Properties of Network Traffic:
CSMA/CD: In Carrier Sense Multiple Access With Collision Detection (CSMA/CD), a node transmits only after listening to the media, and ensuring that no transmission is taking place. Further, sending nodes detect when a collision occurs and stop transmitting immediately, backing off for a random amount of time before trying again. This results in efficient use of the media since the bandwidth of transmitting the entire frame is not wasted. CSMA/CD is a contention media access method that senses for network traffic before transmission and uses collision-detection and re-transmission techniques.
CSMA/CA: Carrier sense multiple access with collision avoidance (CSMA/CA) is a network multiple access method in which carrier sensing is used, but nodes attempt to avoid collisions by transmitting only when the channel is sensed to be "idle". CSMA/CA can optionally be supplemented by the exchange of a Request to Send (RTS) packet sent by the sender S, and a Clear to Send (CTS) packet sent by the intended receiver R. Thus alerting all nodes within range of the sender, receiver or both, to not transmit for the duration of the main transmission. This is known as the IEEE 802.11 RTS/CTS exchange. Implementation of RTS/CTS helps to partially solve the hidden node problem that is often found in wireless networking. In CSMA/CA, before a host sends real data on the wire it will "sense" the wire to check if the wire is free.
Collision domain and broadcast domain: It is important to know the difference between a collision domain and a broadcast domain. When you use hubs, all the nodes connected to the hub will be in the same collision domain. However, when you use switches and implement VLANs, each VLAN will be in a separate broadcast domain. The packet forwarding between VLANs is achieved through the use of routing.
As application data is transmitted down the protocol stack across the network media, various protocols adds information to it at each level. This is commonly known as the encapsulation process.
The form that a piece of data takes at any layer is called a protocol data unit(PDU). During encapsulation, each succeeding layer encapsulates the PDU that it receives from the layer above in accordance with the protocol being used. At each stage of the process, a PDU has a different name to reflect its new functions.
The reverse process, decapsulation (or de-encapsulation), is performed at the receiving system as the packet travels up through the protocol stack.
Multiplexing means combining multiple streams of information for transmission over a shared medium.
Demultiplexing performs the reverse function: split a combined stream arriving from a shared medium into the original information streams.
Time-division multiplexing (TDM): supports different communication sessions on the same physical medium by causing the sessions to take turns.
Frequency-division multiplexing (FDM): is a scheme in which numerous signals are combined for transmission on a single communications line or channel. Each signal is assigned a different frequency (sub-channel) within the main channel.
Broadband technologies divide the bandwidth available on a medium into different channels. Different communication streams are then transmitted over the various channels. Example: Fiber-optic cabling.
Baseband technologies use all the available frequencies on a medium to transmit data. Ethernet is an example of a networking technology that uses which of the following approach.
Bit rate is a measure of the number of data bits (that's 0's and 1's) transmitted in one second.
Baud rate is the number of times a signal in a communication channel changes state. Baud rate is less than or equal to the bit rate.
Baud rate = 2000 bauds per second (baud/s)
Bit rate =2000 X 2 = 4000bps
Baud rate is calculated using the formula: S = N/r (baud/s)
here, N is the bit rate and r is the number of data elements carried by each signal element.
Baud rate = 2000/2 = 1000 baud/s
Routing Types:
1. Static Routes - Configured by the administrator manually. The administrator must also update the table manually every time a change to the network takes place. Static routes are commonly used when routing from a network to a stub (a network with a single route) network.
A static route adds an entry to the routing table for a specific destination IP address or subnet.
To configure a static route, issue the
ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag]
command in global configuration mode
2. Default Routes - The default route (gateway of last resort) is used when a route is not known or is infeasible. The command is
ip route 0.0.0.0 0.0.0.0 165.44.56.5
Here 165.44.56.5 is the gateway of last resort to network 0.0.0.0
Default route is used when there is no other known route to a given IP packet's destination. Default route is also known as gateway of last resort.
syntax is for setting default route is: ip route 0.0.0.0 0.0.0.0 <next_hop_address>
Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1
You can also set default route by specifying the interface as :
Router(config)#ip route 0.0.0.0 0.0.0.0 s0
3. Dynamic Routes - As soon as dynamic routing is enabled, the routing tables are automatically updated. Dynamic routing uses broadcasts and multicasts to communicate with other routers. Each route entry includes a subnet number, the interface out to that subnet, and the IP address of the next router that should receive the packet. The commands to enable rip are:
router rip
network <major network number>
Segmentation and Interface properties:
VLAN: A VLAN is a group of devices on one or more logically segmented LANs. All devices working on a VLAN will have same broadcast domain. Like routers, the switches (Layer 2) have ability to provide domain broadcast segmentation called a VLAN. Using VLAN technology, you can group switch ports and their connected users into logically defined communities of interest. A VLAN operating on a Catalyst switch limits transmission of unicast, multicast, and broadcast traffic to only the other ports belonging to that VLAN, thereby controlling broadcasts. The switch can be configured to provide two separate VLANs, one each for VOIP traffic and data traffic. A layer-2 switch will have only one collision domain. It means, the bandwidth is shared by all the ports in the switch. One way to increase the bandwidth is by segregating traffic by using VLANs. A layer-2 switch will have only one collision domain. It means, the bandwidth is shared by all the ports in the switch. One way to increase the bandwidth is by segregating traffic by using VLANs.
The benefits of VLANS include:
1. Easy Administration resulting in reduced administration costs
2. Increased Security due to broadcast control, if you are using simple hub, you can observe traffic corresponding to any node by simply inserting a Network analyzer.
3. Grouping based on functional requirements irrespective of physical location of nodes,
4. Simplify moves, adds, changes,
5. Distribution of traffic thereby using the network bandwidth more efficiently.
There are typically two types of addresses used:
1. Logical address: IP address of a node 202.199.100.2 is an example of logical address. The addressing scheme is compliant to IPv4. The address
FEDC:BA98:7654:3210:FEDC:BB98:7654:3210 is compliant to IPv6. IP version 6 addressing scheme is being used due to scarcity of IP addresses using IP version 4. That is, the Internet is almost running out of logical addresses (uniquely identifiable over the Internet) using IPv4. Due to larger number of bits used in IPv6, it can take several billions of logical addresses
2. Physical address: Physical address also called MAC address.
MAC addresses are 12-digit hexadecimal numbers (48 bits in length). By convention, MAC addresses are usually written in one of the following two formats:
Format 1 - MM:MM:MM:SS:SS:SS
Format 2 - MM-MM-MM-SS-SS-SS
The first half of a MAC address contains the ID number of the adapter manufacturer. The second half of a MAC address represents the serial number assigned to the adapter by the manufacturer. In the example,
00:A0:C9:14:C8:29
The prefix 00A0C9 indicates the manufacturer is Intel Corporation.
The number 14C829 is the serial number assigned by the manufacturer.
A switch forwards data it receives, to only the port that connects to the destination device. It does this by the MAC address of the devices attached to it and then by matching the destination MAC address in the data it receives.
ARP table: ARP Short for Address Resolution Protocol, the purpose of arp cache table is to minimize network load by minimizing repeat address resolutions. As we know, the purpose of arp is to resolve an IP address to its hardware (MAC) address. The resolved addresses (IP/MAC address pair) are kept temporarily in an arp cache table for future reference. The entries in arp cache can be deleted using proper system commands. If the dynamic entries are deleted, the arp software builds the cache automatically (as and when the need arises), and there is no need to enter these dynamic cache entries manually. ARP cache entries are added to an arp cache table either as static entries (manually entered) or as dynamic (system learned) entries. The cache entries help in minimizing the network load, since it is not necessary to resolve an IP address to hardware address every time a packet is received.
MAC Address Table: MAC is short for Media Access Control. The MAC address is 6 bytes long. The first three bytes identify the manufacturer, and the last three bytes identify the station address. A MAC address is an address, which works on the Data Link Layer (Layer 2 of the OSI Model). The Data Link Layer consists of two sublayers, the Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. A MAC address is 48 bits long. MAC address is a unique 12-digit hexadecimal number that is stamped into every network interface card. MAC address is assigned to the NIC and identifies the resource physically.
A sample MAC address looks like 00-0C-F5-5A-98-AD
Power over Ethernet (PoE) is a technology for wired Ethernet LANs (local area networks) that allows the electrical current necessary for the operation of each device to be carried by the data cables rather than by power cords.
Performance concepts:
Traffic shaping: It is a strategy to optimize performance and manage traffic on a network. For example, if there are any real time applications, they need to be prioritized over regular traffic such as file transfer. Traffic shaping enables a network administrator to prioritize traffic based on performance and user requirements. Traffic shaping, also known as "packet shaping," is the practice of regulating network data transfer to assure a certain level of performance, quality of service (QoS) or return on investment (ROI). The practice involves delaying the flow of packets that have been designated as less important or less desired than those of prioritized traffic streams. Regulating the flow of packets into a network is known as "bandwidth throttling" Regulation of the flow of packets out of a network is known as "rate limiting."
QoS can be quantified by the following methods:
1. CoS: Class of Service. CoS is applied at Layer 2 or at frames level. A 3-bit value (known as priority bits) in the range of 0 to 7 is carried along the frames in a VLAN trunk. 0 represents the lowest priority, and 7 represents the highest priority.
2. IP Precedence: IP Precedence is a 3-bit value represented in the ToS (Type of Service) byte of Layer 3 IP packets. Here also, value 0 represents the lowest priority and 7 represent the highest priority.
3. DSCP: DSCP stands for Differentiated Service Code Point. DSCP. DSCP consists of a 3-bit Selector, and a 3-bit Drop Precedence value. DSCP is backward compatible with IP Precedence, and works at layer 3.
NAT: Short for Network Address Translation offers security by translating internal IP addresses to public IP addresses and vice versa. IP address translation is typically the function of a NAT router. As the name implies, it is used to translate one IP address to another. Typically, NAT is used when you want to translate private range of IP addresses to public (global) range of IP address and vice versa.
For example, you have a local network that uses private IP addresses. You can not access the Internet using private IP addresses. You need to translate the private IP to public IP. NAT just does this. This feature has an added benefit that it hides the actual workstation accessing the Internet behind NAT.
Although Proxy server appear to be similar to NAT, a proxy server actually does the work of connecting to, responding to, and receiving traffic from the Internet. In other words, it actively acts on behalf of the client computer by dissecting the packets and participating in the session. A NAT, on the other hand, merely changes the IP address of traffic coming through it and passes it to the Internet and vice versa. The computer behind the NAT, not the NAT itself, does the work. The NAT is intended to be transparent to the whole process.
The difference between a proxy and a NAT is that the proxy server works on the transport layer (layer 4) or higher of the OSI model, whereas a NAT works on the network layer (layer 3).
Following statements are true about NAT
1. NAT allows several hosts be connected to Internet by using fewer globally unique IP addresses. This in turn results in conserving the scarce public IP addresses. The terms public / global is used in the sense that the IP addresses are globally unique and officially registered.
2. NAT supports load sharing on inside machines. The inside machines are accessed in a round robin fashion, thus sharing load.
3. NAT offers some degree of security since IP addresses are not easily traceable. This is because, the actual host IP that is accessing the Internet is translated into outside IP address and vice versa. Thus, NAT offers protection against hacking.
4. One disadvantage of NAT is that it increases delay. This is obvious since address translation is involved.
5. Another disadvantage of NAT is that, when an application uses physical IP address, it may not function properly. This is because the physical IP address is changed by NAT.
Routing:
IP routing: When routing a packet through an inter network, the MAC (or hardware) addresses change after each hop, where as the logical (IP) addresses of the source and destination remain constant.
While a packet travels through an Internetwork, it usually involves multiple hops. It is important to know that the logical address (IP address) of source (that created the packet) and destination (final intended destination) remain constant, whereas the hardware (interface) addresses change with each hop.
When a router network is powered up, routers communicate with other routers in the network and exchange information according to the routing protocol in use (for example, RIP). Each router then follow algorithms as specified in the routing protocol and arrive at a common routing table. The process of all routers agreeing on a common routing table is called convergence.
Note that some networks may run more than one routing protocol at a given time. Then, the routers will maintain routing tables for each routing protocol separately. One routing protocol is unaware of the other, like ships in the dark.
Routing and Routed Protocols: Routing protocols job is to maintain routing tables and route packets appropriately. Routers can support multiple independent routing protocols and can update and maintain routing tables for each protocol independently.
Examples of routing protocols are RIP, EIGRP, and OSPF.
Routed protocols are used to transport user traffic from source node to destination node.
Examples of routed protocols are IP, IPX,and AppleTalk.
Route summarization: It is also called route aggregation, is a method of minimizing the number of routing tables in an IP (Internet Protocol) network. It works by consolidating selected multiple routes into a single route advertisement, in contrast to flat routing in which every routing table contains a unique entry for each route.
Routers send link-state advertisements (LSAs) to advertise the networks they know how to reach. Routers then use those LSAs to construct the topological map of a network. The algorithm run against this topological map is Dijkstra's shortest path first(SPF) algorithm.
The process of failing over from one route to a backup route is called convergence.
Routing loops : A routing loop is a problem which happens when a data packet is continually routed through the same routers over and over. The data packets continue to be routed within the network in an endless circle. A routing loop can have a catastrophic impact on a network, and in some cases, completely disabling the network. Normally Routing Loop is a problem associated with Distance Vector Protocols.
The following are some of the important characteristics of an autonomous system:
1. An autonomous system consist of routers, that present a consistent view of the routing to the external world.
2. Exterior routing protocols are used for communication between autonomous systems
3. Interior routing protocols are used within a single autonomous system
4. An autonomous system can run both interior and exterior protocol simultaneously. However, Interior protocols such as RIP, IGRP are used for communication within the autonomous system, and exterior routing protocols such as BGP are used for communication between autonomous systems.
The default metric for a redistributed route should be set to a value larger than the largest metric within the AS.
Exterior Gateway Protocol (EGP) is a Routing Protocol which is used to find network path information between different Autonomous Systems. The primary EGP is used in almost all networks is the Border Gateway Protocol (BGP).
Interior Gateway Protocol (IGP) is a Routing Protocol which is used to find network path information within an Autonomous System. Some examples of IGP protocols are: RIP, OSPF, and EIGRP.
Distance vector routing protocols: Distance-vector routing protocols typically use one of two approaches for preventing routing loops:
1. Split horizon: The split-horizon feature prevents a route learned on one interface from being advertised back out of that same interface.
2. Poison reverse: The poison-reverse feature causes a route received on one interface to be advertised back out of that same interface with a metric considered to be infinite.
The following are distance vector protocols:
RIPv1, RIPv2, IGRP, and EIGRP are distance vector protocols. However, EIGRP supports classless routing. IS-IS (Intermediate System-to-Intermediate System) is an OSI link-state hierarchical routing protocol uses link-state information to build routing tables.
Link state routing protocol: Intermediate System-to-Intermediate System protocol (IS-IS) is a link state routing protocol. It is based on a routing method known as DECnet Phase V routing, in which routers known as intermediate systems exchange data about routing using a single metric to determine the network topology.
Administrative distance: It is the feature used by routers to select the best path when there are two or more different routes to the same destination from two different routing protocols. Administrative distance defines the reliability of a routing protocol. Each routing protocol is prioritized in order of most to least reliable (believable) using an administrative distance value
The following are the administrative distance default values of protocol
RIP: This is a simple distance vector protocol. It has been enhanced with various techniques, including Split Horizon and Poison Reverse in order to enable it to perform better in somewhat complicated networks. Maximum hop count supported by RIP is 15. A hop count of 16 or greater is considered unreachable.
Benefits of OSPF routing over RIPv1:
RIP: RIP for IP can be used to automatically update routing tables from other routers. IPX can not be used for TCP/IP traffic. DHCP and NETSTAT are not routing protocols.
OSPF is a link state technology that uses Dijkstra algorithm to compute routing information. It has the following advantages over Distance Vector protocols such as RIP:
1. Faster convergence: OSPF network converges faster because routing changes are flooded immediately and computer in parallel.
2. Support for VLSM: OSPF supports VLSM. However, please note that RIP version2 also supports VLSM.
3. Network Reachability: RIP networks are limited to 15 hops. Therefore, networks with more than 15 hops can not be reached by RIP by normal means. On the other hand, OSPF has practically no reachability limitation.
4. Metric: RIP uses only hop count for making routing decisions. This may lead to severe problems in some cases, for example, that a route is nearer but is very slow compared to another route with plenty of bandwidth available. OSPF uses "cost" metric to choose best path. Cisco uses "bandwidth" as metric to choose best route.
5. Efficiency: RIP uses routing updates every 30 seconds. OSPF multicasts link-state updates and sends the updates only when there is a change in the network.
Border Gateway Protocol (BGP): BGP is the most commonly used for connecting two or more autonomous networks. RIP, OSPF, EIGRP, and IS-IS are suitable for connecting homogenous networks. BGP is widely used for connecting two or more ISPs together. BGP is recommended only when connectivity is required between two disparate networks. Disconnecting the router from the network may disable some networks from reaching the other networks. It is recommended to configure default route while the router is being configured.
The following are Interior Gateway protocols (IGPs)
OSPF, RIP, RIPv2, EIGRP, IS-IS
BGP is an Exterior Gateway protocol (EGP).
