Basic Network Concepts

Foreword

 To understand security technologies, you first need to learn about basic network concepts, such as basic
communication principles, network components, and common network protocols. With knowledge of these
basic concepts, you can better understand network security threats and deploy security defense policies.

2 Huawei Confidential
 Objectives

Upon completion of this course, you will be able to:

 Describe the working principles of TCP/IP protocols.
 Describe the working principles of common protocols.
 Describe possible security threats to common protocols.

3 Huawei Confidential
 Contents

1. TCP/IP Architecture

2. Common Network Protocols

4 Huawei Confidential
Architecture of a Typical Campus Network

Egress zone

Core layer

Aggregation layer

…
Access layer

5 Huawei Confidential
OSI Model
 Objectives
 Design principles
 Advantages

6 Huawei Confidential
7 Layers of the OSI Model
APDU Application layer 7 Provides communications between applications.
Top
three PPDU Presentation layer 6 Processes data formats and encrypts data.
layers

SPDU 5 Establishes, maintains, and manages sessions.

Session layer

Segment Establishes E2E connections for hosts.

Transport layer 4

Performs addressing and routing.

Bottom Packet Network layer 3
four
layers 2 Provides media access and link
Frame Data Link layer
management.

Bit Physical layer 1 Transmits bit streams.

7 Huawei Confidential
Peer Layer Communications
 Each layer uses the services provided by the lower layer to communicate with the peer layer.

APDU
Application layer Application layer

Presentation layer PPDU Presentation layer

SPDU
Session layer Session layer

Segment
Transport layer Transport layer

Packet
Network layer Network layer
Host A Host B
Frame
Data Link layer Data Link layer

Bit
Physical layer Physical layer

8 Huawei Confidential
Mapping Between TCP/IP and OSI
 The TCP/IP protocol stack has a simple hierarchical design and a clear mapping relationship with the OSI model.

OSI TCP/IP

Application layer

Presentation layer Application layer

Session layer

Transport layer Transport layer

Network layer Internet layer

Data Link layer Network access layer

Physical layer

10 Huawei Confidential
Functions of Each Layer of the TCP/IP

HTTP, Telnet, FTP, TFTP, and DNS Provides network interfaces for applications.
Application layer

TCP/UDP Establishes E2E connections for hosts.

Transport layer

ICMP & IGMP Performs addressing and routing.

Internet layer IP
ARP & RARP

Network Performs physical media access.

access layer Ethernet, 802.3, PPP, HDLC, and FR

11 Huawei Confidential
Encapsulation and Decapsulation Processes of the TCP/IP

Sender Recipient
Encapsulation Decapsulation

App User data

Application layer Application layer

TCP App User data

Transport layer Transport layer

IP TCP App User data Internet layer

Internet layer

Network access layer Eth IP TCP App User data Network access layer

1010101101010100101010001110

13 Huawei Confidential
Quintuple
HTTP FTP Telnet SMTP DNS TFTP SNMP

20/21 23 25 53 69 161
80

TCP UDP

IP packet

 Source IP address + destination IP address + protocol + source port + destination port

Quintuple

15 Huawei Confidential
 Contents

1. TCP/IP Architecture

2. Common Network Protocols

▫ Network Layer Protocols

▫ Transport Layer Protocols

▫ Application Layer Protocols

16 Huawei Confidential
Common Network Protocols

NMS NetStream

SNMP

ARP

OSPF/RIP

PC 1 PC 2

ICMP

17 Huawei Confidential
Overview of ARP
 Before sending a data packet to Host C, Host A needs to obtain the MAC address of Host C.

192.168.1.2/24
00-01-02-03-04-BB

Host A Host C

10.0.0.1/24 10.0.0.3/24
00-01-02-03-04-AA 00-01-02-03-04-CC

18 Huawei Confidential
ARP Request Host B

192.168.1.2/24
00-01-02-03-04-BB

Host A Host C

10.0.0.1/24 10.0.0.3/24
00-01-02-03-04-AA 00-01-02-03-04-CC

ETH_II ARP FCS

Destination IP address: 10.0.0.3
Destination MAC address: Source IP address: 10.0.0.1
FF-FF-FF-FF-FF-FF Destination MAC address: 00-00-00-00-00-00
Source MAC address: 00-01-02-03-04-AA
Operation type: Request

Source MAC address:

00-01-02-03-04-AA

19 Huawei Confidential
ARP Reply (1)
Host B

192.168.1.2/24
00-01-02-03-04-BB

Host A Host C

10.0.0.1/24 10.0.0.3/24
00-01-02-03-04-AA 00-01-02-03-04-CC

Host C>arp -a
Internet address Physical address Type
10.0.0.1 00-01-02-03-04-AA Dynamic

20 Huawei Confidential
ARP Reply (2)
Host B

192.168.1.2/24
00-01-02-03-04-BB

Host A Host C

10.0.0.1/24 10.0.0.3/24
00-01-02-03-04-AA 00-01-02-03-04-CC

ETH_II ARP FCS

Destination IP address: 10.0.0.1
Source IP address: 10.0.0.3
Destination MAC address: Source MAC address: 00-01-02-03-04-AA
00-01-02-03-04-AA Source MAC address: 00-01-02-03-04-CC
Operation type: Reply
Source MAC address:
00-01-02-03-04-CC

21 Huawei Confidential
Gratuitous ARP
 Gratuitous ARP can be used to detect whether IP addresses conflict.
10.0.0.1/24
00-01-02-03-04-AA

Host A

ETH_II ARP FCS

Destination IP address: 10.0.0.1
Source MAC address: Source IP address: 10.0.0.1
00-01-02-03-04-AA Destination MAC address: 00-00-00-00-00-00
Source MAC address: 00-01-02-03-04-AA

Destination MAC address:

FF-FF-FF-FF-FF-FF

22 Huawei Confidential
Introduction to ICMP
 ICMP is used to transmit error, control, and query messages.

Host A
Message

Return Message

23 Huawei Confidential
ICMP Application: Ping (1)

192.168.1.1/24 192.168.1.2/24

Router A Router B

<Router A>ping ?
STRING<1-255> IP address or hostname of a remote system
-a Select source IP address, the default is the IP address of the
output interface
-c Specify the number of echo requests to be sent, the default is
5
-d Specify the SO_DEBUG option on the socket being used
-f Set Don't Fragment flag in packet (IPv4-only)
-h Specify TTL value for echo requests to be sent, the default is
255
-i Select the interface sending packets
…

24 Huawei Confidential
ICMP Application: Ping (2)

[Router A]ping 192.168.1.2

PING 192.168.1.2 : 56 data bytes, press CTRL_C to break
Reply from 192.168.1.2 : bytes=56 Sequence=1 ttl=255 time=340 ms
Reply from 192.168.1.2 : bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 192.168.1.2 : bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 192.168.1.2 : bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 192.168.1.2 : bytes=56 Sequence=5 ttl=255 time=30 ms

--- 192.168.1.2 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/88/340 ms

25 Huawei Confidential
ICMP Application: Tracert (1)

30.0.0.2/24

20.0.0.2/24
Router B
Host A Router A Router C Host B

10.0.0.2/24

<Router A>tracert ?
STRING<1-255> IP address or hostname of a remote system
-a Set source IP address, the default is the IP address of the
output interface
-f First time to live, the default is 1
-m Max time to live, the default is 30
-name Display the host name of the router on each hop
-p Destination UDP port number, the default is 33434
-q Number of probe packets, the default is 3
-s Specify the length of the packets to be sent. The default
length is 12 bytes
…

26 Huawei Confidential
ICMP Application: Tracert (2)
 The Tracert command displays each hop that packets pass through during network transmission.

30.0.0.2/24

20.0.0.2/24

Router B
Host A Router A Router C Host B

10.0.0.2/24

<Router A>tracert 30.0.0.2

Tracert to 30.0.0.2(30.0.0.2), max hops:30, packet length:40, press CTRL_C to break
1 10.0.0.2 130 ms 50 ms 40 ms
2 20.0.0.2 80 ms 60 ms 80 ms
3 30.0.0.2 80 ms 60 ms 70 ms

27 Huawei Confidential
Routing Protocol Overview
 Routing is the most basic element in a data communications network. It is the process of selecting paths on a network
through which packets are sent from a source to a destination.

PC 1 PC 2

Routing protocols

28 Huawei Confidential
Introduction to OSPF
 No loop RTB Site B
RTA

 Fast convergence OSPF

OSPF
 Good scalability Site A

 Supporting authentication RTC

OSPF

Site C

30 Huawei Confidential
Introduction to SNMP
 SNMP is used to transmit management information NMS

between the network management system (NMS) and

managed devices.

SNMP

31 Huawei Confidential
SNMP Architecture
 SNMP includes the NMS, agent, and MIB.
 An agent is a process performed on the managed devices.
 A MIB is a database that contains variables maintained by managed devices.

Managed device

NMS
Execute
SNMP
MIB
Agent Notify

32 Huawei Confidential
Enterprise Network O&M
 Understand the traffic trend of all branches and identify the devices and branches that need
IT engineer: Branch 1 has exhausted its bandwidth on
expansion. the XYZ port. We need to purchase a new device to
expand the network capacity.
 Analyze the distribution of branch traffic identify the value points for capacity expansion. Supervisor: Are you sure we need to expand the
capacity? Is the network fully optimized or is the service
application developing rapidly?
 Rank changes in branch traffic and allocate existing network resources accordingly. IT engineer: I have detailed network application
development reports for each branch ...

Branch 1

Branch 2

HQ

33 Huawei Confidential
NTA Concept and Functions
 Basic concept
 The eSight Network Traffic Analyzer (NTA) is a software-only solution. No hardware probe is required, and no additional investment is needed.
The NetFlow, NetStream, and sFlow protocols are used to collect and analyze common IP packets, provide a customer analysis report, and
monitor network-wide traffic in real time. This is a powerful tool for enterprise O&M management.

 Functions
 The eSight NTA provides a convenient way to monitor and analyze networks. By using the IP network traffic information provided by network
devices that support NetFlow, NetStream, and sFlow, the eSight NTA analyzes network-wide traffic, provides traffic analysis reports, and displays
traffic analysis results in various charts. This helps users learn about network-wide traffic, including the traffic distribution, and detect
abnormal network traffic.

34 Huawei Confidential
NetStream Overview
 NetStream is a Huawei-patented technology used to collect and distribute statistics about network traffic. The NDE sends the obtained statistics to
the NSC for further processing, and sends the statistics to the NDA for analysis. The results of the analysis provide a basis for network accounting
and planning.

NDE NSC

NDA

NetStream stream
NDE
NSC

35 Huawei Confidential
 TCP/IP Architecture
 Common Network Protocols
 Network Layer Protocols
 Transport Layer Protocols
 Application Layer Protocols

36 Huawei Confidential
Establishing TCP Connections
 Three-way handshake

Client Server

37 Huawei Confidential
Disconnecting TCP Connections
 4-way handshake

Client Server

38 Huawei Confidential
 TCP/IP Architecture
 Common Network Protocols
 Network Layer Protocols
 Transport Layer Protocols
 Application Layer Protocols

39 Huawei Confidential
Common Application Layer Protocols

DNS server
FTP server

Web server

Mail server

PC
40 Huawei Confidential
How DNS Works
 Domain name resolution is performed by a dedicated domain name system (DNS). The DNS involves the following types of servers:
 Root server

 Top-level domain name server

Root server
I don't know about
 Recursive server this. I have to ask the
experts.
 Cache server
What is the IP address corresponding to IP:X.X.X.X
I'd like to visit www.huawei.com.
www.huawei.com?

The IP address of www.huawei.com. is Z.Z.Z.Z. The IP address of the .huawei.com DNS server is Y.Y.Y.Y.
Client Cache server Top-level domain name server

First access

I remember it this
IP:Y.Y.Y.Y
time.

I'd like to visit www.huawei.com again.

Recursive server
The IP address of www.huawei.com. is Z.Z.Z.Z.
Client Cache server

Second access

41 Huawei Confidential
How FTP Works
 FTP provides an effective way to upload and download files between a server and a client.
 When used to transmit data, FTP establishes a control connection and a data connection between the server and the client..

User User interface

Control connection

Process control Process control

Data connection

File system Data transmission process Data transmission process File system

Client Server

43 Huawei Confidential
FTP Transmission Mode (1)
 FTP supports two modes: active mode and passive mode. In active mode, which is used by default, the client sets up the control connection and the
server sets up the data connection. In passive mode, the client sets up both connections. Users can switch the mode through commands.
 FTP connection setup in active mode:

Control connection
Temporary port Port 21
Data connection
Temporary port Port 20

FTP Client FTP Server

44 Huawei Confidential
FTP Transmission Mode (2)
 FTP connection setup in passive mode:

Control connection
Temporary port Port 21
Data connection
Temporary port Temporary port

FTP Client FTP Server

45 Huawei Confidential
HTTP/HTTPS: Basic Components of a Web Application
 The web is built on a client-server architecture and relies on three essential technologies:
 Using Hypertext Markup Language (HTML), used to describe a file
 Using Uniform Resource Locator (URL), used to specify the file location
 Using Hypertext Transfer Protocol (HTTP), used for client-server communication

HTTP/HTTPS

Client Server

Displays on the client.

Access URL:
www.huawei.com HTML file

The URL specifies the server file.

46 Huawei Confidential
How HTTP Works
 HTTP is a stateless protocol that uses a request-response method for communication.

① Hi.
What can I do for you?
③ I need the XXX file. ②
GET /http://class/xxxx HTTP/1.1

⑤ Do you have a key? ④

Yes, &……%@ (#
⑥
OK. This is the file you want.
HTTP/1.1 200 OK
 HTTP has two types of packets:
 Request packet: sent from the client to the server.

 Response packet: returned from the server to the client.

47 Huawei Confidential
SMTP, POP3, IMAP: How Mail Is Sent and Received
 SMTP defines how PCs send mail to an SMTP server and how mail is transferred between SMTP servers.
 Post Office Protocol 3 (POP3) and Internet Mail Access Protocol (IMAP) specify how PCs manage and download mail on the mail server through client software.
 SMTP and POP3 (or IMAP) are deployed on the mail server by an administrator, and mail client software (such as Microsoft Outlook or Foxmail) is installed on a user's PC.

48 Huawei Confidential
 Quiz

1. Which of the following is not in the TCP/IP model?

A. Data link layer

B. Transport layer

C. Session layer

D. Application layer

2. Which of the following packets is the first packet of the TCP three-way handshake?
A. SYN+ACK

B. SYN

C. ACK

D. FIN
49 Huawei Confidential
 Summary

 TCP/IP Architecture
 Common Network Protocols

50 Huawei Confidential
Thank you. 把数字世界带入每个人、每个家庭、
每个组织，构建万物互联的智能世界。
Bring digital to every person, home, and
organization for a fully connected,
intelligent world.

Copyright©2021 Huawei Technologies Co., Ltd.

All Rights Reserved.

The information in this document may contain predictive

statements including, without limitation, statements regarding
the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially
from those expressed or implied in the predictive statements.
Therefore, such information is provided for reference purpose
only and constitutes neither an offer nor an acceptance. Huawei
may change the information at any time without notice.