You are on page 1of 33

MCSE Interview Questions Answers

MCSE Interview Questions Answers powered b <a href=y ∑ What is an IP address? An IP address (or Internet Protocol address) is a unique address that certain electronic devices use in order to identify and communicate with each other on a computer network using Internet protocol. It is a logical address assigned to a device in the network. Current version of IP address is Ipversion6. it is a 128 bit address. But it is not largely implemented. Current popular version in Ipv4. it is a 32 bit address. For example 61.11.124.160. IP addresses are managed and created by the Internet Assigned Numbers Authority (IANA). The IANA generally allocates super-blocks to Regional Internet Registries, who in turn allocate smaller blocks to Internet Service Providers (ISP) and enterprises. ∑ What is a subnet mask? A mask used to determine what subnet an IP address belongs to. An IP address has two components, the network address and the host address. For example, consider the IP address 150.215.017.009. Assuming this is part of a Class B network, the first two numbers (150.215) represent the Class B network address, and the second two numbers (017.009) identify a particular host on this network. What is ARP? Address Resolution Protocol (ARP) is a network protocol, which maps a network layer protocol address to a data link layer hardware address. For example, ARP is used to resolve IP address to the corresponding Ethernet address. To which OSI layer does ARP belong? ARP belongs to the OSI data link layer (Layer 2). ARP protocol is implemented by the network protocol driver. ARP packets are encapsulated by Ethernet headers and transmitted. Which RFC specify the requirements for ARP? RFC 826 specifies the ARP packet format and other details. What is the use of ARP? A host in an Ethernet network can communicate with another host, only if it knows the Ethernet address (MAC address) of that host. The higher level protocols like IP use a different kind of addressing scheme (like IP address) from the lower level hardware addressing scheme like MAC address. ARP is used to get the Ethernet address of a host from its IP address. ARP is extensively used by all the hosts in an Ethernet network. " id="pdf-obj-0-4" src="pdf-obj-0-4.jpg">

powered by

MCSE Interview Questions Answers powered b <a href=y ∑ What is an IP address? An IP address (or Internet Protocol address) is a unique address that certain electronic devices use in order to identify and communicate with each other on a computer network using Internet protocol. It is a logical address assigned to a device in the network. Current version of IP address is Ipversion6. it is a 128 bit address. But it is not largely implemented. Current popular version in Ipv4. it is a 32 bit address. For example 61.11.124.160. IP addresses are managed and created by the Internet Assigned Numbers Authority (IANA). The IANA generally allocates super-blocks to Regional Internet Registries, who in turn allocate smaller blocks to Internet Service Providers (ISP) and enterprises. ∑ What is a subnet mask? A mask used to determine what subnet an IP address belongs to. An IP address has two components, the network address and the host address. For example, consider the IP address 150.215.017.009. Assuming this is part of a Class B network, the first two numbers (150.215) represent the Class B network address, and the second two numbers (017.009) identify a particular host on this network. What is ARP? Address Resolution Protocol (ARP) is a network protocol, which maps a network layer protocol address to a data link layer hardware address. For example, ARP is used to resolve IP address to the corresponding Ethernet address. To which OSI layer does ARP belong? ARP belongs to the OSI data link layer (Layer 2). ARP protocol is implemented by the network protocol driver. ARP packets are encapsulated by Ethernet headers and transmitted. Which RFC specify the requirements for ARP? RFC 826 specifies the ARP packet format and other details. What is the use of ARP? A host in an Ethernet network can communicate with another host, only if it knows the Ethernet address (MAC address) of that host. The higher level protocols like IP use a different kind of addressing scheme (like IP address) from the lower level hardware addressing scheme like MAC address. ARP is used to get the Ethernet address of a host from its IP address. ARP is extensively used by all the hosts in an Ethernet network. " id="pdf-obj-0-9" src="pdf-obj-0-9.jpg">
MCSE Interview Questions Answers powered b <a href=y ∑ What is an IP address? An IP address (or Internet Protocol address) is a unique address that certain electronic devices use in order to identify and communicate with each other on a computer network using Internet protocol. It is a logical address assigned to a device in the network. Current version of IP address is Ipversion6. it is a 128 bit address. But it is not largely implemented. Current popular version in Ipv4. it is a 32 bit address. For example 61.11.124.160. IP addresses are managed and created by the Internet Assigned Numbers Authority (IANA). The IANA generally allocates super-blocks to Regional Internet Registries, who in turn allocate smaller blocks to Internet Service Providers (ISP) and enterprises. ∑ What is a subnet mask? A mask used to determine what subnet an IP address belongs to. An IP address has two components, the network address and the host address. For example, consider the IP address 150.215.017.009. Assuming this is part of a Class B network, the first two numbers (150.215) represent the Class B network address, and the second two numbers (017.009) identify a particular host on this network. What is ARP? Address Resolution Protocol (ARP) is a network protocol, which maps a network layer protocol address to a data link layer hardware address. For example, ARP is used to resolve IP address to the corresponding Ethernet address. To which OSI layer does ARP belong? ARP belongs to the OSI data link layer (Layer 2). ARP protocol is implemented by the network protocol driver. ARP packets are encapsulated by Ethernet headers and transmitted. Which RFC specify the requirements for ARP? RFC 826 specifies the ARP packet format and other details. What is the use of ARP? A host in an Ethernet network can communicate with another host, only if it knows the Ethernet address (MAC address) of that host. The higher level protocols like IP use a different kind of addressing scheme (like IP address) from the lower level hardware addressing scheme like MAC address. ARP is used to get the Ethernet address of a host from its IP address. ARP is extensively used by all the hosts in an Ethernet network. " id="pdf-obj-0-11" src="pdf-obj-0-11.jpg">

What is an IP address?

An IP address (or Internet Protocol address) is a unique address that certain electronic devices use in order to identify and communicate with each other on a computer network using Internet protocol. It is a logical address assigned to a device in the network. Current version of IP address is Ipversion6. it is a 128 bit address. But it is not largely implemented. Current popular version in Ipv4. it is a 32 bit address. For example 61.11.124.160. IP addresses are managed and created by the Internet Assigned Numbers Authority (IANA). The IANA generally allocates super-blocks to Regional Internet Registries, who in turn allocate smaller blocks to Internet Service Providers (ISP) and enterprises.

What is a subnet mask?

A mask used to determine what subnet an IP address belongs to. An IP address has two components, the network address and the host address. For example, consider the IP address 150.215.017.009. Assuming this is part of a Class B network, the first two numbers (150.215) represent the Class B network address, and the second two numbers (017.009) identify a particular host on this network.

What

is

ARP?

Address Resolution Protocol (ARP) is a network protocol, which maps a network layer protocol address to a data link layer hardware address. For example, ARP is used to resolve IP address to the corresponding Ethernet address.

To

which

OSI

layer

does

ARP

belong?

ARP belongs to the OSI data link layer (Layer 2). ARP protocol is implemented by the network

protocol driver. ARP packets are encapsulated by Ethernet headers and transmitted.

Which

RFC

specify

the

requirements

for

ARP?

RFC 826 specifies the ARP packet format and other details.

 

What

is

the

use

of

ARP?

A host in an Ethernet network can communicate with another host, only if it knows the Ethernet address (MAC address) of that host. The higher level protocols like IP use a different kind of addressing scheme (like IP address) from the lower level hardware addressing scheme like MAC address. ARP is used to get the Ethernet address of a host from its IP address. ARP is extensively used by all the hosts in an Ethernet network.

Why a IP address needs to be mapped to a MAC address, why can't the MAC address itself

is represented

using

the

IP

address?

The length of a MAC address is 6 bytes and the length of an IP address is 4 bytes. Obviously, the

MAC address cannot be represented using the IP address. So an IP address must be mapped to the corresponding MAC address.

Can

ARP

be

used

in

a

network

other

than Ethernet?

ARP is a general protocol, which can be used in any type of broadcast network. The fields in the

ARP packet specifies the type of the MAC address and the type of the protocol address. ARP is used with most IEEE 802.x LAN media. In particular, it is also used with FDDI, Token Ring, and Fast Ethernet, in precisely the same way as it is with Ethernet.

How

does

ARP

resolve

an

IP address to an Ethernet MAC address?

When ARP needs to resolve a given IP address to Ethernet address, it broadcasts an ARP request packet. The ARP request packet contains the source MAC address and the source IP address and the destination IP address. Each host in the local network receives this packet. The host with the specified destination IP address, sends an ARP reply packet to the originating host with its IP address.

What

is

an

ARP

cache?

ARP maintains the mapping between IP address and MAC address in a table in memory called

ARP cache. The entries in this table are dynamically added and removed.

When

is

an

ARP

request

packet

generated?

The following steps results in the generation of an ARP request packet:

The IP module sends a packet, destined for another host in the network, to the ARP module.

The ARP module looks up the ARP table (cache) to resolve the IP address.

If the supplied IP address is present in the ARP cache, it is resolved into its Ethernet address.

If the ARP module is not able to find an entry for this IP address in the ARP cache, then it sends an ARP request packet to the Ethernet driver, to resolve the IP address to the Ethernet address.

After the IP address is resolved by the ARP module, the packet is sent to the Ethernet driver for transmission.

What happens

when

a

host

receives

an

ARP

request

packet?

The ARP request is received and processed by all the hosts in the network, since it is a broadcast

packet. The following steps are carried out when a ARP request packet is received by a host:

If the IP address to be resolved is for this host, then the ARP module sends an ARP reply packet with its Ethernet MAC address.

If the IP address to be resolved is for this host, then the ARP module updates its ARP cache with the source Ethernet MAC address to source IP address mapping present in the ARP request packet. If the entry is already present in the cache, it is overwritten. If it is not present, it is added.

If the IP address to be resolved is not for this host, then the ARP module discards the ARP request packet.

Will

a

host

update

its

ARP

cache

upon

receiving

any

ARP request?

A host will update its ARP cache, only if the ARP request is for its IP address. Otherwise, it will

discard the ARP request.

What is the disadvantage if a host updates its ARP cache upon receiving any ARP request?

The host will exhaust the ARP cache with a lot of unused ARP entries, if it updates the ARP cache for any ARP request.

What happens

when

a

host

receives

an

ARP

reply

packet?

The ARP reply packet is received only by the host, which transmitted the ARP request packet. The ARP module adds the Ethernet hardware address to IP address mapping present in the ARP reply packet to the ARP cache.

Is

there

a

separate

packet

format

for

ARP

request

and

ARP

reply?

No. Both the ARP request and ARP reply packets use the same format.

 

Which MAC

address

is

an

ARP

request

directed

to?

All ARP request packets are transmitted with the Ethernet broadcast address, so that all hosts in

the network will receive the request.

To

which

MAC

address

is

an

ARP

reply

packet

directed

to?

ARP reply packet is directed to the host, which transmitted the ARP request packet.

If a host is not able to get the MAC address of a host, how it knows about its IP address?

A host will either use a static file like /etc/hosts or DNS protocol to get the IP address of another host.

What

will

happen

if

an

ARP

reply

is

not

received

for

an

ARP

request?

If an ARP reply is not received, then that IP address cannot be resolved to an Ethernet address.

Without a Ethernet address, the packets cannot be transmitted.

When

is

an

entry

added

to

the

ARP

cache?

A new entry is added to the ARP cache when an IP address is successfully mapped to a MAC

address. Usually, entries are added dynamically to the ARP cache. Static entries can also be added.

What will happen if a new ARP request packet is received, but the MAC address to IP

address

is

already

present

in

the

ARP

cache?

If a ARP request packet is received and the mapping already exists in the ARP cache, it will be overwritten with the values present in the request.

When

is

an

entry

removed

from

an

ARP

cache?

An entry in an ARP cache is removed after a pre-determined timeout period (e.g. 20 minutes).

What

is

the

format

of

an

ARP

packet?

The various fields of a ARP request/reply packet and their length are shown below:

+--------+ |Hardware| 2 bytes

|MAC

|

|Address | |Type +--------+ |Protocol| 2 bytes |Address |

|

|Type

|

+--------+

|Hardware| 1 byte

|MAC

|

|Address |

|Size

|

+--------+ |Protocol| 1 byte |Address |

|Size

|

+--------+

|Op

| 2 bytes

+--------+

|Sender

| 6 bytes (depends on the above size field)

|MAC

|

|Address |

+--------+

|Sender

| 4 bytes (depends on the above size field)

|IP

|

|Address |

+--------+

|Target

| 6 bytes (depends on the above size field)

|MAC

|

|Address |

+--------+

|Target

| 4 bytes (depends on the above size field)

|IP

|

|Address |

+--------+

The fields are further explained below:

+---------+-------------------------------------------------------+

|Ethernet |For a ARP request, source MAC address is the MAC

|

|Header

|address of the host sending the ARP request,

|

|

|destination MAC address is the Ethernet broadcast |

|

|address (FF:FF:FF:FF:FF:FF), frame type field is 0x806.|

|

|

|

|

|For ARP reply, source MAC address is the MAC address of|

|

|

|the host replying to the ARP request, destination MAC | |address is the MAC address of the host that sent the |ARP request, and the frame type field is 0x806. +---------+-------------------------------------------------------+ |Hardware |Type of the hardware MAC address which is being mapped.|

|Address

|Type

|For Ethernet the value of this field is 1.

|

|

|

+---------+-------------------------------------------------------+ |Protocol |Type of the protocol address to which the MAC address

|

|Address

|is mapped.

For IP address the value of this field is

|

|Type

|0x800.

|

+---------+-------------------------------------------------------+

|Hardware |Size of the hardware MAC address.

For Ethernet, the

|

|Address

|Size

|value of this field is 6.

|

|

|

+---------+-------------------------------------------------------+

|Protocol |Size of the protocol address.

For IP, the value of

|

|Address

|Size

|this field is 4.

|

|

|

+---------+-------------------------------------------------------+

|Operation|Type of operation being performed.

The value of this

|

|field can be 1 (ARP request), 2 (ARP reply) +---------+-------------------------------------------------------+

|

|

|Source

|The hardware MAC address of the host sending the ARP

|

|MAC

|request or reply.

This is same as the source MAC

|

|address |address present in the Ethernet header. +---------+-------------------------------------------------------+

|

|Source

|IP

|address

|The IP address of the host sending the ARP request or

|

|

|

|reply.

|

+---------+-------------------------------------------------------+

|Target

|The hardware MAC address of the host receiving the ARP |

|MAC

|request or reply.

This is same as the destination MAC |

|address |address present in the Ethernet header. +---------+-------------------------------------------------------+

|

|Target

|IP

|The IP address of the host receiving the ARP request

|

|

|or reply.

|address

|

|

+---------+-------------------------------------------------------+

What

is

the

size

of

an

ARP

request

and

reply

packet?

The size of an ARP request or reply packet is 28 bytes.

 

How to differentiate between a ARP request packet and a ARP reply

Ethernet

type

field

is

same

on

both

the

packet, as the packets?

An ARP request packet can be differentiated from an ARP reply packet using the 'operation' field in the ARP packet. For a ARP request it is 1 and for an ARP reply it is 2.

Why is the hardware MAC address present in both the Ethernet header and the ARP

packet

(request

 

and

reply)?

The Ethernet header is processed by the data link driver and removed from the packet. When the ARP layer gets the packet, it needs to know the hardware and protocol addresses in order to

update the table. That is why the hardware MAC address is present in both the Ethernet header and the ARP packet.

What

is

proxy

ARP?

Proxy ARP is the process in which one system responds to the ARP request for another system. For example, host A sends an ARP request to resolve the IP address of host B. Instead of Host B, Host C responds to this ARP request.

What

is

the

use

of

proxy

ARP?

When routers receive ARP requests from one network for hosts on the network, they will respond with a ARP reply packet with their MAC address. For example, let us say host A is in one network, host B is in another network and router C connects these two networks. When host A sends an ARP request to resolve the IP address of host B, the router C receives this packet. The router C sends an ARP reply with its MAC address. So host A will send all the packets destined for host B to the router C. Router C will then forward those packets to host B. Proxy ARP is also used if a host in a network is not able to understand subnet addressing. For example, if host A and host B are actually in two different subnets, but host A cannot understand subnet addressing. So host A assumes that host B is present in the same network. In this case a router, host C, can use proxy ARP to route packets between host A and host B.

What

is

gratuitous

ARP?

When a host sends an ARP request to resolve its own IP address, it is called gratuitous ARP. In the ARP request packet, the source IP address and destination IP address are filled with the same source IP address itself. The destination MAC address is the Ethernet broadcast address (FF:FF:FF:FF:FF:FF).

What

is

the

use

Gratuitous ARP is used for the following:

of

gratuitous

ARP?

In a properly configured network, there will not be an ARP reply for a gratuitous ARP request. But if another host in the network is also configured with the same IP address as the source host, then the source host will get an ARP reply. In this way, a host can determine whether another host is also configured with its IP address.

When the network interface card in a system is changed, the MAC address to its IP address mapping is changed. In this case, when the host is rebooted, it will send an ARP request packet for its own IP address. As this is a broadcast packet, all the hosts in the network will receive and process this packet. They will update their old mapping in the ARP cache with this new mapping.

What is the ANDing process?

When a source host attempts to communicate with a destination host, the source host uses its subnet mask to determine whether the destination host is on the local network or a remote network. This is known as the ANDing process. The AND function has the following properties:

If the two compared values are both 1, the result is 1. If one of the values is 0 and the other is 1, the result is 0. If both of the compared values are 0, the result is 0. The source and destination IP addresses are compared to the source's subnet mask using the ANDing process. An AND result is created for each of the addresses. If the result is the same, the hosts are on the same network. If the result is different, the destination host is on a remote network. All traffic destined for that remote host should be directed to the router indicated in the source host's routing table. If no explicit route is defined in the routing table, the traffic is directed to the source host's default gateway. For example two hosts that want to communicate. Host A (with IP address 172.16.2.4) wants to communicate with Host B (with IP address 172.16.3.5). If the subnet mask for Host A is 255.255.0.0, will the hosts communicate using local transmissions or will they send information to the default gateway? Using the ANDing process. When converted to binary, the address 172.16.2.4 is as follows:

  • 10101100 00010000 00000010 00000100

When converted to binary, the address 172.16.3.5 is as follows:

  • 10101100 00010000 00000011 00000101

If the ANDing process is performed, the result for Host A using its subnet mask of 255.255.0.0 is

HOST A's IP Address 10101100 00010000 00000010 00000100 Host A's Subnet Mask 11111111 11111111 00000000 00000000

ANDING Result

10101100 00010000 00000000 00000000

The result for Host B is

HOST B's IP Address 10101100 00010000 00000011 00000101

Host A's Subnet Mask 11111111 11111111 00000000 00000000

ANDing Result

10101100 00010000 00000000 00000000

As you can see, the two results match. This indicates that, as far as Host A is concerned, the two hosts are on the same physical network. Communication can occur directly between the two hosts. In fact, the same holds true because host B would have the same subnet mask since the hosts are on the same network. Day 5, "The Art of Subnet Masking," further examines the art of subnet masking. It also examines the use of nonstandard subnet masking to further segment a group of IP addresses into smaller segments. This process, which ignores the default subnet masks used by address classes, is commonly referred to as Classless Internet Domain Routing (CIDR).

What is a default gateway? What happens if I don't have one?

n general, a gateway is a device on a network that acts as an entrance to another network. In more technical terms, a gateway is a routing device that knows how to pass traffic between different subnets and networks. A computer will know some routes (a route is the address of each node a packet must go through on the Internet to reach a specific destination), but not the routes to every address on the Internet. It won't even know all the routes on the nearest subnets. A gateway will not have this information either, but will at least know the addresses of other gateways it can hand the traffic off to. Your default gateway is on the same subnet as your computer, and is the gateway your computer relies on when it doesn't know how to route traffic.

If you don’t have a gateway your network communication have no problem. But you cannot communicate with other networks. That means your packet will not reach other networks.

Can a workstation computer be configured to browse the Internet and yet NOT have a default gateway?

No. Never. A work station computer can brows the Internet only if it has a default gateway.

What is a subnet?

A subnet is a portion of a network that is logically isolated from other parts of the network. Usually it’s divided by a router.

What is APIPA?

APIPA stands for Automatic Private IP Addressing. When you configure your computer to obtain IP Address automatically and a DHCP server cannot be contacted, then the computer will automatically assign an IP address from a specific range (169.254.0.1 to 169.254.255.254). Then this network will be isolated from all networks. Because it has no a default gateway and any other configuration parameters.

What is an RFC?

Short for Request for Comments, a series of notes about the Internet, started in 1969 (when the Internet was the ARPANET). An Internet Document can be submitted to the IETF by anyone, but the IETF decides if the document becomes an RFC. Eventually, if it gains enough interest, it may evolve into an Internet standard.

Each RFC is designated by an RFC number. Once published, an RFC never changes. Modifications to an original RFC are assigned a new RFC number.

What is RFC 1918?

RFC 1918, published in 1996, describe the reservation of Private IP

address. .

Private networks are segments

of IP address space reserved by IANA for use within an organization. These addresses can be used by anyone without being officially assigned by a registry or an ISP. The three most popular blocks among RFC1918 addresses are 192.168/16, 10/8 and 172.16/12. That is 10.0.0.0 – 10.255.25.255, 172.16.0.0 – 172.31.255.255 and 192.168.0.0. – 192.168.255.255 The addresses in these blocks are called "private IP addresses" in the Internet vernacular.

What

are

the

limitations

of

IPv4

The limitations of IPv4 address classes are:

address

classes?

1. A large number of IP addresses are wasted because of using IP address classes.

2. The routing tables will become large. A separate routing table entry is needed for each network resulting in a large number of routing table entries.

How a large number of IP addresses are wasted using IPv4 address classes? If a network has slightly more number of hosts than a particular class, then it needs either two IP addresses of that class or the next class of IP address. For example, let use say a network has 300 hosts, this network needs either a single class B IP address or two class C IP addresses. If class B

address is allocated to this network, as the number of hosts that can be defined in a class B network is (2^16 - 2), a large number of host IP addresses are wasted. If two class C IP addresses are allocated, as the number of networks that can be defined using a class C address is only (2^21), the number of available class C networks will quickly exhaust. Because of the above two reasons, a lot of IP addresses are wasted and also the available IP address space is rapidly reduced.

What

are

the

possible

solutions

to

the

limitations

of IP addressing?

The possible solutions to the limitation of IPv4 addressing are:

1. IP version 6 (IPv6) or IP next generation (IPng). This is the latest version of IP. This solves a lot of problems in IPv4. This document doesn't discuss about IPv6.

2. Classless Inter Domain Routing (CIDR).

What

is

CIDR?

Classless Inter Domain Routing (CIDR) is a method for assigning IP addresses without using the standard IP address classes like Class A, Class B or Class C. In CIDR, depending on the number of hosts present in a network, IP addresses are assigned.

Which

RFCs

discuss

RFCs 1517, 1518, and 1519 discusses about CIDR.

about

CIDR?

What is the difference between classful IP addressing and classless IP addressing? The difference between classful IP addressing and classless IP addressing is in selecting the number of bits used for the network ID portion of an IP address. In classful IP addressing, the network ID portion can take only the predefined number of bits 8, 16, or 24. In classless addressing, any number of bits can be assigned to the network ID.

How

is

a

network

ID

assigned

in

a

CIDR

IP

address?

In CIDR IP addressing, the first 'n' bits of an IP address are assigned to identify the network and the remaining bits are used to identify the host, where the value of 'n' may be between 1 to 31. The value of 'n' depends on the number of hosts in the network.

How

is

an

IP

address

represented

in

CIDR notation?

In CIDR notation, an IP address is represented as A.B.C.D /n, where "/n" is called the IP prefix

or network prefix. The IP prefix identifies the number of significant bits used to identify a network. For example, 192.9.205.22 /18 means, the first 18 bits are used to represent the network and the remaining 14 bits are used to identify hosts.

What

are

the

advantages

of

CIDR?

The advantages of CIDR over the classful IP addressing are:

1. CIDR can be used to effectively manage the available IP address space.

2. CIDR can reduce the number of routing table entries.

How CIDR can be used to effectively manage the IP address space? Using CIDR IP addressing, any number of contiguous bits can be assigned to identify networks, depending on the number of hosts it needs to support. This will greatly reduce the number of wasted IP addresses. For example, let us say a network has 900 hosts. If classful IP addressing is used, this network needs 4 class C IP addresses or one class B IP address. If a class B IP address is used, as the maximum number of hosts in a class B network is 65534, a very large number (65534 - 900) of host IP addresses will be wasted. As the number of class C IP networks is limited (2097152), it is not preferable to assign 4 class C IP addresses to this network. On the other hand, if CIDR is used, then this network can be assigned an IP address with a network prefix of 22 (i.e. /22). This means, 10 bits are available for hosts, resulting in 1024 available host IP addresses, satisfying the exact requirements of the network. So CIDR the IP address space can be effectively used.

How CIDR reduces the number of entries in a routing table? Using classful IP addressing, a separate entry is needed in the routing table of a router for each network. This results in a routing table with a large number of entries due to the existence of a large number of networks. As each router has its own limitation, this large routing table will lead to reduced performance and eventual breakdown of the router. If CIDR addressing is used, a single entry can be used to represent a group of networks. This will reduce the number of entries in the router. This is known as route aggregation. The routes for the individual networks will be present in another router down the path. Each entry in the router will have a network prefix associated with it. The network prefix is used to identify the correct network from the given IP address.

Will

CIDR

completely

eliminate

IP

address

crunch problem?

No. Even using CIDR, all the available IP addresses will get used at some point in time. The final solution to this problem is to use the next version of IP (IPv6).

  • 1. What is Ethernet? Ethernet is a Local Area Network (LAN) cabling and signaling specification for baseband networks. Ethernet uses a bus or star topology for connecting different nodes in a network.

  • 2. To which OSI layer does Ethernet belong? Ethernet belongs to both the Physical Layer (Layer 1) and the Data Link layer (Layer 2) in the OSI architecture.

  • 3. What are the standard data rates for Ethernet? The standard data rates for Ethernet are 10 Mbps, 100 Mbps, and 1 Gbps

  • 4. What are the IEEE standards that cover Ethernet? The following IEEE standards define Ethernet:

  • 5. +--------+----------------------------------------------------+

  • 6. |IEEE

|

Description

|

  • 7. |Standard|

|

  • 8. +--------+----------------------------------------------------+

  • 9. |Logical Link Control (LLC) Specification. Specifies|

|802.2

  • 10. |the general interface between the network layer

|

|

  • 11. |(IP, IPX, etc) and the data link layer (Ethernet,

|

|

  • 12. |Token Ring, etc).

|

 

|

13.

+--------+----------------------------------------------------+

  • 14. |CSMA/CD Network (Ethernet) Specification. Specifies|

|802.3

  • 15. |the frame format, cabling and signaling standards. |

|

  • 16. +--------+----------------------------------------------------+

17.How two systems in an Ethernet network communicate? In a Ethernet network, a system broadcasts the data using a Ethernet frame. The destination system is specified in the Ethernet frame using its Ethernet address. All the systems in the network listen for an Ethernet frame with their Ethernet address in it. When a system receives an Ethernet frame with its address in it, it processes the frame and sends it to the higher layers (like IP) for further processing. 18.What is a "collision"? At any one instance, in an Ethernet network, only one device can transmit. If two devices transmit at the same instance, then the signals from both devices will collide and a "collision" will occur. When a "collision" occurs, the signals will get distorted and the frame will be lost. Collisions are very common in a Ethernet network. 19.How is "collision" handled in Ethernet networks? Ethernet uses the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) media access control mechanism to detect and recover from a collision. 20.What is CSMA/CD? CSMA/CD is a media access control mechanism used in Ethernet to recover from frame collision. The following steps are followed to recover from a collision.

Step 1: Before an Ethernet device sends a frame on the Ethernet cable, it listens to find if another device is already transmitting a frame (Carrier Sense). Step 2: Once the device finds that other devices are not transmitting any frame, it starts transmitting the frame. If two devices detect that the Ethernet cable is free at the same time, then both will start transmitting the frames (Multiple Access). This will result in collision. Step 3: The Ethernet devices while transmitting the frames, also listen for the collision. (Collision Detect). Step 4: If they detect a collision, both the devices stop sending the frame (back off). Step 5: They retry the transmission after a logarithmic time-out period. This process is repeated till the frame is transmitted successfully, for a maximum of 16 times. The frame is discarded after the 16th retry.

21.What is "late collision"? An Ethernet device will detect a collision, while it is transmitting, only if the collision reaches it before it completes transmitting the entire frame. If the collision reaches the transmitter, after it completed sending the entire frame, then the transmitter will not detect the collision, it will assume the collision occurred because of some other frame. This is called "late collision". Late collision will occur, if the length of the Ethernet network segment is greater than the standard allowed length. 22.How "late collision" is avoided in Ethernet? Late collision can be avoided, if the maximum length of the Ethernet network segment is restricted, such that if a collision occurs, it will reach the transmitter before the

transmitter completed transmitting the entire frame. In a typical 10 Mbps network, the minimum length of an Ethernet frame is 576 bits (72 bytes) and the maximum length of a single Ethernet network segment is 2.5 kms. 23.What is an Ethernet address? Each device in an Ethernet network is uniquely identified by a 48 bit (6 bytes) address called Ethernet address. Ethernet address is also known as Media Access Control (MAC) address. Ethernet addresses are represented as six pairs of hexadecimal digits separated by a colon. Ethernet address are buried in the network adapter by the manufacturer. A Ethernet address of a device cannot be changed. Example: 00:60:08:11:B1:AB,

00:00:c0:5e:83:0e

24.What is a broadcast address? The Ethernet address in which all the bits are 1 is known as a broadcast address. It is represented as FF:FF:FF:FF:FF:FF. A frame with this address is received and processed by all the nodes in the network. 25.What are the different Ethernet frame formats? The different Ethernet frame formats are listed below: Ethernet II and IEEE 802.3 26.Why there are different Ethernet frame formats? Xerox developed the first version of Ethernet, Ethernet I. The second version of Ethernet, Ethernet II, was developed by DEC, Intel and Xerox. After this the Ethernet was standardized by IEEE and the new format is known as 802.3 format. To provide backward compatibility with Ethernet II, 802.2 SNAP format was developed.

  • 27. What is the format of an Ethernet II frame?

  • 28. +-----------+----------+----------+-----------+----------+

  • 29. |Destination|Source MAC|Frame type|Data

| CRC

|

  • 30. |MAC Address|Address

|(IP, ARP) |(46 to

| Checksum |

  • 31. |(6 bytes)

|(6 bytes) |(2 bytes) |1500 bytes)| (4 bytes)|

  • 32. +-----------+----------+----------+-----------+----------+

33.What is the format of an 802.3 frame? The various components of an 802.3 frame are shown below:

  • 34. +----------+---------+-----------+----------+

  • 35. |802.3 MAC |802.2 LLC|Data

| CRC

|

  • 36. |Header

|Header

|(43 to

| Checksum |

  • 37. |(14 bytes)|(3 bytes)|1497 bytes)| (4 bytes)|

  • 38. +----------+---------+-----------+----------+

The first two components, MAC Header and LLC Header are further expanded below:

  • 802.3 MAC Header:

+-----------+----------+---------+ |Destination|Source MAC|Length of|

|MAC Address|Address

|the frame|

|(6 bytes)

|(6 bytes) |(2 bytes)|

+-----------+----------+---------+

  • 802.2 LLC Header:

+-----------+--------+--------+ |Destination|Source |Control |

|SAP

|SAP

|Byte

|

|(1 byte)

|(1 byte)|(1 byte)|

+-----------+--------+--------+

  • 39. What is the format of an 802.2 SNAP frame?

  • 40. +----------+---------+----------+-----------+----------+

  • 41. |802.3 MAC |802.2 LLC|802.2 SNAP|Data

| CRC

|

  • 42. |Header

|Header

|Header

|(38 to

| Checksum |

  • 43. |(14 bytes)|(3 bytes)|(5 bytes) |1492 bytes)| (4 bytes)|

  • 44. +----------+---------+----------+-----------+----------+

The 802.2 SNAP header is further expanded below. 802.2 SNAP Header:

+---------------------+---------+ |OUI (Organizationally|Type

|

|Unique Id)

|(2 bytes)|

|(3 bytes)

|

|

+---------------------+---------+

45.How is the length of an Ethernet II frame calculated? The length of an Ethernet II frame is not present in the frame itself. It depends on the Ethernet network interface used. When the interface sends a frame to the network device driver, it supplies the length of the received frame. 46.What is the minimum and maximum size of an Ethernet frame? The minimum size of an Ethernet frame is 64 bytes. The breakup of this size between the fields is: Destination Address (6 bytes) + Source Address (6 bytes) + Frame Type (2 bytes) + Data (46 bytes) + CRC Checksum (4 bytes). The minimum number of bytes passed as data in a frame must be 46 bytes. If the size of the data to be passed is less than this, then padding bytes are added. The maximum size of an Ethernet frame is 1518 bytes. The breakup of this size between the fields is: Destination Address (6 bytes) + Source Address (6 bytes) + Frame Type (2 bytes) + Data (1500 bytes) + CRC Checksum (4 bytes). The maximum number of bytes of data that can be passed in a single frame is 1500 bytes. 47.What is a SAP? SAP, Service Access Point, is the logical point at which services are provided by an OSI layer. Typically, the protocols in the network layer (like IP) bind at specific SAP in the Logical Link Control Layer( LLC) for accessing the services provided by it. 48.Why Sub Network Access Protocol (SNAP) header is required? The 802.2 LLC header replaces the 'protocol type' of the Ethernet II format with two SAP fields, Source SAP and Destination SAP. The value of the SAP field in the 802.2 header is equivalent to the 'protocol type' field in the Ethernet II header. The value of the SAP field will be between 1 and 255, since it is an 8 bit field. On the other hand, the 'protocol type' value for the standard protocols like IP, ARP, etc is grater than 1500. Obviosuly, these values cannot be represented in the SAP fields. So to provide compatibility with Ethernet II, SNAP header was added to the 802.2 LLC header. In a SNAP frame, both the SAP values will be 0xAA and the first 5 bytes of the data will give the protocol ID. Out

of the 5 bytes of data, the last 2 bytes are same as the protocol type field of the Ethernet II frame. The first 3 bytes are called as 'Organizationally Unique Identifer' (OUI) and are allocated as a vendor identifier. Typically, OUI will be zero.

  • 49. What are the values for SSAP, DSAP, control and org fields in a 802.2 SNAP frame?

  • 50. +-------+-----+

  • 51. |Field |Value|

  • 52. +-------+-----+

  • 53. |SSAP

|0xAA |

  • 54. |DSAP

|0xAA |

  • 55. |Control|3

|

  • 56. |0

|OUI

|

  • 57. +-------+-----+

58.How to differentiate between an 802.3 frame and an Ethernet II frame? The value of 'length' field in an 802.3 frame must be less than 1500 and in a Ethernet II frame the value of 'type' field must be more than 1500. Since the 802.3 frame 'length' field and the Ethernet II frame 'type' field are at the same offset from the header, depending on the value present, the frame can be differentiated. 59.What is promiscuous mode? Normally, a Ethernet network interface will pass a frame to the above network layers only if it is addressed to that interface. If the network interface is put in the promiscuous mode, the Ethernet network interface will send all the frames (frames addressed to any host in the network), regardless of their destination address to the above network layers. This mode is used by network analyzers to capture all the frames. 60.What is MTU? Maximum Transmission Unit (MTU) is the maximum number of bytes that can be transmitted in a single transmission unit. Every communication medium has a MTU. For Ethernet, the MTU of a frame is 1500.

What is IP? Internet Protocol (IP) is an unreliable, best effort delivery, connection-less protocol used for transmitting and receiving data between hosts in a TCP/IP network.

To which OSI layer does IP belong? IP belongs to the Network Layer (layer 3) in the OSI model.

Which RFC discusses IP? RFC 791 discusses about the IP protocol version 4.

Which version of IP is discussed in this document? IP version 4 (IPv4) is discussed in this document.

What do you mean by IP is an unreliable protocol? IP is a unreliable protocol because it does not guarantee the delivery of a datagram to its

destination. The reliability must be provided by the upper layer protocols like TCP. IP does not support flow control, retransmission, acknowledgement and error recovery.

What do you mean by IP is a best-effort protocol? IP is a best-effort protocol, because it will make every effort to always transmit a datagram and also datagrams will not be just discarded. However, the delivery of the datagram to the destination is not guaranteed.

What do you mean by IP is a connection-less protocol? IP is a connection-less protocol because it does not maintain state information about the connection to a destination host. Each datagram is handled independent of other datagrams and also each datagram may reach the destination through different network routes.

What is the role of IP in the TCP/IP protocol suite? IP is used for

  • 1. Transmitting data from higher-level protocols like TCP, UDP in IP datagrams, from one host to another host in the network.

  • 2. Identifying individual hosts in a network using an IP address.

  • 3. Routing datagrams through gateways and

  • 4. Fragmenting and reassembling datagrams based on the MTU of the underlying network.

What is an IP Datagram? An IP datagram is a basic unit of information used by the IP layer to exchange data between two hosts. A IP datagram consists of an IP header and data.

How higher-level data is carried by IP to a destination host? The data from higher-level protocols like TCP, UDP is encapsulated in an IP datagram and transmitted to the destination host. IP will not modify the higher-level data.

What is the minimum and maximum size of an IP datagram? The minimum size of an IP datagram is 576 bytes and the maximum size is 65535 bytes.

What is the minimum and maximum size of an IP datagram header? The minimum size of an IP datagram header is 20 bytes. The maximum IP datagram header size is 60 bytes.

Is there a limitation on the minimum size of a IP datagram a network can handle? Yes. All IP networks must be able to handle datagrams of at least 576 bytes in length.

What are the fields in an IP datagram header? The various fields in an IP datagram header and their size in bits are shown below:

+-------------+ | Version +-------------+

| 4 bits

| IP Header | Length +-------------+ | Type of | Service | +-------------+

| 4 bits |

| 8 bits

| Size of the | 16 bits

| Datagram

|

+-------------+ | Datagram ID | 16 bits +-------------+

| Control | Flags +-------------+ | Fragment | Offset

| 3 bits |

| 13 bits |

+-------------+ | Time to | Live | +-------------+ | Protocol +-------------+

| 8 bits

| 8 bits

| Header | Checksum +-------------+ | Source IP | Address | +-------------+

| 16 bits |

| 32 bits

| Destination | 32 bits

| IP Address +-------------+ | Options | Variable Length +-------------+

|

The various fields are explained below:

+-----------+-----------------------------------------------------+

| Version

| IP protocol version.

For IPv4, this value is 4.

|

+-----------+-----------------------------------------------------+

| IP Header | Length of the IP header in multiples of

|

| Length

| 32-bit words.

|

+-----------+-----------------------------------------------------+

| Type of

| Quality of Service(QOS) requested for this datagram.|

| Service | (TOS) +-----------+-----------------------------------------------------+

|

|

|

|

| Datagram

| Length of the entire datagram in bytes, including

|

| Size

| the header and the payload.

|

+-----------+-----------------------------------------------------+

| Datagram | Current datagram identifier.

|

| ID +-----------+-----------------------------------------------------+

|

|

| Control

| Bit 0: Reserved

|

|

|

| Flags

| Bit 1: 0 - Allow fragment, 1 - Don't fragment.

|

| Bit 2: 0 - Last fragment, 1 - More fragments.

+-----------+-----------------------------------------------------+

| Fragment

| Specifies the offset in the original IP datagram,

|

| Offset

| where this fragment begins.

This is a multiple of

|

|

|

| 32 bit words.

+-----------+-----------------------------------------------------+

| Time to

| The time upto which this datagram can live in the

|

|

| Live

| network.

| (TTL) +-----------+-----------------------------------------------------+

|

|

| Protocol

| Indicates to which upper-layer protocol layer this

|

|

|

| datagram should be delivered. e.g. TCP, UDP

+-----------+-----------------------------------------------------+

| Header

| IP header checksum.

|

| Checksum +-----------+-----------------------------------------------------+

|

|

| Source IP | IP address of the source host sending this IP

|

| Address

| datagram.

|

+-----------+-----------------------------------------------------+ | Target IP | IP address of the destination host to which this

|

| Address

| IP datagram must be delivered.

|

+-----------+-----------------------------------------------------+

| Options

| Used for timestamps, security, source routing, etc. |

+-----------+-----------------------------------------------------+

What is the byte order used for transmitting datagram headers in the TCP/IP protocol suite?

All the datagram headers in the TCP/IP protocol suite are transmitted in the "big endian" byte order. i.e. The most significant byte is transmitted first. This is also called as "network byte order".

Why there are two length fields (IP header length, IP datagram length) in the IP header? The size of the IP header is not fixed. Depending on the IP options present, the size of the IP header will vary. A separate field for the IP header length is added, so that the destination system can separate the IP datagram header from the payload.

How is the value for datagram identifier calculated? The IP datagram identifier is just a sequence number assigned by the transmitting host. The algorithm for assigning value to this field is not specified by the IP protocol.

What is the use of datagram identifier field? The IP datagram identifier field is used to uniquely identify and assemble the different fragments of an IP datagram.

Is the datagram identifier field unique for each IP datagram? Yes. The IP datagram identifier field is different for each IP datagram transmitted. The fragments of an IP datagram will have the same identifier value.

What is the use of Type Of Service field in the IP header? The Type Of Service (TOS) field is used TCP to describe the desired quality of service for an IP datagram by upper layer protocols like TCP. This field can be used to specify the nature and

priority of a IP datagram (like Network Control, Immediate, Critical, etc) and the criteria for selecting a path for forwarding a datagram by a gateway.

What are the different types of criteria can be specified using the TOS field? The different types of criteria that can be specified by the TOS field in an IP datagram are:

  • 1. Minimize delay,

  • 2. Maximize throughput

  • 3. Maximize reliability

  • 4. Minimize cost and

  • 5. Normal service.

Which RFC discusses the Type Of Service (TOS) field? RFC 1349 discusses the Type Of Service (TOS) field.

What is the use of the Time To Live (TTL) field in the IP header? The TTL field is used to limit the lifetime of a IP datagram and to prevent indefinite looping of IP datagrams.

How is the TTL field used to prevent indefinite looping of IP datagrams? The TTL field contains a counter value set by the source host. Each gateway that processes this datagram, decreases the TTL value by one. When the TTL value reaches zero, the datagram is discarded.

What is the typical value for the TTL field? The typical value for a TTL field is 32 or 64.

When is a datagram considered

undeliverable?

If a datagram cannot be delivered to the destination host due to some reason, it is considered an

undeliverable datagram.

How a datagram becomes an undeliverable datagram? A datagram may become undeliverable, if

  • 1. The destination host is down.

  • 2. The route for the destination host is not found.

  • 3. A network in the route to the destination host is down.

  • 4. The Time To Live (TTL) value of the datagram becomes zero.

What happens to an undeliverable datagram? An undeliverable datagram is discarded and an ICMP error message is sent to the source host.

Is it possible for an IP datagram to be duplicated? Yes. A host may receive the same copy of an IP datagram twice. It is upto the higher layer protocols to discard the duplicate copy of the datagram.

Which part of the IP datagram is used for calculating the checksum? The checksum field in the IP header covers only the IP header. The payload data is not used for calculating this checksum.

What is an IP address? IP address is an network layer protocol address for a host in a TCP/IP network.

What is the use of an IP address? IP address is used to uniquely identify each host in a network. IP address is needed in order to communicate with other hosts in the network using the TCP/IP suite of protocols.

Which version of IP is covered by this document? This document covers IP version 4.

Which RFC specifies the IP address standard? RFC 1166 specifies the IP Version 4 address format.

How a host determines its IP address? A host determines its IP address during the boot-up process either from a configuration file stored in the local hard disk of the system or using a network protocol like RARP, DHCP, BOOTP from the servers in the network.

Is there any relation between the MAC address and IP address of a host? No. There is no relation between the MAC address and the IP address of a host.

Can a single network interface have more than one IP address associated with it? Yes. It is possible to associate more than one IP address to a single network interface. This is discussed in detail in RFC 1122.

What is the difference between a host name and an IP address? A host name is used to identify a host by human beings and higher level user applications. But IP protocol uses only IP addresses to identify a host in the network. A host-name is provided just as a convenience for users of the network and higher level applications.

How a host name is resolved to the corresponding IP address? A host name is resolved to the corresponding IP address either from a configuration file stored in the local machine or using a network protocol like DNS or WINS from a server in the network.

What is the size of an IP address? The size of an IP address is 32 bits (4 bytes).

How an IP address is represented? The following notation is used to represent an IP address. This notation is called the dotted decimal format: M.N.O.P, where M, N, O and P represent the first, second, third and fourth bytes

of an IP address respectively. The size of each byte is 8 bits and the value of each byte can be from 0 to 255. For example, 192.9.205.21 is an IP address.

What are the components of an IP address? A IP address consists of the following components: Network ID and Host ID. For example, in the IP address 192.9.205.21, the network ID is 192.9.205 and the host ID is 21.

What is a network ID? A network ID uniquely identifies a network. All the hosts in a single network will have the same network ID. For example, in the IP address 192.9.205.21, the network ID is 192.9.205. A router analyses only the network ID portion of an IP address for datagram forwarding.

What is a host ID? A host ID uniquely identifies a host in a network. Two hosts in two different networks can have the same host ID. For example, in the IP address 192.9.205.21, the host ID is 21.

What is a unicast IP address? A unicast IP address is an IP address uniquely identifying a host in a network. The datagram with a unicast IP address is received and processed by only a single host. For example, the IP address 192.9.205.21 is a unicast IP address.

What is a multicast IP address? A multicast address is an IP address identifying a particular group of hosts in network. This group of hosts is called a multicast group. For example, the IP address 225.2.100.1 is a multicast IP address.

What is a broadcast IP address? The datagram with a broadcast IP address is received and processed by all the hosts in the local network. For example, the IP addresses 255.255.255.255, 192.9.205.255, 180.10.255.255, 10.255.255.255 are broadcast IP addresses.

How IP addresses are classified? IP addresses are classified based on the number of bytes allocated to the Network ID and the Host ID in an IP address.

What is the use of classifying IP addresses? IP addresses are classified so that networks and hosts can be easily managed.

What are the different classes of IP addresses? IP addresses are classified into the following classes:

  • 1. Class A

  • 2. Class B

  • 3. Class C

  • 4. Class D

How to determine the class of an IP address? The class of an IP address can be determined from the first four bits of the first byte of the IP address.

How many bytes does each Class of IP address use to represent network and host IDs? The number of bytes used by each network Class to represent the network and host are shown below:

+----------+----------------+----------------+ |IP Address| Bytes used for | Bytes used for |

|Class | Network ID | Host ID | +----------+----------------+----------------+ | Class A | Class B |
|Class
| Network ID
| Host ID
|
+----------+----------------+----------------+
| Class A
| Class B
| Class C
| Class D
| Class E | - | - |
+----------+----------------+----------------+
|
1
|
3
|
|
2
|
2
|
|
3
|
1
|
|
-
|
-
|

What is the format of the various IP address classes? The format of the different IP address classes is shown below:

+----------+-------------------------------------+

|IP Address| IP Address format

|

|Class

|

|

+----------+-------------------------------------+ | Class A | 0NNNNNNN.HHHHHHHH.HHHHHHHH.HHHHHHHH | | Class B | 10NNNNNN.NNNNNNNN.HHHHHHHH.HHHHHHHH | | Class C | 110NNNNN.NNNNNNNN.NNNNNNNN.HHHHHHHH | | Class D | 1110MMMM.MMMMMMMM.MMMMMMMM.MMMMMMMM | | Class E | 1111RRRR.RRRRRRRR.RRRRRRRR.RRRRRRRR | +----------+-------------------------------------+

In the above table, N denotes the network ID bits, H denotes the host ID bits, M denotes the multicast address bits and R denotes reserved bits.

How many number of networks and hosts can be represented using the IP address classes?

The maximum number of networks and hosts that can be represented using the various IP address classes is shown below in the table:

+----------+----------------+---------------------+ |IP Address| Maximum number | Maximum number of

|

|Class

| of networks

| hosts per network

|

+----------+----------------+---------------------+

| Class A

| 126 (2^7 - 2)

| 16777214 (2^24 - 2) |

| Class B

| 16384 (2^14)

| 65534 (2^16 - 2)

|

| Class C

| 2097152 (2^21) | 254 (2^8 - 2)

|

| Class D | Class E | - | - | +----------+----------------+---------------------+

|

-

|

-

|

In the above table,

  • 1. The numbers are calculated using the number of bits used to represent the network ID and host ID.

  • 2. The maximum number of networks for Class A IP address is reduced by 2 to account for the reserved network IP address 0.xxx.xxx.xxx and 127.xxx.xxx.xxx

  • 3. The maximum number of hosts for all the classes is reduced by 2 to account for the reserved host IP address in which all the host ID address bits are either one or zero.

What is the possible range of IP addresses for the different classes?

+----------+-----------------------------------+ |IP Address| Possible range of IP address

|

|Class

|

|

+----------+-----------------------------------+

| Class A

| 0.0.0.0

through 127.255.255.255 |

| Class B

| 128.0.0.0 through 191.255.255.255 |

| Class C | Class D | Class E

| 192.0.0.0 through 223.255.255.255 | | 224.0.0.0 through 239.255.255.255 | | 240.0.0.0 through 247.255.255.255 |

+----------+-----------------------------------+

What kind of networks use a Class A or Class B or Class C IP address typically? Class A IP address is used for a network with large number of hosts. Class C IP address is used for a network with less number of hosts. Class B IP address is used for a network with medium number of hosts.

What is the use of Class D IP addresses? The Class D IP addresses are used for multicasting.

What is the use of Class E IP addresses? The Class E IP addresses are reserved for experimental purpose.

How to decide which class of IP address to use for a particular network? The class of IP address to use for a particular network depends on the maximum number of hosts in the network. For example, if the maximum number of hosts in a network will be less than 254 hosts, then a Class C IP address can be used for the network. If the maximum number of hosts in a network will be greater than 254 hosts but less than 65534, then a Class B network can be used.

Does the maximum number of hosts in a network, restrict the class of IP address that can be used for the network?

No. Any possible class of IP address can be used to represent a network. For example, if a network has 200 hosts, it can use either a class A or class B or class C IP address.

What are the various special IP addresses? The various special IP address are shown below in the table:

+----------------+-------------------------------------------------+

|IP Address

| Description

|

+----------------+-------------------------------------------------+

|0.0.0.0

| Local host.

|

+----------------+-------------------------------------------------+

 

The value of the last

|

|127.xxx.xxx.xxx | Local loopback address. | 3 bytes are ignored.

|

The datagram with this IP |

| address is never transmitted over the network. +----------------+-------------------------------------------------+

|

|

|xxx.0.0.0

|xxx.xxx.0.0

|xxx.xxx.xxx.0

| Local host IP address.

The x represents the

|

| network ID bits.

|

|

|

+----------------+-------------------------------------------------+

|0.xxx.xxx.xxx

|0.0.xxx.xxx

|0.0.0.xxx

| IP address of a host in the local network.

The |

|

|

| x represents the host ID bits.

|

+----------------+-------------------------------------------------+

|255.255.255.255 | Limited Broadcast address. Datagram with this |

|

| address will be received and processed by all

|

|

| the hosts in the local network.

This datagram

|

|

| is not forwarded to other networks by routers.

|

+----------------+-------------------------------------------------+ |xxx.255.255.255 | Directed broadcast address. The datagram with |

|xxx.xxx.255.255 | this IP address is received by all the hosts in |

|xxx.xxx.xxx.255 | the specified network.

The x

represents the

|

| network ID bits. +----------------+-------------------------------------------------+

|

|

What is meant by IP fragmentation? The breaking up of a single IP datagram into two or more IP datagrams of smaller size is called IP fragmentation.

Why is an IP datagram fragmented? Every transmission medium has a limit on the maximum size of a frame (MTU) it can transmit. As IP datagrams are encapsulated in frames, the size of IP datagram is also restricted. If the size of An IP datagram is greater than this limit, then it must be fragmented.

Which RFCs discuss IP fragmentation? RFC 791 & RFC 815 discusses about IP datagrams, fragmentation and reassembly.

Is it possible to select an IP datagram size to always avoid fragmentation? It is not possible to select a particular IP datagram size to always avoid fragmentation, as the MTU for different transmission It is possible, though, for a given path to choose a size that will not lead to fragmentation. This is called Path MTU Discovery and is discussed in the RFC 1191. The TCP transport protocol tries to avoid fragmentation using the Maximum Segment Size (MSS) option.

Where an IP datagram may get fragmented? An IP datagram may get fragmented either at the sending host or at one of the intermediate routers.

Where are the IP datagram fragments reassembled? The IP fragments are reassembled only at the destination host.

How to prevent an IP datagram from being fragmented? A IP datagram can be prevented from fragmentation, by setting the "don't fragment" flag in the IP header.

What happens when a datagram must be fragmented to traverse a network, but the "don't fragment" flag in the datagram is set?

The datagram whose "don't fragment" flag is set is discarded, if it must be fragmented to traverse

a network. Also, a ICMP error message is sent back to the sender of the datagram.

Will all the fragments of a datagram reach the destination using the same path? The different fragments of the same IP datagram can travel in either in the same path or in different paths to the destination.

Will all the fragments of a datagram arrive at the destination system in the correct order? The different fragments of a single IP datagram can arrive in any order to the destination system.

What happens to the original IP datagram when one or more fragments are lost? When one or more fragments of an IP datagram are lost, then the entire IP datagram is discarded after a timeout period.

What is the minimum size of an IP fragment? The minimum size of an IP fragment is the minimum size of an IP header plus eight data bytes. Most firewall-type devices will drop an initial IP fragment (offset 0) that does not contain enough data to hold the transport headers. In other words, the IP fragment normally need 20 octets of data in addition to the IP header in order to get through a firewall if offset is 0.

What are the limitations on the size of a fragment? The size of an IP datagram fragment is limited by

  • 1. The amount of remaining data in the original IP datagram

  • 2. The MTU of the network and

  • 3. Must be a multiple of 8, except for the final fragment.

How is an IP datagram fragment differentiated from a non-fragmented IP datagram? A complete IP datagram is differentiated from an IP fragment using the offset field and the "more fragments" flags. For a non-fragmented IP datagram, the fragment offset will be zero and the "more fragments" flag will be set to zero.

How are the fragments of a single IP datagram identified? The "identification" field in the IP header is used to identify the fragments of a single IP datagram. The value of this field is set by the originating system. It is unique for that source- destination pair and protocol for the duration in which the datagram will be active.

How is the last fragment of an IP datagram identified? The last fragment of an IP datagram is identified using the "more fragments" flag. The "more fragment" flag is set to zero for the last fragment.

How is the length of a complete IP datagram calculated from the received IP fragments? Using the fragment offset field and the length of the last fragment, the length of a complete IP datagram is calculated.

How is an IP datagram fragmented? In the following example, an IP datagram is fragmented into two. This same algorithm can be used to fragment the datagram into 'n' fragments.

  • 1. The IP layer creates two new IP datagrams, whose length satisfies the requirements of the network in which the original datagram is going to be sent.

  • 2. The IP header from the original IP datagram is copied to the two new datagrams.

  • 3. The data in the original IP datagram is divided into two on an 8 byte boundary. The number of 8 byte blocks in the first portion is called Number of Fragment Blocks (NFB).

  • 4. The first portion of the data is placed in the first new IP datagram.

  • 5. The length field in the first new IP datagram is set to the length of the first datagram.

  • 6. The fragment offset field in the first IP datagram is set to the value of that field in the original datagram.

  • 7. The "more fragments" field in the first IP datagram is set to one.

  • 8. The second portion of the data is placed in the second new IP datagram.

  • 9. The length field in the second new IP datagram is set to the length of the second datagram.

    • 10. The "more fragments" field in the second IP datagram is set to the same value as the original IP datagram.

    • 11. The fragment offset field in the second IP datagram is set to the value of that field in the original datagram plus NFB.

How a destination system reassembles the fragments of an IP datagram?

  • 1. When a host receives an IP fragment, it stores the fragment in a reassembly buffer based on its fragment offset field.

  • 2. Once all the fragments of the original IP datagram are received, the datagram is processed.

  • 3. Upon receiving the first fragment, a reassembly timer is started.

  • 4. If the reassembly timer expires before all the fragments are received, the datagram is discarded.

What fields are changed in an IP header due to fragmentation? The following IP header fields are changed due to IP fragmentation:

  • 1. Total Length

  • 2. Header Length

  • 3. More Fragments Flag

  • 4. Fragment Offset

  • 5. Header Checksum

  • 6. Options

What happens to the IP options field when an IP datagram is fragmented? Depending on the option, either it is copied to all the fragments or to only the first fragment.

Which

IP

options

are

copied

to

all

the

fragments

of

an

IP

datagram?

If the most significant bit in the option type is set (i.e. value one), then that option is copied to all

the fragments. If it is not set (i.e. value zero), it is copied only to the first fragment.

What is RARP? Reverse Address Resolution Protocol (RARP) is a network protocol used to resolve a data link layer address to the corresponding network layer address. For example, RARP is used to resolve a Ethernet MAC address to an IP address.

To which OSI layer does RARP belong? RARP belongs to the OSI data link layer (layer 2).

Which RFC specifies the requirements for RARP? RFC 903 specifies the RARP packet format and other details.

Why is RARP needed?

Normally, the IP address of a system is stored in a configuration file in the local disk. When the system is started, it determines its IP address from this file. In the case of a diskless workstation, its IP address cannot be stored in the system itself. In this case, RARP can be used to get the IP address from a RARP server.

What is a RARP server? All the mappings between the hardware MAC addresses and the IP addresses of the hosts are stored in a configuration file in a host in the network. This host is called the RARP server. This host responds to all the RARP requests.

Where is the mapping between the MAC address and IP addresses stored in a RARP server?

The mapping between MAC addresses and IP addresses is usually stored in a configuration file in the local hard disk in the RARP server.

Can RARP be used in a network other than Ethernet? Yes. RARP is a general protocol, which can be used to map any type of hardware MAC address to any type of network layer protocol address.

How does RARP resolve an Ethernet MAC address to an IP address? When a diskless system is booted up, it broadcasts a RARP request packet with its MAC address. This packet is received by all the hosts in the network. When the RARP server receives this packet, it looks up this MAC address in the configuration file and determines the corresponding IP address. It then sends this IP address in the RARP reply packet. The diskless system receives this packet and gets its IP address.

When is a RARP request packet generated? A RARP request packet is usually generated during the booting sequence of a host. A host must determines its IP address during the booting sequence. The IP address is needed to communicate with other hosts in the network.

What happens when a RARP server receives a RARP request packet? When a RARP server receives a RARP request packet it performs the following steps:

  • 1. The MAC address in the request packet is looked up in the configuration file and mapped to the corresponding IP address.

  • 2. If the mapping is not found, the packet is discarded.

  • 3. If the mapping is found, a RARP reply packet is generated with the MAC and IP address. This packet is sent to the host, which originated the RARP request.

What happens when a host receives a RARP reply packet? When a host receives a RARP reply packet, it gets its IP address from the packet and completes the booting process. This IP address is used for communicating with other hosts, till it is rebooted.

What is the length of a RARP request and reply packet? The length of a RARP request or a RARP reply packet is 28 bytes.

What is the RARP packet format? The various fields of a RARP request/reply packet and their length are shown below:

+--------+ |Hardware| 2 bytes |MAC | |Address | |Type | +--------+ |Protocol| 2 bytes |Address | |Type +--------+ |Hardware| 1 byte |MAC

|

|

|Address |

|Size

|

+--------+ |Protocol| 1 byte |Address |

|Size

|

+--------+

|Op

| 2 bytes

+--------+

|Sender

| 6 bytes (depends on the above size field)

|MAC

|

|Address |

+--------+

|Sender

| 4 bytes (depends on the above size field)

|IP

|

|Address |

+--------+

|Target

| 6 bytes (depends on the above size field)

|MAC

|

|Address |

+--------+

|Target

| 4 bytes (depends on the above size field)

|IP

|

|Address |

+--------+

The fields are further explained below:

+---------+-------------------------------------------------------+

|Ethernet |For a RARP request, source MAC address is the MAC

|

|Header

|address of the host sending the RARP request,

|

|

|

|destination MAC address is the Ethernet broadcast

|

|address (FF:FF:FF:FF:FF:FF), frame type field is 0x8035|

|

|

|

|For RARP reply, source MAC address is the MAC address

|

|of the RARP server replying to the RARP request,

|

|destination MAC address is the MAC address of the host |

|

|that sent the RARP request, and the frame type field is|

|

|0x8035.

|

+---------+-------------------------------------------------------+

|Hardware |Type of the hardware MAC address present in the packet.|

|Address

|For Ethernet the value of this field is 1.

|

|

|Type

|

+---------+-------------------------------------------------------+

|Protocol |Type of the protocol address requested for the MAC

|

|Address

|address. For IP address the value of this field is

|

|Type

|0x800.

|

+---------+-------------------------------------------------------+

|Hardware |Size of the hardware MAC address.

For Ethernet, the

|

|Address

|value of this field is 6.

|

|Size

|

|

+---------+-------------------------------------------------------+

|Protocol |Size of the protocol address.

For IP, the value of

|

|Address

|this field is 4.

|

|Size

|

|

+---------+-------------------------------------------------------+

|Operation|Type of operation being performed.

The value of this

|

|field can be 3 (RARP request) or 4 (RARP reply). +---------+-------------------------------------------------------+

|

|

|Source

|In a RARP request packet, this is the hardware MAC

|

|MAC

|address of the source host.

In a RARP reply packet,

|

|address

|

|this is the hardware MAC address of the RARP server

|

|

|sending the RARP reply.

+---------+-------------------------------------------------------+

|Source

|In a RARP request packet, this is undefined.

In a

|

|IP

|RARP reply packet, this is the IP address of the RARP

|

|address |server sending the RARP reply.

|

+---------+-------------------------------------------------------+

|Target

|In a RARP request packet, this is the hardware MAC

|

|MAC

|address of the source host.

In a RARP reply packet,

|

|address

|this is the hardware MAC address of the host, that sent|

|the RARP request packet. +---------+-------------------------------------------------------+

|

|

|Target

|In a RARP request packet, this is undefined. In a RARP |

|IP

|reply packet, this is the IP address of the host

|

|address |that sent the RARP request packet. +---------+-------------------------------------------------------+

|

Does RARP use the same packet format as ARP? Yes. RARP uses the same packet format as ARP.

How is a RARP packet differentiated from an ARP packet? The frame type in the Ethernet header is used to differentiate a RARP packet from an ARP packet. The value of the opcode field in the RARP header can also be used.

Is the format of a RARP request packet the same as that of a RARP reply packet? Yes. The packet format of a RARP request packet is same as that of a RARP reply packet.

How is a RARP request differentiated from a RARP reply packet? The 'operation' field in the RARP packet is used to differentiate between a RARP request and a RARP reply packet.

What are the values for the source and destination IP address fields in a RARP request packet?

In an RARP request packet, the source and destination IP address values are undefined.

What are the values for the source and destination IP address values in a RARP reply packet?

In a RARP reply packet, the source IP address is the IP address of the RARP server responding to the RARP request and the destination IP address is the IP address of the host that sent the RARP request.

Do all the hosts in a network process a RARP packet? Since a RARP request packet is a broadcast packet, it is received by all the hosts in the network. But only a RARP server processes a RARP request packet, all the other hosts discard the packet.

The RARP reply packet is not broadcast, it is sent directly to the host, which sent the RARP request.

What will happen if more than one RARP server in a network responds to a RARP request?

If more than one RARP server respond to a RARP request, then only the first RARP reply received is used. All other replies are discarded.

What will happen if a RARP reply is not received for a RARP request? If a RARP reply is not received within a reasonable amount of time, the host, which sent the RARP request, will not be able to complete its booting sequence. Usually the host will again retry sending the RARP request after a timeout period.

Are

there

any

alternative

protocols

to

RARP?

The BOOTP and DHCP protocols can be used instead of RARP to get the IP address from the

MAC address.

What is an IP sub-network? A single IP class A, B, or C network is further divided into a group of hosts to form an IP sub- network.

What is the use of sub-networks? Sub-networks are created for manageability, performance, and security of hosts and networks and to reduce network congestion.

Which RFC specifies IP subnetwork addressing? RFC 950 specifies IP subnetwork addressing protocol.

How sub-networks are formed? The host ID portion of an IP address is further divided into a sub-network ID part and a host ID part. The sub-network ID is used to uniquely identify the different sub-networks within a network.

What is a subnet mask? Subnet mask is a 4 byte (32 bit) number used to identify the sub-network ID and the host ID from an IP address. All the hosts in a sub-network will have the same subnet mask. E.g. 255.255.255.0, 255.255.127.0, 255.255.0.0

How a host determines its subnet mask? A host determines its subnet mask during the boot-up sequence either from a configuration file stored in the local hard disk or from a server in the network using a network protocol like BOOTP, ICMP.

How is a subnet mask formed? For all the bits in the IP address which are used to represent the network ID, and the sub-network

ID, the corresponding bits in the subnet mask will be one. For all the bits in the IP address which are used to represent the host ID, the corresponding bit in the subnet mask will be zero. For example, if the first two bytes of the IP address are used to represent the network (class B address) and the third byte is used to represent the sub-network, and the last byte is used to represent the host, then the subnet mask will be 255.255.255.0

Why a host needs to know about its subnet mask? When a host "A" needs to communicate with another host "B", it must know whether host "B" is in the same network or in a different network. If the host "B" is in the same network then host "A" can send the datagram directly to host "B". But if the host B is in a different network, then host "A" must send the datagram to a proper router. By determining the network class of the IP address of host "B", host "A" can determine whether host "B" is in the same network or in a different network. By using the subnet mask host "A" can find out whether host "B" is in the same subnet or in a different subnet.

How to determine to the network ID, sub-network ID and the host ID, given the IP address and the subnet mask?

The network class (A or B or C) of a given IP address can be easily determined by looking at the

value of the first 4 bits of the first byte. From the network class, the number of bytes used to represent the network can be determined and hence the network ID can be determined. By performing a "AND" logical operation of the IP address and the subnet mask, the sub-network ID can be determined. In the value resulting from the "AND" operation, by removing the bytes used for the network ID, the remaining bits for which the corresponding bit in the subnet mask is one, represents the sub-network ID.

Is it possible to form a subnet mask by using bits in non-contiguous positions in the IP address?

Yes. It is possible to use non-contiguous bits in the host portion of an IP address to form the

subnet field according to the standard. Only contiguous fields are usually used to form a subnet field.

Is it possible to determine whether the network is subnetted by using the IP address of a host alone?

No. It is not possible to determine whether a network is subnetted just by using the IP address alone. The subnet mask is needed to determine this.

Is it necessary for hosts in a network "M" to know about the subnetworks in another network "N" to communicate with hosts in that network?

No. Subnetworks in one network are transparent to hosts in another network.

Example 1:

For example, let us say the IP address is 100.24.124.27 and the subnet mask is 255.255.0.0. As the most significant bit in the first byte of the IP address is zero, this is a Class A IP address. Therefore, the first byte represents the network ID. In this case, the network ID is 100. The result of a logical AND operation between the IP address and the subnet mask is 100.24.0.0. In this value, the first byte represents the network ID. For all the remaining one bit in the subnet mask,

the corresponding bit in the IP address, represents the sub-network ID. In this case it is 24. The remaining bits in the IP address represent the host ID. In this case it is 124.27.

Example 2:

IP Address: 187.199.127.5 Sub-net mask: 255.255.255.0

Network Class: B Network ID: 187.199 Result of logical AND operation: 187.199.127 Sub-network ID: 127 Host ID: 5

Example 3:

IP Address: 187.199.127.5 Sub-net mask: 255.255.240.0

Network Class: B Network ID: 187.199 Result of logical AND operation: 187.199.112.0 Sub-network ID: 112 Host ID: 15.5

Example 4:

IP Address: 187.199.127.5 Sub-net mask: 255.255.128.0

Network Class: B Network ID: 187.199 Result of logical AND operation: 187.199.0.0 Sub-network ID: 0 Host ID: 127.5

What are the possible values for a sub-net mask? All the possible values for a sub-net mask are shown below:

255.128.0.0

255.192.0.0

255.224.0.0

255.240.0.0

255.248.0.0

255.252.0.0

255.254.0.0

255.255.0.0

255.255.128.0

255.255.192.0

255.255.224.0

255.255.240.0

255.255.248.0

255.255.252.0

255.255.254.0

255.255.255.0

255.255.255.128

255.255.255.192

255.255.255.224

255.255.255.240

255.255.255.248

255.255.255.252

What are the two types of subnetting? The two types of subnetting are:

  • 1. Static length

  • 2. Variable length

What is 'Static Length' subnetting? If all the subnetworks in a single network use the same subnet mask, it is called as 'Static Length' subnetting.

What is 'Variable Length' subnetting? If the different subnetworks in a single network use different subnet masks, it is called as 'Variable Length' subnetting.

What is the disadvantage in using 'Static Length' subnetting? In the case of a 'Static Length' subnetwork, irrespective of the number of hosts in the subnetwork, a single subnet mask is used for all the subnetworks. Because of this, a large number of IP addresses will be wasted. For example, let us say, we have a class C IP network address 192.9.205.0 subnetted using a subnet mask 255.255.255.192. The total number of possible subnetworks is 4 and the total number of possible hosts per subnetwork is 32. Even if a subnetwork has just 4 hosts, it will be allocated the above subnetwork IP address, in this case 28 host IP addresses will be wasted.

What is the advantage in using 'Static Length' subnetting? It is easy to configure a network using 'Static Length' subnetting. In addition, native IP routing understands only static subnetting.

What is the advantage is using 'Variable Length' subnetting? In the case of 'Variable Length' subnetwork, IP addresses are allocated depending on the number of hosts present in the subnetwork. So available host IP addresses are efficiently used and are not wasted.

What is the disadvantage in using 'Variable Length' subnetting? All the routers in a 'Variable Length' subnetted network must understand this type of subnetting.

What

are

the

special

subnetwork

IP

addresses?

The subnet addresses in which all the bits are zero or one are special subnet IP addresses. The

subnet address in which all the bits are zero, represents the local subnetwork in which the

datagram

originated.

The

subnet

address in which all

the

bits are

one represents a subnet

broadcast address. In the broadcast address, all the other bits including the network and host ID must be one.