1. CCENT Notes
Part 1 – Networking Fundamentals
Ref : CCENT/CCNA ICND1 Official Exam Certification Guide, Second Edition
by Wendell Odom
It is highly recommended that you read at least once the above study guide to make full
use of this notes, it is expected that there may he minor errors in this notes, please
always refer the study guide for accurate information.
(Jojo Jacob - CCENT)

2. TABLE OF CONTENTS
Chapter 2 - The TCP/IP and OSI Networking Models........................................................3
Chapter 3 - Fundamentals of LANs.....................................................................................8
Chapter 4 - Fundamentals of WAN’s................................................................................20
Chapter 5 - Fundamentals of IP Addressing and Routing.................................................29
Chapter 6 - Fundamentals of TCP/IP Transport, Applications and Security.....................41
2

3. Chapter 2 - The TCP/IP and OSI Networking Models
TCP/IP : Transmission Control Protocol/Internet Protocol
OSI : Open System Interconnection
RFC – Request for Comments
TCP/IP Architecture Layers
Application : HTTP, POP3, SMTP
Transport : TCP, UDP
Internet : IP
Network Access : Ethernet, Frame Relay, PPP (WAN)
Application Layer : Provides interface between application software and the network,
Provides network services to the applications.
Transport Layer : (TCP/UDP) Guarantees the delivery of data across the network. TCP
uses the mechanism of acknowledgements to guaranty the transmission of data across the
network.
Transport Layer header and its encapsulated data is called a SEGMENT
Internet Layer : (IP) defines the IP Addressing and Routing.(the process of how a
router should forward or route data packets)
Internet Layer header and its encapsulated data, which includes Transport Layer,
Application Layer header and any data is called IP Packet.
Network Access Layer : defines the protocols and hardwares required to deliver data
across some physical network.
Internet Layer (IP) uses the service of the Network Access Layer (Ethernet) to deliver IP
Packets over a physical network.
Network Access Layer’s encapsulated data are called FRAMES which includes network
access layer (Ethernet, PPP) header, trailer and their encapsulated data.
IP uses network access layer protocols (Ethernet. PPP) to deliver packets to next router or
host, in which IP packets will be encapsulated between Ethernet or PPP header and trailer
for transmission over the physical medium as frames.
3

4. Ethernet header and trailer may be striped and IP Packet may be encapsulated with PPP
header and trailer during transmission depending on the network access protocol between
the routers in the network.
Same layer Interaction (different computers) : When a particular layer in one
computer wants to communicate with the same layer in another computer, and this is
done using headers which are transmitted between the computers.
Adjacent Layer Interaction (same computer) : In a single computer one layer provides
services to a higher layer. The software or hardware that implements the higher layer
requests the lower layer to perform the task needed.
Five Step Process of TCP/IP host sending data in a network.
Step 1 : application data with application layer header. http ok message returned in a http
header followed by content of the web page.
Step 2 : encapsulate application layer data in a transport layer (tcp/udp) header
Step 3 : encapsulate the transport layer data in a internet (IP) layer header
Step 4 : encapsulate the data supplied by the internet layer into network access layer
header and trailer.
Step 5 : transmit the bits, physical layer encodes the signal onto a medium to transmit the
frames
Encapsulation : is the process of adding headers and trailers around data supplied by a
higher level in the network model.
Decapsulation : is the process of stripping (removing) the header and trailer from an
encapsulated data.
Networking Model defines a set of network layers and how they interact each other, two
most important networking models are TCP/IP and OSI.
4

5. OSI Reference Model
OSI Layers TCP/IP
Application Layer 7
Presentation Application Layer 6
Session Layer 5
Transport Transport Layer 4
Network Internet Layer 3
Datalink Layer 2
Physical Network Access Layer 1
All People Seem to Need Data Processing (Layer 7 – Layer 1)
Layer 7 – Layer 5 focuses on application
Layer 4 – Layer 1 focuses on end to end delivery of the data over the network
Application Layer : Interfaces between application software and network also includes
authentication services.
Presentation Layer : Defines format and organization of data and includes encryption
Session Layer : Establishes and maintains end-to-end bi-directional flow between end
points. Includes managing transaction flows.
Transport Layer : Provides a variety of services between two hosts, connection
establishment and termination, flow control, error recovery, and segmentation of large
block of data into smaller parts for transmission.
Network Layer : logical addressing, routing (forwarding) and path determination.
Datalink Layer : format the data into frames for transmission onto physical medium,
defines the rule for, when the data can be send, defines the means by which to determine
transmission errors (FCS : Frame Check Sequence).
Physical Layer : refers to standards for physical characteristics of the transmission
medium, including connectors, pins, use of pins, electrical currents, encoding, light
modulation, and rules for how to activate and deactivate the use of physical medium.
5

6. Layer Name Protocols and Specification Devices
Application, Presentation, Firewall, Intrusion detection
Telent, HTTP, FTP, SMTP,
Session (Layer 7 – 5) systems.
POP3, VoIP, SNMP
Transport (Layer 4) TCP, UDP
Network (Layer 3) IP Routers
DataLink (Layer 2) Ethernet (IEEE 802.3), Lan Switches, wireless
HDLC, Frame Relay, PPP access points, cable modem,
dsl modem
Physical (Layer 1) RJ-45, EIA/TIA -232, V.35, Lan Hub, repeater
Ethernet (IEEE 802.3)
Benefits of Layered Protocol Specifications
Less Complex : Layered protocol network model breaks the functions and tasks of the
networking into smaller chunks
Standard Interfaces : standard interfaces definition between the layers enables multiple
vendors to develop products on specific layers
Easier to develop : reduced complexity mean easier program changes and faster product
development
Easier to learn : easier to learn more details of a protocol specification
Multi-vendor interoperability : creating products meeting same networking standards
means, computers and network gears from different vendors can work together
Modular engineering : vendors can concentrate on developing modular products in
specific layers
A software or a hardware device in a layer does not have to worry, or can assume that the
software and hardware devices in other layers will perform functions defined for that
layer.
6

7. OSI Encapsulation
OSI model uses PDU – Protocol Data Unit to refer to its encapsulated data in each layers.
L7PDU : Application(L7)H + Data
L6PDU : Presentation(L6)H + Data
L5PDU : Session(L5)H + Data
L4PDU : Transport(L4)H + Data
L3PDU : Network(L3)H + Data
L2PDU : Data Link(L2)H + Data + L2T
L2PDU is transmitted into the physical link.
Please go to ……Do I know this Already –QUIZ. – Chapter 2. :- Page 18.
7

8. Chapter 3 - Fundamentals of LANs
Ethernet – refers to standards that define physical and data link layer for LAN.
Variables for Ethernet Standards are : Speed, type of cable, length of cable etc.
IEEE – Institute of Electrical and Electronics Engineers
IEEE seperates the Ethernet Data link layer functions into two sub layers:
802.3 Media Access Control (MAC) sublayer (Lower layer)
802.2 Logical Link Control (LLC) sublayer (Higher Layer)
Common Name Speed Alternate Name IEEE Cable type,
Standard Maximum Length
Ethernet 10 Mbps 10BASE-T IEEE 802.3 Copper, 100 m
Fast Ethernet 100 Mbps 100BASE-TX IEEE 802.3u Copper, 100 m
Gigabit Ethernet 1000 Mbps 1000BASE-SX IEEE 802.3z Fibre, 500 m (SX)
1000BASE-LX 5 km (LX)
Gigabit Ethernet 1000 Mbps 1000BASE-T IEEE 802.3ab Copper, 100 m
Alternate Name always list speed in Mbps
T – in the alternate name means twisted pair (UTP)
Functions of LAN : File sharing, Printer sharing, File transfer and gaming
10BASE2 and 10BASE5 – early Ethernets, consisted of series of co-axial cables
connecting computer and their NIC. Sending computer sends electrical signals through
the bus (collection of cables forming electrical circuit).
CSMA/CD – Carries Sense Multiple Access with Collision Detection , ensures that only
one devices sends traffic in Ethernet at one time. Avoids collision and takes action when
collision occurs. Algorithm:-
A device that wants to send a frame waits until LAN is silent, ie no frame is currently
being send, before attempting to send an electrical signal
If a collision still occurs, the devices that caused the collision wait a random amount
of time and try again
CSMA/CD : Carrier Sense Multiple Access with Collision detection, a device access
mechanism in which devices ready to transmit data first check the channel for a carrier. If
no carrier is sensed for a specific period of time, a device can transmit. If two devices
8

9. transmit at once, a collision occurs and is detected by all colliding devices. This collision
subsequently delays re-transmission from those devices for a random length of time.
10BASE2 – maximum cable length 185m
10BASE5 – maximum cable length 500 m
Attenuation :- weakening of electrical signals as it traverse farther through a cable
Repeaters – connects multiple cable segments, receive electrical signal on one cable,
interpret the bits as 1s and 0s and generates brand new, clean, strong electrical signal out
the other cable. But does not interpret the meaning of the electrical signal (bits) and is a
Layer 1 device.
Repeater does not simply amplify the signal, because amplifying the signal might also
amplify any noise picked up along the way, but it re-generates brand new electrical
signals.
Ethernet Hubs : hubs are essentially repeaters but with multiple physical ports, it re-
generates the electrical signals that comes in one port and sends to every other ports and
creates an electrical bus.
• Origianl Ethernet LANs created an electrical bus to which devices were connected
• 10BASE5 and 10BASE2 repeaters extended the length of the LAN by cleaning up the
electrical signals and repeating it – a layer 1 function – without interpreting the
meaning of the signals.
• Hubs are repeaters that provide a centralised connection point for the UTP, cabling,
but still creates a single electrical bus shared by various devices, just like 10BASE2
and 10BASE5.
• Because collision could occur in any of these cases, Ethernet defines CSMA/CD
algorithm, which tells devices how to avoid collision and also action to take when it
occurs.
Ethernet UTP Cabling
10BASE-T (Ethernet) , 100BASE-T (fast Ethernet – FE) , 1000BASE-T (gigabit ether
net – GE) use UTP (unshielded twisted pair) cabling
UTP cables – two pairs or four pairs of wires.
RJ-45 connectors – connect to end points of utp cables and has pins (8) to which each of
the coloured wires are connected to. RJ-45 connectors are inserted into RJ-45 ports in
computers of switches.
RJ11 – commonly used for telephone cables in North America
9

10. RJ11 is a physical interface often used for terminating telephone wires. It is probably the
most familiar of the registered jacks, being used for single line POTS telephone jacks in
most homes across the world.
RJ14 is similar, but for two lines, and RJ25 is for three lines. RJ61 is a similar registered
jack for four lines. The telephone line cord and its plug are more often a true RJ11 with
only two conductors.
Phone generates analog signals at the rate of 0 – 4000 Hz, and the DSL modem uses
frequencies higher than 4000 Hz, so that the phone and the DSL signals interfere very
much, still need to use a filter.
The DSLAM directs (multiplexes) the analog voice signals – frequency range between 0
Hz and 4000 Hz, to a voice switch.
Two views of an RJ25 6P6C crimp-on style connector. .
RJ11 is a physical interface often used for terminating telephone wires. It is probably the
most familiar of the registered jacks, being used for single line POTS telephone jacks in
10

11. BS6312 431A plug; colloquially, a British Telecom plug. Used in NZ.
Cisco switches uses GBIC (gigabit interface converter) or Small form Pluggables (SFP)
so that switch can use a variety of cable connectors, type of cabling and support different
cable lengths.
Cisco switches can easily alternate between 1000BASE-T GBIC and 1000BASE-LX
interface cards depending on the situations, like if the cabling need to cover a longer
distance.
Twisted pair copper wire cancels out the magnetic field when transmitting electricity. By
twisting together wires in the same pair, with the current running in opposite direction on
each wire, the magnetic field created by one wire mostly cancels out the magnetic field
created by the other wire.
Networking devices create an electric circuit using twisted wire pair and vary the signals
as defined by the encoding scheme, to send bits over wire pair.
Encoding scheme defines how the electrical signal should vary, over time, to mean either
a binary 0 or 1.
Twisted Pair : Transmission medium consisting of two insulated wires, with wires
twisted around each other in spiral. An electrical circuit flows over the wire pair, with the
current in opposite direction on each wire, which significantly reduces the interfenece
between two wires.
UTP Cabling Pinouts for 10BAST-T and 100BAST-TX
Telecommuncations Industry Association (TIA) and Electronics Industry Alliance (EIA)
defines the standards for UTP cabling, colour coding for wires and standard pinouts on
the cable.
Two EIA/TIA pinout standards are T568A and T568B.
T568A pinout standard
11

12. RJ-45
pair 3 3 2 1 1 2 4 4
pins 1 2 3 4 5 6 7 8
Pinouts
1- G/W
2- Green
3- O/W
4- Blue
5- B/W
6- Orange
7- Brown/W
8- Brown
Pair 1 Pair 2 Pair 3 Pair 4
Blue/Blue W Orange W/ Orange Green W/Green Brown W / Brown
T568B pinout standard
RJ-45
pair 2 2 3 1 1 3 4 4
pins 1 2 3 4 5 6 7 8
Pinouts
1- O/W
2- Orange
3- G/W
4- Blue
5- B/W
6- Green
7- Brown/W
8- Brown
Pair 1 Pair 2 Pair 3 Pair 4
Blue/Blue W O W/Orange Green W/Green Brown W / Brown
Pinout : Documentation and Implementation of which wires inside a cable connect to
each pin positions in side any connector
UTP cable requires two pairs of wire for 10BASE-T and 100BASE-TX and four pairs of
wire for 1000BASE-T.
12

13. Ethernet NIC send data using the wire pair connected to Pins 1 and 2. (pair 3, T568A
standard)
Ethernet NIC receives data using the wire pair connected to Pins 3 and 6. (pair 2, T568A
standard)
Hubs and switches send data using the wire pair connected to Pins 3 and 6. (pair 2,
T568A standard)
Hubs and switches receives data using the wire pair connected to Pins 1 and 2. (pair 3,
T568 standard
Straight Through Cable : connects two devices (NIC and switch) which uses opposite
pinout pairs to transmit and receive data.
Straight through cable connects wire at pin 1 on one end of the cable to pin 1 on other
end of the cable, wire at pin 2 on one end of the cable to pin 2 on other end of the cable
and so on.
But will not work for connecting two hubs/switches together as they use the same pins
for send and receive.
A cable that swaps the wire pair in side the cable is called Cross over cable.
Cross over cable must be used to connect two switches as both the switches uses pair at
pin 3,6 to transmit and pair at pins 1,2 to receive, the cable must swap or cross the pairs.
1 ---- 3
2 ---- 6
3 --- 1
6 --- 2
Devices on opposite end of the cable using same pair of pins to transmit need crossover
cable, devices uses opposite pair of pins to transmit requires straight trough cables.
Crossover Cable : An Ethernet cable that swaps the wire pair used for transmission on
one device to wire pair used for receiving on a device connected to the other end of the
cable. In 10BSAE-T and 100BASE-TX networks, this cable swaps the wire pair at Pin
1,2 to Pins 3,6 on other end of the cable, and Pair at Pins 3,6 to Pins 1,2.
Straigh-through Cable : An Ethernet cable that connects wire on Pin 1 on one end of
the cable to Pin 1 on other end of the cable, Pin 2 on one end to Pin 2 on other end and so
on.
13

14. 10BASE-T and 100BASE-TX pin pairs used
Devices that transmit on pin pair 1,2 and Devices that transmit on pin pair 3,6 and
receives on 3,6 receives on 1,2
PC NICs Hubs
Routers Switches
Wireless Access Points (Ethernet Interface)
Network Printers (directly connected to
LAN)
1000BASE-T requires 4 wire pairs also gigabit Ethernet transmit and receives on each of
the four wire pairs simultaneously.
1000BASE-T straight through cables connect wire at pin 1 to pin 1 , pin 2 – pin 2 and so
on.
1000BASE-T crossover cable crosses wire pairs between pins (1,2 and 3,6) and (4,5 and
7,8).
Auto-mdix is a cisco switch feature that notices wrong cabling pinouts, and re-adjusts the
switch’s logic and makes the cable work.
Hubs to Switches
Five steps of a hub creating electrical bus.
1. NIC sends a frame
2. NIC loops the send frame to its receive pair internally on the card
3. hub receives the electrical signals, interpret the signals as bits, so that it can clean up
and repeat as strong signals
4. hubs internal wiring repeats the signal to all other ports, except the port the signals
was received from
5. the hub repeats the signal to each receiver pair on all other devices
If two NIC send frames at same time, at step 4, the electrical signals would overlap,
frames would collide, and either frames will be completely unintelligible, or full or
errors.
CSMA/CD algorithm helps prevent the collision and also defines how to act when
collision occurs, CSMA/CD algorithm work like this;
14

15. 1. A device with a frame to send listens until Ethernet is not busy
2. when the Ethernet is not busy sender(s) begin(s) sending the frame
3. the sender(s) listen(s) to make sure that no collision occurred
4. if a collision occurs the devices that had been sending, each send a jamming signal to
ensure that all stations recognizes the collision
5. after the jamming is complete, each sender randomizes a timer and waits that long
before trying to resend the collided frame
6. when each random timer expires, the process start from step 1
Using a hub with CSMA/CD causes performance problems;
1. only one device can send at a given point in time
2. if a collision occurs, the sending devices waits for a ramdomized time before trying to
re-send the collided frame
For devices connected to a hub, only one device can send at any one instant in time. As a
result the devices connected to a hub share the bandwidth available through the hub. The
logic of waiting for the LAN to be silent before sending, means that a device either send
or receive at a given point in time, but not both , and this is called half duplex.
Collision domain : defines the set of devices whose frame could collide. All devices on a
10BASE2 and 10BASE5 network and any network using a HUB are said to be in the
same collision domain.
Hubs : A LAN device providing a centralized connection point for LAN cabling,
repeating any received electrical signals out all other ports, thereby creating a logical bus.
Hubs do not interpret the electrical signals as a frame of bits, so Hubs are considered to
be Layer 1 devices.
Switches:
1. Interprets the bits in the received frame, so that they can typically send the frame out
the required one port, rather than all other ports
2. If the switch needs to forward multiple frame out the same port, the switch buffers the
frames in memory, sending one at a time and thereby avoiding collision.
A switch is considered to be a layer 2 device as it need to look at the Ethernet header for
address.
Single devices connected to switch ports does not share the bandwidth, ie a switch with
100Mbps port, has 100Mbps for each port.
15

16. Shared Ethernet : Ethernet using a hub or the original co-axial cabling LAN were the
LAN bandwidth is shared among the devices, as each device has to take turn in using the
LAN, because of the CSMA/CD algorithm.
Switched Ethernet : LANs with switches does not have to share the bandwidth between
devices connected to a port. Ie a switch with 100 Mbps port has 100Mbps for each port.
A hub with 24, 100Mbps devices connected to it all share a theoretical total bandwidth of
100Mbps. However a switch with 24, 100 Mbps devices connected to it, support 100
Mbps on each of the 24 ports, or 2400 Mbps (2.4 Gbps) theoretical maximum bandwidth.
LAN switches with only one devices cabled to each port, can completely eliminate
collision, which allows the use of full-duplex operation. Full-duplex means the Ethernet
cards can send and receive concurrently. When full-duplex is implemented CSMA/CD
will be disabled on devices at both end of the cable. And performance will be doubled by
allowing simultaneous transmission in both directions.
Full Duplex : Any communication in which two communicating devices can send and
receive data concurrently is said to have full duplex communication. In Ethernet LAN
full duplex is allowed when the CSMA/CD is disabled on both the communicating
devices.
Half Duplex : Any communication in which only one device can send data at a time. In
Ethernet LAN normal results of CSMA/CD that enforces the rule that only one device
should send at any point in time.
Ethernet Data-Link Protocols
Ethernet data-link protocols (small set) is same and applies to almost all of the variations
of Ethernet from 10BASE5 up through to 10 Gbps Ethernet.
Ethernet LAN addressing identifies either a individual device (unicast) or a group of
devices in LAN (broadcast and multicast). Ethernet LAN address is 6 bytes (48 bits)
long, usually written as set of 4 digit hex (12 hex digits) values separated by dots.
0000.OC12.3456
Unicast Ethernet address identifies a single LAN card.
Ethernet card manufactures encodes MAC address into the card, usually in a ROM chip,
first half identifies the manufactures and is assigned by IEEE and is called
Organizationally Unique Identifier (OUI), second half is a unique number assigned by the
manufacture for each card. It is also called Burned in address (BIA) , also called
uiversally administered address (UAA).
16

17. Structure of unicast Ethernet address
Organizationally Unique Vendor Assigned
Identifier NIC Cards, Interfaces
Size in bits -----24 Bits------------ -----24 Bits--- --
Size in Hex Digits -----6 Hex ------------ -----6 Hex --- --
Example ---00 60 2F ------------ ---3A 07 BC-- --
Group address – represents more than one LAN interface cards:-
Broadcast addresses: represents all the devices on the LAN, and is represented by
FFFF.FFFF.FFFF in hexadecimal notation.
Multicaset address – allows a subset of devices on the lan to communicate. When IP
multicasts over an Ethernet, the multicast MAC address used by IP follows the format,
0105.5exx.xxxx where x can take any value.
LAN MAC Address terminology
LAN addressing term or feature Description
MAC Media Access Control 802.3 (Ethernet) defines the
MAC sublayer of the IEEE Ethernet.
Ethernet Address, Other terms for MAC address, and defines 6 bytes (48
NIC Address, bits) long address for LAN Interface cards.
LAN address
Burned in address (BIA) 6 byte ling address assigned by the NIC vendor
Unicast address MAC address representing a single LAN interface
Broadcast address An address that means all devices that reside on this
LAN right now
Multicast address Implies to some subset of all the devices currently on
the Ethernet LAN
Ethernet Framing : Defines how a string of binary numbers are interpreted, it defines
the meaning behind the bits that are transmitted across a network.
Ethernet Frame (IEEE 802.3 revised 1997).
Preamble SFD Destination Source Length/type Data and Pad FCS
7 1 6 6 2 46-1500 4 (Bytes)
17

18. IEEE 802.3 Ethernet header and trailer fields
Field Field Length Description
Preamble 7 Synchronization
Start frame 1 Signifies the next byte begins the destination MAC
delimiter (SFD) field
Destination 6 Destination MAC
Source 6 Source MAC
Length 2 Length of the data field of the frame
(either length or type is present not both)
Type 2 Type of protocol listed inside the frame
(either length or type is present not both)
Data and pad 46-1500 Holds data from higher layer L3 PDU (generally)
mostly IP Packet
Frame check 4 Provides a method for the receiving NIC to
sequence (FCS) determine if the frame experienced transmission
errors
The IEEE 802.3 specification limit the data portion of the 802.3 frame to maximum of
1500 Bytes. The data field was designed to hold the laye 3 IP Packet. The term Maximum
Transmission Unit (MTU) refers to the maximum layer 3 packet that can be send over a
medium. Because Layer 3 IP Packet resides inside the data portion of an Ethernet frame,
1500 bytes is the largest IP MTU that can be send over an Ethernet.
Layer 3 protocols like IBM SNA, Novel Netware, AppleTalk, TCP/IP could be
transmitted over Ethernet LAN. (layer 2 ethernet frame).
Type field in the Ethernet frame header identifies the Layer 3 protocol used, eg . IP
packet means 0800 (decimal 2048) value in the type field.
When length/type field in the Ethernet frame header is used to represent the length of
entire Ethernet frame (hex value less than 0600 decimal 1536), in such cases Ethernet
frame adds two additional headers after the 802.3 Ethernet header but before he L3
Header:-
1. an IEEE 802.2 Logical Link Control (LLC) header
2. an IEEE subnetwork access protocoal (SNAP) header
LLC Header
DSAP SSAP CTL
1 1 1 (Bytes)
18

19. SNAP Header
OUI Type
3 2 (Bytes)
Preamble SFD Destination Source Length/type LLC Header SNAP Header Data and Pad FCS
7 1 6 6 2 3 5 46-1500 4 (Bytes
Length/Type field will have value less than 1536, meaning it represents the length of the entire Ethernet
frame.
Protocol Type Field : A field in a LAN header that identifies the type of header that
follows (Layer 3 PDU) the LAN header, Includes the DIX Ethernet Type Field, IEEE
802.2 DSAP field, and the SNAP protocol type field.
Error Recovery
Ethernet Frame Check sequence is the only field in the Ethernet frame trailer, allows the
devices receiving the frame to detect if the bits have changed during transmission.
FCS error detection does not mean error recovery.
To detect an error the sending device calculates a complex mathematical function with
the frame contents as input and puts the results into the frames 4 Bytes FCS field. The
receiving device does the same math on the frame, if its calculation matches the FCS
field in the frame, no errors occurred. If the results doesn’t match an error has occurred
and the frame is discarded, Ethernet does not do any thing for error recovery, it takes no
action for re-sending the frame, but is taken care by protocols like TCP.
1000BASE-T : A name for IEEE Gigabit Ethernet standard that uses four pair copper
cabling, a speed of 1000 Mbps (1 Gbps) and a maximum cable length of 100 meters.
100BASE-TX : A name for the IEEE fast Ethernet standard that uses two pair copper
cabling, a speed of 100 Mbps and a maximum cable length of 100 meters
10BASE –T : The 10 Mbps baseband Ethernet specification using two pairs of twisted
pair cabling. (Category 3,4, or 5). One pair transmit and other pair receives data.
10BASE T which is part of the IEEE 802.3 specification, has a distance limit of
approximately 100 meters.
Please go to ……Do I know this Already –QUIZ. – Chapter 3. :- Page 42.
19

20. Chapter 4 - Fundamentals of WAN’s
WAN physical and data-link standards and protocols define how to network between
devices that are far apart in some cases thousands of miles.
OSI Layer 1 – for Point to Point WANs
Point to Point WAN is a type of WAN for connecting remote sites.
Service Providers (Telcos) provide leased line for companies to have WAN connectivity.
Point to Point WAN connection is also called leases circuit and leased line as the line is
exclusively available for the devices at the either end of the connection to send and
receive data at any time they want.
Ethernet switches has many different types of interfaces, but all the interfaces are some
form of Ethernet. Routers provide capability to connect many different types of layer 1
and layer 2 technologies and is used commonly when a LAN is connected to a WAN.
CO – central office where telco locates devices that creates its own network.
Point to Point Leased line components
R1----CSU/DSU--------WAN Switch TELCO WAN Switch--------CSU/DSU-----R2
NETWORK
|
| (demar)
R1, R2 – routes
CSU/DSU – external Channel Service Unit / Data Service Unit
WAN switches in the CO
Routers are connected to CSU/DSU using short cables (max 50ft).
A much longer cable connects CSU/DSU to WAN switch in the CO
Routers and CSU/DSU are CPE (customer premises equipments)
Demarcation point (demar) defines the boundaries of responsibilities between telco and
company (customer) in a PPP Wan.
20

21. WAN Cabling Standards
Point to Point WAN uses synchronous point to point serial link interface on its routers.
Synchronous serial interface in cisco routers uses physical connector types such as 60 –
Pin D-shell connector.
CSU/DSU end of the cable uses physical connector standards such as EIA/TIA-232 ,
EIA/TIA-449, V.35, X.21, EIA-350
Many of the pins in the above connectors are used for control functions, a few are used
for transmitting data, and some pins are used for clocking.
The cable between the CSU/DSU and the telco CO typically uses a RJ-48 connector.
When a router has an internally built CSU/DSU, physical line from telco CO is directly
connected to a port in the router, typically to a RJ-48 port in the router serial interface
card.
Clock Rate, Synchronization, DCE and DTE
Every WAN circuit provided by a service provider runs at one of many possible pre-
defined speed. This speed is often referred to as clock rate, bandwidth or link speed.
To make a WAN link work, various devices need to synchronize their clock so that they
run exactly at the same speed, this process is called synchronization.
Synchronous circuits imposes time ordering at the link’s sending and receiving ends.
Synchronization occurs between two CSU/DSU on a leased line, by having one
CSU/DSU (the slave) adjust its clock to match the clock rate of the other CSU/DSU (the
master). A networking device synchronizes its clock several times per second.
In practice clocking concept includes a hierarchy of different clock sources. The telco
provides clocking information to the CSU/DSUs based on the transitions in the electrical
signal on the circuit. The two CSU/DSUs then adjust their speeds to match the clocking
signals from telco.The CSU/DSUs each supply clocking signals to the routers so that the
routers simply react, sending and receiving data at the correct rate. So from the routers
perspective, the CSU/DSU is considered to be clocking the link.
The device that provides clocking, typically CSU/DSU is considered to be Data
Communication Equipment (DCE) and the device receiving clocking typically the router
is considered to be Data Terminal Equipment (DTE).
DTE serial cables (for routers) and DCE serial cable (for CSU/DSU) exists.
21

22. WAN in the lab, Point to Point serial link, back to back serial connection can be built
using two routers one acting as DTE and one as DCE and connected together using
interconnected DTE and DCE serial cables and with a clock rate configuration command
in the DCE router.
DTE cable, the cable that typically connects a router (dte) to a csu/dsu does not swap the
transmit and receive pins, however a DCE cable does the swaping of the Transmit and
receive pins.
DTE Cable DCE Cable DTE Cable
R1 ------------------- CSU/DSU ---------------------------CSU/DSU--------------------R2
Link Speed offered by telco
PCM – Pulse code modulation – converts analogue signal to digital signal
and according to this, 64,000 bits required to represent 1 sec voice and is the baseline
transmission speed (64Kbps). Digital Signal Level 0 (DS0).
According to PCM voice analog signals are sampled 8000 times per sec, each sample
requiring 8 bits, so 8000 * 8 = 64000 bits required to represent 1 sec voice.
The combination of multiple slower speed lines and channels into a faster speed lines or
channel – for instance combining 24DS0 channels into a single DS1 (T1) line is called
Time division multiplexing (TDM).
T1 and T3 are standards used in United States
E1 and E3 are Japanese and European standards
WAN Speed summary
DS0 64kbps
DS1 (T1) 1.544 Mbps (24 DS0s plus 8kbps overhead)
DS3 (T3) 44.736 Mbps (28 DS1s plus management overhead)
E1 2.048 Mbps (32 DS0s)
E3 34.064 Mbps (16 E1s plus management overhead)
J1 (Y1) 2.048 Mbps (32 DS0s : Japanese standard)
Type of signalling (DS1, DS3 etc) and signalling specification define the electrical
signals that encode binary 1 and 0 on the line.
22

23. OSI Layer 2 – for Point to Point WANs
Two most popular data link layer protocols used in Point to point links are High level
data link control (HDLC), and Point to Point Protocol (PPP).
Main objective of HDLC data link layer is the delivery of the data across the link, error
checking, and identification of data packet type in the frame.
Standard HDLC Frame
1 1 1 variable 4 (bytes)
Flag Address Control Data FCS
Cisco proprietary HDLC Frame
1 1 1 2 variable 4 (bytes)
Flag Address Control Type Data FCS
International Telecommunications Union (ITU) defined HDLC
Internet Engineering Task Force (IETF) defined PPP
PPP works same as HDLC, framing is identical. PPP including the protocol type field, is
used in a multi vendor router point to point serial link environment.
Pont to Point WAN:
Synchronous : the imposition of time ordering on a bit stream, practically a device tries
to use the same speed as the other device on other end of the serial link, however by
examining the transition between the voltage states on the link, a device can notice slight
variation in the speed on each end and can adjust its speed accordingly.
Clock source : the device to which the other device on the link adjust their speed when
using a synchronous link.
CSU/DSU: Channel service unit/ data service unit, connects the routher to the teleco
network in a point to point serial link.
T1 : A line from telco that allows transmission of data at 1.544 Mbps
E1 : Similar to T1, but used in Europe, at the rate of 2.048 Mbps and 32 64Kbps (DS0)
channels
Point to Point Leased line (PPP) is also called : leased line, leased circuit, serial link,
serial line, point-to-point link, and circuit.
23

24. Frame Relay and Packet Switching
In packet switching a physical WAN connectivity exists and a company can connect a
large number of routers to the packet switching service, using a single serial link from
each router to the packet switching service.
Two most commonly used Packet Switching services are Frame Relay and Asynchronous
Transfer Mode (ATM).
For frame relay a leased line is installed from the router to nearby Frame Relay switch
and is called access links and runs the same speed and same signalling standards as a
point to point leased line.
DTE (DCE) (DCE) DTE
R1-----------------------Frame Frame---------------------------R2
Access link Relay Relay access link
Switch Switch
Frame relay switch in the telco network examines the data frame sent by the router.
Frame relay defines its own data link header and trailer, the header holds a field called
Data Link Connection Identifier (DLCI), WAN switches forwards the frame based on the
DLCI until it reaches the destination router.
Frame Relay header and trailer are defined by a protocol called Link Access Procedure
Frame (LAPF).
Frame relay uses Frame Switching (Layer 2)as it switches (forwards) incoming frames to
devices one by one based on the DLCI.
Packet Switching (Layer 3) is a more common term.
In Layer 2 Frame Relay,
DCE – device providing service (Frame Relay Switch)
DTE – device needing frame switching service (Router at customer site)
But from a Layer 1 perspective CSU/DSU provides clocking to the Router,
CSU/DSU is still the DCE and
Router is still the DTE
24

25. The logical path a frame travels between each pair of routers is called a frame relay
virtual circuit (VC). Typically a service provided pre-configure all the required details of
a VC, and these VCs are called (permanent) PVC.
VCs share the access link, and frame relay network. Frame relay enable you to expand
the WAN with only one access link, multiple VCs and less hard wares. (Eg. One central
office router connecting to many branch office routers, CO Router will have just one
access link and many VCs to all the branch routers in the Frame relay network).
CIR – committed information rate for a VC and it is like a minimum bandwidth, clock
rate of a point-to-point circuit. CIR is offered by Service Providers as its customers will
be competing each other for capacity in the providers network.
In frame relay The main Central Office Router can have one access link and multiple
VCs connecting to more than one branch office DTEs.
Frame Relay Topology is…
easier for the SP to implement, costs the provider less, and makes better use of the core
of the service providers network.
Clocking: is the process of supplying a signal over a cable, either on a separate pin on a
serial cable or as part of the signal transitions in the transmitted signal, so that the
receiving device can keep synchronization with the sending device.
25

26. Typical Frame Relay Network with Three sites and Three Virtual Circuits
Define:
Access links, back-to-back linking, clocking, DTE (layer 1), CSU/DSU, DCE (layer 1),
DS0, DS1, Frame Relay, HDLC, leased line, packet switching, PPP, serial cable,
synchronous, T1, virtual circuit.
Access Link : In Frame Relay the physical serial link that connects Frame Relay DTE
device, usually a Router to a Frame Relay switch. The access link uses the same physical
layer standard as do point-to-point leased lines.
Back-to-Back link : a serial link between two routers, created without CSU/DSUs, by
connecting a DTE cable to one router and a DCE cable to another and connecting the two
cables together. Typically used in Labs to create serial links without the expenses of an
actual leased line from a telco.
Clocking : The process of supplying a signal over a cable, either on a separate pin on a
serial cable, or as part of the signal transmission in the transmitted signal, so that the
receiving device can keep synchronization with the sending device.
26

27. DTE Layer 1 : Data terminal equipment, From a layer 1 perspective DTE synchronizes
its clock based on the clocking send by the DCE, from a packet (frame) switching
perspective DTE is a device outside the Service Providers network, typically a router.
CSU/DSU : Channel Service Unit / Digital Service Unit. A device that understands the
Layer 1 details of the serial link installed by a telco, and how to use a serial cable to
communicate with networking equipments such as routers.
DCE Layer 1 : Data communications equipment, From a physical layer (1) perspective,
the device providing clocking on a WAN link, typically a CSU/DSU, is the DCE. From a
packet (frame) switching perspective the service providers switch (frame relay switch) to
which the router might connect is considered the DCE.
DS0 : Digital signal level 0, a 64 Kbps line or channel, of a faster line, inside a telco
whose origins are to support a single voice call using original voice PCM codec.
DS1 :Digital signal level 1, a 1.544 Mbps line from telco, with 24 DS0 channels or 64
Kbps each, plus an 8 kbps management and framing channel. Also called a T1.
Frame Relay : An international standard data link protocol, that defines the capabilities
to create a frame (packet) switched, service allowing a DTE device typically a router to
send data to many other devices using a single physical connection to the Frame relay
service.
HDLC : High Level Data Link Control. A bit oriented synchronous data link layer
protocol developed by the International Organization for Standards
Leased Line : A serial communication circuit between two end points, provided by
some service provider, typically a telephone company or a telco.
Packet (Frame) Switching : A generic reference to network service, typically WAN
services, in which the service examines the contents of the transmitted data, to make
some type of forwarding decision. This term is mainly used in contrast with the WAN
term circuit switching, in which the provider sets up a Layer 1 circuit between two
devices, and the provider makes no attempt to interpret the meaning of the bits.
PPP : Point to Point protocol, a protocol that provides connectivity between router to
router and host to network connection, over synchronous point to point and asynchronous
point to point circuits.
Serial cable : A type of cable with many different styles of connectors used to connect a
router to an external CSU/DSU on a leased line installation.
Synchronous : The imposition of time ordering on a bit stream. Particularly a device will
try to use the same speed as the device on the other end of a serial link. However by
27

28. examining transitions between voltage states on the link, the device can notice slight
variations in the speed on each end and adjust the speed accordingly.
T1 : A line from the telco that allows transmission of data at 1.544 Mbps, with the ability
to treat the lines as 24 different 64 Kbps DS0 channels (plus 8kbps overhead).
Virtual Circuit : In packet (frame) switched services like Frame Relay, VC refers to the
ability for two DTE device typically routers to send and receive data directly to each
other, which supplies the same functions as a physical leased line, but doing so without a
physical circuit. This term is meant as a contract with a leased line or leased circuit.
Please go to ……Do I know this Already –QUIZ. – Chapter 4. :- Page 71.
28

29. Chapter 5 - Fundamentals of IP Addressing and Routing
Routing: is the processing of forwarding the packet (L3 PDU)
Logical addressing: address that can be used regardless of the physical network used,
providing each device at least one address, logical address enables rotting processing
identify a packet’s source and destination.
Routing Protocol: a protocol that aids routers by dynamically learning about the group
of addresses in the network, which in turn allows the routing process to work well.
Other utilities: DNS, DHCP, ARP, Ping
Path Selection :- Routing Protocol, some time refer to Routing (forwarding) processes
IP is a connectionless protocol, does not require overhead agreements or messages before
sending a packet.
Routing (Forwarding) , Network Layer Interaction with Datalink Layer
Routing table contains network layer address groupings.
Network layer use data-link layer to send data over a physical network, packet
encapsulated as frames.
Routing process forwards only the packet, end-to-end through the network, discarding
data-link header and trailer along the way, and re-encapsulating as per the data link
protocol used.
Address Resolution Protocol (ARP) is used to dynamically learn about the data-link
address of a IP host connected to a LAN.
Process of routing forwards Layer 3 packets, L3 PDU, based on the destination layer 3
address in the packet.
Routing process uses data-link layer to encapsulates the layer 3 packet into layer 2 frames
for transmission across each successive data link.
29

30. IP Packets and IP Header
IPv4 header in a packet is 20 bytes long and key fields are
1 8 16 24 31
----------------------------------------------------------------------------------------------------|
Version | Header | DS Field | Packet Length---------------------------
Length
-----------------------------------------------------------------------------------------------------
Identification-----------------------------Flag (3)- Fragment Offset (16)-------
---------------------------------------------------------------------------------------------------
Time to Live----Protocol------------- Header checksum--------------------------
------------------------------------------------------------------------------------------------------
Source IP Address
-------------------------------------------------------------------------------------------------------
Destination IP Address
-------------------------------------------------------------------------------------------------------
Version : Version of IP Protocol – most networks use IPV4 today
Header Length : IP Header length, defines IP header length including optional fields
DS Field : Differentiated services field. It is used for marking packets for the purpose of
applying different Quality-of-service QoS levels to different packets.
Packet Length : Identified entire length of the packet including data.
Identification : Used by IP packet fragmentation process, all fragments of the original
packets contain same identifier.
Flag : 3 bit flag used by IP fragmentation process
Fragment Offset : A number used to help hosts reassemble fragmented packets into the
original large packet
TTL (1 Byte) – time to live, value used to prevent routing loops
Protocol (1 Byte) – idetnfity contents of data portion of the IP packet, Protocol 6 implies
that a TCP header is the first thing in the IP Packet data field
Header checksum for FCS
Source IP Address (4 Bytes) : 32 bits IP Address of the sender of the packet
30

31. Destination IP Address (4 Bytes) : 32 bit IP address of the intended recipient of the
packet
Network Layer (Layer 3) Addressing
Layer 3 addresses are designed to allow logical grouping of addresses.
A network or subnet is represented by a ip address which implies a group of ip addresses.
The end goal for a routing protocol is to fill the routing table with all know destination
groups and with the best route to reach each group.
Routers build their routing table entries dynamically using a routing protocol.
Routing protocol learns the locations of the groups and advertise the group so the routers
can fill their routing table.
A routing protocol learns the route and put those routes in a routing table.
Routed protocol defines the type of packet forwarded or routed through a network.
IP packets are routed in a network, so IP would be the routed protocol, If the routers used
the Routing Information Protocol to learn about the routes then RIP would be the Routing
protocol.
IP is a routed protocol, and RIP- routing information protocol is routing protocol.
IP Addressing
Any device that can send and receive IP packets is called an IP host.
32 bit IP address is represented in dotted decimal, and has 4 octets.
Each octect has a range 0 – 255 inclusive
IP address not of the PC but of the NIC.
IP Address Groups – IP Networks :
(two statements about how ip expects ip addresses to be grouped into networks or
subnets)
• All IP addresses in the same group must not be separated by a router.
• IP address separated by a router must be in different groups
IP routing relies IP addresses in the same group (network, subnet) to be in the same
general location.
31

32. Classes of IP networks
IP defines three different network classes of addresses used by individual host –
addresses called unicast addresses , Class A, B and C, TCP/IP uses Class D for multicast
and class E for experimental addresses.
Size of Network and Host part of the IP addresses with no subnetting
Network class Network bytes Host bytes Number of addresses
A 1 (8 bits) 3 (24 bits) 2 (raised 24) - 2
B 2 (16 bits) 2 (16 bits) 2 (raised 16) – 2
C 3 (24 bits) 1 (8 bits) 2 (raised 8) – 2
Network number (group address) has all binary zeros in the host part of the number.
A network number with all binary 1s in the host part is called network broadcast or
direct broadcast address, any packet send to this address will be forwarded to all
devices in that network.
Internet corporation for assigned network number (ICANN) is in charge of universal ip
address assignment formally was done by IANA, the internet assigned numbers authority.
All possible valid network numbers
class First octet range Valid network total number for this Total number of
numbers class of networks hosts per network
A 1 -126 1.0.0.0 to 2 (raised 7) – 2 (126) 2 (raised 24 ) -2
126.0.0.0 16, 777, 214
B 128 - 191 128.0.0.0 to 2 (raised 14) 16,384 2 (raised 16) – 2
191.255.0.0 65, 534
C 192 – 223 192.0.0.0 to 2 (raised 21) 2 (raised 8) – 2
223.255.255.0 2, 097, 152 254
List of all possible valid network numbers….reference table for the number of network,
size of the network part, size of the host part, for Class A,B and C ip networks.
Class A Class B Class C
First Octect range 1 to 126 128 - 191 192 – 223
Valid Network Numbers 1.0.0.0 to 128.0.0.0 192.0.0.0 to
126.0.0.0 191.255.0.0 223.255.255.0
Number of networks in this Class 2^7–2 2 ^ 14 = 2 ^ 21=
= 128 16,384 2,097,152
Number of hosts per network 2 ^ 24 – 2 = 2 ^ 16 – 2 = 2^8–2=
16,777,214 65,534 254
Size of network part of the address 1 2 3
(bytes)
32

33. Size of hosts part of the address 3 2 1
(bytes)
^ raised to
(why it is 7,14, and 21 network bits on CLASS A,B and C networks : explained)
CLASS A (7 Network Bits)
0 N N N N N N N H H H H H H H H H H H H H H H H H H H H H H H H
1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8
CLASS B (6 + 8 = 14 Network Bits)
1 0 N N N N N N H H H H H H H H H H H H H H H H H H H H H H H H
1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8
CLASS C (5 + 16 = 21 Network Bits)
1 1 0 N N N N N H H H H H H H H H H H H H H H H H H H H H H H H
1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8
Class A , B and C network, network and host parts and default mask
Class of Size of network part of Size of host part of Default mask for
Address address in bits address in bits each class of
network
A 8 24 255.0.0.0.
B 16 16 255.255.0.0
C 24 8 255.255.255.0
Subnets
Subnetting: the process of sub dividing the class A, B or C network into smaller groups is
called subnetting.
When subnetting a third part of an IP address appears between the network and host parts
of the ip address – namely the subnet part of the ip address. This part is created by
stealing or borrowing bits from the host part of the ip address. The size of the network
part of the address never shrinks.
33

34. Adders format when Subnetting is used. (Classful)
----8--- ----------(24 – X) ----------- -----X---------
----------------------------------------------------------------------------------
Network Subnet Host CLASS A
----------------------------------------------------------------------------------
---------16------------ ----(16 – X) ----- ----X----
----------------------------------------------------------------------------------
Network Subnet Host CLASS B
----------------------------------------------------------------------------------
-----------------24----------------- --(8 – X) - --X--
----------------------------------------------------------------------------------
Network Subnet Host CLASS C
----------------------------------------------------------------------------------
Classful addressing : refers to ip address with three parts, network part (confirming to
the Class A, B and C) rules, subnet part and a host part.
Classless Addressing : Instead of three parts as in classful addressing, a classless address
has two parts , the part on which routing is based, and the host part. The part on which
routing is based is the combination of network and subnet parts from the classful
addressing view, the first part is often called subnet part or sometimes the prefix.
32 – x x
-------------------------------------------------------------------------
Subnet , Prefix Host
-------------------------------------------------------------------------
IP Routing
Host Routing : Hosts uses the following two step logic when choosing where to send a
packet;
(two step process of how hosts route packets)
If the destination ip address is in the same subnet as the host, it send the packet directly to
the destination host.
If the destination ip address is not in the same subnet as the host, sends the packet to the
default gateway (a routers Ethernet interface on the subnet).
34

35. A Routers uses the following logic when receiving a data link frame – a Frame that has
an IP packet encapsulated in it.
(four step process of how hosts route packets)
Step 1 : Use the data link FCS field to ensure that the frame had no errors, if errors
occurred discard the frame
Step 2 : Assuming the frame was not discarded in step 1, discard the old data link header
and trailer leaving the IP Packet
Step 3 : Compare the IP packets destination IP address to the routing table and determine
the route that matches the destination address. This route identifies the outgoing interface
of the router and possibility the next hop router.
Step 4 : Encapsulate the IP packet in new data link header and trailer appropriate for the
outgoing interface and forward the frame.
With these steps each router forwards the packet until it reaches its destination.
35

36. PC1 PC11
150.150.1.10 150.150.1.11
Default Router
A
150.150.1.4
Subnet: 150.150.1.0
R1 Routing Table
Subnet Out Interface Next HOP IP Addr
150.150.1.4 150.150.4.0 S0 150.150.2.7
Subnet: 150.150.2.0
R1 S0
B
R2 Routing Table
150.150.2.7 Subnet Out Interface Next HOP IP Addr
150.150.4.0 S1 150.150.3.1
S1
Subnet: 150.150.3.0
R2
R3 Routing Table
C 150.150.3.1 Subnet Out Interface Next HOP IP Addr
150.150.4.0 E0 N/A
R3
E0
Subnet: 150.150.4.0
D
PC2
150.150.4.10
Step A : PC1 sends a packet to its default gateway. PC1 builds an IP Packet with PC2’s
ip address (150.150.4.10). PC1 needs to send the packet to R1 (PC1’s default gateway)
because the destination address is on a different subnet. PC1 send the ip packet as
Ethernet frame to R1’s MAC address over the Ethernet.
Step B : R1 processes the incoming frame and forwards to R2. R1 copies the frame of
the Ethernet, checks the frame’s FCS and no errors have occurred. Discards the Ethernet
header and trailer, R1 compares the destination address and finds a matching route (S0)
from the routing table. R1 forwards the packet to outgoing interface S0 to next hop router
R2, after encapsulating the packet in an HDLC frame.
Step C : R2 processes the incoming frame and forwards the packet to R3.
R2 does the same steps as that of R1, checks the FCS of the HDLC frame, finds no
errors, discards the HDLC header and trailer, finds a match from the routing table and
determines the outgoing route as S1 and sends it to next hop address 150.150.3.1 (R3)
after encapsulating the packet in a frame relay header.
Step D : R3 process the frame and forward the packet to PC2
Like R1 and R2, R3 checks the FCS and finds no errors, discards the old data link header
and trailer, R3’s routing table entry shows that the destination ip address is in the same
36

37. subnet as R3, and outgoing interface is R3’s Ethernet interface. R3 encapsulates the
packet in Ethernet frame and forwards the frame to PC2’s to MAC address over Ethernet.
IP Routing Protocol
IP Routing protocols fills the routing table with valid, loop-free routes.
Goals of Routing Protocol…
• To dynamically learn and fill the routing table with routes to all the subnets in the
network
• If more than one route to a subnet is available, place the best route in the routing table
• To notice when the routes in the routing table are no longer valid and remove them
from the routing table
• If a route is removed from the routing table, and another route through another
neighbouring router is available, add the route to the routing table
• To add new routes, and replace lost routes, with best currently available route as soon
as possible. The time between loosing a route and finding a working replacement
route is called convergence time
• To prevent routing loops
Routing protocols follow three general steps in advertising routes in a network…
Step 1 : Each router adds a route to its routing table for subnets directly connected to the
router
Step 2 : Each router tells its neighbours about all the routes in its routing table, including
directly connected routes and routes learned from other routers
Step 3 : After learning a new route from a neighbour, the router adds a route to its
routing table, with the next hop router typically being the neighbour from which the route
was learned
How each router learns its route to 150.150.4.0 (PC2’s subnet) From the above figure…..
Step A. R3 learns a route that refers to its own E0 interface because subnet 150.150.4.0 is
directly connected
Step B. R3 sends a routing protocol message called a routing update to R2, causing R2
to learn about the subnet 150.150.4.0
Step C. R2 sends similar routing protocol message called a routing update to R1,
causing R1 to learn about the subnet 150.150.4.0
37

38. Step D. R1’s route to 150.150.4.0 lists R2’s IP address as the next hop address, because
R1 learned about the route from R2. The route also lists R1’s outgoing interface as S0
because R1 learned about the route from the update came through the interface S0.
Network Layer Utilities
ARP – Address Resolution Protocol – used to learn MAC address of other computers in
the same LAN subnet.
DNS – Domain Name System – used to learn IP address
DNS Name resolution : A pc learns IP address of the DNS server, either pre-configured
or via DHCP, and sends a DNS request to resolve the name of the computer to
communicate to its IP Address, and DNS server returns the IP address.
The ARP Process : Sending pc issues an ARP broadcast, an ARP broadcast is sent to an
Ethernet broadcast address, so everyone on the LAN receives it, the host in the same
LAN subnet with the IP address as in the ARP broadcast, will respond with its MAC
address.
If both sending and destination hosts are in the subnet then ARP will be used to learn the
MAC address of the destination host, other wise will be used to learn the MAC address of
the default router where the IP packet will be forwarded by the host.
Any device that uses IP should retain, or cache, the information learned with ARP,
placing the information in its ARP cache. Each time a host wants to send a packet
encapsulated in Ethernet frame it checks its ARP cache, and uses the MAC address found
there. If the correct information is not listed in the ARP cache, then the host uses ARP to
discover the MAC address used by the particular IP address. Also a host learns ARP
information when it receives an ARP as well.
Address Assignment and DHCP
DHCP defines the protocol used to allow computers to request a lease of an IP address.
DHCP uses a server, with the server keeping a list of pools of IP addresses available on
each subnet. DHCP clients can send DHCP server a message asking to borrow or lease an
IP address. The server then suggests an IP address, if accepted the server notes that the
address is no longer available for assignment to any other hosts.
DHCP supplies IP addresses to client, and it also supplies other information. For example
hosts need to know their IP address, plus subnet mask to use, plus default gateway to use,
as well as IP address of any DNS servers. In most networks today DHCP supplies all
these facts to a typical end user host.
Typically a PC used as DHCP server in an enterprise network. Routers can also provider
DHCP server functions, dynamically assigning IP addresses to host in a small or home
38

39. office environment, use DHCP client functions (router can act as DHCP clients as well)
to dynamically lease IP address from an ISP.
4 typical DHCP messages to acquire an IP address
1. DHCP discover message (LAN Broadcast) (from DHCP Client)
2. DHCP offer message directed to client (From DHCP Server to broadcasting
Client)
3. DHCP request message directed to server
4. DHCP acknowledgment with information (IP Address, Mask, Default Gateway
etc) directed to client
ICMP Echo and Ping command
Ping – (Packet Internet Groper) a tool for network connectivity testing, uses Internet
Control Message Protocol (ICMP), sending a message called ICMP echo request to
another ip address, the computer with that ip address replies with an ICMP echo reply.
ICMP just tests the IP connectivity, layer 1,2 and 3 of the OSI network model.
ARP : Address resolution protocol – an internet protocol used to map an ip address to a
MAC address, defined in RFC 826.
Default Gateway/Default Router: On an IP host, the IP address of some router to which
the host sends packets when the packets destination ip address is on a subnet other than
the host’s local subnet.
DHCP : Dynamic Host Configuration Protocol. A protocol used by hosts to dynamically
discover and lease an ip address, and learn the correct subnet mask, default gateway,
DNS server ip address.
DNS : Domain Name System. An application layer protocol used throughout the internet
for translating host names into their associated IP addresses.
Host part : a term used to describe part of an IPV4 address that is used to uniquely
identify a host inside a subnet. Host part is identified by bits of value 0 in the subnet
mask.
IP Address : In IP Version 4 (IPv4), a 32 bit address assigned to host using TCP/IP.
Each address consists of a network number, optional subnetwork number, and host
number. Network number and subnetwork number together are used for routing, and the
host number is used to address an individual host within a network or subnetwork.
39

40. Logical Address : A generic reference to addresses as defined by layer 3 protocols,
which do not have to be concerned with the physical details of the underlying physical
media. Used mainly in contrast with the data link addresses which are physical addresses
based on the physical medium used.
Network broadcast address : In IPv4 an a special address in each classful network that
can be used to broadcast a packet to all hosts in the same classful network. Numerically
the address has the same value as the network number in the network part and a value of
255 in all the host part.
Network Number / Network Address : A number that uses the same decimal notation
as that of the IP address, but the number itself represents all the hosts in a single class
A,B or C ip network.
Network Part : The portion of an IPv4 address, 1,2 or 3 octect/bytes long based on
whether the address is in a Class A,B or C network.
Routing Table : A list of routes in a router, with each route listing the destination subnet
and mask, router interface out which to forward the packets destined to that subnet, and
as needed, the next hop routers IP address.
Subnet broadcast address : A special address in each subnet, specifically the largest
numeric address in the subnet, designed so that the packets send to this address should be
delivered to all hosts in that subnet.
Subnet number / Subnet Address : In IPv4 a dotted decimal number that represents all
addresses in a single subnet. Numerically the smallest value in the range of number in a
subnet, reserved so that it cannot be used as a unicast address by a host.
Subnet Part : In a subnetted IPv4 address, interpreted with classful addressing rules, one
of the three parts of the structure of an IP address, with the subnet part uniquely
identifying different subnets of a classful IP network.
Please go to ……Do I know this Already –QUIZ. – Chapter 5. :- Page 94.
40

41. Chapter 6 - Fundamentals of TCP/IP Transport,
Applications and Security
Major functions of Layer 4 – Transport layer protocol are error recovery and flow
control. Most data link protocols notice errors a process called error detection, but then
discard frames that have errors. TCP provides for re-transmission (error recovery) and
helps to avoid congestion (flow control).
TCP/IP Transport Layer Features, only the first item is supported by UDP
Function Description
Multiplexing using ports Functions that allows the receiving hosts to choose the
correct application for which the data is destined, based on
the port number.
Error recovery (reliability) Process of numbering and acknowledging data with
sequence and acknowledgement header fields.
Flow control using Process that uses window sizes to protect buffer space and
windowing routing devices.
Connection establishment Process used to initialize port number, sequence and
and termination acknowledgement header fields
Ordered data transfer and Continuous stream of bytes from an upper layer process that
data segmentation is ‘segmented’ for transmission and delivered to upper layer
process at the receiving device, with the bytes in the same
order.
TCP provides error recovery but to do so it consumes more bandwidth and use more
processing cycles. UDP does not perform error recovery but it takes less bandwidth and
uses fewer processing cycles.
41

42. TCP Header Fields
0 16 31
-----------------------------------------------------------------------------------------------------
Source Port (16) Destination Port (16)
Sequence Number (32)
Acknowledgment Number (32)
Header Reserved(6) Code Bits(6) Window (16)
Length(4)
Checksum (16) Urgent (16)
Options (0 – 32 if any)
Data (varies)
-----------------------------------------------------------------------------------------------------
Multiplexing using TCP port Numbers
TCP and UDP multiplexing enables the receiving computer to know which application to
give the data to.
When two computers communicate between different applications, TCP and UDP
segments use different destination port numbers so that the receiving computer knows
which application to give the data to.
Multiplexing relies on a concept called sockets. A socket consists of three things:
• An IP Address
• A transport protocol
• A port number
For a webserver application the socket would be (10.1.1.2, TCP, Port 80) because, by
default web servers use the well know port 80. When a client web browser connects to a
web server it also uses a socket possibly like (10.1.1.1., TCP, Port 1030), client hosts
typically allocate a unique ‘dynamic port numbers’ starting at 1024 because port
number below 1024 are reserved for well known applications such as web server.
42

43. Multiplexing based on socket ensures that data is delivered to the correct application.
Applications that provide services such as FTP, Telnet and web servers. Open a socket
using well-known port and listen for connection requests.
Ad Wire Web Ad Wire Web
Application Application Browser Application Application Browser
Port 1025 Port 1028 Port 1030 Port 800 Port 20,100 Port 80
UDP TCP UDP TCP
IP Address 10.1.1.1 IP Address 10.1.1.2
| | |
| | |
| | 10.1.1.1, TCP,1030 -------------- 10.1.1.2, TCP,80
| |
| 10.1.1.1,TCP,1028 ------------------------------- 10.1.1.2,TCP,20,100
|
10.1.1.1,UDP,1025 ----------------------------- 10.1.1.2,UDP,800
Connection between Sockets
43

44. Popular applications and their well know ports
Port Number Protocol Application
20 TCP FTP data
21 TCP FTP control
22 TCP SSH
23 TCP Telnet
25 TCP SMTP
53 UDP,TCP DNS
67,68 UDP DHCP
69 UDP TFPT
80 TCP HTTP(WWW)
110 TCP POP3
161 UDP SNMP
443 TCP SSL
16,384 - 32,767 UDP RTP based Voice (VoIP) and Video
Error Recovery (Reliability)
To accomplish reliability, TCP numbers data bytes using sequence and acknowledge
fields in the TCP header. TCP achieves reliability in both directions, using sequence
number field of one direction combined with the acknowledgement field in the opposite
direction.
TCP Acknowledgement without errors
Web Server Web Client
1000 Bytes of data Sequence = 1000
1000 Bytes of data Sequence = 2000
1000 Bytes of data Sequence = 3000
No data Acknowledgement = 4000
The acknowledgement field in the TCP header sent by the web client (4000) implies the
next byte to be received, this is called forward acknowledgment. The sequence number
reflects the number of first byte in the segment. In this case each TCP segment is 1000
bytes long.
44

45. TCP Acknowledgement with errors
Web Server Web Client
1000 Bytes of data Sequence = 1000
1000 Bytes of data Sequence = 2000 (***LOST***)
1000 Bytes of data Sequence = 3000
No data Acknowledgement = 2000
1000 Bytes of data Sequence = 2000
No data Acknowledgement = 4000
The second TCP segment was lost or is in error, web client’s reply has an
acknowledgement field = 2000, implying that the web client is expecting byte 2000 next,
TCP functions at the web server re-sends the second segment and waits for an
ACK=4000.
Flow Control using Windowing
TCP implements flow control by taking advantage of Sequence and Acknowledgment
fields in the TCP header, along with another field called the Window field. Window field
implies the maximum number unacknowledged bytes that are allowed at any point in
time. The window starts small and grows until error occurs, additionally actual Sequence
and Acknowledgments numbers also grows, so it is called dynamic window, or sliding
window. When the window is full, the sender does not send, and thereby controls the
flow of data.
Receiver grants window to the sender, sender send until the window is full, waits for the
acknowledgement, if no errors occurred, the receiver grants larger window.
45

46. TCP Windowing
3000
dow
, Win
1000
ACK
1000 Bytes
of data Seq
uence = 10
00
Web Server 1000 Byte
s of data Se Web Client
quence =
2000
1000 By tes
of data Se
quence = 3
000
4000
dow
, Win
4000
ACK
1000 Bytes
of data Seq
uence = 4000
1000 Bytes
of data Seq
uence = 5000
1000 Byte
s of data Seq
uence = 60
00
1000 Bytes
of data Seq
uence = 7000
Windowing does not require that sender stops sending in all cases. If an
acknowledgement is received before the window is exhausted, a new window begins and
sender continues sending data until the current window is exhausted. The term Positive
Acknowledgement and Re-transmission [PAR] is sometimes used to describe error
recovery and windowing process that TCP uses.
46

47. Connection establishment and termination
TCP connection establishment refers to the process of initialling sequence and
acknowledgement fields and agreeing on the port numbers used.
TCP header has no single socket field, of the three parts of the socket, IP address is
implied by the source and destination ip address in the ip header, TCP is implied by the
protocol type field in the ip header and also because TCP header is in use. Only part of
the socket that needs to be encoded in the TCP header are the port numbers.
TCP connection establishment – Three way connection establishment flow must be
complete before data transfer can begin.
SEQ = 200
SYN, DPORT = 80, SPORT = 1027
SEQ = 1450, ACK=201
SYN, ACK,, DPORT=1027, SPORT = 80
SEQ=201, ACK=1451
Web Client ACK, DPORT=80, SPORT=1027 Web Server
TCP signals connection establishment using two bits inside the flag field of the TCP
header, called SYN and ACK flags.
SYN : Synchronize the Sequence numbers
ACK : Acknowledgment field is valid in this header
Acknowledgement field cannot be useful until the sequence field is initialized and
continues to be set until the connection is terminated.
TCP Connection Termination : Four way termination flow uses an additional field
called FIN bit (Finished), before sending the third TCP segment, PC on right notifies the
application connection is coming down, it then waits for an acknowledge from the
application before sending the third segment in the flow, in case the application takes
some time to respond the second flow in the figure is send, acknowledging the PC on the
left that it can take the connection down, otherwise the it will send the first segment
repeatedly.
47

48. ACK, FIN SEQ = 1000
ACK ACK = 1001
PC ACK, FIN ACK = 1001, SEQ = 1470 PC
ACK ACK = 1471
TCP establishes and terminates connection between end-points whereas UDP does not.
Connection Oriented Protocol: A protocol that require exchange of messages before
data transfer begins or that has a required pre-established correlation between two end-
points.
Connectionless Protocol : A protocol that does not require exchange of messages before
data transfer beings and that does not require a pre-established correlation between two
end-points.
Data Segmentation and Ordered Data Transfer
MTU – Maximum Transmission Unit – maximum data (Layer 3 (IP) Packet) that can be
sent inside a data link frame, mostly including Ethernet it is 1500 bytes.
TCP segments large amounts of application data into segments, typically into 1460 byte
chunks (TCP and IP header are each 20 bytes).
TCP receiver does the ordered data transfer by reassembling the data into the original
order.
UDP – User Datagram Protocol
UDP support data transfer and multiplexing using ports numbers, and has fewer bytes of
overhead and less processing is required compared to TCP.
UDP is used by application such as VoIP , DNS, NFS etc, applications where loss of data
is tolerant (VoIP) or they have some application mechanism to recover the lost data
(DNS).
48

49. TCP and UDP headers
Source Dest- Seq Ack Off Rese Flags Win Check Urg Opt PAD
Port Port Num Num set rved dow Sum ent ions
ber ber Size
2 2 4 4 4bits 6bits 2 2 2 3 1
TCP Header
Source Dest- Length Checksum
Port Port
2 2 2 2
UDP Header
Notice no Sequence and Acknowledge fields in the UDP header. UDP does not require
waiting on acknowledgments or holding the data in memory until it is acknowledged, this
means UDP applications are not artificially slowed by the acknowledgment process, and
memory is freed more quickly.
TCP Applications
VoIP : An application protocol passes voice traffic over data networks inside IP Packets.
A generic Voice Adaptor (VA) converts analog voice signals from the normal telephone
to an IP Packets and sends it over the internet from a home dsl line.
VoIP Packet
IP UDP RTP Digital Voice Bits
A single VoIP call that passes over a WAN typically takes less than 30 kbps of
bandwidth, but it has several other QoS demands on the network before the VoIP traffic
will sound good…
Low Delay : VoIP requires a very low delay between sending phone and the receiving
phone – typically less than 200 milliseconds (.2 seconds). This is much lower delay than
what is required by a typical data application.
Lower Jitter : Jitter is the variation in delay. VoIP requires very low jitter as well, where
as data applications can tolerate much higher jitter. For example the jitter for consecutive
VoIP packets should not exceed 30 milliseconds (.03 seconds), or the quality degrades.
49

50. Loss : If a VoIP packet is lost during transmission, no attempt is made to recover the
packet, as it will be useless by the time it is recovered because of the Delay and Jitter
issues. Lost packets can sound like a break in the sound of the VoIP call.
Video over IP requires a lot more bandwidth in the range of 300-400 kbps to 3-10 Mbps
per video.
Type of Applcation Bandwidth Delay Jitter Loss
VoIP Low Low Low Low
Two-way Video over IP Medium/High Low Low Low
(such as videoconfernceing)
One-way Video over IP Medium Medium Medium Low
(security camera)
Interactive Mission Critical data Medium Medium High High
(web based payroll)
Interactive Business Data Low/medium Medium High High
(online chat with a co-worker)
File Transfer High High High High
(Backing up disk drive)
Non Business Medium High High High
(Browsing)
To support QoS requirements of various applications, routers and switches can be
configured with a wide variety of QoS tools.
50

51. The World Wide Web, HTTP and SSL.
DNS resolution and requesting a web page
IP Header UDP Header DNS request
1. Type URL http://www.cisco.com/go/prepcentre
Source 64.100.1.1 Source port 1030 What is ip address
Dest. 192.31.7.1 Dest. Port 53 of www.cisco.com
2. dns name resolution request
DNS Server
IP Header UDP Header
192.31.7.1 IP Address is
Source 192 .31.7.1 Source port 53
198.133.219.25
Dest. 64.100 .1.1 Dest. Port 1030
3. dns name resolution reply
Client PC
64.100.1.1
tup
n Se
ectio
onn
CP C
4. T
IP Header TCP Header
Source 64.100.1.1 Source port 1035
Dest. 198.133.219.25 Dest. Port 80 SYN
Www.cisco.com
Web Server
198.133.219 .25
Multiple HTTP get requests/responses
HTTP GET (/go/ccna)
User typed
Http://www.cisco.com/go/ccna
HTTP OK data: /go/ccna
HTTP GET /graphics/logo1.gif
HTTP OK data: log1.gif
Www.cisco.com Web browser
HTTP GET /graphics/ad1.gif Client
HTTP OK data: ad1.gif
51

52. Network Security
Firewalls : Firewalls are mainly the best known security appliances, sitting between
enterprise network and the dark cold internet. The firewall mainly looks at the transport
layer port numbers and the application layer headers to prevent certain port and
applications from getting packets into the enterprise.
Kind of security attacks…
Denial of service attacks : An attack whose purpose is to break things DoS attacks
called Destroyers try to harm the hosts, erasing data and software. DoS attacks called
Crashers cause harm by causing hosts to fail or causing the machine to no longer be able
to connect to the network. Also DoS attacks called Flooders , flood the network with
packets making the network unusable, preventing any useful communication with the
server.
Reconnaissance attacks : This kind of attack may be disruptive as a side effect, but its
goal is gathering information to perform an access attack. An example is learning IP
address and then try to discover servers, that does not appear to require encryption to
connect to the server.
Access Attacks : An attempt to steal data, typically for financial advantage, for a
competitive advantage with another company, or even for international espionage.
Computer Viruses are just one tool that can be used to carry out any of these attacks.
Virus Signature : Characteristics of viruses
Common Security Issues in an Enterprise
Access from the Wireless LAN : Wireless radio signals might leave the building, so an
unsecured wireless LAN allows the user across the street in a coffee shop to access the
enterprise network and rest of the devices in the enterprise network.
Infected Mobile Laptops : An employee connected an infected (from home) laptop to
the enterprise network, causing the virus to spread to other vulnerable PCs.
Disgruntled Employees : An employee (who is planning to move to a new company)
stealing the information from the network into portable devices.
Cisco uses the term Security in Depth to refer to a security design that includes security
tools throughout the network, including features in routers and switches. Cisco also uses
the term “Self Defending Network” to refer to automation in which network devices
automatically react to network problems.
52

53. Network Admission Control (NAC) is a security tool, it prevents a computer from
connecting to LAN until its virus definitions are updated, and with a requirement for a
recent full virus scan, it also requires username and password before being able to send
data in the LAN.
Tools used for an attack other than Viruses.
Scanners : sends connection requests to different TCP and UPD ports for different
applications
Spyware : a virus that looks for private and sensitive information
Worm : A self propagating program that can replicate itself often casing DoS attacks on
server and enterprise networks
Keystroke Logger : a virus that logs all keystrokes, or possibly just keystrokes from
when secured sites are accessed.
Phishing : attackers sets up illegitimate website that looks like a bank or credit card
company website, sends out emails with URL can tries to get sensitive information from
the users.
Malware : refers to broad class of malicious viruses, including spyware.
Tools for In depth Security
Firewalls and Cisco Adaptive Security Appliance (ASA)
Firewall determines the allowed traffic versus the disallowed traffic based on their
destination and source IP address, TCP and UDP port numbers, and application layer
headers.
Demilitarized Zone (DMZ) LAN is a place to put devices that needs to be accessible
from internet in an enterprise network.
Two allowed and one disallowed traffic in a network with a firewall….
1. A web client in side the network sending packets to a web server out side (internet)
2. Allow web client outside (internet) send packets to web server in the DMZ
3. Disallow web client outside sending packets to web server in side the secured
network
Cisco Firewall were generally called PIX firewalls, but the newer models are called ASA.
53