Professional Documents
Culture Documents
In addition, WAN remote access choices include cable and DSL
technologies that are used with Virtual Private Networks (VPN).
Remote connectivity
the three ways that WAN technologies connect the Enterprise Edge
modules with the outside world
Con..
Connectivity between the Enterprise Edge modules and the Internet Service
Provider (ISP) Edge module
During that time, no one else can use the physical lines involved
This allows the carrier to use its infrastructure more efficiently than it can
with leased point-to-point links.
MPLS enables scalable VPNs, end-to-end QoS, and other IP services that
allow efficient utilization of existing networks with simpler configuration
and management and quicker fault correction
It works by way of two modems at either end of the wire. Like dialup,
cable, wireless, and T1, DSL is a transmission technology that enables SPs
to deliver a wide variety of services to their customers.
Cable modem Technology: The cable technology for data transport uses
coaxial cable media over cable distribution systems.
28
CLASSFUL IP ADDRESSING
• Systems that have interfaces to more than one network
require a unique IP address for each network interface.
• IP addresses have two parts, and the first part identifies the
network on which the host resides (aka Network Prefix),
while the second part identifies the particular host on the
given network. This creates two-level addressing hierarchy
29
CONT..
An IP address is a 32 bit value that contains both network
identifier and host identifier
Can be assigned by static or dynamic
Static ip address
Address information doesn't change
Needs to be configure manually
Can’t be used by any other device “sharing is not allowed”
Easy to make a mistake when entry
Labor intensive to change or to update
30
Dynamic IP address
Address information can change dynamically
Not configure manually
Ip address can be share
Easy to make change or updates
IP address have two parts
1) Network identifier
2) Host identifier
IP address classes
IP address divided in to five classes each of which is designate
with the alphabetic letter A to E
Class D address are used for multicasting
Class E address are reserved for testing and some feature use
Using the range you can determine the class of an address from
its octet value
The 32 bit of IP address are divided in to network and host
portion with the octet assigned as a part of one or the other
The special address are reserved for special purpose
Class A address
Its IP address use first 8 bits or first octet to desinate the
network address
The first bit which is always a zero which is used to indicate the
address as a class A address and the remining 7 bits are used to
designate the network
The other 3 octets contain the hos address
There are 128 class A network address but address with all zeros
are not used and address 127 is special purpose address so 126
class A network are available
There are 16.777.214 host address are in class A
Class B Ip address
It use the first two octet for network address and the last two
octet used for host address
The one and two bit which are always 10 designate
The address as the class B address and 14 bits are used to
designate the network the last 16 bits ( two octets ) to designate
the host
Class C IP address it use the three octets for network address
and only one octet (the last octet ) used to host address
Special address is an address that is used for other special
purpose
a few address are set for spacilal purpose
subnet mask
if you know the address class it is easy to separate the two
portion ( the host and the network) address
The standard address class structure has been expanded by
borrowing bits from host portion to all for more networks under
this address schema called subnetting
Separating the network and host required a special process called
subnet masking
The subnet masking process was developed to identify an extract
the network part of the address for example 193.168.100.97
give this IP address
It is a class C by default its subnet mask is 255.255.255.0 then
change the subnet mask and the IP address in to binary form
(bits)then by using and (AND/OR) gets we can calculate
Cont..
Subnet mask used to determine whether the address is on the
local network or not
It is applied to a message destination address to extract the
network address
The process used to appley the subnet mask involves Boolean
algebra to filter out non-maching bits to identify the network
address
Subnetting is the process of dividing network and its IP address
in to segments each of which is called subnet work or subnet
The subnet mask is 32 bit number that the router uses for couver
up the network address to show which bits are being used to
identify subnet or which bis used to network address
Cont..
Subnet mask used to determine whether the address is on the
local network or not
It is applied to a message destination address to extract the
network address
The process used to appley the subnet mask involves Boolean
algebra to filter out non-maching bits to identify the network
address
Subnetting is the process of dividing network and its IP address
in to segments each of which is called subnet work or subnet
The subnet mask is 32 bit number that the router uses for couver
up the network address to show which bits are being used to
identify subnet or which bis used to network address
Cont..
The two primary benefit of subnetting are
Fewer IP address often as few as one are needed to provide
addressing to a network and subnetting
Subnetting usually results in smaller routing tables in routers
beyond the local internet work
Boolean algebra
It is the processed that applies binary logic to yield binary result
By using AND you can get the net work address
Four basic principle of Boolean algebra by using AND
1 AND 0 = 0 0 AND 1 =0
1 AND 1= 1 0 AND 0 =0
SUBNETTING
• The basic idea of subnetting is to divide standard classful
host number field into two parts-the subnet number and the
host number on that subnet.
•.
39
CONT…
The deployment of subnetting within the private network
provides several benefits:
Size of Internet routing table does not, because all subnets
are combined into a single routing table entry.
Local administrator has flexibility to deploy additional
subnets without obtaining a new network number from the
Internet.
Route flapping (that is, the rapid changing of routes) within
the private network does not affect the Internet routing
table since Internet routers do not know about the
reachability of the individual subnets.
40
Subnet Design Considerations
1) The deployment of an addressing plan requires careful
thought. Four key questions that must be answered before
any design should be undertaken are:
2) How many total subnets does the organization need
today?
3) How many total subnets will the organization need in the
future?
4) How many hosts are on the organization’s largest subnet
today?
5) How many hosts will there be on the organization’s largest
subnet in the future?
41
CONT..
Subnet Example #1
1. Given: An organization is assigned the network number
193.1.1.0/24 and it needs to define six subnets. The largest
subnet is required to support 25 hosts.
Solution:
Defining the Subnet Mask / Extended Prefix Length:
o to determine the number of bits required to define 6 subnets.
o subnets must be created in blocks of powers of two [2 (21), 4 (22),
8 (23) and so on].. Since 8 = 23, 3 bits are required to enumerate
the eight subnets in the block. In this example, the organization is
subnetting a /24 so it will need 3 more bits, or a /27, as the
extended network prefix.
o A 27-bit extended network prefix can be expressed in dotted-
decimal notation as 255.255.255.224,
CONT..
CONT..
Defining the Subnet Numbers: to define Subnet #N, the
network administrator places the binary representation of N
into the bits of the subnet number field.
• For example, to define Subnet #6, the network administrator
simply places the binary representation of 6 (110) into the 3
bits of the subnet number field.
• Base Net 11000001.00000001.00000001.00000000 = 193.1.1.0/24
• Subnet #0: 11000001.00000001.00000001.000 00000 = 193.1.1.0/27
• Subnet #1: 11000001.00000001.00000001.001 00000 = 193.1.1.32/27
• Subnet #2: 11000001.00000001.00000001.010 00000 = 193.1.1.64/27
• Subnet #3: 11000001.00000001.00000001.011 00000 = 193.1.1.96/27
• Subnet #4: 11000001.00000001.00000001.100 00000 = 193.1.1.128/27
• Subnet #5: 11000001.00000001.00000001.101 00000 = 193.1.1.160/27
• Subnet #6: 11000001.00000001.00000001.110 00000 = 193.1.1.192/27
• Subnet #7: 11000001.00000001.00000001.111 00000 = 193.1.1.224/27
CONT..
Defining Host Addresses for Each Subnet:
• In our current example, there are 5 bits in the host number field
of each subnet address. This means that each subnet represents
a block of 30 host addresses (25 -2 = 30,).
• In general, to define the address assigned to Host #N of a
particular subnet, the network administrator places the binary
representation of N into the subnet’s host number field.
• For example, to define the address assigned to Host #15 on
Subnet #2, the network administrator simply places the binary
representation of 15 (011112 ) into the 5-bits of Subnet #2’s
host number field.
CONT..
Subnet #2: 11000001.00000001.00000001.010 00000 = 193.1.1.64/27
Host #1: 11000001.00000001.00000001.010 00001 = 193.1.1.65/27
Host #2: 11000001.00000001.00000001.010 00010 = 193.1.1.66/27
Host #3: 11000001.00000001.00000001.010 00011 = 193.1.1.67/27
Host #4: 11000001.00000001.00000001.010 00100 = 193.1.1.68/27
Host #5: 11000001.00000001.00000001.010 00101 = 193.1.1.69/27
Host #15: 11000001.00000001.00000001.010 01111 = 193.1.1.79/27
Host #16: 11000001.00000001.00000001.010 10000 = 193.1.1.80/27
.Host #27: 11000001.00000001.00000001.010 11011 = 193.1.1.91/27
Host #28: 11000001.00000001.00000001.010 11100 = 193.1.1.92/27
Host #29: 11000001.00000001.00000001.010 11101 = 193.1.1.93/27
Host #30: 11000001.00000001.00000001.010 11110 = 193.1.1.94/27
CONT..
The valid host addresses for Subnet #6 are listed in the following sample code. The underlined
portion of each address identifies the extended network prefix, while the bold digits identify the 5-bit
host number field:
o Subnet #6: 11000001.00000001.00000001.110 00000 = 193.1.1.192/27
o Host #1: 11000001.00000001.00000001.110 00001 = 193.1.1.193/27
o Host #2: 11000001.00000001.00000001.110 00010 = 193.1.1.194/27
o Host #3: 11000001.00000001.00000001.110 00011 = 193.1.1.195/27
o Host #4: 11000001.00000001.00000001.110 00100 = 193.1.1.196/27
o Host #5: 11000001.00000001.00000001.110 00101 = 193.1.1.197/27
o .
o .
o Host #15: 11000001.00000001.00000001.110 01111 = 193.1.1.207/27
o Host #16: 11000001.00000001.00000001.110 10000 = 193.1.1.208/27
o .
o .
o Host #27: 11000001.00000001.00000001.110 11011 = 193.1.1.219/27
o Host #28: 11000001.00000001.00000001.110 11100 = 193.1.1.220/27
o Host #29: 11000001.00000001.00000001.110 11101 = 193.1.1.221/27
o Host #30: 11000001.00000001.00000001.110 11110 = 193.1.1.222/27
CONT..
Defining the Broadcast Address for Each Subnet:
The broadcast address for Subnet #2 is the all-1s host address or:
11000001.00000001.00000001.010 11111 = 193.1.1.95
Note that the broadcast address for Subnet #2 is exactly one less than the base address for Subnet #3
(193.1.1.96). This is always the case-the broadcast address for Subnet #n is one less than the base address for
Subnet #(n+1).
The broadcast address for Subnet #6 is simply the all-1s host address or:
11000001.00000001.00000001.110 11111 = 193.1.1.223
Again, the broadcast address for Subnet #6 is exactly one less than the base address for Subnet #7
(193.1.1.224).
CONT..
In general In subnetting we find the answer of following
questions.
1. What is subnet mask for given address?
2. How many subnets does given subnet mask provide?
3. What is block size for given subnet mask?
4. What are the valid subnets?
5. What are the total hosts?
6. How many valid hosts per subnet?
7. What is network address of each subnet?
8. What is broadcast address of each subnet?
Example 188.25.45.48/20
CONT..
EX 1. What is subnet mask for given
address? 188.25.45.48/20
This address belong to class B (255.255.0.0) with /16 in CIDR . Let us
borrowed 4 bits from hosts portion. So this subnet mask in binary would be
11111111.11111111.11110000.00000000.
Our answer subnet mask would be 255.255.240.0
57
VLSM Design Considerations..
• When developing a VLSM design, the network designer
must recursively ask the same set of questions as for a
traditional subnet design. The same set of design decisions
must be made at each level of the hierarchy:
• How many total subnets does this level need today?
• How many total subnets will this level need in the future?
• How many hosts are on this level’s largest subnet today?
• How many hosts will be on this level’s largest subnet be in
the future?
58
Requirements for Deploying VLSM
59
VLSM Example
60
VLSM Example
61
VLSM Example
• Base Network: 10001100.00011001 .00000000.00000000 =
140.25.0.0/16
Subnet #0: 10001100.00011001.0000 0000.00000000 =
140.25.0.0/20
Subnet #1: 10001100.00011001.0001 0000.00000000 =
140.25.16.0/20
Subnet #2: 10001100.00011001.0010 0000.00000000 =
140.25.32.0/20
Subnet #3: 10001100.00011001.0011 0000.00000000 =
140.25.48.0/20
Subnet #4: 10001100.00011001.0100 0000.00000000 =
140.25.64.0/20
• :
Subnet #13: 10001100.00011001.1101 0000.00000000 =
140.25.208.0/20
Subnet #14: 10001100.00011001.1110 0000.00000000 =
140.25.224.0/20
Subnet #15: 10001100.00011001.1111 0000.00000000 =
140.25.240.0/20
62
VLSM Example
• Define the Host Addresses for Subnet #3 (140.25.48.0/20): Figure 6-21
shows the host addresses that can be assigned to Subnet #3 (140.25.48.0/20).
63
VLSM Example
• Subnet #3: 10001100.00011001.0011 0000.00000000 =
140.25.48.0/20
• Host #1: 10001100.00011001.0011 0000.00000001 =
140.25.48.1/20
• Host #2: 10001100.00011001.0011 0000.00000010 =
140.25.48.2/20
• Host #3: 10001100.00011001.0011 0000.00000011 =
140.25.48.3/20
• :
• Host #4093: 10001100.00011001.0011 1111.11111101 =
140.25.63.253/20
• Host #4094: 10001100.00011001.0011 1111.11111110 =
140.25.63.254/20
• The broadcast address for Subnet #3 is the all-1s host address or:
• 10001100.00011001.0011 1111.11111111 = 140.25.63.255
• The broadcast address for Subnet #3 is exactly one less than the base address for
Subnet #4 (140.25.64.0). 64
VLSM Example
65
VLSM Example
• Subnet #14: 10001100.00011001.1110 0000.00000000 = 140.25.224.0/20
• Subnet #14-0: 10001100.00011001.1110 0000 .00000000 = 140.25.224.0/24
• Subnet #14-1: 10001100.00011001.1110 0001 .00000000 = 140.25.225.0/24
• Subnet #14-2: 10001100.00011001.1110 0010 .00000000 = 140.25.226.0/24
• Subnet #14-3: 10001100.00011001.1110 0011 .00000000 = 140.25.227.0/24
• Subnet #14-4: 10001100.00011001.1110 0100 .00000000 = 140.25.228.0/24
• .
• Subnet #14-14: 10001100.00011001.1110 1110 .00000000 = 140.25.238.0/24
• Subnet #14-15: 10001100.00011001.1110 1111 .00000000 = 140.25.239.0/24
66
VLSM Example
67
VLSM Example
• Subnet #14 3: 10001100.00011001.11100011 .00000000 = 140.25.227.0/24
• Host #1: 10001100.00011001.11100011 .00000001 = 140.25.227.1/24
• Host #2: 10001100.00011001.11100011 .00000010 = 140.25.227.2/24
• Host #3: 10001100.00011001.11100011 .00000011 = 140.25.227.3/24
• Host #4: 10001100.00011001.11100011 .00000100 = 140.25.227.4/24
• Host #5: 10001100.00011001.11100011 .00000101 = 140.25.227.5/24
• .
• .
• Host #253: 10001100.00011001.11100011 .11111101 = 140.25.227.253/24
• Host #254: 10001100.00011001.11100011 .11111110 = 140.25.227.254/24
• The broadcast address for Subnet #14-3 is the all-1s host address or:
• 10001100.00011001.11100011. 11111111 = 140.25.227.255
• The broadcast address for Subnet #14-3 is exactly one less than the base address for
Subnet #14-4 (140.25.228.0).
68
VLSM Example
69
VLSM Example
• Subnet #14-14: 10001100.00011001.11101110 .00000000 = 140.25.238.0/24
• Subnet#14-14-0: 10001100.00011001.11101110.000 00000 = 140.25.238.0/27
• Subnet#14-14-1: 10001100.00011001.11101110.001 00000 = 140.25.238.32/27
• Subnet#14-14-2: 10001100.00011001.11101110.010 00000 = 140.25.238.64/27
• Subnet#14-14-3: 10001100.00011001.11101110.011 00000 = 140.25.238.96/27
• Subnet#14-14-4: 10001100.00011001.11101110.100 00000 = 140.25.238.128/27
• Subnet#14-14-5: 10001100.00011001.11101110.101 00000 = 140.25.238.160/27
• Subnet#14-14-6: 10001100.00011001.11101110.110 00000 = 140.25.238.192/27
• Subnet#14-14-7: 10001100.00011001.11101110.111 00000 = 140.25.238.224/27
70
VLSM Example
Define Host Addresses for Subnet #14-14-2 (140.25.238.64/27):
Figure 6-25 shows the host addresses that can be assigned to
Subnet #14-14-2 (140.25.238.64/27).
• Each of the subnets of Subnet #14-14 has 5 bits in the host
number field. This means that each subnet represents a
block of 30 valid host addresses (25 -2). The hosts will be
numbered 1 through 30.
• The valid host addresses for Subnet #14-14-2 are listed in
the following sample code. The underlined portion of each
address identifies the extended network prefix, while the
bold digits identify the 5-bit host number field
71
VLSM Example
• Subnet#14-14-2: 10001100.00011001.11101110.010 00000 = 140.25.238.64/27
• Host #1 10001100.00011001.11101110.010 00001 = 140.25.238.65/27
• Host #2 10001100.00011001.11101110.010 00010 = 140.25.238.66/27
• Host #3 10001100.00011001.11101110.010 00011 = 140.25.238.67/27
• Host #4 10001100.00011001.11101110.010 00100 = 140.25.238.68/27
• Host #5 10001100.00011001.11101110.010 00101 = 140.25.238.69/27
• .
• .
• Host #29 10001100.00011001.11101110.010 11101 = 140.25.238.93/27
• Host #30 10001100.00011001.11101110.010 11110 = 140.25.238.94/27
• The broadcast address for Subnet #14-14-2 is the all-1s host address or:
• 10001100.00011001.11011100.010 11111 = 140.25.238.95
• The broadcast address for Subnet #6-14-2 is exactly one less than the base address for
Subnet #14-14-3 (140.25.238.96).
72
Chapter 5
1
Security Services in a Modular Network Design
• Developing security strategy that can protect all part of a
complicated network while having limited effect on easy of use and
performance is one of the most important and difficult task related
to network design
• Security is an infrastructure service that increases the network’s
integrity by protecting network resources and users from internal
and external threats.
• Security policy establish by senior managers communicate with
network administrator
1
Network security design
• Breaking down the process of security design into the following steps will help
effectively plan and execute a security strategy
1. Identify network assets
2. Analysis security risks
3. Analysis security requirement and thread of
4. Develop security plan
5. Develop security policy
6. Develop procedure for applying security policy
7. Develop a technical implementation strategy
8. Achieve users, managers and technical staff
9. Train user, manager, and technical staff
10. Implement the technical strategy and security procedure
11. Test the security and update it if any problem is found
12. Maintain security
1
CONT…
• Internal Security
• The following are some recommended security practices in each
module:
• At the Building Access layer access is controlled at the port level
using the data link layer information.
• At the Building Distribution layer performs filtering to keep
unnecessary traffic from the Campus Core.
• At the Campus Core layer is a high-speed switching backbone and
should be designed to switch packets as quickly as possible
1
Developing security policy
• Security policy is the formal statement of the rules by which people
who are given access to an organization technology and information
asset must tolerate
• Developing a security policy is the job of senior management with
help of security and network administrator
1
Component of security policy
• Access policy:- that define access right and privilege
• An accountability policy:- that define responsibility of user,
operational staff and management
• authentication policy:- that established trust through an effective
password policy and setup guidelines for remote location
authentication
• Privacy policy:- that define reasonable expectation of privacy
regarding monitoring of email, login of key stokers and access to
user fail
• Computer technology purchasing guidelines that specify the
requirement of all the computer configuration as well as network
installation and computer specification also its security specification
1
Physical security
• It refers to the limiting access key network resources by keeping
resources behind a locked door and protect from natural and human made
disaster
• It also protect a network from in adverting mis uses of network
equipment by untrained employee and contractors
• It can also network protect from hacker, compotators, terrorist waking
• It protect form biohazard
• Radio active spills
• it protect from natural disaster
• Flood ,fire, earthquake
1
Authentication, Authorization, and Accounting (AAA)
• AAA is a crucial aspect of network security that should be
considered during the network design.
• An AAA server handles the following:
• Authentication—Who? Authentication checks the user’s identity,
typically through a username and password combination.
• Authorization—What? After the user is authenticated, the AAA
server dictates what activity the user is allowed to perform on the
network.
• Accounting—When? The AAA server can record the length of the
session, the services accessed during the session, and so forth.
1
Cont.…
• The principles of strong authentication should be included in the user
authentication.
• Strong authentication refers to the two-factor authentication method
in which users are authenticated using two of the following factors:
• Something you know: Such as a password or personal identification
number (PIN)
• Something you have: Such as an access card, bank card, or token
• Something you are: For example, some biometrics, such as a retina
print or fingerprint
• Something you do: Such as your handwriting, including the style,
pressure applied, and so on
1
Data encryption
• Encryption is the process that scramble(hide) data to protect it
from being read by any one but that intended receiver
• An encryption device is encrypt data or scramble data
• Decryption device is decrypt data (not encrypt)
• Data that encrypted is called cypher data
• Data that is not encrypted is called plain text
• Decryption device used to cypher text plain text
• encryption device used to convert plain text to cipher text
1
Data encryption cont’d……
• Encryption has two parts
1. Encryption algorithm
An Encryption algorithm is the set of instruction to scramble
data that is an unscramble data
2. An encryption key
it is the code used by an algorithm to scramble and
unscramble data
The goal of an encryption is to use and algorithm to scramble
the data
1
Data encryption cont’d……
• When both the sender and receiver use the same secrete key
it is called symmetric key
• Example DES(data encryption standard) is the best known
example of symmetric key system
• Asymmetric use two key called public-private key
1
External threats
The enterprise edge is the first line of defense at which potential
out side attacks can be stopped
The following four attach method are commonly used in attempts
to compromise the integrity of enterprise network farm
Ip spoofing
Password attack
DOS attack
Application layer attack