol suite to include UDP. The basic addressing and packet-forwarding service in the network layer was IP. TCP and UDP are in the transport layer on top of IP, and both use IP services.

UDP offers only minimal, nonguaranteed transport services and gives applications direct access to the IP layer. UDP is used by applications that do not require the level of service of TCP or that want to use communications services such as multicast or broadcast delivery, not available from TCP.

An analogy of the UDP protocol services would be using the postal service to send fliers notifying all of your neighbors of your garage sale. In this example, you make a flier advertising the day, time, and location of your garage sale. You address each flier with the specific name and address of each neighbor within a 2-mile radius of your house. The postal service delivers each flier by any truck and any route. However, it is not important if a flier is lost in transit or if a neighbor acknowledges receipt of the flier.

TCP/IP Applications

In addition to including the IP, TCP, and UDP protocols, the TCP/IP protocol suite also includes applications that support other services such as file transfer, e-mail, and remote login. Some of the applications that TCP/IP supports include the following:

  • FTP: FTP is a reliable, connection-oriented service that uses TCP to transfer files between systems that support FTP. FTP supports bidirectional binary and ASCII file transfers.

  • TFTP: TFTP is an application that uses UDP. Routers use TFTP to transfer configuration files and Cisco IOS images and to transfer files between systems that support TFTP.

  • Terminal Emulation (Telnet): Telnet provides the capability to remotely access another computer. Telnet enables a user to log on to a remote host and execute commands.

  • E-mail (SMTP): Simple Mail Transfer Protocol allows users to send and receive messages to e-mail applications throughout the internetwork.

Transport Layer Functionality

The transport layer hides details of any network-dependent information from the higher layers by providing transparent data transfer. Learning how the TCP/IP transport layer and the TCP and UDP protocols function provides a more complete understanding of how data is transmitted with these protocols in a TCP/IP networking environment.

Transport services enable users to segment and reassemble several upper-layer applications onto the same transport layer data stream. This transport layer data stream provides end-to-end transport services. The transport layer data stream constitutes a logical connection between the endpoints of the internetwork, the originating or sending host and the destination or receiving host.

A user of a reliable transport layer service must establish a connection-oriented session with its peer system. For reliable data transfer to begin, both the sending and the receiving applications inform their respective operating systems that a connection is to be initiated, as shown in Figure 1-41.

One machine initiates a connection that must be accepted by the other. Protocol software modules in the two operating systems communicate by sending messages across the network to verify that the transfer is authorized and that both sides are ready.

Figure 1-41

Figure 1-41

Network Connection

After successful synchronization has occurred, the two end systems have established a connection, and data transfer can begin. During transfer, the two machines continue to verify that the connection is still valid.

Encapsulation is the process by which data is prepared for transmission in a TCP/IP network environment. This section describes the encapsulation of data in the TCP/IP stack.

The data container looks different at each layer, and at each layer the container goes by a different name, as shown in Figure 1-42.

Figure 1-42

Figure 1-42

Names for Encapsulated Data by Layer

The names for the data containers created at each layer are as follows:

  • Message: The data container created at the application layer is called a message.

  • Segment or datagram: The data container created at the transport layer, which encapsulates the application layer message, is called a segment if it comes from the transport layer's TCP protocol. If the data container comes from the transport layer's UDP protocol, it is called a datagram.

  • Packet: The data container at the network layer, which encapsulates the transport layer segment, is called a packet.

  • Frame: The data container at the data link layer, which encapsulates the packet, is called a frame. This frame is then turned into a bit stream at the physical layer.

A segment or packet is the unit of end-to-end transmission containing a transport header and the data from the above protocols. In general, in discussion about transmitting information from one node to another, the term packet is used loosely to refer to a piece of data. However, this book refers to data formed in the transport layer as a segment, data at the network layer as a datagram or packet, and data at the link layer as a frame.

To provide communications between the segments, each protocol uses a particular header, as discussed in the next section.

TCP/UDP Header Format

TCP is known as a connection-oriented protocol because the end stations are aware of each other and are constantly communicating about the connection. A classic nontechnical example of connection-oriented communication is a telephone conversation between two people. First, a protocol lets the participants know that they have connected and can begin communicating. This protocol is analogous to an initial conversation of "Hello."

UDP is known as a connectionless protocol. An example of a connectionless conversation is the normal delivery of U.S. postal service. You place the letter in the mail and hope that it gets delivered. Figure 1-43 illustrates the TCP segment header format, the field definitions of which are described in Table 1-4. These fields provide the communication between end stations to control the conversation.

Figure 1-43

Figure 1-43

TCP Header Format

Table 1-4 TCP Header Field Descriptions

TCP Header FieldDescriptionNumber of Bits
Source PortNumber of the calling port16 bits
Destination PortNumber of the called port16 bits
Sequence NumberNumber used to ensure correct sequencing of the arriving data32 bits
Acknowledgment NumberNext expected TCP octet32 bits
Header LengthNumber of 32-bit words in the header4 bits
ReservedSet to zero6 bits
Code BitsControl functions such as setup and termination of a session6 bits
WindowNumber of octets that the device is willing to accept16 bits
ChecksumCalculated checksum of the header and data fields16 bits
UrgentIndicates the end of the urgent data16 bits
OptionsOne currently defined: maximum TCP segment size0 or 32 bits, if any
DataUpper-layer protocol dataVaries

Figure 1-44 shows a data capture of an Ethernet frame with the TCP header field expanded.

Figure 1-44

Figure 1-44

TCP Header

The TCP header is 20 bytes. Transporting multiple packets with small data fields results in less efficient use of available bandwidth than transporting the same amount of data with fewer, larger packets. This situation is like placing several small objects into several boxes, which could hold more than one object, and shipping each box individually instead of filling one box completely with all of the objects and sending only that box to deliver all the objects.

Figure 1-45 illustrates the UDP segment header format, the field definitions for which are described in Table 1-5. The UDP header length is always 64 bits.

Figure 1-45

Figure 1-45

UDP Header

Table 1-5UDP Header Field Descriptions

UDP Header FieldDescriptionNumber of Bits
Source PortNumber of the calling port16 bits
Destination PortNumber of the called port16 bits
LengthLength of UDP header and UDP data16 bits
ChecksumCalculated checksum of the header and data fields16 bits
DataUpper-layer protocol dataVaries

Figure 1-46 shows a data capture of an Ethernet frame with the UDP header field expanded.

Protocols that use UDP include TFTP, SNMP, Network File System (NFS), and DNS.

Figure 1-46

Figure 1-46

UDP Header

How TCP and UDP Use Port Numbers

Both TCP and UDP use port numbers to pass information to the upper layers. Port numbers keep track of different conversations crossing the network at the same time. Figure 1-47 defines some of the port numbers as used by TCP and UDP.

Figure 1-47

Figure 1-47

Port Numbers

Application software developers agree to use well-known port numbers that are controlled by the IANA. For example, any conversation bound for the FTP application uses the standard port number 21. Conversations that do not involve an application with a well-known port number are assigned port numbers randomly chosen from within a specific range instead. These port numbers are used as source and destination addresses in the TCP segment.

Some ports are reserved in both TCP and UDP, but applications might not be written to support them. Port numbers have the following assigned ranges:

  • Numbers below 1024 are considered well-known or assigned ports.

  • Numbers 1024 and above are dynamically assigned ports.

  • Registered ports are those registered for vendor-specific applications. Most are above 1024.


Note - Some applications, such as DNS, use both transport layer protocols. DNS uses UDP for name resolution and TCP for server zone transfers.


Figure 1-48 shows how well-known port numbers are used by hosts to connect to the application on the end station. It also illustrates the selection of a source port so that the end station knows how to communicate with the client application.

RFC 1700, "Assigned Numbers," defines all the well-known port numbers for TCP/IP. For a listing of current port numbers, refer to the IANA website at http://www.iana.org.

End systems use port numbers to select the proper application. Originating source port numbers are dynamically assigned by the source host, some number greater than 1023.

Figure 1-48

Figure 1-48

Port Number Example

Establishing a TCP Connection: The Three-Way Handshake

TCP is connection-oriented, so it requires connection establishment before data transfer begins. For a connection to be established or initialized, the two hosts must synchronize on each other's initial sequence numbers (ISN). Synchronization is done in an exchange of connection-establishing segments carrying a control bit called SYN (for synchronize) and the initial sequence numbers. As shorthand, segments carrying the SYN bit are also called "SYNs." Hence, the solution requires a suitable mechanism for picking an initial sequence number and a slightly involved handshake to exchange the ISN.

The synchronization requires each side to send its own initial sequence number and to receive a confirmation of its successful transmission within the acknowledgment (ACK) from the other side. Here is the sequence of events:

  1. Host A to Host B SYN: My sequence number is 100, ACK number is 0, and ACK bit is not set. SYN bit is set.

  2. Host A to Host B SYN, ACK: I expect to see 101 next, my sequence number is 300, and ACK bit is set. Host B to Host A SYN bit is set.

  3. Host A to Host B ACK: I expect to see 301 next, my sequence number is 101, and ACK bit is set. SYN bit is not set.


Note - The initial sequence numbers are actually large random numbers chosen by each host.


This exchange is called the three-way handshake and is illustrated in Figure 1-49.

Figure 1-49

Figure 1-49

Three-Way Handshake

Figure 1-50 shows a data capture of the three-way handshake. Notice the sequence numbers in the three frames.

A three-way handshake is necessary because sequence numbers are not tied to a global clock in the network, and IP stacks might have different mechanisms for picking the ISN. Because the receiver of the first SYN has no way of knowing whether the segment was an old delayed one, unless it remembers the last sequence number used on the connection (which is not always possible), it must ask the sender to verify this SYN. Figure 1-51 illustrates the acknowledgment process.

The window size determines how much data, in bytes, the receiving station accepts at one time before an acknowledgment is returned. With a window size of 1 byte (as shown in Figure 1-51), each segment must be acknowledged before another segment is transmitted. This results in inefficient use of bandwidth by the hosts.

Figure 1-50

Figure 1-50

Capture of Three-Way Handshake

Figure 1-51

Figure 1-51

Simple Acknowledgment

TCP provides sequencing of segments with a forward reference acknowledgment. Each datagram is numbered before transmission. At the receiving station, TCP reassembles the segments into a complete message. If a sequence number is missing in the series, that segment is retransmitted. If segments are not acknowledged within a given time period, that results in retransmission. Figure 1-52 illustrates the role that acknowledgment numbers play when datagrams are transmitted.

Figure 1-52

Figure 1-52

Acknowledgment Numbers

Session Multiplexing

Session multiplexing is an activity by which a single computer, with a single IP address, is able to have multiple sessions occur simultaneously. A session is created when a source machine needs to send data to a destination machine. Most often, this involves a reply, but a reply is not mandatory. The session is created and controlled within the IP network application, which contains the functionality of OSI Layers 5 through 7.

A best-effort session is very simple. The session parameters are sent to UDP. A best-effort session sends data to the indicated IP address using the port numbers provided. Each transmission is a separate event, and no memory or association between transmissions is retained.

When using the reliable TCP service, a connection must first be established between the sender and the receiver before any data can be transmitted. TCP opens a connection and negotiates connection parameters with the destination. During data flow, TCP maintains reliable delivery of the data and, when complete, closes the connection.

For example, you enter a URL for Yahoo! into the address line in the Internet Explorer window, and the Yahoo! site corresponding to the URL appears. With the Yahoo! site open, you can open the browser again in another window and type in another URL (for example, Google). You can open another browser window and type the URL for Cisco.com, and it will open. Three sites are open using only one IP connection, because the session layer is sorting the separate requests based on the port number.

Segmentation

TCP takes data chunks from the application layers and prepares them for shipment onto the network. Each chunk is broken up into smaller segments that fit the maximum transmission unit (MTU) of the underlying network layers. UDP, being simpler, does no checking or negotiating and expects the application process to give it data that works.

Flow Control for TCP/UDP

To govern the flow of data between devices, TCP uses a flow control mechanism. The receiving TCP reports a "window" to the sending TCP. This window specifies the number of bytes, starting with the acknowledgment number, that the receiving TCP is currently prepared to receive.

TCP window sizes are variable during the lifetime of a connection. Each acknowledgment contains a window advertisement that indicates how many bytes the receiver can accept. TCP also maintains a congestion control window that is normally the same size as the receiver's window but is cut in half when a segment is lost (for example, when you have congestion). This approach permits the window to be expanded or contracted as necessary to manage buffer space and processing. A larger window size allows more data to be processed.


Note - TCP window size is documented in RFC 793, "Transmission Control Protocol," and RFC 813, "Window and Acknowledgment Strategy in TCP," which you can find at http://www.ietf.org/rfc.html.


In Figure 1-53, the sender sends three 1-byte packets before expecting an ACK. The receiver can handle a window size of only 2 bytes (because of available memory). So, it drops packet 3, specifies 3 as the next byte to be received, and specifies a window size of 2. The sender resends packet 2 and also sends the next 1-byte packet, but still specifies its window size of 3. (For example, it can still accept three 1-byte packets.) The receiver acknowledges bytes 3 and 4 by requesting byte 5 and continuing to specify a window size of 2 bytes.

Many of the functions described in these sections, such as windowing and sequencing, have no meaning in UDP. Recall that UDP has no fields for sequence numbers or window sizes. Application layer protocols can provide for reliability. UDP is designed for applications that provide their own error recovery process. It trades reliability for speed.

Figure 1-53

Figure 1-53

TCP Windowing

TCP, UDP, and IP and their headers are key in the communications between networks. Layer 3 devices use an internetwork protocol like TCP/IP to provide communications between remote systems.

Acknowledgment

TCP performs sequencing of segments with a forward reference acknowledgment. A forward reference acknowledgment comes from the receiving device and tells the sending device which segment the receiving device is expecting to receive next.

For the purpose of this lesson, the complex operation of TCP is simplified in a number of ways. Simple incremental numbers are used as the sequence numbers and acknowledgments, although in reality the sequence numbers track the number of bytes received. In a TCP simple acknowledgment, the sending computer transmits a segment, starts a timer, and waits for acknowledgment before transmitting the next segment. If the timer expires before receipt of the segment is acknowledged, the sending computer retransmits the segment and starts the timer again.

Imagine that each segment is numbered before transmission (remember that it is really the number of bytes that are tracked). At the receiving station, TCP reassembles the segments into a complete message. If a sequence number is missing in the series, that segment and all subsequent segments can be retransmitted. The steps involved with the acknowledgment process are as follows:

Step 1The sender and receiver agree that each segment must be acknowledged before another can be sent. This occurs during the connection setup procedure by setting the window size to 1.
Step 2The sender transmits segment 1 to the receiver. The sender starts a timer and waits for acknowledgment from the receiver.
Step 3The receiver receives segment 1 and returns ACK = 2. The receiver acknowledges the successful receipt of the previous segment by stating the expected next segment number.
Step 4The sender receives ACK = 2 and transmits segment 2 to the receiver. The sender starts a timer and waits for acknowledgment from the receiver.
Step 5The receiver receives segment 2 and returns ACK = 3. The receiver acknowledges the successful receipt of the previous segment.
Step 6The sender receives ACK = 3 and transmits segment 4 to the receiver. This process continues until all data is sent.

Windowing

The TCP window controls the transmission rate at a level where receiver congestion and data loss do not occur.

Fixed Windowing

In the most basic form of reliable, connection-oriented data transfers, ignoring network congestion issues, the recipient acknowledges the receipt of each data segment to ensure the integrity of the transmission. However, if the sender must wait for an acknowledgment after sending each segment, throughput is low, depending on the round-trip time (RTT) between sending data and receiving the acknowledgment.

Most connection-oriented, reliable protocols allow more than one segment to be outstanding at a time. This approach can work because time is available after the sender completes a segment transmission and before the sender processes any acknowledgment of receipt. During this interval, the sender can transmit more data, provided the window at the receiver is large enough to handle more than one segment at a time. The window is the number of data segments the sender is allowed to send without getting acknowledgment from the receiver, as shown in Figure 1-54.

Windowing enables a specified number of unacknowledged segments to be sent to the receiver, thereby reducing latency. Latency in this instance refers to the amount of time it takes for data to be sent and the acknowledgment to be returned.

Example: Throwing a Ball

Think of two people standing 50 feet apart. One person throws a football to the other, and that portion of the trip takes 3 seconds. The second person receives the football, throws a ball back (acknowledgment), and that portion of the trip takes 3 seconds. The round trip takes a total of 6 seconds. To do this process 3 times would take a total of 18 seconds. Now imagine that the first person has three balls and throws them one after the other. This part of the trip still takes 3 seconds. The second person throws back one ball to acknowledge the receipt of the third ball, and that portion of the trip again takes 3 seconds. The round trip takes a total of 6 seconds. (Of course, this ignores processing time and so on.)

Figure 1-54

Figure 1-54

Fixed Windowing

The following steps describe the windowing process in a TCP connection:

Step 1The sender and receiver set an initial window size: three segments before an acknowledgment must be sent. This occurs during the connection setup procedure.
Step 2The sender transmits segments 1, 2, and 3 to the receiver. The sender transmits the segments, starts a timer, and waits for acknowledgment from the receiver.
Step 3The receiver receives segments 1, 2, and 3 and returns ACK = 4. The receiver acknowledges the successful receipt of the previous segments.
Step 4The sender receives ACK = 4 and transmits segments 4, 5, and 6 to the receiver. The sender transmits the segments, starts a timer, and waits for acknowledgment from the receiver.
Step 5The receiver receives segments 4, 5, and 6 and returns ACK = 7. The receiver acknowledges the successful receipt of the previous segments.

The numbers used in this example are simplified for ease of understanding. These numbers actually represent octets (bytes) and would be increasing in much larger numbers representing the contents of TCP segments, not the segments themselves.

TCP Sliding Windowing

TCP uses a sliding window technique to specify the number of segments, starting with the acknowledgment number that the receiver can accept.

In fixed windowing, the window size is established and does not change. In sliding windowing, the window size is negotiated at the beginning of the connection and can change dynamically during the TCP session. A sliding window results in more efficient use of bandwidth because a larger window size allows more data to be transmitted pending acknowledgment. Also, if a receiver reduces the advertised window size to 0, this effectively stops any further transmissions until a new window greater than 0 is sent.

In Figure 1-55, the window size is 3. The sender can transmit three segments to the receiver. At that point, the sender must wait for acknowledgment from the receiver. After the receiver acknowledges receipt of the three segments, the sender can transmit three more. However, if resources at the receiver become scarce, the receiver can reduce the window size so that it does not become overwhelmed and have to drop data segments.

Figure 1-55

Figure 1-55

Sliding Windowing

Each acknowledgment transmitted by the receiver contains a window advertisement that indicates the number of bytes the receiver can accept (the window size). This allows the window to be expanded or contracted as necessary to manage buffer space and processing.

TCP maintains a separate congestion window size (CWS) parameter, which is normally the same size as the window size of the receiver, but the CWS is cut in half when segments are lost. Segment loss is perceived as network congestion. TCP invokes sophisticated back off and restart algorithms so that it does not contribute to network congestion. The following steps are taken during a sliding window operation:

Step 1The sender and the receiver exchange their initial window size values. In this example, the window size is 3 segments before an acknowledgment must be sent. This occurs during the connection setup procedure.
Step 2The sender transmits segments 1, 2, and 3 to the receiver. The sender waits for an acknowledgment from the receiver after sending segment 3.
Step 3The receiver receives segments 1 and 2, but now can handle a window size of only 2 (ACK = 3 WS = 2). The receiver's processing might slow down for many reasons, such as when the CPU is searching a database or downloading a large graphic file.
Step 4The sender transmits segments 3 and 4. The sender waits for an acknowledgment from the receiver after sending segment 5, when it still has two outstanding segments.
Step 5The receiver acknowledges receipt of segments 3 and 4, but still maintains a window size of 2 (ACK = 5 WS = 2). The receiver acknowledges the successful receipt of segments 3 and 4 by requesting transmission of segment 5.

Maximize Throughput

The congestion windowing algorithm manages the rate of sent data. This minimizes both data drop and the time spent recovering dropped data; therefore, efficiency is improved.

Global Synchronization

While the congestion windowing algorithm improves efficiency in general, it can also have an extremely negative effect on efficiency by causing global synchronization of the TCP process. Global synchronization is when all the same senders use the same algorithm and their behavior synchronizes. The senders all perceive the same congestion and all back off at the same time. Then, because the senders are all using the same algorithm, they all come back at the same time, which creates waves of congestion.

Summary of Understanding TCP/IP's Transport and Application Layers

The following are the key points that were discussed in this section:

  • UDP is a protocol that operates at the transport layer and provides applications with access to the network layer without the overhead and reliability mechanisms of TCP. UDP is a connectionless, best-effort delivery protocol.

  • TCP is a protocol that operates at the transport layer and provides applications with access to the network layer. TCP is connection-oriented, provides error checking, delivers data reliably, operates in full-duplex mode, and provides some data recovery functions.

  • TCP/IP supports a number of applications, including FTP, TFTP, and Telnet.

  • IP uses a protocol number in the datagram header to identify which protocol to use for a particular datagram.

  • Port numbers map Layer 4 to an application.

  • If you use TCP as the transport layer protocol, before applications can transfer data, both sending and receiving applications inform their respective operating systems that a connection will be initiated. After synchronization has occurred, the two end systems have established a connection and data transfer can begin.

  • Flow control avoids the problem of a transmitting host overflowing the buffers in the receiving host and slowing network performance.

  • TCP provides sequencing of segments with a forward reference acknowledgement. When a single segment is sent, receipt is acknowledged, and the next segment is then sent.

  • TCP window size decreases the transmission rate to a level at which congestion and data loss do not occur. The TCP window size allows for a specified number of unacknowledged segments to be sent.

  • A fixed window is a window with an unchanging size that can accommodate a specific flow of segments.

  • A TCP sliding window is a window that can change size dynamically to accommodate the flow of segments.

  • TCP provides the sequencing of segments by providing sequence numbers and acknowledgment numbers in the TCP headers.

Exploring the Packet Delivery Process

The previous sections discussed the elements that govern host-to-host communications. You also need to understand how these elements interact. This section covers host-to-host communications by providing a graphic representation.

Layer 1 Devices and Their Functions

Layer 1 defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating the physical link between end systems. Some common examples are Ethernet segments and serial links like Frame Relay and T1. Repeaters that provide signal amplification are also considered Layer 1 devices. Figure 1-56 shows some common Layer 1 devices.

Figure 1-56

Figure 1-56

Layer 1 Devices

The physical interface on the NIC can also be considered part of Layer 1.

Layer 2 Devices and Their Functions

Layer 2 defines how data is formatted for transmission and how access to the physical media is controlled. These devices also provide an interface between the Layer 2 device and the physical media. Some common examples are a NIC installed in a host, bridge, or switch. Figure 1-57 shows an example of Layer 2 devices.

Figure 1-57

Figure 1-57

Layer 2 Devices

Layer 2 Addressing

Host communications require a Layer 2 address. Figure 1-58 shows an example of a MAC address for a Layer 2 Ethernet frame.

Figure 1-58

Figure 1-58

Ethernet MAC Address

When the host-to-host communications were first developed, several network layer protocols were called network operating systems (NOS). Early NOS were NetWare, IP, ISO, and Banyan-Vines. It became apparent that a need for a Layer 2 address that was independent of the NOS existed, so the MAC address was created.

MAC addresses are assigned to end devices such as hosts. In most cases, Layer 2 network devices such as bridges and switches are not assigned a MAC address. However, in some special cases, switches might be assigned an address.

Layer 3 Devices and Their Functions

The network layer provides connectivity and path selection between two host systems that might be located on geographically separated networks. In the case of a host, this is the path between the data link layer and the upper layers of the NOS. In the case of a router, it is the actual path across the network. Figure 1-59 shows Layer 3 devices.

Layer 3 Addressing

Each NOS has its own Layer 3 address format. For example, the OSI reference model uses a network service access point (NSAP), while TCP/IP uses an IP address. This course focuses on TCP/IP. Figure 1-60 shows an example of Layer 3 addressing.

Figure 1-59

Figure 1-59

Layer 3 Devices

Figure 1-60

Figure 1-60

Layer 3 Addressing

Mapping Layer 2 Addressing to Layer 3 Addressing

For IP communication on Ethernet-connected networks to take place, the logical (IP) address needs to be bound to the physical (MAC) address of its destination. This process is carried out by the Address Resolution Protocol (ARP). Figure 1-61 shows an example of mapping a Layer 2 address to a Layer 3 address.

To send data to a destination, a host on an Ethernet network must know the physical (MAC) address of the destination. ARP provides the essential service of mapping IP addresses to physical addresses on a network.

Figure 1-61

Figure 1-61

Mapping Layer 2 to Layer 3

The term address resolution refers to the process of binding a network layer IP address of a remote device to its locally reachable, data link layer MAC address. The address is "resolved" when ARP broadcasts the known information (the target destination IP address and its own IP address). The broadcast is received by all devices on the Ethernet segment. When the target recognizes itself by reading the contents of the ARP request packet, it responds with the required MAC address in its ARP reply. The address resolution procedure is completed when the originator receives the reply packet (containing the required MAC address) from the target and updates the table containing all of the current bindings. (This table is usually called the ARP cache or ARP table.) The ARP table maintains a correlation between each IP address and its corresponding MAC address.

The bindings in the table are kept current by a process of aging out unused entries after a period of inactivity. The default time for this aging is usually 300 seconds (5 minutes), ensuring that the table does not contain information for systems that might be switched off or that have been moved.

ARP Table

The ARP table, or ARP cache, keeps a record of recent bindings of IP addresses to MAC addresses. Figure 1-62 shows an example of an ARP table.

Figure 1-62

Figure 1-62

ARP Table

Each IP device on a network segment maintains an ARP table in its memory. This table maps the IP addresses of other devices on the network with their physical (MAC) addresses. When a host wants to transmit data to another host on the same network, it searches the ARP table to see if an entry exists. If an entry does exist, the host uses it, but if not, ARP is used to get an entry.

The ARP table is created and maintained dynamically, adding and changing address relationships as they are used on the local host. The entries in an ARP table usually expire after a period of time, by default 300 seconds; however, when the local host wants to transmit data again, the entry in the ARP table is regenerated through the ARP process.

Host-to-Host Packet Delivery

In Figure 1-63, an application on the host with a Layer 3 address of 192.168.3.1 wants to send some data to the host with a Layer 3 address of 192.168.3.2. The application wants to use a reliable connection. The application requests this service from the transport layer.

The transport layer selects TCP to set up the session. TCP initiates the session by passing a TCP header with the SYN bit set and the destination Layer 3 address (192.168.3.2) to the IP layer.

Figure 1-63

Figure 1-63

Packet Delivery

The IP layer encapsulates the TCP's SYN in a Layer 2 packet by prepending the local Layer 3 address and the Layer 3 address that IP received from TCP. IP then passes the packet to Layer 2. Figure 1-64 shows this operation.

Figure 1-64

Figure 1-64

IP Layer Operation

Layer 2 needs to encapsulate the Layer 3 packet into a Layer 2 frame. To do this, Layer 2 needs to map the Layer 3 destination address of the packet to its MAC address. It does this by requesting a mapping from the ARP program.

ARP checks its table. In this example, it is assumed that this host has not communicated with the other host, so you see no entry in the ARP table. This results in Layer 2 holding the packet until ARP can provide a mapping. Figure 1-65 shows this operation.

Figure 1-65

Figure 1-65

ARP Table Lookup

The ARP program builds an ARP request and passes it to Layer 2, telling Layer 2 to send the request to a broadcast (all Fs) address. Layer 2 encapsulates the ARP request in a Layer 2 frame using the broadcast address provided by ARP as the destination MAC address and the local MAC address as the source. Figures 1-66 and 1-67 show this operation.

Figure 1-66

Figure 1-66

ARP Overview

Figure 1-67

Figure 1-67

ARP Request Sent

When host 192.168.3.2 receives the frame, it notes the broadcast address and strips the Layer 2 encapsulation. Figure 1-68 shows this operation.

Figure 1-68

Figure 1-68

ARP Response Received

The remaining ARP request is passed to ARP. Figure 1-69 shows this operation.

Figure 1-69

Figure 1-69

Layer 2 Passes to ARP

Using the information in the ARP request, ARP updates its table. Figure 1-70 shows this operation.

Figure 1-70

Figure 1-70

ARP Adds Sending Information to Table

ARP builds a response and passes it to Layer 2, telling Layer 2 to send the response to MAC address 0800:0222:2222 (host 192.168.3.1). Figure 1-71 shows this operation.

Figure 1-71

Figure 1-71

ARP Builds a Response

Layer 2 encapsulates the ARP in a Layer 2 frame using the destination MAC address provided by ARP and the local source MAC address. Figure 1-72 shows this operation.

Figure 1-72

Figure 1-72

ARP Responds

When host 192.168.3.1 receives the frame, it notes that the destination MAC address is the same as its own address. It strips the Layer 2 encapsulation. Figure 1-73 shows this operation.

Figure 1-73

Figure 1-73

Layer 2 Recognizes MAC Address

The remaining ARP reply is passed to ARP. Figure 1-74 shows this operation.

Figure 1-74

Figure 1-74

Layer 2 Passes to ARP

ARP updates its table and passes the mapping to Layer 2. Figure 1-75 shows this operation.

Figure 1-75

Figure 1-75

ARP Updates the Table

Layer 2 can now send the pending Layer 2 packet. Figure 1-76 shows this operation.

Figure 1-76

Figure 1-76

Layer 2 Sends Packet Inside Frame to Start the Three-Way Handshake

At host 192.168.3.2, the frame is passed up the stack where encapsulation is removed. The remaining protocol data unit (PDU) is passed to TCP. Figure 1-77 shows this operation.

Figure 1-77

Figure 1-77

IP Packet Is Received

In response to the SYN, TCP passes a SYN ACK down the stack to be encapsulated. Figure 1-78 shows this operation.

Figure 1-78

Figure 1-78

Receiver Acknowledges Frame

The sender receives the ACK along with a SYN from the receiver that it must respond to. This is shown in Figure 1-79.

Figure 1-79

Figure 1-79

Sender Receives ACK

The sender sends the ACK to the receiver that it must respond to. This is shown in Figure 1-80.

Figure 1-80

Figure 1-80

Sender Acknowledges ACK and Completes the Three-Way Handshake

With the three-way handshake completed, TCP can inform the application that the session has been established. This is shown in Figure 1-81.

Figure 1-81

Figure 1-81

Session Is Open

Now the application can send the data over the session, relying on TCP for error detection. Figures 1-82 through 1-84 show this operation.

Figure 1-82

Figure 1-82

Data Flow Begins

Figure 1-83

Figure 1-83

Data Is Received

Figure 1-84

Figure 1-84

Data Is Acknowledged

The data exchange continues until the application stops sending data.

Function of the Default Gateway

In the host-to-host packet delivery example, the host was able to use ARP to map a destination's MAC address to the destination's IP address. However, this option is available only if the two hosts are on the same network. If the two hosts are on different networks, the sending host must send the data to the default gateway, which forwards the data to the destination. Figure 1-85 shows role of the default gateway in data transfers.

Figure 1-85

Figure 1-85

Role of the Default Gateway

Using Common Host Tools to Determine the Path Between Two Hosts Across a Network

Ping is a computer network tool used to test whether a particular host is reachable across an IP network. Ping works by sending Internet Control Message Protocol (ICMP) "echo request" packets ("Ping?") to the target host and listening for ICMP "echo response" replies. Using interval timing and response rates, ping estimates the RTT (generally in milliseconds) and packet-loss rate between hosts. Figure 1-86 shows the ping output from a windows command line.

Figure 1-86

Figure 1-86

Ping

The syntax for a Windows ping is as follows:

ping [-t] [-a] [-n Count] [-l Size] [-f] [-i TTL] [-v TOS] [-r Count] [-s Count]
 [{-j HostList | -k HostList}] [-w Timeout] [TargetName]

The syntax flags are as follows:

  • -t: Specifies that ping continue sending echo request messages to the destination until interrupted. To interrupt and display statistics, press Ctrl-BREAK. To interrupt and quit ping, press Ctrl-C.

  • -a: Specifies that reverse name resolution is performed on the destination IP address. If this is successful, ping displays the corresponding hostname.

  • -n Count: Specifies the number of echo request messages sent. The default is 4.

  • -l Size: Specifies the length, in bytes, of the Data field in the echo request messages sent. The default is 32. The maximum size is 65,527.

  • -f: Specifies that echo request messages are sent with the Don't Fragment flag in the IP header set to 1. The echo request message cannot be fragmented by routers in the path to the destination. This parameter is useful for troubleshooting path maximum transmission unit (PMTU) problems.

  • -i TTL: Specifies the value of the Time-to-Live (TTL) field in the IP header for echo request messages sent. The default is the default TTL value for the host. For Windows XP hosts, this is typically 128. The maximum TTL is 255.

  • -v TOS: Specifies the value of the Type of Service (TOS) field in the IP header for echo request messages sent. The default is 0. TOS is specified as a decimal value from 0 to 255.

  • -r Count: Specifies that the Record Route option in the IP header is used to record the path taken by the echo request message and corresponding echo reply message. Each hop in the path uses an entry in the Record Route option. If possible, specify a Count that is equal to or greater than the number of hops between the source and destination. The Count must be a minimum of 1 and a maximum of 9.

  • -s Count: Specifies that the Internet Timestamp option in the IP header is used to record the time of arrival for the echo request message and corresponding echo reply message for each hop. The Count must be a minimum of 1 and a maximum of 4.

  • -j HostList: Specifies that the echo request messages use the Loose Source Route option in the IP header with the set of intermediate destinations specified in HostList. With loose source routing, successive intermediate destinations can be separated by one or multiple routers. The maximum number of addresses or names in the host list is nine. The HostList is a series of IP addresses (in dotted decimal notation) separated by spaces.

  • -k HostList: Specifies that the echo request messages use the Strict Source Route option in the IP header with the set of intermediate destinations specified in HostList. With strict source routing, the next intermediate destination must be directly reachable (it must be a neighbor on an interface of the router). The maximum number of addresses or names in the host list is nine. The HostList is a series of IP addresses (in dotted decimal notation) separated by spaces.

  • -w Timeout: Specifies the amount of time, in milliseconds, to wait for the echo reply message that corresponds to a given echo request message to be received. If the echo reply message is not received within the timeout, the "Request timed out" error message is displayed. The default timeout is 4000 (4 seconds).

  • TargetName: Specifies the destination, which is identified by either IP address or host name.

  • /?: Displays help at the command prompt.

The Windows arp command shown in Figure 1-87 displays and modifies entries in the ARP cache, which contains one or more tables that store IP addresses and their resolved Ethernet physical addresses. A separate table exists for each Ethernet or Token Ring network adapter installed on your computer. Used without parameters, arp displays help.

Figure 1-87

Figure 1-87

Displaying the ARP Table

The syntax for the command is as follows:

arp [-a [InetAddr] [-N IfaceAddr]] [-g [InetAddr] [-N IfaceAddr]] [-d InetAddr [IfaceAddr]] [-s InetAddr EtherAddr [IfaceAddr]]

The following are the parameters associated with the windows ARP command:

  • -a [InetAddr] [-N IfaceAddr]: Displays current ARP cache tables for all interfaces. To display the ARP cache entry for a specific IP address, use arp -a with the InetAddr parameter, where InetAddr is an IP address. To display the ARP cache table for a specific interface, use the -N IfaceAddr parameter where IfaceAddr is the IP address assigned to the interface. The -N parameter is case-sensitive.

  • -g [InetAddr] [-N IfaceAddr]: Identical to -a.

  • -d InetAddr [IfaceAddr]: Deletes an entry with a specific IP address, where InetAddr is the IP address. To delete an entry in a table for a specific interface, use the IfaceAddr parameter where IfaceAddr is the IP address assigned to the interface. To delete all entries, use the asterisk (*) wildcard character in place of InetAddr.

  • -s InetAddr EtherAddr [IfaceAddr]: Adds a static entry to the ARP cache that resolves the IP address InetAddr to the physical address EtherAddr. To add a static ARP cache entry to the table for a specific interface, use the IfaceAddr parameter where IfaceAddr is an IP address assigned to the interface.

  • /?: Displays help at the command prompt.

The TRACERT (traceroute) diagnostic utility determines the route to a destination by sending ICMP echo packets to the destination. In these packets, TRACERT uses varying IP TTL values. Because each router along the path is required to decrement the packet's TTL by at least 1 before forwarding the packet, the TTL is effectively a hop counter. When the TTL on a packet reaches zero (0), the router sends an ICMP "Time Exceeded" message back to the source computer.

TRACERT sends the first echo packet with a TTL of 1 and increments the TTL by 1 on each subsequent transmission until the destination responds or until the maximum TTL is reached. The ICMP "Time Exceeded" messages that intermediate routers send back show the route. Note, however, that some routers silently drop packets with expired TTL values, and these packets are invisible to TRACERT.

TRACERT prints out an ordered list of the intermediate routers that return ICMP "Time Exceeded" messages. Using the -d option with the tracert command instructs TRACERT not to perform a DNS lookup on each IP address, so that TRACERT reports the IP address of the near-side interface of the routers. Figure 1-88 shows a traceroute to yahoo.com.

Figure 1-88

Figure 1-88

Performing a Traceroute

The syntax for a windows traceroute is as follows:

tracert -d -h maximum_hops -j HostList -w Timeout target_host

The following are the parameters associated with the windows traceroute command:

  • -d: Specifies to not resolve addresses to hostnames

  • -h maximum_hops: Specifies the maximum number of hops to search for the target

  • -j HostList: Specifies loose source route along the host list

  • -w Timeout: Waits the number of milliseconds specified by timeout for each reply

  • target_host: Specifies the name or IP address of the target host

Summary of Exploring the Packet Delivery Process

The following summarizes the key points that were discussed in this lesson.

  • Layer 1 devices provide the connection to the physical media and its encoding.

  • Layer 2 devices provide an interface between the Layer 2 device and the physical media.

  • Layer 2 addresses are MAC addresses.

  • The network layer provides connectivity and path selection between two host systems.

  • Layer 3 addresses provide identification of a network and a host, such as an IP address.

  • Before a host can send data to another host, it must know the MAC address of the other device.

  • ARP is a protocol that maps IP addresses to MAC addresses.

  • TCP uses a three-way handshake to establish a session before sending data.

  • Most operating systems offer tools to view the device ARP table as well as tools like ping and traceroute to test IP connectivity.

Understanding Ethernet

A LAN is a common type of network found in home offices, small businesses, and large enterprises. Understanding how a LAN functions, including network components, frames, Ethernet addresses, and operational characteristics, is important for an overall knowledge of networking technologies.

This lesson describes LANs and provides fundamental knowledge about LAN characteristics, components, and functions. It also describes the basic operations of an Ethernet LAN and how frames are transmitted over it.

The Definition of a LAN

A LAN is a network of computers and other components located relatively close together in a limited area. LANs can vary widely in their size. A LAN might consist of only two computers in a home office or small business, or it might include hundreds of computers in a large corporate office or multiple buildings. Figure 1-89 shows some examples of LANs.

A small home business or a small office environment could use a small LAN to connect two or more computers and to connect the computers to one or more shared peripheral devices such as printers. A large corporate office could use multiple LANs to accommodate hundreds of computers and shared peripheral devices, for departments such as finance or operations, spanning many floors in an office complex.

Figure 1-89

Figure 1-89

LANs

Components of a LAN

Every LAN has specific components, including hardware, interconnections, and software. Figure 1-90 highlights the hardware components of a LAN

Figure 1-90

Figure 1-90

LAN Components

Regardless of the size of the LAN, it requires these fundamental components for its operation.

  • Computers: Computers serve as the endpoints in the network, sending and receiving data.

  • Interconnections: Interconnections enable data to travel from one point to another in the network. Interconnections include these components:

  • NICs: NICs translate the data produced by the computer into a format that can be transmitted over the LAN.

  • Network media: Network media, such as cables or wireless media, transmit signals from one device on the LAN to another.

  • Network devices: A LAN requires the following network devices:

  • Hubs: Hubs provide aggregation devices operating at Layer 1 of the OSI reference model. However, hubs have been replaced in this function by switches.

  • Ethernet switches: Ethernet switches form the aggregation point for LANs. Ethernet switches operate at Layer 2 of the OSI reference model and provide intelligent distribution of frames within the LAN.

  • Routers: Routers, sometimes called gateways, provide a means to connect LAN segments. Routers operate at Layer 3 of the OSI reference model.

  • Protocols: Protocols govern the way data is transmitted over a LAN and include the following:

    • Ethernet protocols

    • IP

    • ARP and RARP

    • DHCP

Functions of a LAN

LANs provide network users with communication and resource-sharing functions, including the following:

  • Data and applications: When users are connected through a network, they can share files and even software application programs. This makes data more easily available and promotes more efficient collaboration on work projects.

  • Resources: The resources that can be shared include both input devices, such as cameras, and output devices, such as printers.

  • Communication path to other networks: If a resource is not available locally, the LAN, via a gateway, can provide connectivity to remote resources—for example, access to the web.

How Big Is a LAN?

A LAN can be configured in a variety of sizes, depending on the requirements of the environment in which it operates. Figure 1-91 contrasts LAN sizes.

Figure 1-91

Figure 1-91

Sizes of a LAN

LANs can be of various sizes to fit different work requirements, including the following:

  • Small office/home office (SOHO): The SOHO environment typically has only a few computers and some peripherals such as printers.

  • Enterprise: The enterprise environment might include many separate LANs in a large office building or in different buildings on a corporate campus. In the enterprise environment, each LAN might contain hundreds of computers and peripherals in each LAN.

Ethernet

Ethernet is the most common type of LAN. It was originally developed in the 1970s by Digital Equipment Corporation (DEC), Intel, and Xerox and was called DIX Ethernet. It later came to be called thick Ethernet (because of the thickness of the cable used in this type of network), and it transmitted data at 10 megabits per second (Mbps). The standard for Ethernet was updated in the 1980s to add more capability, and the new version of Ethernet was referred to as Ethernet Version 2 (also called Ethernet II).

The Institute of Electrical and Electronic Engineers (IEEE) is a professional organization that defines network standards. IEEE standards are the predominant LAN standards in the world today. In the mid-1980s, an IEEE workgroup defined new standards for Ethernet-like networks. The set of standards they created was called Ethernet 802.3 and was based on the carrier sense multiple access with collision detection (CSMA/CD) process. Ethernet 802.3 specified the physical layer (Layer 1) and the MAC portion of the data link layer (Layer 2). Today, this set of standards is most often referred to as simply "Ethernet."

Ethernet LAN Standards

Ethernet LAN standards specify cabling and signaling at both the physical and data link layers of the OSI reference model. This topic describes Ethernet LAN standards at the data link layer.

Figure 1-92 shows how LAN protocols map to the OSI reference model.

Figure 1-92

Figure 1-92

Ethernet Compared to the OSI Model

The IEEE divides the OSI data link layer into two separate sublayers:

  • Logical link control (LLC): Transitions up to the network layer

  • MAC: Transitions down to the physical layer

LLC Sublayer

The IEEE created the LLC sublayer to allow part of the data link layer to function independently from existing technologies. This layer provides versatility in services to the network layer protocols that are above it, while communicating effectively with the variety of MAC and Layer 1 technologies below it. The LLC, as a sublayer, participates in the encapsulation process.

An LLC header tells the data link layer what to do with a packet when it receives a frame. For example, a host receives a frame and then looks in the LLC header to understand that the packet is destined for the IP protocol at the network layer.

The original Ethernet header (prior to IEEE 802.2 and 802.3) did not use an LLC header. Instead, it used a type field in the Ethernet header to identify the Layer 3 protocol being carried in the Ethernet frame.

MAC Sublayer

The MAC sublayer deals with physical media access. The IEEE 802.3 MAC specification defines MAC addresses, which uniquely identify multiple devices at the data link layer. The MAC sublayer maintains a table of MAC addresses (physical addresses) of devices. To participate on the network, each device must have a unique MAC address.

The Role of CSMA/CD in Ethernet

Ethernet signals are transmitted to every station connected to the LAN, using a special set of rules to determine which station can "talk" at any particular time. This topic describes that set of rules.

Ethernet LANs manage the signals on a network by CSMA/CD, which is an important aspect of Ethernet. Figure 1-93 illustrates the CSMA/CD process.

In an Ethernet LAN, before transmitting, a computer first listens to the network media. If the media is idle, the computer sends its data. After a transmission has been sent, the computers on the network compete for the next available idle time to send another frame. This competition for idle time means that no one station has an advantage over another on the network.

Figure 1-93

Figure 1-93

CSMA/CD

Stations on a CSMA/CD LAN can access the network at any time. Before sending data, CSMA/CD stations listen to the network to determine whether it is already in use. If it is, the CSMA/CD stations wait. If the network is not in use, the stations transmit. A collision occurs when two stations listen for network traffic, hear none, and transmit simultaneously (see the figure). In this case, both transmissions are damaged, and the stations must retransmit at some later time. CSMA/CD stations must be able to detect collisions to know that they must retransmit.

When a station transmits, the signal is referred to as a carrier. The NIC senses the carrier and consequently refrains from broadcasting a signal. If no carrier exists, a waiting station knows that it is free to transmit. This is the "carrier sense" part of the protocol.

The extent of the network segment over which collisions occur is referred to as the collision domain. The size of the collision domain has an impact on efficiency, and therefore on data throughput.

In the CSMA/CD process, priorities are not assigned to particular stations, so all stations on the network have equal access. This is the "multiple access" part of the protocol. If two or more stations attempt a transmission simultaneously, a collision occurs. The stations are alerted of the collision, and they execute a backoff algorithm that randomly schedules retransmission of the frame. This scenario prevents the machines from repeatedly attempting to transmit at the same time. Collisions are normally resolved in microseconds. This is the "collision detection" part of the protocol.

Ethernet Frames

Bits that are transmitted over an Ethernet LAN are organized into frames. In Ethernet terminology, the "container" into which data is placed for transmission is called a frame. The frame contains header information, trailer information, and the actual data that is being transmitted.

Figure 1-94 illustrates all of the fields that are in a MAC layer of the Ethernet frame, which include the following:

Figure 1-94

Figure 1-94

Ethernet Frame

  • Preamble: This field consists of 7 bytes of alternating 1s and 0s, which synchronize the signals of the communicating computers.

  • Start-of-frame (SOF) delimiter: This field contains bits that signal the receiving computer that the transmission of the actual frame is about to start and that any data following is part of the packet.

  • Destination address: This field contains the address of the NIC on the local network to which the packet is being sent.

  • Source address: This field contains the address of the NIC of the sending computer.

  • Type/length: In Ethernet II, this field contains a code that identifies the network layer protocol. In 802.3, this field specifies the length of the data field. The protocol information is contained in 802.2 fields, which are at the LLC layer. The newer 802.3 specifications have allowed the use of Ethertype protocol identifiers when not using the 802.2 field.

  • Data and pad: This field contains the data that is received from the network layer on the transmitting computer. This data is then sent to the same protocol on the destination computer. If the data is too short, an adapter adds a string of extraneous bits to "pad" the field to its minimum length of 46 bytes.

  • Frame check sequence (FCS): This field includes a checking mechanism to ensure that the packet of data has been transmitted without corruption.

Ethernet Frame Addressing

Communications in a network occur in three ways: unicast, broadcast, and multicast. Ethernet frames are addressed accordingly. Figure 1-95 shows forms of Ethernet communications.

Figure 1-95

Figure 1-95

Ethernet Communications

The three major types of network communications are as follows:

  • Unicast: Communication in which a frame is sent from one host and addressed to one specific destination. In unicast transmission, you have just one sender and one receiver. Unicast transmission is the predominant form of transmission on LANs and within the Internet.

  • Broadcast: Communication in which a frame is sent from one address to all other addresses. In this case, you have just one sender, but the information is sent to all connected receivers. Broadcast transmission is essential when sending the same message to all devices on the LAN.

  • Multicast: Communication in which information is sent to a specific group of devices or clients. Unlike broadcast transmission, in multicast transmission clients must be members of a multicast group to receive the information.

Ethernet Addresses

The address used in an Ethernet LAN, which is associated with the network adapter, is the means by which data is directed to the proper receiving location. Figure 1-96 shows the format of an Ethernet address.

Figure 1-96

Figure 1-96

Ethernet Addresses

The address that is on the NIC is the MAC address, often referred to as the burned-in address (BIA), and some vendors allow the modification of this address to meet local needs. A 48-bit Ethernet MAC address has two components:

  • 24-bit Organizational Unique Identifier (OUI): The letter "O" identifies the manufacturer of the NIC card. The IEEE regulates the assignment of OUI numbers. Within the OUI, the two following bits have meaning only when used in the destination address:

  • Broadcast or multicast bit: This indicates to the receiving interface that the frame is destined for all or a group of end stations on the LAN segment.

  • Locally administered address bit: Normally the combination of OUI and a 24-bit station address is universally unique; however, if the address is modified locally, this bit should be set.

  • 24-bit vendor-assigned end station address: This uniquely identifies the Ethernet hardware.

MAC Addresses and Binary-Hexadecimal Numbers

The MAC address plays a specific role in the function of an Ethernet LAN. The MAC sublayer of the OSI data link layer handles physical addressing issues, and the physical address is a number in hexadecimal format that is actually burned into the NIC. This address is referred to as the MAC address, and it is expressed as groups of hexadecimal digits that are organized in pairs or quads, such as the following: 00:00:0c:43:2e:08 or 0000:0c43:2e08. Figure 1-97 shows the MAC address format compared to the MAC frame.

Figure 1-97

Figure 1-97

Hexadecimal MAC Address

Each device on a LAN must have a unique MAC address to participate in the network. The MAC address identifies the location of a specific computer on a LAN. Unlike other kinds of addresses used in networks, the MAC address should not be changed unless you have some specific need.

Summary of Understanding Ethernet

The following summarizes the key points that were discussed in this lesson:

  • A LAN is a network that is located in a limited area, with the computers and other components that are part of this network located relatively close together.

  • Regardless of its size, several fundamental components are required for the operation of a LAN, including computers, interconnections, network devices, and protocols.

  • LANs provide both communication and resource-sharing functions for their users and can be configured in various sizes, including both SOHO and enterprise environments.

  • Ethernet was developed in the 1970s by DEC, Intel, and Xerox and was called DIX Ethernet. In the 1980s, an IEEE workgroup body defined a new Ethernet standard for public use, and it was called Ethernet 802.3 and Ethernet 802.2.

  • Ethernet LAN standards specify cabling and signaling at both the physical and data link layers of the OSI model.

  • Stations on a CSMA/CD LAN can access the network at any time before sending data. CSMA/CD stations listen to the network to determine whether it is already in use. If it is in use, they wait. If it is not in use, the stations transmit. A collision occurs when two stations listen for the network traffic, hear none, and transmit simultaneously.

  • An Ethernet frame consists of fields, including preamble, start-of-frame delimiter, destination address, source address, type/length, data and pad, and frame check sequence.

  • You find three major kinds of communications in networks: unicast, multicast, and broadcast.

  • The address used in an Ethernet LAN is the means by which data is directed to the proper receiving location.

  • The MAC sublayer handles physical addressing issues, and the physical address is a 48-bit number usually represented in hexadecimal format.

Connecting to an Ethernet LAN

In addition to understanding the components of an Ethernet LAN and the standards that govern its architecture, you need to understand the connection components of an Ethernet LAN. This lesson describes the connection components of an Ethernet LAN, including network interface cards (NIC) and cable.

Ethernet Network Interface Cards

A NIC is a printed circuit board that provides network communication capabilities to and from a personal computer on a network. Figure 1-98 shows an example of a NIC.

Figure 1-98

Figure 1-98

Network Interface Card

Also called a LAN adapter, the NIC plugs into a motherboard and provides a port for connecting to the network. The NIC constitutes the computer interface with the LAN.

The NIC communicates with the network through a serial connection, and with the computer through a parallel connection. When a NIC is installed in a computer, it requires an interrupt request line (IRQ), an input/output (I/O) address, a memory space within the operating system (such as DOS or Windows), and drivers (software) that allow it to perform its function. An IRQ is a signal that informs a CPU that an event needing its attention has occurred. An IRQ is sent over a hardware line to the microprocessor. An example of an interrupt request being issued is when a key is pressed on a keyboard, and the CPU must move the character from the keyboard to RAM. An I/O address is a location in memory used by an auxiliary device to enter data into or retrieve data from a computer.

The MAC address is burned onto each NIC by the manufacturer, providing a unique, physical network address.

Ethernet Media and Connection Requirements

Distance and time dictate the type of Ethernet connections required. This section describes the cable and connector specifications used to support Ethernet implementations.

The cable and connector specifications used to support Ethernet implementations are derived from the EIA/TIA standards body. The categories of cabling defined for Ethernet are derived from the EIA/TIA-568 (SP-2840) Commercial Building Telecommunications Wiring Standards. EIA/TIA specifies an RJ-45 connector for unshielded twisted-pair (UTP) cable.

The important difference to note is the media used for 10-Mbps Ethernet versus 100-Mbps Ethernet. In networks today, where you see a mix of 10- and 100-Mbps requirements, you must be aware of the need to change over to UTP Category 5 to support Fast Ethernet.

Connection Media

Several types of connection media can be used in an Ethernet LAN implementation. Figure 1-99 shows typical connection types.

The most common type of connection media is the RJ-45 connector and jack illustrated in Figure 1-99. The letters "RJ" stands for registered jack, and the number "45" refers to a specific physical connector that has 8 conductors.

A Gigabit Interface Converter (GBIC), shown in Figure 1-100, is a hot-swappable I/O device that plugs into a Gigabit Ethernet port. A key benefit of using a GBIC is that it is interchangeable, allowing you the flexibility to deploy other 1000BASE-X technology without having to change the physical interface or model on the router or switch. GBICs support UTP (copper) and fiber-optic media for Gigabit Ethernet transmission.

Figure 1-99

Figure 1-99

Connection Types

Figure 1-100

Figure 1-100

1000Base-T GBIC

Typically, GBICs are used in the LAN for uplinks and are normally used for the backbone. GBICs are also seen in remote networks.

The fiber-optic GBIC, shown in Figure 1-101, is a transceiver that converts serial electric currents to optical signals and converts optical signals to digital electric currents.

Figure 1-101

Figure 1-101

Fiber GBIC

Optical GBICs include these types:

  • Short wavelength (1000BASE-SX)

  • Long wavelength/long haul (1000BASE-LX/LH)

  • Extended distance (1000BASE-ZX)

Unshielded Twisted-Pair Cable

Twisted-pair is a copper wire–based cable that can be either shielded or unshielded. UTP cable is frequently used in LANs. Figure 1-102 shows an example of a UTP cable.

Figure 1-102

Figure 1-102

UTP Cable

UTP cable is a four-pair wire. Each of the eight individual copper wires in UTP cable is covered by an insulating material. In addition, the wires in each pair are twisted around each other. The advantage of UTP cable is its ability to cancel interference, because the twisted-wire pairs limit signal degradation from electromagnetic interference (EMI) and radio frequency interference (RFI). To further reduce crosstalk between the pairs in UTP cable, the number of twists in the wire pairs varies. Both UTP and shielded twisted-pair (STP) cable must follow precise specifications regarding how many twists or braids are permitted per meter.

UTP cable is used in a variety of types of networks. When used as a network medium, UTP cable has 4 pairs of either 22- or 24-gauge copper wire. UTP used as a network medium has an impedance of 100 ohms, differentiating it from other types of twisted-pair wiring, such as that used for telephone wiring. Because UTP cable has an external diameter of approximately 0.43 cm, or 0.17 inches, its small size can be advantageous during installation. Also, because UTP can be used with most of the major network architectures, it continues to grow in popularity.

Here are the categories of UTP cable:

  • Category 1: Used for telephone communications; not suitable for transmitting data

  • Category 2: Capable of transmitting data at speeds of up to 4 Mbps

  • Category 3: Used in 10BASE-T networks; can transmit data at speeds up to 10 Mbps

  • Category 4: Used in Token Ring networks; can transmit data at speeds up to 16 Mbps

  • Category 5: Capable of transmitting data at speeds up to 100 Mbps

  • Category 5e: Used in networks running at speeds up to 1000 Mbps (1 Gbps)

  • Category 6: Consists of 4 pairs of 24-gauge copper wires, which can transmit data at speeds of up to 1000 Mbps

The most commonly used categories in LAN environments today are Categories 1 (used primarily for telephony), 5, 5e, and 6.

UTP Implementation

For a UTP implementation in a LAN, you must determine the EIA/TIA type of cable needed and also whether to use a straight-through or crossover cable. This topic describes the characteristics and uses of straight-through and crossover cables, as well as the types of connectors used when UTP is implemented in a LAN. Figure 1-103 shows a RJ-45 connector.

Figure 1-103

Figure 1-103

RJ-45 Connector

If you look at the RJ-45 transparent-end connector, you can see eight colored wires, twisted into four pairs. Four of the wires (two pairs) carry the positive or true voltage and are considered "tip" (T1 through T4); the other four wires carry the inverse of false voltage grounded and are called "ring" (R1 through R4). Tip and ring are terms that originated in the early days of the telephone. Today, these terms refer to the positive and negative wires in a pair. The wires in the first pair in a cable or a connector are designated as T1 and R1, the second pair as T2 and R2, and so on.

The RJ-45 plug is the male component, crimped at the end of the cable. As you look at the male connector from the front, the pin locations are numbered from 8 on the left to 1 on the right. Figure 1-104 shows a RJ-45 jack.

The jack is the female component in a network device, wall, cubicle partition outlet, or patch panel.

In addition to identifying the correct EIA/TIA category of cable to use for a connecting device (depending on which standard is being used by the jack on the network device), you need to determine which of the following to use:

  • A straight-through cable (either T568A OR T568B at each end)

  • A crossover cable (T568A at one end; T568B at the other)

Figure 1-104

Figure 1-104

RJ-45 Jack

In Figure 1-105, the RJ-45 connectors on both ends of the cable show all the wires in the same order. If the two RJ-45 ends of a cable are held side-by-side in the same orientation, the colored wires (or strips or pins) can be seen at each connector end. If the order of the colored wires is the same at each end, the cable type is straight-through.

Figure 1-105

Figure 1-105

Straight-Through Cable

With crossover cables, the RJ-45 connectors on both ends show that some of the wires on one side of the cable are crossed to a different pin on the other side of the cable. Specifically, for Ethernet, pin 1 at one RJ-45 end should be connected to pin 3 at the other end. Pin 2 at one end should be connected to pin 6 at the other end, as shown in the Figure 1-106.

Figure 1-106

Figure 1-106

Crossover Cable

Figure 1-107 shows the guidelines for choosing which type of cable to use when interconnecting Cisco devices. In addition to verifying the category specification on the cable, you must determine when to use a straight-through or crossover cable.

Use straight-through cables for the following cabling:

  • Switch to router

  • Switch to PC or server

  • Hub to PC or server

Use crossover cables for the following cabling:

  • Switch to switch

  • Switch to hub

  • Hub to hub

  • Router to router

  • Router Ethernet port to PC NIC

  • PC to PC

Figure 1-107

Figure 1-107

When to Use a Straight-Through Cable Versus a Crossover Cable

Figure 1-108 illustrates how a variety of UTP cable types might be required in a given network. Note that the category of UTP required is based on the type of Ethernet that you choose to implement.

Figure 1-108

Figure 1-108

Using Varieties of UTP

Summary of Connecting to an Ethernet LAN

This section summarizes the key points that were discussed in this lesson:

  • A NIC or LAN adapter plugs into a motherboard and provides an interface for connecting to the network.

  • The MAC address is burned onto each NIC by the manufacturer, providing a unique, physical network address that permits the device to participate in the network.

  • The cable and connector specifications used to support Ethernet implementations are derived from the EIA/TIA standards body.

  • The categories of cabling defined for the Ethernet are derived from the EIA/TIA-568 (SP2840) Commercial Building Telecommunications Wiring Standards.

  • Several connection media are used for Ethernet with RJ-45 and GBIC being the most common.

  • A GBIC is a hot-swappable I/O device that plugs into a Gigabit Ethernet port on a network device to provide a physical interface.

  • UTP cable is a four-pair wire. Each of the eight individual copper wires in UTP cable is covered by an insulating material, and the wires in each pair are twisted around each other.

  • A crossover cable connects between similar devices like router to router, PC to PC, or switch to switch.

  • A straight-through cable connects between dissimilar devices like switch to router or PC to switch.

Chapter Summary

A network is a connected collection of devices that can communicate with each other. Networks in homes, small businesses, or large enterprises allow users to share resources such as data and applications (e-mail, web access, messaging, collaboration, and databases), peripherals, storage devices, and backup devices. Networks carry data (or data packets) following rules and standards called protocols, each with its own specialized function. Networks can be evaluated in terms of both performance and structure, using measures such as speed, cost, security, availability, scalability, reliability, and topology.

Ethernet is the most common type of LAN used today. Standards unique to Ethernet specify Ethernet LAN cabling and signaling at both the physical and data link layers of the OSI reference model. Bits that are transmitted over an Ethernet LAN are organized into frames. Ethernet LANs manage the signals on a network using a process called CSMA/CD.

The OSI reference model facilitates an understanding of how information travels through a network, by defining the network functions that occur at each layer.

Most networks operate under the rules defined by TCP/IP. TCP/IP defines a 32-bit address that is represented by 4 octets separated by a period. This host address can be manually configured or obtained from a DHCP server.

Review Questions

Use the questions here to review what you learned in this chapter. The correct answers and solutions are found in the appendix, "Answers to Chapter Review Questions."

  1. Which three statements about networks are accurate? (Choose three.)

    1. Networks transmit data in many kinds of environments, including homes, small businesses, and large enterprises.

    2. A main office can have hundreds or even thousands of people who depend on network access to do their jobs.

    3. A network is a connected collection of devices that can communicate with each other.

    4. A main office usually has one large network to connect all users.

    5. The purpose of a network is to create a means to provide all workers with access to all information and components that are accessible by the network.

    6. Remote locations cannot connect to a main office through a network.

  2. What is the purpose of a router?

    1. To interconnect networks and choose the best paths between them

    2. To provide the connection points for the media

    3. To serve as the endpoint in the network, sending and receiving data

    4. To provide the means by which the signals are transmitted from one networked device to another

  3. What is the purpose of a switch?

    1. To connect separate networks and filter the traffic over those networks so that the data is transmitted through the most efficient route

    2. To choose the path over which data is sent to its destination

    3. To serve as the endpoint in the network, sending and receiving data

    4. To provide network attachment to the end systems and intelligent switching of the data within the local network

  4. What is the purpose of network interconnections?

    1. To connect separate networks and filter the traffic over those networks so that the data is transmitted through the most efficient route

    2. To choose the path over which data is sent to its destination

    3. To provide a means for data to travel from one point to another in the network

    4. To provide network attachment to the end systems and intelligent switching of the data within the local network

  5. Which resource is not sharable on a network?

    1. memory

    2. applications

    3. peripherals

    4. storage devices

  6. Which three of the following are common network applications? (Choose three.)

    1. e-mail

    2. collaboration

    3. graphics creation

    4. databases

    5. word processing

    6. spreadsheets

  7. Match each network characteristic to its definition.

    ____1. speed

    ____2. cost

    ____3. security

    ____4. availability

    ____5. scalability

    ____6. reliability

    ____7. topology

    1. Indicates how easily users can access the network

    2. Indicates how dependable the network is

    3. Indicates the protection level of the network itself and the data that is transmitted

    4. Indicates how fast data is transmitted over the network

    5. Indicates how well the network can accommodate more users or data transmission requirements

    6. Indicates the structure of the network

    7. Indicates the general price of components, installation, and maintenance of the network

  8. Which statements about physical networking topologies are accurate? (Choose two.)

    1. A physical topology defines the way in which the computers, printers, network devices, and other devices are connected.

    2. There are two primary categories of physical topologies: bus and star.

    3. A physical topology describes the paths that signals travel from one point on a network to another.

    4. The choice of a physical topology is largely influenced by the type of data to be transmitted over the network.

  9. Which statement about logical topologies is accurate?

    1. A logical topology defines the way in which the computers, printers, network devices, and other devices are connected.

    2. A logical topology depends solely on the type of computers to be included in the network.

    3. A logical topology describes the paths that the signals travel from one point on a network to another.

    4. A network cannot have different logical and physical topologies.

  10. Match each topology type to its correct description.

    ____1. All of the network devices connect directly to each other in a linear fashion.

    ____2. All of the network devices are directly connected to one central point with no other connections between them.

    ____3. All of the devices on a network are connected in the form of a circle.

    ____4. Each device has a connection to all of the other devices.

    ____5. At least one device maintains multiple connections to other devices.

    ____6. This design adds redundancy to the network.

    1. star

    2. bus

    3. mesh

    4. ring

    5. partial-mesh

    6. dual-ring

  11. Which two statements about wireless networks are accurate? (Choose two.)

    1. Instead of cables, wireless communication uses RFs or infrared waves to transmit data.

    2. To receive the signals from the access point, a computer needs to have a wireless adapter card or wireless NIC.

    3. For wireless LANs, a key component is a router, which propagates signal distribution.

    4. Wireless networks are not very common, and generally only large corporations use them.

  12. What is the main threat to a closed network?

    1. A deliberate attack from outside

    2. A deliberate or accidental attack from inside

    3. Misuse by customers

    4. Misuse by employees

  13. Which two factors have recently influenced the increase in threats from hackers? (Choose two.)

    1. Hacker tools require more technical knowledge to use.

    2. Hacker tools have become more sophisticated.

    3. The number of reported security threats has remained constant year to year.

    4. Hacker tools require less technical knowledge to use.

  14. Which of the following four attacks are classified as access attacks? (Choose two.)

    1. Password attacks

    2. DDoS

    3. Trojan horse

    4. Love Bug

  15. Which two statements about the purpose of the OSI model are accurate? (Choose two.)

    1. The OSI model defines the network functions that occur at each layer.

    2. The OSI model facilitates an understanding of how information travels throughout a network.

    3. The OSI model ensures reliable data delivery through its layered approach.

    4. The OSI model allows changes in one layer to affect the other layers.

  16. Match each OSI layer to its function.

    ____1. physical

    ____2. data link

    ____3. network

    ____4. transport

    ____5. session

    ____6. presentation

    ____7. application

    1. Provides connectivity and path selection between two host systems that might be located on geographically separated networks

    2. Ensures that the information sent at the application layer of one system is readable by the application layer of another system

    3. Defines how data is formatted for transmission and how access to the network is controlled

    4. Segments data from the system of the sending host and reassembles the data into a data stream on the system of the receiving host

    5. Defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating the physical link between end systems

    6. Provides network services to the applications of the user, such as e-mail, file transfer, and terminal emulation

    7. Establishes, manages, and terminates sessions between two communicating hosts and also synchronizes dialogue between the presentation layers of the two hosts and manages their data exchange

  17. Arrange the steps of the data encapsulation process in the correct order.

    ____1. Step 1

    ____2. Step 2

    ____3. Step 3

    ____4. Step 4

    ____5. Step 5

    ____6. Step 6

    ____7. Step 7

    ____8. Step 8

    1. The presentation layer adds the presentation layer header (Layer 6 header) to the data. This then becomes the data that is passed down to the session layer.

    2. The session layer adds the session layer header (Layer 5 header) to the data. This then becomes the data that is passed down to the transport layer.

    3. The application layer adds the application layer header (Layer 7 header) to the user data. The Layer 7 header and the original user data become the data that is passed down to the presentation layer.

    4. The network layer adds the network layer header (Layer 3 header) to the data. This then becomes the data that is passed down to the data link layer.

    5. The transport layer adds the transport layer header (Layer 4 header) to the data. This then becomes the data that is passed down to the network layer.

    6. The user data is sent from an application to the application layer.

    7. The data link layer adds the data link layer header and trailer (Layer 2 header and trailer) to the data. A Layer 2 trailer is usually the frame check sequence, which is used by the receiver to detect whether the data is in error. This then becomes the data that is passed down to the physical layer.

    8. The physical layer then transmits the bits onto the network media.

  18. At which layer does de-encapsulation first occur?

    1. application

    2. data link

    3. network

    4. transport

  19. Match each layer with the function it performs in peer-to-peer communication.

    ____1. network layer

    ____2. data link layer

    ____3. physical layer

    1. Encapsulates the network layer packet in a frame

    2. Moves the data through the internetwork by encapsulating the data and attaching a header to create a packet

    3. Encodes the data link frame into a pattern of 1s and 0s (bits) for transmission on the medium (usually a wire)

  20. What is the function of a network protocol?

    1. Uses sets of rules that tell the services of a network what to do

    2. Ensures reliable delivery of data

    3. Routes data to its destination in the most efficient manner

    4. Is a set of functions that determine how data is defined

  21. Match each TCP/IP stack layer to its function.

    ____1. Provides applications for file transfer, network troubleshooting, and Internet activities, and supports the network

    ____2. Defines how data is formatted for transmission and how access to the network is controlled

    ____3. Defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating the physical link between end systems

    ____4. Provides routing of data from the source to a destination by defining the packet and addressing scheme, moving data between the data link and transport layers, routing packets of data to remote hosts, and performing fragmentation and reassembly of data packets

    ____5. Provides communication services directly to the application processes running on different network hosts

    1. physical layer

    2. data link layer

    3. Internet layer

    4. transport layer

    5. application layer

  22. Which area of the OSI model and the TCP/IP stack is most diverse?

    1. network layer

    2. transport layer

    3. application layer

    4. data link layer

  23. How many bits are in an IPv4 address?

    1. 16

    2. 32

    3. 48

    4. 64

    5. 128

  24. In a Class B address, which of the octets are the host address portion and are assigned locally?

    1. The first octet is assigned locally.

    2. The first and second octets are assigned locally.

    3. The second and third octets are assigned locally.

    4. The third and fourth octets are assigned locally.

  25. The address 172.16.128.17 is of which class?

    1. Class A

    2. Class B

    3. Class C

    4. Class D

  26. Which of the following statements is true of a directed broadcast address?

    1. A broadcast address is an address that has all 0s in the host field.

    2. Any IP address in a network can be used as a broadcast address.

    3. A directed broadcast address is an address that has all 1s in the host field.

    4. None of the above is correct.

  27. Which two of these addresses are private IP addresses? (Choose two.)

    1. 10.215.34.124

    2. 172.16.71.43

    3. 172.17.10.10

    4. 225.200.15.10

  28. Which three statements about IP are accurate? (Choose three.)

    1. IP is a connectionless protocol.

    2. IP uses relational addressing.

    3. IP delivers data reliably.

    4. IP operates at Layer 2 of the TCP/IP stack and OSI model.

    5. IP does not provide any recovery functions.

    6. IP delivers data on a best-effort basis.

  29. Which three statements about TCP are accurate? (Choose three.)

    1. TCP operates at Layer 3 of the TCP/IP stack.

    2. TCP is a connection-oriented protocol.

    3. TCP provides no error checking.

    4. TCP packets are numbered and sequenced so that the destination can reorder packets and determine if a packet is missing.

    5. TCP provides no recovery service.

    6. Upon receipt of one or more TCP packets, the receiver returns an acknowledgement to the sender indicating that it received the packets.

  30. Which characteristic is similar between TCP and UDP?

    1. Operates at Layer 4 (transport layer) of the OSI model and the TCP/IP stack

    2. Capable of performing a very limited form of error checking

    3. Provides service on a best-effort basis and does not guarantee packet delivery

    4. Provides no special features that recover lost or corrupted packets

  31. When a single computer with one IP address has several websites open at once, this is called _____.

    1. windowing

    2. session multiplexing

    3. segmenting

    4. connection-oriented protocol

  32. TCP is best for which two of the following applications? (Choose two.) (Understanding TCP/IP's Transport and Application Layers)

    1. E-mail

    2. Voice streaming

    3. Downloading

    4. Video streaming

  33. Which three of the following characteristics apply to UDP? (Choose three.)

    1. Packets are treated independently.

    2. Packet delivery is guaranteed.

    3. Packet delivery is not guaranteed.

    4. Lost or corrupted packets are not resent.

  34. Which two of the following characteristics apply to TCP? (Choose two.)

    1. Packet delivery is not guaranteed.

    2. Lost or corrupted packets are not resent.

    3. Lost or corrupted packets are resent.

    4. TCP segment contains a sequence number and an acknowledgment number.

  35. Proprietary applications use which kind of port?

    1. Dynamically assigned ports

    2. Well-known ports

    3. Registered ports

  36. Ports that are used only for the duration of a specific session are called _____.

    1. dynamically assigned ports

    2. well-known ports

    3. registered ports

  37. The source port in both a UDP header and a TCP header is a _____.

    1. 16-bit number of the called port

    2. 16-bit length of the header

    3. 16-bit sum of the header and data fields

    4. 16-bit number of the calling port

  38. Which field in a TCP header ensures that data arrives in correct order?

    1. Acknowledgment number

    2. Sequence number

    3. Reserved

    4. Options

  39. In a TCP connection setup, the initiating device sends which message?

    1. ACK

    2. Receive SYN

    3. Send SYN

  40. Acknowledgment and windowing are two forms of _____.

    1. flow control

    2. TCP connection

    3. TCP sequencing

    4. reliable connections

  41. Windowing provides which of the following services?

    1. The sender can multiplex.

    2. The receiver can have outstanding acknowledgments.

    3. The receiver can multiplex.

    4. The sender can transmit a specified number of unacknowledged segments.

  42. Sequence numbers and acknowledgment numbers are found where?

    1. UDP header

    2. TCP header

    3. Initial sequence number

    4. Application layer

  43. What organization is responsible for Ethernet standards?

    1. ISO

    2. IEEE

    3. EIA

    4. IEC

  44. What are three characteristics of Ethernet 802.3? (Choose three.)

    1. Based on the CSMA/CD process

    2. Is a standard that has been replaced by Ethernet II

    3. Specifies the physical layer (Layer 1)

    4. Developed in the mid-1970s

    5. Specifies the MAC portion of the data link layer (Layer 2)

    6. Also referred to as thick Ethernet

  45. Which statement about an Ethernet address is accurate?

    1. The address used in an Ethernet LAN directs data to the proper receiving location.

    2. The source address is the 4-byte hexadecimal address of the NIC on the computer that is generating the data packet.

    3. The destination address is the 8-byte hexadecimal address of the NIC on the LAN to which a data packet is being sent.

    4. Both the destination and source addresses consist of a 6-byte hexadecimal number.

  46. Which statement about MAC addresses is accurate?

    1. A MAC address is a number in hexadecimal format that is physically located on the NIC.

    2. A MAC address is represented by binary digits that are organized in pairs.

    3. It is not necessary for a device to have a unique MAC address to participate in the network.

    4. The MAC address can never be changed.

  47. Which statement about NICs is accurate?

    1. The NIC plugs into a USB port and provides a port for connecting to the network.

    2. The NIC communicates with the network through a serial connection and communicates with the computer through a parallel connection.

    3. The NIC communicates with the network through a parallel connection and communicates with the computer through a serial connection.

    4. An NIC is also referred to as a switch adapter.

  48. Which minimum category of UTP is required for Ethernet 1000BASE-T?

    1. Category 3

    2. Category 4

    3. Category 5

    4. Category 5e

  49. Match the UTP categories to the environments in which they are most commonly used.

    ____1. Category 1

    ____2. Category 2

    ____3. Category 3

    ____4. Category 4

    ____5. Category 5

    ____6. Category 5e

    ____7. Category 6

    1. Capable of transmitting data at speeds up to 100 Mbps

    2. Used in networks running at speeds up to 1000 Mbps (1 Gbps)

    3. Consists of 4 pairs of 24-gauge copper wires, which can transmit data at speeds up to 1000 Mbps

    4. Used for telephone communications; not suitable for transmitting data

    5. Used in Token Ring networks; can transmit data at speeds up to 16 Mbps

    6. Capable of transmitting data at speeds up to 4 Mbps

    7. Used in 10BASE-T networks; can transmit data at speeds up to 10 Mbps

  50. Which three characteristics pertain to UTP? (Choose three.)

    1. UTP cable is an eight-pair wire.

    2. An insulating material covers each of the individual copper wires in UTP cable.

    3. The wires in each pair are wrapped around each other.

    4. There is limited signal degradation from EMI and RFI.

    5. There are seven categories of UTPa cable.

Copyright © 2008 Pearson Education. All rights reserved.

Learn more about this topic

 
From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies