Chapter 1 : Explore The Network
Chapter 2 : Configure a Network Operating System
Chapter 3 : Network Protocols and Communications
Chapter 8 : Subnetting IP Networks
Chapter 10 : Application Layer
Chapter 11 : Build a Small Network
Source of Pictures : Front Picture
Up to this point in the course, we have considered the services that a data network can provide to the human network, examined the features of each layer of the OSI model and the operations of TCP/IP protocols, and looked in detail at Ethernet, a universal LAN technology. The next step is to learn how to assemble these elements together in a functioning network that can be maintained.
The majority of businesses are small. It is not surprising then that the majority of networks are also small. A typical small-business network is shown in the figure.
With small networks, the design of the network is usually simple. The number and type of devices included are significantly reduced compared to that of a larger network. The network topologies typically involve a single router and one or more switches. Small networks may also have wireless access points (possibly built into the router) and IP phones. As for connection to the Internet, normally a small network has a single WAN connection provided by DSL, cable, or an Ethernet connection.
When implementing a small network, it is necessary to plan the IP addressing space. All hosts within an internetwork must have a unique address. The IP addressing scheme should be planned, documented and maintained based on the type of device receiving the address.
Examples of different types of devices that will factor into the IP design are:
The network administrator should consider the various types of traffic and their treatment in the network design. The routers and switches in a small network should be configured to support real-time traffic, such as voice and video, in a distinct manner relative to other data traffic. In fact, a good network design will classify traffic carefully according to priority, as shown in the figure. In the end, the goal for a good network design, even for a small network, is to enhance the productivity of the employees and minimize network downtime.
Growth is a natural process for many small businesses, and their networks must grow accordingly. Ideally, the network administrator has enough lead time to make intelligent decisions about growing the network in-line with the growth of the company.
To scale a network, several elements are required:
These elements are used to inform the decision-making that accompanies the scaling of a small network.
When trying to determine how to manage network traffic, especially as the network grows, it is important to understand the type of traffic that is crossing the network as well as the current traffic flow. If the types of traffic are unknown, a protocol analyzer will help identify the traffic and its source.
To determine traffic flow patterns, it is important to:
Whether wired or wireless, computer networks are essential to everyday activities. Individuals and organizations alike depend on their computers and networks. Intrusion by an unauthorized person can result in costly network outages and loss of work. Attacks on a network can be devastating and can result in a loss of time and money due to damage or theft of important information or assets.
Intruders can gain access to a network through software vulnerabilities, hardware attacks or through guessing someone’s username and password. Intruders who gain access by modifying software or exploiting software vulnerabilities are often called hackers.
After the hacker gains access to the network, four types of threats may arise, as shown in the figure
An equally important vulnerability is the physical security of devices. An attacker can deny the use of network resources if those resources can be physically compromised.
The four classes of physical threats are:
Malware or malicious code (malcode) is short for malicious software. It is code or software that is specifically designed to damage, disrupt, steal, or inflict “bad” or illegitimate action on data, hosts, or networks. Viruses, worms, and Trojan horses are types of malware.
In addition to malicious code attacks, it is also possible for networks to fall prey to various network attacks. Network attacks can be classified into three major categories:
For reconnaissance attacks, external attackers can use Internet tools, such as the nslookupand whois utilities, to easily determine the IP address space assigned to a given corporation or entity. After the IP address space is determined, an attacker can then ping the publicly available IP addresses to identify the addresses that are active.
Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information. An access attack allows an individual to gain unauthorized access to information that they have no right to view. Access attacks can be classified into four types:
Authentication, authorization, and accounting (AAA, or “triple A”) network security services provide the primary framework to set up access control on a network device. AAA is a way to control who is permitted to access a network (authenticate), what they can do while they are there (authorize), and what actions they perform while accessing the network (accounting).
A firewall is one of the most effective security tools available for protecting users from external threats. Network firewalls reside between two or more networks, control the traffic between them, and help prevent unauthorized access. Host-based firewalls or personal firewalls are installed on end systems. Firewall products use various techniques for determining what is permitted or denied access to a network. These techniques are:
In this chapter, we will explore the role of the application layer and how the applications, services, and protocols within the application layer make robust communication across data networks possible.
The application layer is closest to the end user. As shown in the figure, it is the layer that provides the interface between the applications used to communicate and the underlying network over which messages are transmitted. Application layer protocols are used to exchange data between programs running on the source and destination hosts.
The upper three layers of the OSI model (application, presentation, and session) define functions of the single TCP/IP application layer.
In the client-server model, the device requesting the information is called a client and the device responding to the request is called a server. Client and server processes are considered to be in the application layer. The client begins the exchange by requesting data from the server, which responds by sending one or more streams of data to the client. Application layer protocols describe the format of the requests and responses between clients and servers. In addition to the actual data transfer, this exchange may also require user authentication and the identification of a data file to be transferred.
A P2P application allows a device to act as both a client and a server within the same communication, as shown in the figure. In this model, every client is a server and every server a client. P2P applications require that each end device provide a user interface and run a background service.
When a web address or uniform resource locator (URL) is typed into a web browser, the web browser establishes a connection to the web service running on the server using the HTTP protocol. URLs and Uniform Resource Identifier (URIs) are the names most people associate with web addresses.
To better understand how the web browser and web server interact, we can examine how a web page is opened in a browser. For this example, use the http://www.cisco.com/index.html URL.
First, as shown in Figure 1, the browser interprets the three parts of the URL:
As shown in Figure 2, the browser then checks with a name server to convert http://www.cisco.com into a numeric IP address, which it uses to connect to the server. Using HTTP requirements, the browser sends a GET request to the server and asks for the index.html file. The server, as shown in Figure 3, sends the HTML code for this web page to the browser. Finally, as shown in Figure 4, the browser deciphers the HTML code and formats the page for the browser window.
HTTP is a request/response protocol. When a client, typically a web browser, sends a request to a web server, HTTP specifies the message types used for that communication. The three common message types are GET, POST, and PUT (see the figure):
The transport layer is responsible for establishing a temporary communication session between two applications and delivering data between them. An application generates data that is sent from an application on a source host to an application on a destination host.
TCP transport is analogous to sending packages that are tracked from source to destination. If a shipping order is broken up into several packages, a customer can check online to see the order of the delivery.
With TCP, there are three basic operations of reliability:
While the TCP reliability functions provide more robust communication between applications, they also incur additional overhead and possible delays in transmission. There is a trade-off between the value of reliability and the burden it places on network resources. Adding overhead to ensure reliability for some applications could reduce the usefulness of the application and can even be detrimental. In such cases, UDP is a better transport protocol.
UDP provides the basic functions for delivering data segments between the appropriate applications, with very little overhead and data checking. UDP is known as a best-effort delivery protocol. In the context of networking, best-effort delivery is referred to as unreliable because there is no acknowledgment that the data is received at the destination. With UDP, there are no transport layer processes that inform the sender of a successful delivery.
UDP is similar to placing a regular, non-registered, letter in the mail. The sender of the letter is not aware of the availability of the receiver to receive the letter. Nor is the post office responsible for tracking the letter or informing the sender if the letter does not arrive at the final destination.
For some applications, segments must arrive in a very specific sequence to be processed successfully. With other applications, all data must be fully received before any is considered useful. In both of these instances, TCP is used as the transport protocol. Application developers must choose which transport protocol type is appropriate based on the requirements of the applications.
TCP is a stateful protocol. A stateful protocol is a protocol that keeps track of the state of the communication session. To track the state of a session, TCP records which information it has sent and which information has been acknowledged. each TCP segment has 20 bytes of overhead in the header encapsulating the application layer data:
User Datagram Protocol (UDP) is considered a best-effort transport protocol. UDP is a lightweight transport protocol that offers the same data segmentation and reassembly as TCP, but without TCP reliability and flow control. UDP is such a simple protocol that it is usually described in terms of what it does not do compared to TCP. The features of UDP are described in the figure. For more information on UDP, read the RFC.
The source port number is associated with the originating application on the local host. The destination port number is associated with the destination application on the remote host.
The source port number is dynamically generated by the sending device to identify a conversation between two devices. This process allows multiple conversations to occur simultaneously. It is common for a device to send multiple HTTP service requests to a web server at the same time. Each separate HTTP conversation is tracked based on the source ports.
The client places a destination port number in the segment to tell the destination server what service is being requested, as shown in the figure. For example, when a client specifies port 80 in the destination port, the server that receives the message knows that web services are being requested. A server can offer more than one service simultaneously such as web services on port 80 at the same time that it offers File Transfer Protocol (FTP) connection establishment on port 21.
The Internet Assigned Numbers Authority (IANA) is the standards body responsible for assigning various addressing standards, including port numbers. There are different types of port numbers, as shown in Figure 1:
Note: Some client operating systems may use registered port numbers instead of dynamic port numbers for assigning source ports.
Figure 2 displays some common well-known port numbers and their associated applications. Some applications may use both TCP and UDP. For example, DNS uses UDP when clients send requests to a DNS server. However, communication between two DNS servers always uses TCP.
Click here to view the full list of port numbers and associated applications at IANA’s website
A TCP connection is established in three steps:
Step 1 – The initiating client requests a client-to-server communication session with the server.
Step 2 – The server acknowledges the client-to-server communication session and requests a server-to-client communication session.
Step 3 – The initiating client acknowledges the server-to-client communication session.
To close a connection, the Finish (FIN) control flag must be set in the segment header. To end each one-way TCP session, a two-way handshake, consisting of a FIN segment and an Acknowledgment (ACK) segment, is used. Therefore, to terminate a single conversation supported by TCP, four exchanges are needed to end both sessions.
In the figure, see the TCP connection termination.
Note: In this explanation, the terms client and server are used as a reference for simplicity, but the termination process can be initiated by any two hosts that have an open session:
Step 1 – When the client has no more data to send in the stream, it sends a segment with the FIN flag set.
Step 2 – The server sends an ACK to acknowledge the receipt of the FIN to terminate the session from client to server.
Step 3 – The server sends a FIN to the client to terminate the server-to-client session.
Step 4 – The client responds with an ACK to acknowledge the FIN from the server.
When all segments have been acknowledged, the session is closed.
The three-way handshake:
After the communication is completed, the sessions are closed, and the connection is terminated. The connection and session mechanisms enable TCP’s reliability function.
This chapter examines, in detail, the creation and assignment of IP network and subnetwork addresses through the use of the subnet mask.
To understand how subnetting on the octet boundary can be useful, consider the following example. Assume an enterprise has chosen the private address 10.0.0.0/8 as its internal network address. That network address can connect 16,777,214 hosts in one broadcast domain. Obviously, this is not ideal.
As shown in the figure:
For each bit borrowed in the fourth octet, the number of subnetworks available is doubled while reducing the number of host addresses per subnet.
To calculate the number of subnets that can be created from the bits borrowed, use the formula displayed in Figure 1. Figure 2 displays the possible number of subnets that can be created when borrowing 1, 2, 3, 4, 5, or 6 bits.
Note: The last two bits cannot be borrowed from the last octet because there would be no host addresses available. Therefore, the longest prefix length possible when subnetting is /30 or 255.255.255.252.
To calculate the number of hosts that can be supported, use the formula displayed in Figure 3. There are two subnet addresses that cannot be assigned to a host, the network address and the broadcast address, so we must subtract 2.
As shown in Figure 4, there are 7 host bits remaining, so the calculation is 2^7 = 128-2 = 126. This means that each of the subnets has 126 valid host addresses.
Therefore, borrowing 1 host bit toward the network results in creating 2 subnets, and each subnet can have a total of 126 hosts assigned.
In this example, corporate headquarters has allocated a private network address of 172.16.0.0/22 (10 host bits) to a branch location. As shown in Figure 1, this will provide 1,022 host addresses.
The topology for the branch locations, shown in Figure 2, consists of 5 LAN segments and 4 internetwork connections between routers. Therefore, 9 subnets are required. The largest subnet requires 40 hosts.
The 172.16.0.0/22 network address has 10 host bits as shown in Figure 3. Because the largest subnet requires 40 hosts, a minimum of 6 host bits are needed to provide addressing for 40 hosts. This is determined by using this formula: 2^6 – 2 = 62 hosts.
Using the formula for determining subnets, results in 16 subnets: 2^4 = 16. Because the example internetwork requires 9 subnets this will meet the requirement and allow for some additional growth.
Therefore, the first 4 host bits can be used to allocate subnets, as shown in Figure 4. When 4 bits are borrowed, the new prefix length is /26 with a subnet mask of 255.255.255.192.
As shown in Figure 5, the subnets can be assigned to the LAN segments and router-to-router connections.
This topic concludes with four activities to practice subnetting.
This chapter examines in detail the structure of IP addresses and their application to the construction and testing of IP networks and subnetworks.
Binary is a numbering system that consists of the numbers 0 and 1 called bits. In contrast, the decimal numbering system consists of 10 digits consisting of the numbers 0 – 9.
Binary is important for us to understand because hosts, servers, and network devices use binary addressing. Specifically, they use binary IPv4 addresses, as shown in Figure 1, to identify each other.
Each address consists of a string of 32 bits, divided into four sections called octets. Each octet contains 8 bits (or 1 byte) separated with a dot. For example, PC1 in the figure is assigned IPv4 address 11000000.10101000.00001010.00001010. Its default gateway address would be that of R1 Gigabit Ethernet interface 11000000.10101000.00001010.00000001
Working with binary numbers can be challenging. For ease of use by people, IPv4 addresses are commonly expressed in dotted decimal notation as shown in Figure 2. PC1 is assigned IPv4 address 192.168.10.10, and its default gateway address is 192.168.10.1.
To convert a binary IPv4 address to its dotted decimal equivalent, divide the IPv4 address into four 8-bit octets. Next apply the binary positional value to the first octet binary number and calculate accordingly.
For example, consider that 11000000.10101000.00001011.00001010 is the binary IPv4 address of a host. To convert the binary address to decimal, start with the first octet as shown in Figure 1. Enter the 8-bit binary number under the positional value of row 1 and then calculate to produce the decimal number 192. This number goes into the first octet of the dotted decimal notation.
Next convert the second octet as shown in Figure 2. The resulting decimal value is 168, and it goes into the second octet.
Convert the third octet as shown in Figure 3 and the fourth octet as shown in Figure 4 which completes the IP address and produces 192.168.11.10. Continue reading Chapter 7 : IP Addressing
This chapter focuses on the role of the network layer. It examines how it divides networks into groups of hosts to manage the flow of data packets within a network. It also covers how communication between networks is facilitated. This communication between networks is called routing.
The network layer, or OSI Layer 3, provides services to allow end devices to exchange data across the network. To accomplish this end-to-end transport, the network layer uses four basic processes:
There are several network layer protocols in existence. However, as shown in the figure, there are only two network layer protocols that are commonly implemented:
Note: Legacy network layer protocols are not shown in the figure and are not discussed in this course.
Connectionless – no connection with the destination is established before sending data packets
Best Effors – IP is inherently unreliable because packet delivery is not guaranteed
Media Independent – operation is independent of the medium (i.e., copper, fiber optic, or wireless) carrying the data
Significant fields in the IPv4 header include:
IPv4 still has three major issues:
This chapter examines the characteristics and operation of Ethernet as it has evolved from a shared media, contention-based data communications technology to today’s high bandwidth, full-duplex technology.
Ethernet is the most widely used LAN technology today.
Ethernet operates in the data link layer and the physical layer. It is a family of networking technologies that are defined in the IEEE 802.2 and 802.3 standards. Ethernet supports data bandwidths of:
The minimum Ethernet frame size is 64 bytes and the maximum is 1518 bytes. This includes all bytes from the Destination MAC Address field through the Frame Check Sequence (FCS) field. The Preamble field is not included when describing the size of a frame.
If the size of a transmitted frame is less than the minimum or greater than the maximum, the receiving device drops the frame. Dropped frames are likely to be the result of collisions or other unwanted signals and are therefore considered invalid.
An Ethernet MAC address is a 48-bit binary value expressed as 12 hexadecimal digits (4 bits per hexadecimal digit).
Just as decimal is a base ten number system, hexadecimal is a base sixteen system. The base sixteen number system uses the numbers 0 to 9 and the letters A to F. Figure 1 shows the equivalent decimal and hexadecimal values for binary 0000 to 1111. It is easier to express a value as a single hexadecimal digit than as four binary bits.
Given that 8 bits (one byte) is a common binary grouping, binary 00000000 to 11111111 can be represented in hexadecimal as the range 00 to FF, as shown in Figure 2. Leading zeroes are always displayed to complete the 8-bit representation. For example, the binary value 0000 1010 is shown in hexadecimal as 0A.
Note: It is important to distinguish hexadecimal values from decimal values regarding the characters 0 to 9, as shown in the figure.
MAC Address Structure
The MAC address value is a direct result of IEEE-enforced rules for vendors to ensure globally unique addresses for each Ethernet device. The rules established by IEEE require any vendor that sells Ethernet devices to register with IEEE. The IEEE assigns the vendor a 3-byte (24-bit) code, called the Organizationally Unique Identifier (OUI).
IEEE requires a vendor to follow two simple rules, as shown in the figure:
Note: It is possible for duplicate MAC addresses to exist due to mistakes during manufacturing or in some virtual machine implementation methods. In either case, it will be necessary to modify the MAC address with a new NIC or in software.
On a Windows host, the ipconfig /all command can be used to identify the MAC address of an Ethernet adapter. In Figure, notice the display indicates the Physical Address (MAC) of the computer to be 00-18-DE-DD-A7-B2. If you have access, you may wish to try this on your own computer. On a MAC or Linux host, the ifconfig command is used.
A Layer 2 Ethernet switch uses MAC addresses to make forwarding decisions. It is completely unaware of the protocol being carried in the data portion of the frame, such as an IPv4 packet. The switch makes its forwarding decisions based only on the Layer 2 Ethernet MAC addresses.
Every frame that enters a switch is checked for new information to learn. It does this by examining the frame’s source MAC address and port number where the frame entered the switch.
Note: If the source MAC address does exist in the table but on a different port, the switch treats this as a new entry. The entry is replaced using the same MAC address but with the more current port number.
Forward – Examining the Destination MAC Address
Next, if the destination MAC address is a unicast address, the switch will look for a match between the destination MAC address of the frame and an entry in its MAC address table.
Note: If the destination MAC address is a broadcast or a multicast, the frame is also flooded out all ports except the incoming port.
Switches use one of the following forwarding methods for switching data between network ports:
Figure, differences between these two methods.
In store-and-forward switching, when the switch receives the frame, it stores the data in buffers until the complete frame has been received. During the storage process, the switch analyzes the frame for information about its destination. In this process, the switch also performs an error check using the Cyclic Redundancy Check (CRC) trailer portion of the Ethernet frame.
Two of the most basic settings on a switch are the bandwidth and duplex settings for each individual switch port. It is critical that the duplex and bandwidth settings match between the switch port and the connected devices, such as a computer or another switch.
There are two types of duplex settings used for communications on an Ethernet network: half duplex and full duplex.
For example, in Figure 1 PC-A’s Ethernet NIC can operate in full-duplex or half-duplex, and in 10 Mb/s or 100 Mb/s. PC-A is connected to switch S1 on port 1, which can operate in full-duplex or half-duplex, and in 10 Mb/s, 100 Mb/s or 1000 Mb/s (1 Gb/s). If both devices are using autonegotiation, the operating mode will be full-duplex and 100 Mb/s.
One of the most common causes of performance issues on 10/100 Mb/s Ethernet links occurs when one port on the link operates at half-duplex while the other port operates at full-duplex, as shown in Figure 2. This occurs when one or both ports on a link are reset, and the autonegotiation process does not result in both link partners having the same configuration. It also can occur when users reconfigure one side of a link and forget to reconfigure the other. Both sides of a link should have autonegotiation on, or both sides should have it off.
When the auto-MDIX feature is enabled, the switch detects the type of cable attached to the port, and configures the interfaces accordingly. Therefore, you can use either a crossover or a straight-through cable for connections to a copper 10/100/1000 port on the switch, regardless of the type of device on the other end of the connection.
Note: The auto-MDIX feature is enabled by default on switches running Cisco IOS Release 12.2(18)SE or later.
There are two primary addresses assigned to a device on an Ethernet LAN:
This chapter begins with the general functions of the physical layer and the standards and protocols that manage the transmission of data across local media. It also introduces the functions of the data link layer and the protocols associated with it.
The process that data undergoes from a source node to a destination node is:
There are three basic forms of network media. The physical layer produces the representation and groupings of bits for each type of media as:
The physical layer consists of electronic circuitry, media, and connectors developed by engineers. Therefore, it is appropriate that the standards governing this hardware are defined by the relevant electrical and communications engineering organizations.
The physical layer standards address three functional areas:
Physical Components – The physical components are the electronic hardware devices, media, and other connectors that transmit and carry the signals to represent the bits. Hardware components such as NICs, interfaces and connectors, cable materials, and cable designs are all specified in standards associated with the physical layer. The various ports and interfaces on a Cisco 1941 router are also examples of physical components with specific connectors and pinouts resulting from standards.
Encoding – Encoding or line encoding is a method of converting a stream of data bits into a predefined “code”. Codes are groupings of bits used to provide a predictable pattern that can be recognized by both the sender and the receiver. In the case of networking, encoding is a pattern of voltage or current used to represent bits; the 0s and 1s.
Signaling – The physical layer must generate the electrical, optical, or wireless signals that represent the “1” and “0” on the media. The method of representing the bits is called the signaling method. The physical layer standards must define what type of signal represents a “1” and what type of signal represents a “0”. This can be as simple as a change in the level of an electrical signal or optical pulse. For example, a long pulse might represent a 1 whereas a short pulse represents a 0.
Bandwidth is the capacity of a medium to carry data. Digital bandwidth measures the amount of data that can flow from one place to another in a given amount of time.
Physical media properties, current technologies, and the laws of physics all play a role in determining the available bandwidth.
The table shows the commonly used units of measure for bandwidth.
Throughput is the measure of the transfer of bits across the media over a given period of time.
Due to a number of factors, throughput usually does not match the specified bandwidth in physical layer implementations. Many factors influence throughput, including:
Latency refers to the amount of time, to include delays, for data to travel from one given point to another.
The physical layer produces the representation and groupings of bits as voltages, radio frequencies, or light pulses. Various standards organizations have contributed to the definition of the physical, electrical, and mechanical properties of the media available for different data communications. These specifications guarantee that cables and connectors will function as anticipated with different data link layer implementations.
The figure shows different types of interfaces and ports available on a 1941 router.
There are three main types of copper media used in networking:
These cables are used to interconnect nodes on a LAN and infrastructure devices such as switches, routers, and wireless access points. Each type of connection and the accompanying devices has cabling requirements stipulated by physical layer standards. Continue reading Chapter 4 : Network Access
Within this chapter, you will learn about network models, as well as the standards that make networks work, and how communication occurs over a network.
Unicast – a form of message delivery in which a message is delivered to a single destination
Multicast – a form of transmission in which a message is delivered to a group of hosts
Broadcast – a form of transmission in which a message is delivered to all hosts on a network
At the human level, some communication rules are formal and others are simply understood based on custom and practice. For devices to successfully communicate, a network protocol suite must describe precise requirements and interactions.
A protocol suite is a set of protocols that work together to provide comprehensive network communication services.
In theory, a single communication, such as a music video or an email message, could be sent across a network form source to a destination as one massive, uninterrupted stream bits.
Computer & Networking 
