Professional Documents
Culture Documents
CO-2
Network layer and Internetworking
• Internetworking Devices: Preamble to Network Layer,
Distinguishing of Networking Devices and
Internetworking Devices, Analysis of Router
Processing: Access, core and distribution. VLANS,
Ehternet
• Internetworking Technologies: Wired Router, Wireless
Router, Gateway, CSU/DSU; Addressing: IP addressing
(IPV4 & IPV6), subnetting; Types of Routing: static,
default and dynamic.
• Networking Protocols: RIP, OSPF, BGP; Access Control
list for IPV4, IPV6, Other Protocols: NAT, ARP, Port
Address Translation (PAT), IP Tunneling; DHCP
Preamble to Network Layer
• Transport and Network layers
– Responsible for moving messages from end-to-end in a
network
– Closely tied together
– TCP/IP: most commonly used protocol
• Used in Internet
• Compatible with a variety of Application Layer protocols as well
as with many Data Link Layer protocols
Cont..
• Responsible for addressing and routing of messages
– Selects the best path from computer to computer until the message
reaches destination
Internetwork
• Collection of individual networks, connected by
intermediate networking devices.
Internetworking Devices
Connecting Devices
Hub
• A hub is used as a central point of connection among media
segments.
• Cables from network devices plug in to the ports on the
hub.
Cont..
Types of HUBS :
Passive hub is just a connector.
• It connects the wires coming from different branches.
• The signal pass through a passive hub without regeneration or
amplification.
• Connect several networking cables together.
Active hubs or Multiport repeaters-
• It regenerate or amplify the signal before they are retransmitted.
• Hubs operate at the physical layer of the OSI model.
• Hubs propagate signals through the network
• They cannot filter network traffic
• They cannot determine best path
Cont..
Repeaters
• A repeater is a device that operates only at the PHYSICAL
layer.
• Used to increase the length of the network by eliminating
the effect of attenuation on the signal.
• It connects two segments of the same network
• A repeater forwards every frame; it has no filtering
capability
• A repeater is a generator , not an amplifier
Bridges
• Operates in both the PHYSICAL and the data link layer.
• As a PHYSICAL layer device , it regenerates the signal it
receives.
• As a data link layer device , the bridge can check the
PHYSICAL / MAC addresses (source and destination)
contained in the frame.
• It can check the destination address of a frame and decide
if the frame should be forwarded or dropped.
• A bridge has a table that maps address to ports.
Cont..
Cont..
Characteristics of Bridges
Routing Tables
• Contains one entry per station of network to which bridge
is connected.
• Is used to determine the network of destination station of a
received packet
Filtering
• Is used by bridge to allow only those packets intended to
the remote network.
• Packets are filtered with respect to their destination and
multicast addresses.
Forwarding
• The process of passing a packet from one network to
another.
ROUTERS
• Routes packets based on their logical addresses (host-to-
host addressing).
• A router normally connects LANs and WANs in the Internet
and has a routing table
• The routing tables are normally dynamic and are updated
using routing protocols.
• Routers can increase network efficiency by filtering out
broadcast traffic between networks.
Cont..
Cont..
Types of Routers
• Static routers: These must have their routing tables
configured manually with all network addresses and paths
in the internetwork.
• Dynamic routers: These automatically create their routing
tables by listening to network traffic.
• Routing tables: Used to selects the fastest or nearest path
to the next "hop" on the way to a data packet's final
destination.
• Hop is simply a router that the packet must travel through.
• Ticks measure the time it takes to traverse a link. Each tick
is 1/18 of a second. When the router selects a route based
on tick and hop metrics
Routers versus Bridges
Addressing
• Routers are explicitly addressed.
• Bridges are not addressed.
Availability
• Routers can handle failures in links, stations, and other routers.
• Bridges use only source and destination MAC address, which does not
guarantee delivery of frames.
Message Size
• Routers can perform fragmentation on packets and thus handle
different packet sizes.
• Bridges cannot do fragmentation and should not forward a frame
which is too big for the next LAN.
Forwarding
• Routers forward a message to a specific destination.
• Bridges forward a message to an outgoing network.
Gateways
• Able to convert the format of data in one computing
environment to a format that is usable in another
computer environment (for example, AppleTalk and
DECnet).
• The term gateway is sometimes used when referring to a
router.
• Gateways are devices that link different network types and
protocols.
• For example, gateways translate different electronic mail
protocols and convey email across the Internet
Gateways
VLAN
• VLAN Membership (Static & Dynamic) and VLAN Connections (Access
link & Trunk link).
Dual Stack
Dual Stack
Cont..
Tunneling
Cont..
Header Translation
• IPV6 computer send request to DNS regarding the IPv6 address of
particular website
• DNS server in IPv6 Network cant find the IPv6 address Hence transfer
the request to IPv6 DNS server
• Not getting the address bcz of requested website IP is IPv4
• IPv6 Network DNS server send request to IPv4 network DNS server
and receive the IP of requested address
Cont..
WHAT IS IP ADDRESS
• Computer must have an address so that other computers can find and
locate mine in order to deliver that particular file.
• Here each number in the set is from 0 to 255 range. Or we can say that
a full IP address ranges from 0.0.0.0 to 255.255.255.255.
• There are around 4.3 billion IPv4 addresses and managing all those
addresses without any scheme is next to impossible.
• For easier management and assignment IP addresses are organized in
numeric order and divided into the following 5 classes :
Classes of IPv4 Address
RESTRICTIONS
3.The first address must be divisible by 16. The first address, when
converted to a decimal number, is 3,440,387,360, which when divided by
16 results in 215,024,210.
Cont..
Cont..
Solution
The binary representation of the given address is
11001101 00010000 00100101 00100111
If we set 32−28 rightmost bits to 0, we get
11001101 00010000 00100101 0010000
or 205.16.37.32.
This is actually the block shown in Figure 19.3.
Cont..
Solution
The binary representation of the given address is
11001101 00010000 00100101 00100111
If we set 32 − 28 rightmost bits to 1, we get
11001101 00010000 00100101 00101111
or 205.16.37.47
The value of n is 28, which means that number of addresses is 2 32−28 or 16.
Example
Another way to find the first address, the last address, and the
number of addresses is to represent the mask as a 32- bit binary
(or 8-digit hexadecimal) number. This is particularly useful
when we are writing a program to find these pieces of
information. In Example 19.5 the /28 can be represented as
11111111 11111111 11111111 11110000
(twenty-eight 1s and four 0s).
Find
a.The first address
b.The last address
c.The number of addresses.
Example (continued)
Solution
a. The first address can be found by ANDing the given
addresses with the mask. ANDing here is done bit by bit.
The result of ANDing 2 bits is 1 if both bits are 1s; the
result is 0 otherwise.
Example (continued)
b. The last address can be found by ORing the given
addresses with the complement of the mask. ORing here
is done bit by bit. The result of ORing 2 bits is 0 if both
bits are 0s; the result is 1 otherwise. The complement of
a number is found by changing each 1 to 0 and each 0 to
1.
Example (continued)
• Link State routing protocols are very much scalable supports infinite
hops.
• Link State routing protocols are classless which means that they
support VLSM and CIDR.
Point-to-Point Link
• To connect two routers without any other host or router in
between.
Transient Link
• A network with several routers attached to it
Cont..
Stub Link
• A stub link is a network that is connected to only one router
• The data packets enter the network through this single router
and leave the network through this same router
Cont..
Virtual Link
• When the link between two routers is broken, the admin may
create a virtual link.
• Probably goes through several routers.
Routing Information Protocol
• RIP is a standard for exchange of routing information among
gateways and hosts.
• It’s a distance vector routing protocol
• The maximum number of hops allowed for RIP is 15.
• This hop limit, however, also limits the size of networks that RIP
can support.
• Originally each RIP router transmitted full updates every 30
seconds.
• In the early deployments, routing tables were small enough that
the traffic was not significant.
Cont..
– RIP version 2
• This reduces traffic and also the load is balanced. It is used in small
companies, in this protocol routing tables are updated in each 30 sec.
Advantages of RIP-1
• Easy to configure
• Less overhead
• No complexity.
Cont..
Packet filtering
• Filtering of packets, is a way to check the incoming packets and
outgoing packets.
• Accomplished by a router
• Routers forward packets based on the layer 3 information.
• When we apply filters, the router examines and decides
• Packet passes the set criteria, it is forwarded, if not, it is dropped.
• Criteria used by the router to determine whether packets can traverse
the network is made by configuring ACLs
• With access control lists, we can filter traffic based on;
– Destination and source layer 3 address
– Destination and source port number
– As well as the protocol in use
Cont..
ACL concepts
• The ACL is usually a script that is executed in the router to check the
packets based on the specified criteria.
• ACL inspect packets against the rules that the administrator has set.
ACL Configuration
• ACLs configured on the routers that act as firewalls in your network.
What ACLs do
• The ACLs work by doing the following:
Inbound ACLs-
• This type of ACL is important since the router does not waste CPU
cycles by processing packets that would eventually be dropped.
Outbound ACLs–
• Packets are usually processed and forwarded to the outward ACL for
filtering.
• In this ACL, the router first checks in its routing table
• Router inspects is whether the outbound interface has an ACL
• Interface does not have an ACL for the packet, it is forwarded.
Cont..
Cont..
Cont..
Types of ACLs
• There are several types of ACLs
• We focus on two types; standard ACLs and Extended ACLs.
Standard ACLs
• Administrator can permit or deny packets based on their source IP
address ONLY.
• These ACLs do not check the packets for any other criteria
Extended ACLs
• With these ACLs, you have more control over the traffic that you want
to filter.
• Some of the criteria may include :
Cont..
1. Static ACLs
• Routed IPv4 ACLs for traffic control and VLAN ACLs are configured
statically.
• Static Port Access Control List: This is configured on switch ports for
filtering traffic that enters that port on the switch.
Cont..
• This ACL configured on the server filters traffic from its authenticated
client.
Network Address Translation (NAT)
• Assigns a public address to a computer (or group of computers) inside
a private network.
• NAT is to limit the number of public IP addresses for both economy and
security purposes
Cont..
• NAT is process in which local IP address is translated into one or more
Global IP address and vice versa.
• i.e. masks the port number of the host with another port number, in the
packet that will be routed to the destination.
• When a packet traverse outside the local (inside) network, then NAT
converts that local (private) IP address to a global (public) IP address.
• When a packet enters the local network, the global (public) IP address
is converted to a local (private) IP address.
• The DHCP relay manages requests between DHCP clients and servers.
– Relays are used when an organization has to handle large or complex networks.
• Other components include the IP address pool, subnet, lease and DHCP
communications protocol.
DHCP Handshake
Discover The DHCP client broadcasts this message to find a DHCP server.
Offer The DHCP server broadcasts this message to lease an IP
configuration to the DHCP client.
Request The DHCP client uses this message to notify the DHCP server
whether it accepts the proposed IP configuration or not.
Acknowledgme The DHCP server uses this message to confirm the DHCP client
nt that it can use the offered IP configuration.
Cont..
• The device wants specific IP Address then DHCP server can reserve the
address for the device,
• The device is like
– Server
– Router
– Printer
Cont..
Advantages –
• centralized management of IP addresses
• ease of adding new clients to a network
• reuse of IP addresses reducing the total number of IP addresses that
are required
• simple reconfiguration of the IP address space on the DHCP server
without needing to reconfigure each client
Disadvantages –
• IP conflict can occur
Address Resolution Protocol (ARP)
• With help of DHCP we can complete the operation until the Network
Router(Gateway)
• To find the MAC Address we have to use ARP from Gateway
Cont..
Cont..
How ARP works
• When a new computer joins a LAN, it is assigned a unique IP address to use
for identification and communication.
• Gateway asks the ARP program to find a MAC address that matches the IP
address.
• A table called the ARP cache maintains a record of each IP address and its
corresponding MAC address.
• All operating systems in an IPv4 Ethernet network keep an ARP cache.
• Every time a host requests a MAC address in order to send a packet to
another host in the LAN.
• It checks its ARP cache to see if the IP to MAC address translation already
exists.
• If it does, then a new ARP request is unnecessary.
Cont..
• If the translation does not already exist, then the request for network
addresses is sent and ARP is performed.
• An ARP cache size is limited and is periodically cleansed of all entries
• Addresses tend to stay in the cache for only a few minutes.
• In the cleaning process, unused entries are deleted
Cont..
Spanning Tree Protocol
• Spanning Tree Protocol (STP) is to ensure that you do not create loops
when you have redundant paths in your network.
• Make a loop-free network by monitoring the network to track all the
links and shut down the redundant ones
Cont..
Cont..
• Bridge Priority Data Unit (BPDU) – It contains the Bridge ID,
Sender’s Bridge ID, Cost to the Root Bridge, Timer values on Root
Bridge.
– All switches exchange BPDU in order to elect root bridge. The switch with the lowest
Bridge ID become the root bridge.
– If switch multicast every 2 seconds and if it receive own BPDU unit then there is a
loop in the Network
• Bridge ID – It is an 8-byte field that is a combination of bridge priority
(2 bytes) and Base Mac address (6 bytes) of a device.
– If there is a tie on bridge priority then the Base Mac address is considered.
• Bridge Priority – It is a priority, which is assigned to every switch,
32768 by default.
• Root Bridge – The root bridge is the bridge with the lowest Bridge ID.
All the decisions like which ports are the root ports are made from the
perspective of the root bridge.
Cont..
• Path cost – A switch may encounter one or more switches in the path
to the root bridge. All the paths are analyzed and the path with the
lowest cost will be selected.
• Designated port – The port which sends the best BPDU i.e ports on
the root bridge will be in a forwarding state.
• Root port – Used to reach the root bridge
Criteria for selecting root port:
– Lowest path cost to reach the root bridge
– Lowest sender bridge ID
– Lowest sender port ID
• (Port priority + Port number) – Port priority is by default 128 and port
number is the switch interface number.
Cont..
Procedure:
• All the switches in the network declare themselves root bridges and
start exchanging their own BPDU.
• The BPDU with the lowest bridge ID is considered as superior. Now the
switch receiving the superior BPDU makes changes in its own BPDU
and carries forward to its neighbours.
• This process goes on until all the switches are satisfied with which
bridge has the lowest bridge ID.
• Hence that switch will be declared as the root bridge.
• Now according to the criteria, the root ports will be selected and then
the port left will be in blocking mode.
Cont..
Root Bridge election
• In some scenario:
• As all the switches have default priority therefore there is a tie on the
basis of priority.
• Now, the switch with the lowest Mac address will become a root bridge.
• Switch A will become the root bridge as it has the lowest Mac address.
Therefore, the ports of switch A will be in forwarding state i.e
designated port.
Cont..
Port Rules:
1.Root port(Used to reach the root bridge
2. Designated port(Forwarding port, One per link)
3. Blocking/Non designated port (Loops)
Cont..
• STP ensures that there is only one logical path between all destinations
on the network by intentionally blocking redundant paths that cause a
loop.
• A port is considered blocked when user data is prevented from
entering or leaving that port. This does not include BPDU frames that
are used by STP to prevent loops
• The physical paths still exist to provide redundancy but these paths are
disabled to prevent the loops from occuring