Routers

– Communicate over layer 3 (IP)

– Drop broadcast messages
– Connects LAN’s to WAN’s
Switches
– Communicate over Layer 2 (MAC)
– Distributes broadcast messages
– creates multiple collision domains
Hubs
– Dumb devices with NO logic
– data is sent to all connected device
Bridge
– Local solution connecting two local networks together.
A switch maintains a separate bridging table for each VLAN.
Switches have a higher number of ports than bridges
Both Switches and Bridges flood layer 2 broadcasts
Both bridges and switches make forwarding decisions on layer 2
Advantages Switches have over hubs
– Filtering frames based on MAC
– Allowing simultaneous frame transmission
Straight Cables
– Connect Switch to Router
– Connect PC to Switch
– Pins are identical both sides
Crossover Cables
– Connect PC to PC
– Wire 1 needs to connect with wire 3
– Wire 2 needs to connect with wire 6
10BaseT, 100BaseT & 1000BaseT – Ethernet cables all have the same 100m restriction.
Speed & Duplex
– NICs are designed with AUTO detect.
– 100mbps NIC – Hardcode
– 1000mbps NIC – Auto
– Speed 10/100mbps – Duplex Half/Full
– Auto-negotiation = 802.3u
OSI
L7 Application – browsers
L6 Presentation – html, encryption
L5 Session – session id’s
L4 Transport – Segment
L3 Network – Packet
L2 Data Link – Frame
L1 Physical – Bit
TCP/IP
L4 Application
L3 Transport
L2 Internet
L1 Network
L1 – Cables broken? Correct Speed/Duplex? Port open?
L2 – Correct protocol? Ethernet, HDLC, PPP?
L3 – Correct IP/Subnet?
L4 – Routing protocol used? is network advertised?
Troubleshooting
– Late Collisions indicate a duplex mismatch
– CRC Errors indicate bad cable/EMI
– Runts – packets that are smaller than the required 64bytes.
– Giants – packet that is larger than the MTU.
Same Layer Interaction
– Header information added by a layer on the sending device is processed by the same layer on the
receiving device.
Adjacent Layer Interaction
– A layer provides a service for a layer higher in the stack. A higher layer in the stack will request
lower layers to perform functions required.
– Cut-through switching is a method for packet switching systems, wherein the switch starts
forwarding a frame (or packet) before the whole frame has been received, normally as soon as the
destination address is processed.
STP
– Spanning-Tree Protocol – blocks some ports from forwarding frames so that only one active path
exists between any pair of lan segments.
– Caused by a flood when the MAC address table is full or the MAC address of a host is unknown.
CSMA/CD
– Carrier Sense Multiple Access/Collision Domain
– CSMA/CD Is and indication that a half duplex is running.
CRC/FCS
– Cyclical Redundancy Check
– Frame Check Sequence
– FCS field resides in the Ethernet trailer.
– FCS creates a hash using packet
– Device receiving packets decodes hash
– If hash doesn’t match then packet is dropped.
DNS
– Domain Name Server – Checks IP’s against domain names ARP
– Address Resolution Protocol – used to identify hosts using IP and MAC addresses.
– If host checks ARP cache and MAC is no there an ARP broadcast is generated.
CAM Table
– Also known as a MACADDRESS-TABLE, switching table or bridging table.
– Shows ports with learnt MACs
ICMP
– Internet Control Message Protocol
– reports issues with IP packets
– If there is an issue and IP packet destroyed and an ICMP message is generated and sent to host
of origin
– PINGs have TTL so show latency
IP
– Internet Protocol
– operates at the Network Layer
– connection-less
– looks at IP destination
– determines best path
TCP
– Transmission Control Protocol
– Reliable connection orientated
– 3 way – SYN, SYN ACK, ACK
– Windowing
– FTP(21), SSH(22), Telnet(23), SMTP(25), DNS Server(53), HTTP(80), POP3(110), HTTPS(443)
– TCP provides a sequencing of segments with a forward reference acknowledgement.
UDP
– User Datagram Protocol
– Connection-less Protocol
– no checks
– sends data numbered
– DNS client(53),TFTP(69)
Sequence number, acknowledgement number and window size are all found in the
TCP header and NOT the UDP.
Unicast – One message to one device
Multicast – One message to group
Broadcast – One message to network
IPv4 Addressing
Classes of address
Class A – 1 – 127 / 8
Class B – 128 – 191 / 16
Class C – 192 – 223 / 16
Class D – 224 – 239 – Multicast
Class E – 240 – 254 – Experimental
Private IP’s
– A – 10.0.0.0 – 10.255.255.255
– B – 172.16.0.0 – 172.31.255.255
– C – 192.168.0.0 -192.168.255.255
Public IP’s
– A – 1.0.0.0 – 126.255.255.255
– B – 128.0.0.0 – 191.255.255.255
– C – 192.0.0.0 – 223.255.255.255
– Automatic Addresses
– 169.254.0.0 – 169.254.255.255
Loopback Addresses
– 127.0.0.0 – 127.255.255.255
Running-Config is stored in RAM
Startup-Config is stored in NVRAM
VLAN
– Layer 2 feature
– Cannot speak directly without a layer 3 assistant (router)
– Segments broadcast domains
– Logically groups users
– Subnet correlation
– Access control
– QoS
– Native VLAN has to match across network.
– VLAN Pruning, stops VLANs crossing switches where the VLAN doesn’t exist.
Link Type – Grouping similar items
Unified – Grouping by building
Server Virtualisation – Hosting multiple servers/services on one server.
Trunking Protocols (VTP & 802.1Q)
– Layer 2 feature
– 802.1Q = VLAN tagging
– Defines a system of tagging Ethernet Frames
– A frame without a VLAN tag is assumed part of the Native VLAN.
– VTP
– VLAN Trunking Protocol
– Carries VLAN info to all switches that are part of a VTP domain.
– VLAN consistency across network
– VTP survives configuration resets
– Higher revs will override lower revisons
– VTP transparent mode
CPD
– Cisco Discovery Protocol
– Cisco proprietary
– Seeks surrounding devices and adds them to a CDP table.
– Advertises every 60 seconds
Routing
– The process of moving packets between IP based networks
– IOS powered, CEF enhanced Cisco Routers support two types of interfaces:
– point-to-point
– point-to-multipoint
CEF – Cisco Express Forwarding
– ADV Layer 3 switching technology
– Layer 3 Switching & Routing is performed on hardware (ASIC).
– Increases speed, reduces overhead and delays.
IGRP
– Advertising every 90 seconds – Dead timer of 270 seconds
– LSA – Link State Advertise = Speed
RIP (AD 120)
– Advertising every 30 seconds
– Shares entire routing table
– 90 seconds to tell if neighbor is down.
– LSA – Hop Count
OSPF (AD 110)
– Open Shortest Path First
– Hello Timer = 10secs
– LSA = Cost = Bandwidth
– Timers (10 Hello 40 Dead)
– OSPF must run in the same area
– OSPF must run the same key (auth)
– OSPF must run within the same subnet mask.
Characteristics of OSPF
– Uses cost to determine best route
– OSPF routers discover neighbors before exchanging routing information
– it converges quickly OSPF maintains topology database
– Topology database is a routing table for which no path decisions have been made
– The topology Database us updated by Link State Advertisements
OSPF Hello packets perform:
– Dynamic Neighbor Discovery
– Maintains Neighbor Relationships
OSPF hello packets use the multicast address 224.0.0.5 to detect and keep track of neighbors.
The show ip OSPF interface command lists the area in which the interface belongs, the DR and the
BDR, and neighbors adjacent on the interface. OSPF uses the cost to determine the metric for each
route.
The cost value can be set on an interface using the ip OSPF cost interface command. The OSPF
cost can also be manipulated using the bandwidth interface command.
The default cost of an OSPFenabled interface is found using the following formula:
Cost = 10^8 / bandwidth
Where bandwidth is the bandwidth of the interface in bps. For
example, Cisco IOS defaults to a bandwidth of 10,000 kbps, which is 10 Mbps on Ethernet
interfaces, so the cost of this is 10^8 / 10^7 =10. Serial interfaces default to a bandwidth of 1544
kbps, giving the OSPF-enabled interface a default cost of 64. In this example, the interface
bandwidth was changed to 64. The bandwidth command units are in kbps, so 108 / 64000 is
rounded down to 1562, the correct answerand the cost of the interface.
EIRGP (AD 90)
– Fastest protocol
– Combo of RIP & OSPF features
– Metric = k value
– Only uses Bandwidth + Delay as standard
BGP (AD 20)
– Border Gateway Protocol
– Used at ISP or Enterprise level
Administrative Distance
– Works above the metric
– How ‘believable’ a route is
– Each routing protocol has a number assigned
– The lower the number the better
– STATIC ROUTES = AD 1
RIPv2, EIGRP, OSPF, and BGP are all classless protocols. Classless protocols send a route’s
subnet mask in its routing updates, thus supporting VLSM and CIDR. Before an AD is even
considered priority to the route with the largest subnet is always given.
Distance Vector Protocol
– send periodical updates regardless of topology changes
– updates the routing table based on update from neighbours.
Access Control Lists (ACL)
– Used for access control, NAT, QoS, Demand Dial Routing, Policy Routing and Route Filtering.
– List is read from top to bottom
– Ends with implicit deny
– Applied in/outbound on an interface
Standard ACLs
– Matches based on source address
– Lower processor utilisation
– Effect depends on application
Extended ACLs
– Matches based on source/destination address, protocoland source/destination port.
Static Routing
– Stopping broadcasts
– Finding the best path to destination
– Moving unicast traffic between networks.
– The more specific a route is the better, priority is worked out through the subnet mask.
– NAT
– Network Address Translation
– Translates Private IPs to Public addresses.
– Configured Statically/Dynamically
– NAT Overload = PAT – Port Address Translation
– 1 to 1
– one host assigned to the inside global address.
– ‘Overloading’
– a single public IP assigned to the router can be used by multiple internal hosts. This is done by
translating source UDP/TCP ports in the packets and keeping track of them within the translation
table kept in the router.
IPv6
– IHL, header checksum,and flags are all present in IPv4 that are not present in IPv4.
– Benefits include IPSec, mobility and simpler header.
– A 128 bit hexadecimal address
– Tunnelling is a mechanism that encapsulates IPv6 packets in IPv4 packets for transportation over
an IPv4 network.
– Dual stack works by assigning both an IPv4 & IPv6 address to an interface.
– Link-Local -L2 domain
– Assigned automatically as in IPv6 host comes online.
– Always begins with ‘FE80’ followed by 54 bits of zeros,
– Last 64 bits is EUI 64.
– Unique Local – Organisation
– Global Scope – Internet
– First High-level 3 bits set to 001
(2000::/3) – Routing prefix 48 bits or less
IPv6 addressing short hand
– Eliminate groups of consecutive 0’s
– Drop leading zeros
Examples of Valid IPv6 addresses
– ::10.1.1.1 – 2003:1bcd:023::2a – 2003:abcd:cafe:4bad:45:12:aa:103 – ::
EUI 64
– Using MAC address as host id. – A 64-bit interface identifier is derived from its 48-bit MAC
address. A MAC address 00:0C:29:0C:47:D5 is turned into a 64-bit EUI-64 by inserting FF:FE in the
middle: 00:0C:29:FF:FE:0C:47:D5.
IP provides best-effort delivery of packets.
Show process – shows CPU utilisation.
Show access-list – shows what tips are allowed inside address.
Trace-route relies on Time-to-live (TTL) packets not hops.
The show ip interface interface-id command displays whether an access list is assigned to an
interface.
DHCP
Address conflicts occur when the same IP address is used by two hosts. During address
assignment, DHCP checks for conflicts using ping and gratuitous ARP. If a conflict is detected, the
address is removed from the pool. This address will not be used until the administrator resolves the
conflict.
An IPv6 header contains the next header field, and IPv6 routers send router advertisement (RA)
messages. RA messages are part of IPv6 stateless auto-configuration.
Switches will never learn broadcast addresses because they will never be the source address of a
frame and cannot be stored in the mac-address-table.
An Ethernet frame maximum transmission unit (MTU) is 1518 bytes. Any frame larger than the MTU
is considered a giant/jumbo frame.
Establishing VLANs increases the number of broadcast domains.
Micro-segmentation decreases the number of collisions on the network.
Hot Standby Router Protocol
(HSRP) is a Cisco proprietary redundancy protocol for establishing a fault-tolerant default gateway.
The protocol establishes a framework between network routers in order to achieve default gateway
failover if the primary gateway becomes inaccessible, in close association with a rapid converging
routing protocol like EIGRP or OSPF. HSRP routers send multicast Hello messages to other routers
to notify them of their priorities (which router is preferred) and current status (Active or Standby).
The primary router with the highest configured priority will act as a virtual router with a pre-defined
gateway IP address and will respond to the ARP / ND request from machines connected to the LAN
with a virtual MAC address. If the primary router should fail, the router with the next-highest priority
would take over the gateway IP address and answer ARP requests with the same MAC address,
thus achieving transparent default gateway failover.
HSRP is not a routing protocol as it does not advertise IP routes or affect the routing table in any
way.
HSRP has the ability to trigger a failover if one or more interfaces on the router go down. This can be
useful for dual branch routers each with a single serial link back to the head end. If the serial link of
the primary router goes down, the backup router will take over the primary functionality and thus
retain connectivity to the head end.
Gateway Load Balancing Protocol
(GLBP) is a Cisco proprietary protocol that attempts to overcome the limitations of existing
redundant router protocols by adding basic load balancing functionality. In addition to being able to
set priorities on different gateway routers, GLBP allows a weighting parameter to be set. Based on
this weighting (compared to others in the same virtual router group), ARP requests will be answered
with MAC addresses pointing to different routers. Thus,by default, load balancing is not based on
traffic load, but rather on the number of hosts that will use each gateway router.
By default GLBP load balances in round-robin fashion. GLBP elects one AVG (Active Virtual
Gateway) for each group. Other group members act as backup in case of AVG failure. In case there
are more than two members, the second best AVG is placed in the Standby state and all other
members are placed in the Listening state. This is monitored using hello and holdtime timers, which
are 3 and 10 seconds by default. The elected AVG then assigns a virtual MAC address to each
member of the GLBP group, including itself, thus enabling AVFs (Active Virtual Forwarders). Each
AVF assumes responsibility for forwarding packets sent to its virtual MAC address. There could be
up to four AVFs at the same time.
By default, GLBP routers use the local multicast address 224.0.0.102 to send hello packets to their
peers every 3 seconds over UDP 3222 (source and destination).
Cisco implemented IPv6 support for GLBP in IOS release 12.2(33)SXI.[1]
Neighbor Discovery Protocol (NDP) acts as a replacement for several IPv4 protocols, including ARP,
as well as providing several new functions for IPv6. ARP does not exist in IPv6.
By default, two Cisco 2960 switches that have a crossover cable connected will not automatically
form an 802.1Q trunk because of the default trunking setting of dynamic auto. To create a trunk, one
of the two switches can be configured to trunk (switchport mode trunk) or to initiate the negotiation of
trunking (switchport mode dynamic desirable).