Professional Documents
Culture Documents
FUNDAMENTALS:
An Overview
N1 N2
N3 N4
Nn
N5 N6
N7 N8
INTERNETWORKING FUNDAMENTALS
An Overview
ii
To my wife, my eternal soul mate!
iii
It is with great pleasure and appreciation that I dedicate this book to the great loves of
my life, my daughters Paola and Gabriela. They are the engine of my life. In addition, I
would also like to thank my parents, sisters, and entire family for their constant support
and encouragement.
iv
Authors Acknowledgment
I would like to acknowledge the following authors and their books, which I used to
complete this Internetworking Fundamentals Overview. Without these sources, this
project would not have been possible. This overview is an attempt to present all this
material compiled and written by such authors in a very compact and general way to my
students. The hope is that they can use this book as the initial source and continue to
research answers to more difficult questions with the resources listed here.
v
Chapter 1: INTRODUCTION TO COMMUNICATIONS SYSTEMS ............................. 1
1.1 Introduction.............................................................................................................. 2
1.1.1 Communication Devices .................................................................................... 2
1.1.2 Key Functions for Designing a Network............................................................ 3
1.1.3 Evolution of Communication Networks ............................................................ 5
1.1.4 Conclusion........................................................................................................ 11
Chapter 2: LAYER NETWORK ARCHITECTURES..................................................... 12
2.1 Introduction ......................................................................................................... 13
2.1.1 Network Services and Architecture.................................................................. 13
2.1.2 Protocols........................................................................................................... 14
2.1.3 How Information is transmitted in a Network?................................................ 17
2.1.4 Classes of Communication Services ................................................................ 18
2.1.5 Switching.......................................................................................................... 18
2.1.6 Conclusion........................................................................................................ 21
Chapter 3: OSI REFERENCE MODEL ........................................................................... 22
3.1 Introduction ......................................................................................................... 23
3.1.1 Multiplexing ..................................................................................................... 23
3.1.2 The OSI Model................................................................................................. 25
3.1.3 Conclusion........................................................................................................ 32
Chapter 4: INTRODUCTION TO INTERNETWORKING ........................................... 33
4.1 Introduction ......................................................................................................... 34
4.1.1 LAN Systems ................................................................................................... 34
4.1.2 Backend Networks ........................................................................................... 34
4.1.3 Storage Area Networks .................................................................................... 35
4.1.4 Backbone LANs ............................................................................................... 37
4.1.5 Topologies........................................................................................................ 38
4.1.6 Medium Access Control................................................................................... 42
4.1.7 MAC Frame Format ......................................................................................... 43
4.1.8 MAC Protocols: The ALOHA Network ......................................................... 44
4.1.9 Token Ring....................................................................................................... 45
4.1.10 Conclusion .................................................................................................... 46
Chapter 5: INTRODUCTION TO BOOLEAN BASICS & BRIDGING ........................ 47
5.1 Introduction............................................................................................................. 48
vi
5.1.1 Bridges ............................................................................................................. 48
5.1.2 Function of a Basic Bridge............................................................................... 49
5.1.3 Binary Numbering versus Decimal Numbering............................................... 55
5.1.4 Hexadecimal Numbering versus Decimal Numbering..................................... 58
5.1.5 Conclusion........................................................................................................ 59
Chapter 6: IP INTERNETWORKING ............................................................................. 60
6.1 Introduction ......................................................................................................... 61
6.1.1 Internet Protocol............................................................................................... 61
6.1.2 Classes of IP networks ..................................................................................... 64
6.1.3 What is a MASK? ............................................................................................ 69
6.1.4 Subnetting......................................................................................................... 71
6.1.5 Address Resolution Problem............................................................................ 76
6.1.6 Conclusion........................................................................................................ 77
Chapter 7: IP ROUTING PRIMER .................................................................................. 78
7.1 Introduction ......................................................................................................... 79
7.1.1 What is routing? ............................................................................................... 79
7.1.2 Forwarding Decisions ...................................................................................... 84
7.1.2 Routing Protocols............................................................................................. 88
7.1.3 Classful and Classless Routing Protocols ........................................................ 94
7.1.4 Routing Information Protocol (RIP) ................................................................ 95
7.1.5 Conclusion........................................................................................................ 95
ROUTING LAB SCENARIO ....................................................................................... 97
Chapter 8: OVERVIEW OF ROUTING PROTOCOLS ................................................ 110
8.1 Introduction ....................................................................................................... 111
8.1.1 Routing Information Protocol v1 (RIP) ......................................................... 111
8.1.2 Interior Gateway Routing Protocol (IGRP) ................................................... 116
8.1.3 Enhanced Interior Gateway Routing Protocol (EIGRP) ................................ 124
8.1.4. Open Shortest Path Forwarding (OSPF) ........................................................ 127
8.1.4 Border Gateway Protocol (BGP).................................................................... 130
8.1.5 Hot Standby Routing Protocol (HSRP).......................................................... 136
8.1.7 Conclusion...................................................................................................... 138
Chapter 9: TRANSMISSION CONTROL PROTOCOL ............................................... 139
9.1 Introduction.......................................................................................................... 140
vii
9.1.1 Transmission Control Protocol (TCP)............................................................ 140
9.1.2 How does Three-way Handshaking work in detail?................................... 143
9.1.3 Sliding Windows ............................................................................................ 148
9.1.4 Conclusion...................................................................................................... 155
Chapter 10: INTRODUCTION TO IP MULTICAST................................................... 156
10.1 Introduction ....................................................................................................... 157
10.1.1 Multicast Addresses .................................................................................... 158
10.1.2 Multicast Distribution Trees ....................................................................... 160
10.1.3 Multicast Routing Protocols ....................................................................... 163
10.1.4 Conclusion .................................................................................................. 165
Glossary .......................................................................................................................... 166
About the Author ............................................................................................................ 182
viii
Chapter 1: INTRODUCTION TO COMMUNICATIONS SYSTEMS
1.1 Introduction
Communication systems are composed of hardware and software that allow users to
exchange information. These communication systems were developed throughout the
years to allow users to exchange information in the form of data, such as text and
graphics as well as video and voice streams including teleconferencing meetings and
Video on Demand, among others. The telephone system served as a model for these
communication systems providing the base ground for the development of data networks.
The telephone network has been in place for a while and has been able to provide
services to multiple areas in the world. It is a network that provides a service to users,
which guarantees immediate connectivity between two parties. There is a perception by
any user that the network, in this case, the telephone system, will always have a line
ready for use at all times. Data networks are modeled using the telephone network
functionality to provide information transfer without losing any portion of the data
exchanged between users.
Fig 1.1
Transmitter R2 R4
Receiver
Destination
Source
010101010 Transmission 010101010 01010
01010
1010 Switch R1 System R6 Switch
1010
Digital R3 R5
Information
Analog Analog
Signal Signal
There are a few network devices that, when joined together, will create a
communication system. These devices are necessary for the exchange of information and
each has a particular functionality. These are described below in detail to understand
their importance:
2
such as email is digitized. In other words, the data is converted into a long stream of
1s and 0s and the modem will take those digital streams and convert them to analog
signals according to the network they connect to. A modem is short for modulator-
demodulator. This conversion is necessary, as information sometimes has to traverse
networks, such as the telephone system, where signaling is mostly analog and cannot
accept digitized information. Signals are also very specific to the physical medium.
Fiber optic cables use light (photons) to carry the information across to its destination
while cables use electrical signals to do the same. The same can be said about a
computer using a Network Interface Card (NIC) to connect to an Ethernet network.
The NIC card is the transmitter which converts and encodes the digital information
into the proper signaling to be put on the medium.
3. Transmission system or Network Cloud: The transmission system or network
cloud is the most important portion of the communication system. The transmission
system connects ALL networks to form a mesh to allow vast amounts of data to be
exchanged between two points. It can actually be a point-to-point connection
between end users, or can be a complex network with intermediate nodes that act as
relays for that information exchange. The transmission system is usually referred to
as the cloud where all networks meet.
4. Receiver: The receiver is the opposite of the transmitter. It accepts the encoded
signals traversing the transmission system and decodes it back to a form acceptable
by the destination device. The modem and the NIC card perform both functions,
digital to analog conversion and vice versa.
5. Destination: The destination acts on the incoming data that has been decoded by the
receiver, in this case, the actual email that was sent by the email application. Every
communication system has to be able to deliver information as efficiently and
optimally possible.
It would be impossible to connect every system in the world with a point-to-point link to
form a fully mesh transmission system. Hence, sharing network links becomes a
necessity. Congestion control mechanisms are used to prevent data loss across the
network. The control mechanism throttles the data rate by decreasing the buffer space
or congestion window size after a segment is lost. When the window size is reduced, the
systems will inject fewer segments into the communication flow. On a steady state
connection, a congestion window size is equal to the receivers advertised window size.
These mechanisms allow multiple communication data flows to traverse shared links,
which are used when interconnecting multiple systems and other networks.
3
Flow control is used to prevent data from being dropped. Flow control is a mechanism
that each device uses to control how much data can be send or receive without
overflowing the devices buffers. Overflowing of these buffers will cause data to be
corrupted and dropped. At the same time, there most be some type of error detection
and correction mechanisms introduced along the path from source to destination.
Errors have to be detected and corrected before they are delivered up to the source or
destinations applications. This information will pass through multiple error detection
and correction layers to ensure a more accurate delivery.
In order to provide a clean, optimal communication between two devices, there should
be a hand-shake in place prior to the exchanging of data. This handshake is necessary
because it establishes the process in which each source and destination understands what
is being transported across the system. There is a mutual agreement ahead of time about
the language each device is using to communicate, how much information can be sent
without overflowing each other, how fast can this information be sent, what applications
are being used, etc. Once these parameters are known, the conversation can take place
accordingly.
Finally, there has to be a way to monitor the performance and health of your
communication network. Network management is a key process required on every
network. This management allows for the day-to-day operation of the network where
someone monitoring it can determine if there is a problem along the path or if there is
going to be an issue in the near future. This is called, proactive management, which
means never having to wait for someone to reach out to inform the network group when
there are problems on the network.
4
Network management tools also allow for proper trending and modeling. Trending will
provide the network administrator a history of the communication systems utilization
and performance. Modeling also allows the network administrators to plan ahead of time
how a specific device will interact with the system prior to connecting it to a production
environment.
During the early stages of computer networks, protocols were developed to allow for
communication between nodes. Protocols are referred to as sets of rules, which are
followed in order to perform a given task. A protocol is the language used by the
nodes to exchange this information and is relative to the medium being used to transport
the data. When peripherals such as printers and modems were invented, the speeds at
which they connected to computers used protocols with very low speed transfer rates,
5
such as 1200 bits per second or 2400 bits per second eventually reaching a maximum of
38,400 bits per second. The need to increase transfer speeds between nodes and between
computers and their directly connected peripherals gave rise to the developing of
protocols capable of carrying much higher amounts of data at faster speeds. These are
called data link layer protocols. These protocols had to introduce error detection and
correction mechanisms and used packets of data instead of continuous streams of 1s
and 0s to communicate across a system. Packets transported along a network use
synchronous communications, which use the notion of a clock. This means that every
packet is separated by an equal amount of time, which allows for faster communication.
Instead, asynchronous communications has no notion of a clock where the transfer of
data is sporadic and very bursty.
Fig 1.2
Point to P oint
Connection
N1 N2 N1 N2 N1 N2 N3
N3 N4 N3 N4 N4 N5 N6
N5
Fully Meshed Networks
A s you increase the num ber of nodes, the am ount
of links needed to m esh all nodes grows
extrem ely fast . N(N-1)/2 links are required
N1
N1 N1
N1 N1
N1
6
Since point-to-point connections are not feasible between all computers, the need to share
the links between networks becomes necessary. All computer networks deployed at this
time have common links that are used to transport the data for multiple users and multiple
networks as well. Shared links which carry the traffic between end users need to be
implemented with the proper mechanisms that will organize the data transfer in a manner
that will not congest the link, overflow any devices data buffers, or slow the various
communication flows that are sharing those links. The intermediate nodes that make up
the network cloud are very fast, have vast amounts of memory, highly reliable and robust
and can switch and route the traffic in minimal amounts of time. These devices are
referred to as routers and switches.
Generally, users will connect to a layer called the Access Layer or User access. PCs and
workstations have high-speed access to the network via 10 Mbps, 100 Mbps or 1 Gbps
ports on these switches. Each Access Layer switch has two major uplinks connecting the
switch to a set of routers or gateways, which allow connectivity to the cloud. An
uplink is usually referred to as a point-to-point connection between two communication
nodes. It is capable of handling all or most of the traffic generated by the locally attached
systems to that specific switch.
The Distribution Layer is the middle layer that introduces the routing functionality to the
user community. This layer is designed to be very fast and optimal. This layer contains
all the access rules or encryption mechanisms needed on the network which may act as
firewalls to other access layer switches. It is also the primary place to allocate any type
of server farms or application clusters because it gives everyone on the network equal
access in terms of number of hops from anywhere in the network. The Core Layer is
meant to switch (route) as fast as possible between LANs. There should be no access
filters, encryption, firewall rules or any type of extra processing introduced which will
slow down the transferring of packets across a network. It is the cloud.
7
Fig 1.3
Every intermediate node on the network executes this process, which is called store and
forward transmission. This process is much faster than having user A send the entire
message to intermediate node 1, where node 1 waits for the whole message to arrive.
Data is not grouped into packets but instead is sent as a stream of 1s and 0s, and will
only forward to intermediate node 2 once the entire message has arrived. For example, if
the string of 1s and 0s takes one minute to go between two directly connected nodes and
each node has to wait for all the 1s and 0s of the stream to arrived, it will take the
number of nodes in minutes plus one minute to transfer the message from user A to
user B. This means that if there are three nodes between user A and user B, the time it
8
will take this message to completely reach its destination from A to B will be three
minutes plus one more minute or four minutes to complete the transmission.
In contrast, when the same message is broken into equal size packets (i.e. 60 packets) and
each packet takes one second to get between two nodes, it will then take only one minute
plus the number of intermediate nodes in seconds for the message to reach its
destination. Obviously, packet switching is a more efficient way to send data between to
end points.
Fig 1.4
R
R 010101010
R 001011111
Packets
010101010
R
001011111
Data
Packets
R R
Stream
Network Cloud
Routers send packets
across a network
Fig 1.5
User
Header Trailer
Data
- A typical packet
Header - usually contains source and
destination address as well as sequence
numbers to identify and verify that all packets
are received by a given destination
User Data - actual information from sender to
receiver
Trailer - contains control information specific
for detection and correction of errors
9
Internet
One of the most interesting communication systems is the Internet. This system is made
up of millions of computers that interconnect and use common networks to transport
everyones data. These common networks are made up of interconnections between
Internet Service Providers (ISPs) high-speed routers and switches, which create what it
is called the Internet backbone. These backbones allow for the transfer of data at
very high speeds and provide connections to other smaller networks, which then provide
connectivity to end-users. On very large communication systems like the Internet, there
are also centralized points called Network Access Points (NAPs), strategically located
around the world to allow for the exchange of Internet traffic specific to the region. In
the United States, there are multiple NAPs that interconnect multiple ISPs, which in
turned, connect to other networks.
Fig 1.6
ISPs ISPs
R
RR R R R
R R R
R NAP
R RRR
R R R
NAP R ISPs
R R R
R
Internet R
R
ISPs R Backbone
R NAP R
R
R R R
R
R NAP R
R R R R
RR
ISPs R
R ISPs
R R
R R R R
ISPs
R
R R
10
1.1.4 Conclusion
In this session, certain networking fundamentals have been introduced that allow you to
understand what is considered to be a network and what devices make up a
communication system. Some facts behind the evolution of the computer and the creation
of standards that allow computers to interconnect have been introduced as well
concluding with the introduction of the idea of grouping streams of digits into packets for
a more efficient and fast communication.
Discussion questions
1. Why is there a need to network systems?
2. Why is data converted into packets?
11
Chapter 2: LAYER NETWORK ARCHITECTURES
12
2.1 Introduction
Network architectures are both complex and simple. The network can be defined as a
combination of specific devices that make up the system to allow for any transmission.
These networks use specific languages to carry the information allowing all the data to
be delivered without errors delivering the information in the most optimal way.
In this session, you will learn what functionality these languages should have as well as
how this information is transferred across the cloud. The final section will discuss the
three different switching mechanisms that enable packets of data to be delivered to their
destinations.
One very important aspect of a network service relates to how each client should be
charged back for using such a service. Currently, there are very few applications
developed (if any) for the sole purpose of auditing data usage and charging back via some
mechanism that "captures" every users' bit transfer. It is almost impossible to correlate
the amount of bits transferred by a single user to a charge back scheme accordingly.
Instead, every user is "charged" a monthly rate fee per connection to a specific network,
which is fixed regardless if the user sends 10 packets per second or one million packets
per second.
The idea behind the charge back is to pay for the equipment that was purchased and all
the cabling needed to connect to that specific network. Eventually, the switch will be
paid off in a few months and the rest of the budget is allocated for future infrastructure.
A great system, for example, which has been able to implement exact usage of a network
service, is the telephone system. Every second used on the phone is audited and logged
to the user's specific account. The charge back is relative to the usage so it is much easier
to trend and follow historically.
Certain actions executed on network resources are defined as services. These actions will
be executed in order and follow a script or program. A script is a set of steps that are
followed to perform some type of action. Almost everything around us and especially
with computer networks uses a set of steps or procedures to manipulate how that system
should behave and transport data efficiently and optimally.
13
A switch has a script specific to how frames should be forwarded across each port and
towards the network and how these are sent over a physical wire or wireless
infrastructure, etc. The script or basic steps to follow are relative to that specific
communication device and all computer nodes that are involved with the data transfer
have such scripts embedded within them.
What is a process?
A process can be defined as a set of active scripts or programs running on a system in
order to obtain some type of output or result. Users terminal nodes or machines such as
PCs are known as clients and high-end servers that handle these connections from clients
have active programs or processes that handle connections.
2.1.2 Protocols
What is a protocol?
A protocol is a set of rules that are executed in a given order to complete a given task. In
other words, a protocol is a language that is used to communicate between two entities.
The language is understood and both entities act on it to achieve a common task. There
are multiple protocols, which act differently depending on how the network infrastructure
is connected. There can be point-to-point protocols, which are called direct protocols
where there is a direct link between two nodes. Other protocols work indirectly between
two nodes. This means there are other nodes such as a switch network that separates both
entities and proxy the connection between the two end points.
Another important characteristic of a protocol is that it should be able to interact with any
type of device regardless of the brand or make. This means that the protocol follows a
standard that has been defined by the International Organization for Standardization
(ISO) http://www.iso.org. This group meets on a regular basis to decide how the
protocol will behave given a specific functionality and requirement.
These protocols are known as standard protocols. Using non-standard protocols will
cause every device to implement a process to translate to its own independent language or
script, which will be non-scalable and non-optimal. This process is similar to a person
attempting to communicate very fast using two different languages such as English and
Spanish, while trying to translate every word into the persons native language. This
process takes a great deal of time and every word converted must have the correct
meaning. In short, if there is an agreement to speak a universal language, then
communication of ideas will flow effortlessly.
What are some of the functions that a protocol should have in order to be accepted as a
standard language? There should be at least the following:
Protocol Functionalities
All protocols have the following functionalities: 1) encapsulation 2) segmentation & re-
assembly 3) connection control 4) flow control 5) error control.
14
Encapsulation
Data is usually passed along from a given application down to the wire or physical
medium. This data has to be enclosed with specific protocol units (PDU) which permit
the information to be sent across a network using the correct format and making sure that
it is delivered without any errors.
The encapsulation process introduces control bits, which are used for this purpose. These
control bits are not part of the data and will not be needed as the PDU is passed along the
network. Once the data reaches its destination, the control bits will be removed from the
protocol data unit as it traverses up to the actual application. This process is called de-
capsulation. The result is pretty much the data that was enclosed by the senders
encapsulation process.
Fig 2.1
PDU
Header Data
Encapsulated by a given
Protocol Data Unit (PDU)
Segmentation is required to facilitate the transfer of the flow more efficiently through the
network. Smaller segments are easier to verify because control bits are being added as
the information is being transferred. Therefore, the error detection and correction
mechanism has to work less given the smaller size of the segment or packet.
Additionally, it allows for the store and forward mechanism to work faster and provide
everyone equal opportunity while sending this information. This guarantees that no user
will utilize the entire bandwidth due to a segment being millions of bytes long (1 byte = 8
bits). However, in spite of the many advantages to the segmentation process, there are
also disadvantages. For example, the smaller the segment, the more interruption there
will be from the mechanism that is checking for errors. This process then creates higher
CPU utilization, which can eventually affect the transport of data.
15
Fig 2.2
Data Stream
........010101010101010000011111111111000000000000110101010101010101010......
Segment IDs
Re-assembly is the process of taking back all the segments that have been sent across the
network in the form of packets. The segments are then put back together in order to
ensure that the end user receives the actual data flow that was sent by the sender.
Connection Control
In data networks, managing data transfer is one of the most important processes required
to have an efficient and optimal network. Data flow between two end devices or entities
has to be managed and controlled to prevent data loss, congestion, or undesired queuing
somewhere in the network (delayed). Prior to every connection, if the two end devices
want to participate on a connection oriented process, there has to be specific parameters
setup before the conversation begins so that each one agrees to those parameters to
prevent retransmissions, congestion, and delays.
Finally, the connection has to be properly terminated at a given time. This means that the
sender or the receiver, (client-server) has to initiate the termination process by asking
either party to stop transmitting data, since enough has been received. Connection
control also uses mechanisms such as flow control and congestion control to make sure
that either device does not overflow each other. These parameters are all exchanged
during the connection establishment. Connection oriented processes are usually used
when long-term connectivity is required between two end devices. There is also the
16
notion of ordering or sequencing the segments, which allows for proper deliver between
two end devices. Any segment or packet out of sequence has to be retransmitted by
either end to make sure the data that was sent is the same as the one received
Fig 2.3
Sender Receiver
"Can we connect?"
"Yes, send me data"
"Here is the data"
"I want to stop"
"We can stop"
PC Server
There is also another type of connection known as connectionless. This means that the
transfer of data is done one packet or segment at a time without any connection setting.
In other words, there is no handshaking. These types of connections are mainly used
with multimedia applications where there is either voice or video streams that need to
reach multiple users. There is no congestion control or flow control mechanism that can
tell each entity to stop sending or processing so much data because there is no
handshaking ahead of time. Therefore, delivery of data is faster but it lacks the quality
control such as error detection and correction as well as flow control.
Error control
Error control is introduced at different levels of the data exchanged. Every bit of the
communication flow is checked to make sure that a 1 sent is a 1 received and the
same holds for any 0. Detecting and correcting these errors should be done on the bit
level to ensure a much faster process, rather than waiting for the actual application to
detect or correct the issue.
Information that is generated by an end device such as an email text file or image created
with a graphics program has to be converted into bits in order to be transported across a
network. These bits have to be converted to electrical, optical, or wireless signals, which
is the only way that the information can cross the physical medium. These bits are
actually a representation of specific voltages, which when oscillated between negative
voltages to positive voltages or vice versa create pulses which in turned are interpreted as
digital 1s or 0s. For example, if a 0 is given a +3 V value and a 1 is given a 3 V value,
the oscillating voltages create the patterns of ones and zeros. This is how the bit stream is
transported on the network. A bit stream is a sequence of bits that follow one another at a
given rate continuously.
17
Fig 2.4
Text
(Application)
Message
"Hello"
0001101110
Digital
(bits)
In an asynchronous communication, the bits are grouped into packets. There is no given
fixed delay between each packet hence the notion of a clock is not present. The arrival
of each packet can be sporadic and at different delays. One thing to remember is that
although all these packets have arbitrary times of arrival, the bits grouped within the
packets are still separated by a fixed delay. Using packets to transfer data is a more
efficient and optimal way to send data, therefore the importance of focusing on packet
switching.
Switching
Switching is referred to as how bits are routed across a network. Do these bits follow a
given path permanently present from beginning to end? Do they follow a path that is in
place only when the communication service needs to pass the data? Alternatively, do
18
these bits follow independent paths to reach their destination? These three scenarios are
referred to as Circuit switching, Virtual-circuit packet switching and Datagram packet
switching respectively.
Circuit Switching
The telephone system is a topology based on circuit switching. Switches and links create
a mesh-like topology, which allows these links to establish circuits between telephones.
The switches establish these circuits when the communication is initiated. Usually the
path followed between two telephones use the same route as the switches that route the
call or information have a determined path stored in memory, which can be loosely
referred to as a routing table.
The problem sometimes with circuit switching mechanisms is that if the circuit is broken
or is disrupted, the information cannot arrive to its destination until the circuit is repaired.
In order to reroute the information, there has to be some type of manual intervention.
Circuit switching is ideal for synchronous transmissions.
Fig 2.5
Same
dedicated path
N2
N3
N1
N4
Circuit Switching
Telephone System 19
Virtual-Circuit Packet Switching
Another switching mechanism that is often used is virtual circuit packet switching. A
virtual circuit is set up for the duration of the transmission. Packets of a specific
communication flow will follow one another. The packets of that transmission are
labeled with a virtual circuit number, which designates the path. The routing decisions
are made when the virtual circuit is set up. Each node stores these routing decisions in a
routing table that indicates the path to be followed by a packet from the virtual circuit
number. After the virtual circuit is setup, the node determines the path to be followed by
a packet by looking at the routing table. This means that each packet of one specific
communication flow will arrive at the destination in order as if they were following a
dedicated path.
At the same time, this virtual circuit is also carrying other communication flows, which
followed the same packet delivery process. Since packet switching is more efficient
when store and forward is used, it gives each intermediate node a chance to introduce
error control mechanisms to make sure that the packet is not corrupted. If there is a
problem with a packet, the node can request for a retransmission of that packet. Virtual
circuit packet switching is ideal for long-term transmissions.
Fig 2.6
Data follows a
virtual circuit in
the form of
packets
N2
N3
N1
N4
N5
N6
20
the network. Datagram packet switching is ideal for short-term transmissions. (When
packets are slightly out of order, the sliding window algorithm can reorder packets
correctly using the sequence number. The real issue is how far out-of-order packets can
get, or how late a packet can arrive at a destination. TCP assumes that each packet has a
lifetime of as the Maximum segment lifetime which is recommended to be 120 seconds.
Anything after that will be considered lost.)
Fig 2.7
Packets are
routed
independently
as there is no
established
path
N2
N3
N1
N4
N5
N6
Conclusion
In this session, you have learned that languages used to transmit; data across the
network are called protocols. These protocols followed a set of rules or script that
executes some type of functions that allows information to be transmitted. Protocols are
often described in an industry or international standard. Additionally, we also briefly
discussed how information is transferred across the network and how information bits
should be grouped into packets to make the transmission more optimal and efficient.
Finally, we described different mechanisms for packet switching across a network.
Discussion Questions
1. Describe why protocols should be standard.
2. Describe switching methods.
21
Chapter 3: OSI REFERENCE MODEL
22
3.1 Introduction
In previous sessions, the importance of understanding how a network is connected
together to form a path for data to travel between end points has been discussed. Along
with the specific languages and protocols that enable end devices to interact with the
networks to which they connect.
Our focus in this session will be placed on the Open Systems Interconnection (OSI). The
OSI is a standard reference model for communication between two end users in a
network. This model is a layered architecture model, which is very specific for packet
networks. The idea behind the OSI model is that every device that connects to a network
follows this specific layer architecture, which makes deployment and interoperability
possible. In this session, the seven layers of the OSI model will be discussed in detail,
along with the specific LAN devices that allow for connectivity to a network.
3.1.1 Multiplexing
What is multiplexing?
Multiplexing is the transmission of different flows of information on the same link. This
mechanism allows multiple users to share the links across networks to prevent point-to-
point connections between every device on a given network. There are various
multiplexing mechanisms such as Statistical Multiplexing, Time Division Multiplexing,
Frequency Division Multiplexing and Wave Division Multiplexing to mention a few.
Statistical Multiplexing
Statistical Multiplexing refers to the storage of all packets in a specific buffer
(multiplexer) where every packet needs to be transmitted over a given time. The packets
can then be transmitted in some order. Transmission of these packets may depend on
how early or late these arrived to the buffer, what priority does each packet have, i.e. is it
a voice or video packet which should be sent out before a data packet? Statistical
multiplexing keeps the link busy as long as there are bits to transmit. It analyzes the
statistics of a certain communication flows peak loads, how often does that flow use the
link, etc. It gives every flow a better chance to use the link.
23
Frequency Division Multiplexing (FDM)
Frequency Division Multiplexing refers to the allocation of specific frequencies to allow
multiple users to send their data over a common link. One main channel is broken into
multiple frequency bands to allow for multiple communication flows. An example of
frequency division multiplexing is the television.
In order to gain a better understanding of the OSI model, it is important to have a firm
understanding of the how the model was developed using generic layer architecture
definitions. Multiple layers make up the network architecture. Each layer has specific
functions that perform tasks independent of any other layer of that architecture. However
when they are put together they act in unison to form the architecture being discussed.
These layers can be considered modules, which can be interchanged with other
architectures. These modules or layers can be upgraded or changed without affecting
the global functionality of the architecture. At the same time, each layer or module can
be developed using standards that will allow for interoperability and functionality of
different vendor components without the need to design new modules or layers. For
example, think of the millions of code lines needed to maintain the space shuttle orbiting
the earth for it to be a successful operation. The programming of these code lines was not
done solely by one group or a person but instead the coding was broken into many
modules where each module controls one portion of the process such as aerodynamics,
control systems, electronics, etc. Once these modules are put together, they interact with
each other in unison to generate the final task of deploying to space. Should there be a
problem with the aerodynamics portion, changes or fixes can be made to address the
problem without affecting the other modules.
The same notion holds true for network-layered architectures. Each layer is responsible
for specific tasks that control a portion of the data transfer. Each layer of the architecture
has services that are specific to that layer and when they are put together form the
communication service as a whole. In a layered architecture, a service of layer N uses
only services of layer N-1. This means that the entire services specific to layer two for
example are using layer 1 services. A service of layer N is executed by peer protocol
entities in different nodes of a communication network. Peer protocol entities are
protocols that work on the same layer level. User As layer 2 protocol entities are peers
of users B layer 2 protocol entities. Peering is only done across the same layer not to the
layer below or above. The messages exchanged by peer protocol entities of layer N are
called Layer N protocol data units or N_PDUs. Data usually enters the top layer (N+1)
24
of User A and navigates down the layer stack to Layer N-n (where n is the lowest layer
available for that architecture) of User A onto the network cloud which also follows the
layered architecture. Since the network is only interested in switching or routing the
information, fewer layers need to be traversed up the stack. Once the specific layer for
routing or switching is reached, a decision is made and the network device then sends that
information down its own stack across multiple nodes. Once the destination has been
reached, the layer architecture of User B, takes the information all the way up the stack
from Layer N-n to Layer N+1 in which case, the information has been delivered. Keep in
mind that peer layers are acting on each other in a logical way even though the
information is moving up or down the layered stack.
Fig 3.1
B
Node 1 Node 2
N+1 PDU
Layer N+1 Layer N+1
In the late 1970s to promote the compatibility of network designs, the International
Organization for Standardization (ISO) proposed an architecture model called the open
systems interconnection reference model (OSI model). The OSI model is a layered
architecture with seven layers. The bottom three layers deal with transmission of bits,
frames, and packets. The upper four layers deal with the setting of communication
services as well as applications between users. The OSI model was developed for packet
switched networks.
To demonstrate the OSI model, take the connectivity between two systems where system
A is sending an email to system B and which is separated by many intermediate nodes.
25
The message typed on system As email application is converted to a stream of 1s and
0s destined for system B.
This information traverses the stack (the set of layers that make up the OSI) where every
stack along the way, introduces a header with its own information. The data can then
traverse the stack down towards the physical medium, which is known as encapsulation
since every layer down the stack introduces headers and other important control
information. Alternatively, the information can move up towards the application layer.
This is known as the de-capsulation process where all the headers and trailers of the
lower layers are stripped away.
The thousands of bits are placed into packets each with system Bs destination address to
allow all the intermediate communication nodes to route the packets to their closest
neighbors. These neighbors have routing tables that allow each packet to take the correct
path to the final destination. Routing is done on a per hop basis where the first hop
communication node (directly connected to the source) only needs to know its closest
peer that provides a path to the final destination. The packets, which contain the email
message, are then disassembled back into the streams of 1s and 0s and fed back to the
email application that allows the message to be read. When system B needs to
communicate back to system A, the same procedure is followed across the packet
switched networks.
OSI divides telecommunication into seven layers, which are the following:
Physical Layer
When system A needs to send information to system B, the bits have to traverse some
type of physical medium to reach their final destination. These bits have to be converted
into some type of electrical, optical, wireless, or microwave signals. These signals are
specific to the actual medium and have to be converted back to digital information as
they arrived at each intermediate node. Each intermediate node has to pass that
information as well across the transport medium, where the conversion from digital to
some type of signaling has to happen until the information arrives at the destination
where the final conversion is made from signals to digital information. The physical
layer deals with the physical interfaces of every device on a network. It also deals with
how the bits are converted into signals for proper transport. Repeaters and multiplexers,
for example are devices that work on this layer.
26
of the frame does all of the error detection and correction and supervises the
retransmission of frames that arrived incorrectly.
2. The LLC sub layer of Logical Link Control is in charge of flow control and error
correction. The LLC sub layer interacts with upper layer protocols as well as assigns
sequence numbers to frames and tracks acknowledgments. Bridges and switches are
devices that work on this layer. Protocols such as the entire IEEE 802.x suite, Frame
relay, SONET, to mention a few, are typical of this layer.
Network Layer
This is the layer used for routing packets. The network layer keeps track of how
congested the network is, using this information, it can then select specific paths for these
packets to reach their destination. This layer creates a logical map of the network to
determine which path packets should follow; how to switch them and how to make the
routing decisions. The network layer also introduces headers that contain logical
addressing such as source and destination IP addresses. Routers use the destinations
logical address encapsulated in the header of a network layer packet to determine how to
route that packet. The network layer also provides special network facilities such as
prioritization of packet routing. This layer makes a decision of which packet is more
important given a priority assignment. Routers work on this layer. Protocols such as IP
and IPX are very specific to this layer.
Transport Layer
This layer is probably the most important one. This layer provides a mechanism for the
exchange of data between end systems. This transport layer also provides services for
both connection-oriented transmissions as well as for connectionless. With connection-
oriented services, it ensures that the data is delivered error free, in sequence, with no
losses or duplications. It establishes, maintains and terminates the connection as well as
provides mechanisms for multiplexing upper layer applications. It maintains flow control
and other congestion avoidance mechanism since during the initial session set up,
specific handshaking, or agreement takes place to allow for a reliable transfer between
two systems. This method is preferred for long-term connections between two devices
that required very reliable communication.
During connectionless transmissions, packets are delivered across the network without
having to set up a connection between two end users. This means that the delivery is best
27
effort and cannot be guaranteed, as there is no handshaking ahead of time.
Connectionless modes are mostly used with multimedia applications where there is no
need to have a session setup in order to speed the communication. The drawback to this
is that since there is no handshaking ahead of time like in connection oriented
mechanisms, there is no way to introduce flow control or congestion avoidance.
Session Layer
The session layer provides the mechanism for controlling the dialogue between
applications in an end system. It acts as the mediator or referee between upper layers.
The session layer establishes, manages, and terminates sessions between applications. It
also provides data transfer control and management between co-operating application
processes over a session connection. It is also responsible for coordinating data
communication between two presentation layer systems.
The session layer organizes their communication by offering three different modes,
which are the following:
1. Simplex: Communication will flow only in one direction without the possibilities of
flowing back the other way. It is like watching a classic television show where there
is no interaction from the viewer.
2. Half duplex: Communication flows can be sent or received on the same wire but not
at the same time. For example, think of a walkie-talkie conversation, you only need
to press a button to speak to the other person. However, the person receiving the
message is not able to speak until you release the button. Once the button has been
released, the other person can start sending a message on the same channel
3. Full duplex: The communication flow can be transmitted and received at the same
time. A common everyday example is the telephone conversation.
The session layer also acts like the transport layer where it needs to establish, maintain,
and release a connection. Protocols that work on this layer, to mention a few, are RPC,
NFS, SQL, X window, etc.
Presentation Layer
The presentation layer defines the format of the data to be exchanged between
applications and offers application programs a set of data transformation services.
The presentation layer acts as the translator to the application layer. It makes sure that
the data is readable by the application layer of the receiving station. This layer is
responsible for ensuring the correct formatting is completed on the data being sent across
the network. Additional responsibilities include the introduction of encryption,
decryption, data compression, and decompression, compatibility with the host operating
system, etc.
28
Application Layer
The application layer provides services for the application programs; thus ensuring that
communication is possible. This layer provides a means for application programs to
access the layer architecture. One service that is provided by the application layer is to
manage the communication between the end user applications by checking the systems
resources and availability. In addition, this layer contains some error control mechanisms
to check for data integrity of both communicating entities. This is the layer where
applications reside. Typical protocols that work on this layer are File Transfer Protocol
(FTP), World Wide Web (www), Simple Mail Transfer Protocol (SMTP), and many
others.
Fig 3.2
Node 1 Node 2 B
End to End Communication Services
Application Application
End to End Communication
Presentation Presentation
End to End Sessions
Session Session
End to End Messages
Transport Transport
End to End Packets
LAN Devices
What kinds of components are commonly used in a network topology? Many LAN
components are necessary for a minimal LAN topology. You need to have concentrators
that allow multiple PCs to interconnect in a common place using one specific link to the
outside world, which is usually connected to a repeater, a bridge, a router, or another
switch. There are devices that shape the specific signal and create specific patterns such
29
as CSUs/DSUs, as well as modems. There are multiplexing devices that split the signals
in to multiple ones, etc. Let us describe them in more detail:
Repeaters
A repeater is a physical layer device used to interconnect the media segments of an
extended network. A repeater extends the signal from one segment to another, amplifies
it, re-clocks it, and then retransmits it along to the next segment. A repeater will not
change the signal, nor would it correct or filter it, as it is not an intelligent device. If
the signal has noise, it will take the same noise across to the next segment. There is also
a limitation of how many repeaters can be connected across network segments, as it has
to do with the issue of timing and other distance limitations.
Hub
A Hub is a physical-layer device that connects multiple user stations, each via a
dedicated cable. A hub can be thought of a concentrator where multiple devices attach
to share the bandwidth (how many bits per second can be sent over a specific
transmission link) available for transmission. Every device that attaches to this hub via a
cable will convert its digital streams into electrical signals that are exchanged within the
internal bus (a bus is the back plane where all signals are exchanged) of the hub. These
electrical signals are converted back into digital streams as they reach another station on
the same hub or outside of that concentrator. Hubs were deployed during the early stages
of LAN topologies where the bandwidth had to be shared.
Modem
A Modem is a device that interprets digital and analog signals, enabling data to be
transmitted over voice-grade telephone lines. At the source, digital signals are converted
to a form suitable for transmission over analog communication facilities. Modem is a
short representation of modulator/demodulator.
LAN Bridge
A LAN bridge is a device that interconnects two separate Local Area Network segments.
This device is a bit more intelligent than a repeater as it can make routing and
switching decisions within network topologies. The bridge is able to filter and drop
unwanted traffic by checking its internal Media Access Control tables, which are tables
created by understanding the physical topology of the local segment. When a device
needs to send information across the bridge, the frames that leave that device are
analyzed and the physical address of that device is then copied and mapped to a
specific port location on that bridge. It does this by maintaining a cached table, which is
kept in memory. These physical addresses mapped to specific ports of that bridge allow
it to exchange traffic very fast.
A basic bridge can only interconnect segments that use the same data link layer protocols
such as IEEE 802.x. Translational bridges are able to take a specific Protocol Data Unit
(PDU) frame from one topology and convert it to another frame type such as when the
bridge connects a token ring segment and an Ethernet segment. The bridge is a layer two
device (data link layer).
30
LAN Switch
Currently a LAN switch is the most used device on LAN networks. The hub gave way to
the switch, as there was a need to be able to switch information much faster and at
much higher bandwidths without sharing it. The switch introduced new mechanisms that
allowed frames to be switched at very high speeds (100 Mbps/100000Mbps). It also
creates a hardware table that it uses to map physical device hardware addresses (Network
Interface Card addresses, NIC addresses) to specific ports. The MAC table allows frames
to be switched very fast. The first frame is used to determine who the sender is. The
frame contains physical source and destination addresses. The source address is copied
and mapped to a port and the frame is then flooded to all the ports available as it is
trying to locate its destination. When the destination device responds back with its own
frame, the switch takes that devices source address and maps it to that specific port. The
destination address of that frame is destined for the sender who has already been mapped
on the MAC table hence the path or flow is completed between the two devices. The
second frame and consecutives after that now have a path or a flow to follow which
allows for very high speed switching and less processing. This table is maintained
dynamically as devices insert and leave the switch environment. The LAN switch is a
layer two device.
Routers
A router is a device that interconnects multiple segments and can interact with multi -
protocol architectures. It has the capability of translating protocol data units from one
specific protocol and converts them to other type of protocol data units. It takes in
packets from one segment, analyzes where that packet is destined to and by looking up its
routing table it can route those packets to a next hop neighbor or peer. Routers do not
specifically have to know where every final destination is located on a network. The
routing tables created on each router are updates that are passed along from other routers
or neighbors that know of that destination via their own neighbors or peer routers.
Eventually, every router in a specific network will have a map of all the possible
destinations available for the routing of packets. Routers make routing decisions by
using software capable of calculating how to reach a destination in the most efficient and
optimal way.
For additional CPU and memory processing, the router needs to use its software portion
to make these decisions. The traditional router is now being replaced by something
called, layer 3 switching which means, the routing algorithms running in software are
now moved to the hardware portion of the switch. This enables faster switching and
routing decisions as the code is embedded on the ASICs (Application Specific integrated
circuit/microprocessors) using native computer languages such as Assembler, or other
type of binary coding.
The term CSU/DSU stands for Channel Service Unit/Data Service Unit. A digital-
interface device adapts the physical interface on data terminal equipment (DTE) device
(such as a terminal) to the interface of a data circuit-terminating device (DCE) (such as a
31
switch) in a switched-carrier network. The CSU/DSU also provides signal timing for
communication between these devices (WAN implementations).
3.1.3 Conclusion
In this session, the different methods available for multiplexing have been discussed.
These mechanisms are used in many of our existing network topologies. Multiplexing is
very important, as it is necessary for the sharing of the multiple links that provide access
to millions of users over a specific topology like the Internet. In recent years, the layered
architecture has given way to the Open System Interconnection model or OSI model. All
packets switched networks as well as every device that uses TCP/IP as their protocol
suite follows this model. There are seven layers in the OSI model and each layer has its
own functionality. This modular design allows for independence between layers, where a
fix on one layer will not affect that of another. It also gives specific responsibilities to
each layer to perform a given task. In addition, the common LAN components that make
up a network were explored in this session.
Discussion Questions
1. Describe briefly some functions and responsibilities of every layer of the OSI model.
2. Describe how a switch switches its frames.
3. Why is it better to do layer three switching than traditional routing?
32
Chapter 4: INTRODUCTION TO INTERNETWORKING
33
4.1 Introduction
This session introduces the basics of a Local Area Network. What is a LAN? How many
different LANs are there? What are the most commonly used topologies for these
infrastructures? What Data Link layer protocols are used for the transmission of frames
across a network and finally what is the difference between Ethernet and Token ring?
A LAN is a high-speed, fault tolerant data network that covers a relatively small
geographic area. It typically connects workstations, personal computers, printers and
other devices. LANs provide multiple advantages to users as it allows for the sharing of
access to servers or applications that provide a service. For example, there is no need to
have every single user connected to a local printer for printing purposes. This would be a
costly deployment as well it would be very difficult to support the amount of printers per
floor or LAN available to every user. Instead, having one printer that can print very fast
with large amounts of buffer memory space will allow multiple users to print their
material quickly and reliable. The key behind this is that the printer has to be powerful
enough to handle a multitude of users.
The same setup can be applied to a client-server communication. Not every client has an
individual server to access and use for data entry, programming, email, etc. This will not
be a scalable solution as multiple servers running the same application could only interact
with one user provided it followed the one-on-one scenario. If the information were
changed on one server, it would have to be downloaded manually to the other users
servers. This is not acceptable, as it becomes a huge administrative overhead. Instead,
there are very powerful servers that connect to the LAN, which allow multiple user
connections to the application stack where information can be shared and updated in real
time. This type of LAN where users have access to applications on a server or printer is
referred to as High-Speed Office networks that use 100 Megabits per second connectivity
to the desktop.
There are different types of LANs used for different types of connectivity. Let us take a
closer look.
Backend networks are very specific for the interconnection of very large and high-speed
systems such as mainframes, supercomputers, and storage devices, backup and restore,
etc. Usually, these types of LANs are not connected to an end user device. The only
traffic that is meant to be traversing the Local Area Network is server traffic. Think of
backend networks as the networks that process the majority of data in a specific
application.
For example, company A offers some type of e-commerce functionality to the public or
its employees. The front-end access to this application is probably a secured network that
34
has a web browser compiling all the information requested by the end user. The front
end is the graphical interface that the user sees when he or she logs into the service in
question. Let us say now the user wants to perform a trading operation. A specific link
or URL is highlighted on the web page for the user to process the transaction. When the
user clicks the URL, the system sends the request to a backend network where multiple
backend systems analyze the request and provide an output. The output is fed back to the
client via the user interface. The crunching of the data was done at the server level at
high speeds and replicated probably across multiple servers in case one of the servers
becomes unavailable.
Fig 4.1
Application X
S Backend
Servers are dual
attached one side to the
Networks production network
(user net) and the other
side to the Backend
Server to Server network
communication
S S S
Now, think of an application that requires continual backup and storage of information in
case the application crashes or malfunctions. Storage networks provide a historical and
chronological way of saving data to servers that can store the information for long
periods.
Typical characteristics of backend and storage networks should include the following:
35
2. High-speed interfaces that enable the devices to be interconnected using optical or
other interfaces that allow for the exchange of Gigabits per second. These
interfaces have to contain a lot of buffer space to store and process these frames at
very high speeds.
3. Special medium access control (MAC) techniques to enable the reliable and
efficient use of the shared or switched network.
4. Most LANs are confined to a single building or group of buildings and are not
intended for deployment across large distances.
5. There should be few devices connected to these networks, since they are not
considered end user devices.
Usually, the storage, backup, backend, and other similar networks do not use the same
infrastructure as the users networks. This is usually a production network that should be,
both, physically and logical separated at all times. Backup and storage network traffic
should never flow on the same network topologies as production, day to day traffic. This
is to avoid congestion issues as well as to clearly separate the environment from a
production one and a purely system oriented one. The most common way to do this is to
allow every system to be attached between both worlds. This will enable the data to
traverse the servers. There are usually high-speed connections between storage/backup
networks using routers dedicated only for this traffic. Production traffic does not take the
path over the backup network and vice versa.
Fig 4.2
NY Separate Infrastructure to NJ
segregate Backup/Storage
traffic from Production
traffic Backup/Storage
Network
Switch R1 R2 Switch
Very fast
connections using
fiber optic muxes
to provide large
amounts of
bandwidth
Production Production
R3 R4
Network Network
36
4.1.4 Backbone LANs
A backbone LAN is a LAN used to interconnect multiple segments via a repeater or tap
to access the backbone and exchange information. The typical backbone LANs
(Ethernet) was deployed along a buildings structure (literally forming a backbone where
floors could tap into to transfer data). The long Ethernet cables were laid from top to
bottom floors and could not be longer than 500 meters, with two 50 terminators
(resistors) at each end. This Ethernet also had a cable diameter of 0.4in and each tap was
separated using multiples of 2.5 meters to prevent adjacent taps signals from reflecting
and adding phase to the signal, which cause distortions, etc.
The are also other type of Ethernet topologies which covered shorter distances (200
meters) as well as Unshielded Twisted Pair which has a distance of about 150 meters.
These can be referred to as 10Base5 (10 meaning 10 Megabits per second, Base refers to
Baseband, which means only one signal on the wire, and five refers to the distance
limitation, in this case, 500 meters), 10Base2, and 10BaseT respectively.
These specific parameters had to be followed if one was to call the cable in question an
Ethernet backbone cable. Every floor connected to specific hubs that had a specific port,
which tapped into the backbone allowing every floor to participate on the backbone in
exchanging traffic. The backbone was shared and typically would run at speeds of
10Mbps (early 1990s). This type of backbone allowed every segment to SHARE the
bandwidth of only 10 Mbps.
This meant that there were a lot of collisions, retransmissions, and over-subscription
(more clients than the actual capacity of the cable with respect to available bandwidth).
If one user was sharing the bandwidth with 1000 other users connected to the
backbone, and that user grabbed all the bandwidth available because of a large file
transfer, etc, everyone else sharing the bandwidth had to fight for what was left or drop
communication until the bandwidth was available.
Switching mechanisms and new backbone topologies gained more popularity and
eventually dismissed the shared backbone LANs for a faster delivery. For example, the
collapsed backbone enabled multiple switches to be stacked together that created a
logical BUS across multiple switches while switching all frames at high rates of speed.
Switching is preferred because it creates an environment where every user has a chance
to use the entire bandwidth of either 10 Mbps or 100 Mbps at one given time. This is
because the switching mechanism switches very fast across each port. Switching
architectures are now mostly used for every LAN backbone deployment.
37
Fig 4.3
50 Ohm
Resistor
Floor
Segme
TAPS nt
Separation of
TAPS
Multiple of 2.5
Meters
500 Meters
50 Ohm
Resistor
4.1.5 Topologies
The common topologies for LANs are bus, tree, star, and ring. The bus is a special case
of the tree, with only one trunk and no branches. Most of these topologies use MAC
protocols or Data Link Protocols such as the IEEE 802.x protocols used to access media
using bus topologies, ring topologies, wireless environments, fiber optic channels,
bridging and switching, etc. Each protocol development is steered by a committee, which
meets regularly and tries to improve its functionality. Some of the common committees
include the following:
38
The name 802 originated during the first meeting of the IEEE
http://standards.ieee.org/getieee802/ in February 1980, when subcommittees were formed
to breakdown the data link layer protocols.
The tree topology is a generalization of the bus topology. The transmission medium is a
branching cable with no closed loops. One or more cables start at the head-end, and each
of these may have branches. The branches in turn may have additional branches to allow
quite complex layouts.
In bus topologies, all stations can receive a transmission from any one station. This
means that there has to be a mechanism that allows the signal to be directed to the correct
device and there has to be a mechanism that regulates transmission. To make sure that
this does not happen, data is sent across in the form of frames (small blocks of data,
which contains headers and control information). Each station on the bus has a unique
address or identifier, which is included on a frames header portion as a destination or
source. Having this functionality, the transmission of data is kept within a source and
destination as well as allows each station to wait for its turn to send data frames across
the medium. This can be considered a type of regulation of traffic.
One of the advantages in using a bus topology is that when a node fails, the entire bus is
not affected. It allows the individual node to be removed and replaced without affecting
service to all other nodes attached to the bus. It has also less cabling requirements than a
star topology where there has to be more point- to- point connections between the central
node and each device.
There are also disadvantages such as the contention of bandwidth, which is a problem
when two stations want to send at the same time and do. The information sometimes
collides and has to be dropped or retransmitted. There is also less control with respect
to security since there is no central node watching the network. A device can actually
tap on to the bus causing possible problems, including security breaches.
39
Fig 4.4
Bus Topology
Tap
50 Ohm
Resistor
Tree Topology
Tap
50 Ohm
Resistor
Ring Topology
The network consists of a set of repeaters joined by point-to-point links in a closed loop.
The links are unidirectional; that is, data is transmitted in one direction only, so that data
circulate around the ring in one direction (clockwise or counterclockwise).
Each station attaches to the network at a repeater and can transmit data on the network
through the repeater. Data is also transmitted in frames. As a frame circulates past all
the other stations, the destination station recognizes its address and copies the frame into
a local buffer as it goes by. The frame continues to circulate until it returns to the source
station, where it is removed.
40
A major advantage that a ring topology provides is that it gives each station an equal
opportunity to send its information. One of the disadvantages to a ring topology is that in
order to add or remove a device from the ring, operation of the topology will be affected,
as the ring is broken to allow for the change.
Fig 4.5
Node D Node C
D
D
Closed
D
D
D
Repeater
D
Node B
Star Topology
Each station is directly connected to a common central node. Typically, each station
attaches to a central node via two point-to-point links, one for transmission and one for
reception. The central node or center for the physical star topology has two different
approaches for delivery of data. One is a purely broadcast mechanism where one frame
from a given station is sent to every device on the topology via the outgoing links. This
topology is a physical star but behaves like a logical bus. The other approach is to send
frames only to a device in question via the outgoing interface.
41
This means that the central node acts more like a frame switch and does not have to flood
every outgoing link with copies of frames only intended for one of the attached devices.
Each frame is stored or buffered and then forwarded to the destination following the
store-and-forward mechanism discussed previously. An advantage of this topology
includes the central node having better control of data transmission as it can monitor all
the traffic flowing across different stations. It can also provide specific priorities to given
ports. There are also disadvantages including becoming the single point of failure in the
topology. If the central node is affected or cannot control data forwarding across its
ports, all network devices attached to it will be able to communicate.
Fig 4.6
Star Topology
Medium Access Control is an effective mechanism that allows each node to access the
medium in an orderly and efficient way in order to use the mediums capacity. A central
node can exercise this control, where the controller allows or grants each node access to
the network. If there is no central node controlling access to the medium, there will be
some type of collective determination as to how every node attached to a given non-
centralized topology should access the medium. Access to the medium can be in an
orderly fashion, it can allocate specific slots of capacity for future transmissions, or it can
literally fight for the actual allocation of the capacity. The methods used by MAC
protocols are known as round robin, reservation, and contention respectively.
42
Round Robin
Each station, in order, is given the opportunity to transmit. During that opportunity, the
station may decline to transmit or may transmit its data. If there are N nodes on a
topology, the process will start from the n (n is the first node, N is the last Node) node,
and continue in order towards N as such, n, n+1, n+2, n+3.N and the process wraps
around again back to n. It allocates equal amount of time and capacity for each node to
send its data. It provides equal opportunity to all nodes.
Reservation
For streaming traffic such as video or voice, reservation techniques are well suited. In
general, for these techniques, time on the medium is divided into slots, much as with
synchronous TDM. A station wishing to transmit reserves future slots for an extended or
even and indefinite period, which guarantees the node capacity on the link.
Contention
For bursty traffic, contention techniques are usually appropriate. No control is exercised
to determine whose turn it is; all stations contend for time in a way that can be. It is
mostly used in shared environments. Every node actually fights for available
bandwidth. Contenting for bandwidth can cause already transmitting nodes to be
dropped or bump for another data flow of a different source node. The competition for
bandwidth is akin to survival of the fittest, with the most powerful and fastest device
winning over the others.
The MAC layer receives a block of data from the LLC layer and is responsible for
performing functions related to medium access and for transmitting the data. It makes
use of a protocol data unit at its layer. The PDU is referred to as the MAC frame.
In general, all MAC frames have the following format and are made up of the following
fields:
MAC Control: This field contains any protocol control information needed for the
functioning of the MAC protocol.
Destination MAC Address: The destination MAC Address is the destination physical
attachment point on the LAN for this frame.
Source MAC Address: The Source MAC Address is the source physical attachment
point on the LAN for this frame.
LLC: The LLC data from the next higher layer
CRC: This field is also known as the frame check sequence, (FCS) field. This is an
error-detecting code.
Fig 4.7
MAC Destination
Source MAC LLC CRC
Contr MAC
Address
ol Address
Actual
DATA
43
4.1.8 MAC Protocols: The ALOHA Network
The first development of multiple access technology was explored at the University of
Hawaii. This new multiple access technology was called ALOHANET, which can be
referred to as the first modern data network. Dr. Norman Abramson,
(http://winwww.rutgers.edu/focus/Focus1998/Abramson%20Bio.html) developed the
idea, which gave way to what we now know as modern Ethernet.
The ALOHA method, refers to a mechanism where each connected source to the network
sends a data frame when it needs to. If the frame arrives to the destination, there will be a
typical acknowledgement sent back to the source. If there is no acknowledgement in a
period specifically selected for an acknowledgement, the sending source will retransmit
the frame again. If the source fails to receive an acknowledgement after a few
retransmission times, it gives up. There can be multiple sources sending at the same
time. These multiple frames can interfere with each other at the receiver so that neither
gets through. This is known as a collision. The problem with this type of multiple
accesses was that multiple sources and destinations share a common data path hence
frames collided causing congestion and degradation of the system efficiency. Once a
collision occurs, the data contained on each frame is lost.
The ALOHA method worked well for the transfer of data across a few devices, however
as the network grew in size, it became very inefficient. There was a need to develop new
protocols that used the ALOHA method as the preferred method but introduced some
collision and congestion control mechanism that allowed it to be more efficient. Dr.
Robert Metcalfe, working for Xerox Corporation, set about on inventing what is now
known as Ethernet. He took the principles of ALOHA and created a mechanism called,
Carrier Sense Multiple Access with Collision Detect or (CSMA/CD) or more typically
known as the Ethernet. To learn more about this work you can visit
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ethernet.htm .
44
4. After transmitting the jamming signal, wait a random period of time, then attempt to
transmit again and repeat step 1.
This means that now, stations will have a more efficient way to access the medium. The
algorithm does not guaranteed a collision-free environment as any two stations following
the CSMA/CD method can be waiting the same amount of random time, which will
cause their transmitted frames to collide again, but at least it is a more manageable
solution.
For additional information on how CSMA/CD works, you can visit this web site
http://www.erg.abdn.ac.uk/users/gorry/course/lan-pages/csma-cd.html.
The token technique is based on the use of a small frame, called a token that circulates
when all stations are idle. IBM popularized this topology by introducing the token factor.
A station wishing to transmit must wait until it detects a token passing by. It takes the
token at a specific moment, converts the token frame into a start of frame sequence for a
data frame. A start of frame sequence tells the destination where the actual frame begins
with a special bit pattern. The station then appends the remainder of the data frame to get
it out to the network. When one station is sending data, there is no token on the ring, so
other stations wishing to transmit need to wait until that specific source is done sending.
This data frame will make a round trip around the ring until it reaches the destination.
The destination station copies the frame into its buffer as the data frame passes through it.
The frame then gets back to the source where it is absorbed and taken off the ring at
which time, the source inserts a new token back onto the ring to allow other stations to
seize it and begin communication.
This type of access is very reliable as it gives every node an equal opportunity to send
data as long as the node has control of the token. The token is released after a very short
period (in the milliseconds range) to make sure that everyone has a chance to send.
During very heavy loads, the process works like a round robin process, which is both
efficient and fair. A disadvantage of a token ring is the requirement for token
maintenance since the loss of a token will prevent further utilization of the ring. There
can be also duplication of the token, which can disrupt ring operation. One station must
be selected as the ring monitor to ensure that exactly one token is on the ring and to
reinsert a free token if necessary.
For more information on Token Rings, you can visit the Cisco System documentation
page at http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/tokenrng.htm .
45
4.1.10 Conclusion
In this session, you learned that there are many different types of LANs that can be
configured on a network, such as high speed LANs, storage and backup and backbone
LANs. Each type of LAN has advantages and disadvantages that are specific to their
purpose and the type environment they are employed in. The Local Area Network can be
physically configured using different topologies such as bus, ring, star, and tree. The
final topic discussed in this session was specific Media Access Control mechanisms.
These mechanisms allow access to the specific medium as well as two of the most
important implementation of Bus and Ring topology, CSMA/CD and Token Ring.
Now, that a basic understanding of the principles of Internetworking is in place, you will
be able use this information as a building block for future sessions on routing and
switching.
Discussion Questions
1. How many different Ethernet MAC frames are there?
2. Is Ethernet topology more efficient than a token ring topology? Explain your answer.
46
Chapter 5: INTRODUCTION TO BOOLEAN BASICS &
BRIDGING
47
5.1 Introduction
In this session, our focus will be placed on the basics of bridging. The different types of
bridges available and how these bridges interface with a network will be discussed. A
basic understanding of bridges is necessary for a future understanding of how packets are
routed by a router and frames are switched using switches. The Spanning Tree
Algorithm will be presented as a method used to provide a loop-free network. In
preparation for future sessions in IP addressing and subnetting the fundamental concepts
of binary math will be introduced. Lastly, our attention will turn to the binary system and
the hexadecimal system. The session will conclude with a discussion on the importance
of logical tables.
Bridges
As you will recall from earlier sessions, LAN infrastructures and the devices that connect
to these topologies are used to exchange traffic. Bridges were developed to allow
separate LANs to interconnect across local topologies or over WAN infrastructures. A
repeater is not effective enough as it is not a very smart device since it takes the signals
that are generated on one end and repeats them on the other side including errors and
noise. It does not really separate LANs since a repeater extends one LAN between two
different locations. There was a need for smarter devices that could switch a frame and
determine the best path between two points by analyzing source and destination and
checking bridging paths available within the device. At the same time, the device has
to be able to filter frames not intended to a specific destination on the bridges
routing/bridging table and drop them.
A bridge is a much simpler device than a router. It works on the data link layer or layer
2. There are two types of bridges, the basic bridge, and the translational bridge. The
basic bridge is designed for use between local area networks (LANs) that use identical
physical and data link layer protocols such as the entire IEEE 802.x suite of protocols as
well as same physical media like the Ethernet, token rings, or high speed serial. The idea
behind using identical data link layer protocols allow the bridge to process information
faster through its CPU creating a very fast bridging scenario. MAC frames from one
LAN/WAN topology do not have to be converted to another MAC frame type when
using basic bridges.
48
Fig 5.1
User A User B
Data Data
LLC LLC
MAC MAC MAC
Physical PHY PHY Physical
There are many reasons why multiple LANs should be separated by bridges or routers,
such as:
1. Reliability: If there are issues on a device that connects to LAN1, LAN2, LAN3,
etc connected to the bridge will not be affected as the separation creates an
individual domain.
2. Performance: The more devices you connect to a LAN, the less efficient
performance will be. If there are multiple networks attached through a bridge,
each segment can grow to its optimal capacity without affecting every LAN
attached to the bridge.
3. Security: Different LAN segments have different needs. A Research and
Development LAN has different traffic patterns then a Human Resources LAN.
Security is important to protect data that is restricted to the public. A bridge
allows separate physical interfaces to deal with other LANs own data patterns.
4. Geography: The obvious reason to use a bridge is to interconnect two separate
topologies that could be located in different buildings, regions, etc.
The simplest implementation of a transparent bridge is the basic bridge. The functions of
a basic bridge are simple and few:
1. Read all frames transmitted on A and accept those addressed to any station on B.
2. Using the medium access control protocol for B, retransmit each frame on B.
3. Do the same for B-to-A traffic.
4. The basic bridge makes no modification to the content or format of the frames it
receives, nor does it encapsulate them with an additional header. Each frame to be
transferred is simply copied from one LAN and repeated with exactly the same bit
pattern as the other LAN.
49
5. The bridge should contain enough buffer space to meet peak demands. Sometimes
frames will arrive at a faster pace than it the bridge can handle to process
immediately; therefore, buffer space should be sufficient.
6. A bridge may connect more than two LANs.
Bridging Mechanisms
A learning bridge will analyze incoming frames, make forwarding decisions based on
information contained in the frames, and forward the frames toward the destination.
There are two types of bridging mechanisms, Transparent Bridging and Source Route
Bridging. Transparent Bridges were developed by the Digital Equipment Corporation
and are considered by the 802.1 committee. Source Route Bridging was developed by
IBM and proposed to the 802.5 committee.
For additional information on Learning Bridges, you can visit the Cisco documentation
page at http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/bridging.htm .
In Transparent bridging (Learning Bridge), frames are sent one hop at a time towards
the destination. This means that there is no pre-determined path between source and
destination. Each bridge along the way will process the frame according to its learning
table. This table was obtained by mapping physical devices to ports of that bridge. The
source does not need to know the final destination. Each hop makes its own
determination to switch the frame. The bridge must contain addressing and routing
intelligence. At a minimum, the bridge must know which addresses are on each network
to know which frames to pass. Further, there may be more than two LANs
interconnected by a number of bridges. In that case, a frame may have to be routed
through several bridges in its journey from source to destination.
For additional information on transparent bridging, you can visit the Cisco documentation
page at http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/bridging.htm .
In Source Route Bridging, the path between source and destination is predetermined and
included on the frame as it traverses the network. Each frame has a map or topology of
bridges that need to be followed. The addition of this route bridge map is done via a
discovery frame (explorer frame) that goes out prior to sending data between source and
destination and maps the path ahead of time. This is a more deterministic way of
delivery of data. If one of the bridges along the path is affected, a new discovery frame
has to be sent to append that information for future data frames exchanged between
source and destination.
For additional information on source route bridging you can visit the Cisco
documentation page at http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/srb.htm .
50
If the destination was not in the bridge address table it would have to retransmit the frame
on every port except to the one it was received on. This is known as flooding of all the
ports. It is a mechanism used to allow the frame to discover where the destination is
located. The idea behind this is that only the first frame of a data flow should be flooded
to every port if there is no entry on the learning table. Once the response from the
destination is mapped, the second frame of the data flow to the last frame of the same
flow will not be flooded to every port. A flow between source and destination will be
formed. If there was no table caching or memory to store this hardware address map, the
bridge will process every frame in order to determine where to send the data, thus causing
the CPU to be very high.
Now suppose stations A and B start up and A attempts to communicate with D through
two directly attached bridges (creating a loop-free or tree topology) A frame from station
A addressed to D will reach the local bridge on port 1. B1 can now learn that station A is
connected to port 1 but it knows nothing about the final destination D so it has to
retransmit the frame destined to D to all available ports except on the port where the
frame was first heard from. This means that bridge B2 (directly connected to a port (of
B1) will receive the frame and since it does not know yet where station D is, it retransmit
the frame to all available ports (except the port where B1 connects to B2). B2 also
examines the incoming frames and knows that A is reachable via the directly connected
port that attaches to B1.
When D responds, it will reach B2 via its own local port at which time, B2 then knows
that D is directly connect to port 1. B2 already knows how to get to A and sends the
frame to the port where station A has been mapped. When the frames arrive at B1, it
then examines the incoming frames and determines that D is reachable via the directly
connected port where each bridge is attached so it maps it to its table. At this point, B1
and B2 know how to send frames from A to D and back. They can now create a flow
between source and destination. Should B need to communicate with D, the same
process begins. A frame leaves B destined to D. In this case, there is no need to flood
every port to determine where D is because, B1 already has a port assigned to a
physical address representing a path to get to the D from the previous flooding between A
and D.
All that B1 needs to do is to look at the portion of the frame for the source and map the
source address (Bs) to the specific port. At, which point, a new flow can take place
between B and D. In order for a bridge to update a learning table, the entries mapped to
each port that have not received any data frames for a set period, will be aged out, and
removed from the table.
This kind of bridge topology is only effective in loop-free or tree topologies where there
are no closed loops. Therefore, to truly have a full implementation of a complete bridge
(as it is presently known); the concept of the Spanning Tree Algorithm must be
introduced. This bridge must not only listen and learn but it must implement a spanning
tree algorithm to conform to the 802.1d implementation and specifications.
51
Fig 5.2
B1 B2
3 6 3 6
A 1 2 2 1
B
4 5 4 5
B1 B2
3 6 3 6
A 1 2 2 1
B
4 5 4 5
B1 still does not know where D is so it "floods" all ports except port 1.
B2 also examines incoming frames and knows that A is reachable via
the directly connected port that attaches to B1 (port 2)
B1 B2
3 6 3 6
A 1 2 2 1
B
4 5 4 5
These BPDUs contain the following information to allow the bridges to decide how to
create the spanning tree:
Find one Root Bridge among all the bridges exchanging the BPDUs.
Determine the shortest path distance between the Root Bridge and themselves.
Elect a Designated Bridge for each LAN. If there are multiple bridges on the same
LAN, one of them has to become the designated one. The one selected is the closest
to the Root Bridge and will only forward frames from that LAN to the Root Bridge.
52
Choose which interface or port, known as the root port, gives them the best path from
themselves to the Root Bridge.
Determine and select ports that should be included in the spanning tree. Only
forward traffic to and from these ports.
BPDU's are sent every 2 seconds on every port in order to ensure a stable, loop-free
topology. How is a root bridge selected? First the bridge is turned on. Every time a bridge
comes up it assumes that it is the root bridge. They set their ID equal to the root ID. The
bridge ID is actually made up of two components, as follows:
1. A two byte priority. The switch sets this number which, by default, is the same for all
switches. The default priority on Cisco switches is 32,768 or 0x8000.
2. A 6 byte Media Access Control (MAC) address. This is the MAC address of the
switch or the bridge. The combination of these two numbers determines which switch
will become the root bridge. The lower the number the more likely this switch will
become the root. By exchanging BPDUs, the switches determine which one is the root
bridge. Below is an example of the bridge ID:
80.00.00.00.0c.12.34.56
The first two bytes represent the priority and the next 6 bytes represent the MAC address
of the switch. The structure of a configuration BPDU is shown below:
Bytes | Field
2 protocol ID
1 Version
1 Message Type
1 Flags
8 Root ID
4 Cost of Path
2 Port ID
2 Message Age
2 Maximum time
2 Hello Time
2 Forward Delay
In Spanning Tree Algorithm, there are 5 Spanning Tree Protocol Port States:
Blocking - All ports start in this mode to prevent the bridge from creating a bridging
loop. (20 seconds to Listening mode) Listening - All ports attempt to learn if there are
any other paths to the root bridge. (15 seconds to Learning mode) Learning - Similar to
Listening state except the port can add information that the port learned into its address
53
table.(15 seconds to Forwarding mode) Forwarding - The port is capable of sending and
receiving data.
By nature, one of the devices will be the first one to forward the frame across to Subnet
B. Assume that bridge #3 was the one that forwards the frame first. Since each bridge is
transparent to the other, it will look as if host A is directly connected to Subnet B from
the point of view of B1 and B2. Bridge #1 and Bridge #2 will take in the frame re-
compute their learning tables by re-defining host A to be residing on Subnet B and the
frame is then forward to Subnet A.
This has created a loop. To see how this topology begins to degrade, now assume that
Bridge#1 succeeds in forwarding a frame back to Subnet B. Bridge#2 will note that A is
still on Subnet B but Bridge#3 realizes that host A has now moved to Subnet A. It then
prepares itself to forward the frame towards Subnet A.
Now assume that Bridge#1 sends a frame onto Subnet A. Bridges#2 and #3 will take
notice of host A has now moved to Subnet A and will re-compute their learning tables
and begin forwarding towards Subnet B. Not only has there been a loop but also frames
have been duplicated out of proportion causing a network to break. The introduction of
the Spanning Tree Algorithm will prevent these loops by blocking specific ports and
only allowing proper ports to forward the given traffic.
Fig 5.3
Host A
Subnet A
B1 B2 B3
Subnet B
Host B
54
Binary Numbering versus Decimal Numbering
Binary numbering uses only 0s and 1s. The base unit is called a bit (short for binary
integer). It is a base-2 numbering system in which 1 is the largest digit that can be used
in any position. This is the same as 9 being the largest number that can be used in any
position in a decimal number. A decimal number is any number that uses base-10
numbering system. Each digit in a binary number is multiplied by 2 to the power of the
digits position in the binary number, with the first position being the power of (0). Any
number to the power of 0 is 1. Therefore, (1*(10)) ==1.
Consider the binary number 101010. It can be written in the more explicit form of
1*(25)+0*(24)+1*(23)+0*(22)+1*(21)+0*(20). This is one way to convert a binary number
to a decimal number. In this case, 1*(25) equals 32, 0*(24) equals 0, 1*(23) equals 8,
0*(22) equals 0, 1*(21) equals 2 and 0*(20) equals 0, resulting in the following formula:
32+0+8+0+2+0=42. Therefore, 101010 in binary are 42 in decimal format.
Compare the binary (base-2) number 101010 with the decimal (base-10) number 101010.
You write out the base-10 number using the same scheme as the base-2 number system
explained above, resulting in 1*(105) +0*(104)+1*(103)+0(102)+1(101)+0*(100), which
gives you the formula (1*100000)+(0*10000)+(1*1000)+(0*100)+(1*10)+(0*1)=101010.
This is also written as 101010.
The most common use of binary numbers is in groups of 8 bits or what is referred to as
octet or byte. Computer addressing schemes use groups of 4 bytes to represent an
address or a character.
Assume the following binary number: 10101010. You can write it out using the same
system as before: 1*(27)+0*(26)+1*(25)+0*(24)+(1*23)+0*(22)+1*(21)+0*(20)=170 in
decimal format. How do you arrive at this answer? You can think about these octets in
terms of the values represented by each position. The positions are 7,6,5,4,3,2,1 and 0.
These are powers that the base is raised to for each position and the resulting values in
decimal format are 128,64,32,16,8,4,2 and 1.
You can think of a binary system as a logic system. It can be either True or False or ON
or OFF. To make this conversion much simpler and not have to go through the long
representation of base 2 computation, let us put together a simple scenario that will
always provide the user a decimal value given a binary number.
Example
Convert binary number 10111100 to decimal. This number is 8 bits long.
The best way to show this is using a graphical method. It is much easier to see it this
way. Therefore, draw a box with 8 spaces around the binary number in question. On top
of each box, place the decimal value specific for that position. This comes from the
previous explanation about the bit multiplied by 2 to the power of the bits position in the
binary system. Once this is done, take the decimal values of the binary number that are 1,
55
which are above the boxes and add them together. This will give you the result you are
looking for.
Fig 5.4
27 26 25 24 23 22 21 20
128 64 32 16 8 4 2 1
1 0 1 1 1 1 0 0
128 + 32 + 16 + 8+ 4 = 188
In order to convert decimal numbers into binary the same principal can be used, but the
other way around. To convert, first find the highest power of two that does not exceed
the given number and place a 1 in the corresponding position in the binary number. For
example, the highest power of two in the decimal number 36 is 25 =32. Insert a 1 as the
6th digit counted from the right: 100000. In the remainder, 36-32 =4, the highest power
of 2 is 22 = 4, so counting from right the third zero can be replace by a 1 given the
following binary number, 00100100.
The simplest way to display this information graphically is to return to the drawing
boxes. The drawing boxes have specific decimal values with the long base -2
computation such as position 0s value being 1, position 1s value is 2, positions 2 value
is 4, 8,16,32,64,128,256,512,1024, etc ( take note of this pattern).
Once the first position value is obtained, you can double that value to obtain the next
position. With this information, you can put a 1 on the values that will add up to the
decimal number in question. If the requirement is to convert 36 into binary, you can
simply turn the switches to ON or True where the value is 32 and where the value is 4
as shown in the diagram.
Fig 5.5
128 64 32 16 8 4 2 1
0 0 1 0 0 1 0 0
if 36 is required to be
converted to binary turn
the bits to ON which add
up to 36 in the above
boxes resulting in
00100100
56
Logic Tables
When dealing with binary numbers, rules of addition, subtraction, division and
multiplication are not followed in the same manner, as you normally would with base-10
numbering schemes. Two very important operations that should be remembered are the
OR operation and the AND operation. The OR operation can be considered to be the like
the addition operation in base-10 numbering scheme although, the only values to add are
1 and 0.
Assume there are two binary bits available. The number of combinations that these two
bits can provide can be OFF/OFF, OFF/ON, ON/OFF or ON/ON. This is the same as
saying 00, 01, 10, and 11. If two bits are OR together, the answer will be always, 1
provided that, at least one of the bits is equal to 1. It will be 0 always when both bits are
0.
B1 B2 OR
0 0 0
0 1 1
1 0 1
1 1 1
The AND operation can be considered to be the like the multiplication operation in base-
10 numbering scheme, although again, the only values to AND will be 1 or 0. An AND
operation will be performed in the following way. Assume there are two binary bits
available. The number of combinations that these two bits provide has already been
described above. If two bits are AND together, the answer will be always 1 provided that
both bits are 1, otherwise the answer will be always 0 as shown below.
B1 B0 AND
0 0 0
0 1 0
1 0 0
1 1 1
Should there be three bits instead of two, there will be a total of 8 different combinations
of 0s and 1s as shown below.
B2 B1 B0
0 0 0
0 0 1
0 1 0
0 1 1
1 0 0
1 0 1
1 1 0
1 1 1
57
As you can see, a pattern emerges. If there is 1 bit available, the number of possible
combinations for that bit can only be 2, 1, or 0. For 2 bits, the number of combination is
4, for three bits, the number of combinations is 8, for four bits is 16, for 5 is 32, etc. The
pattern can be written in the following way:
Hexadecimal (Hex) numbering uses 0-F (A=10, B=11, C=12, D=13, E=14 and F=15). It
is a base-16 numbering system. F is the largest digit that can be used in any position.
This is the same as having 9 be the largest number that can be used in any position in a
decimal number.
Each digit in a hex number is multiplied by 16 to the power of the digits position in the
hex number, with the first position being the power of (0). Consider the number AA. It
can be written in the more explicit form of A*(161)+A*(160), which is one way to convert
a hex number into a decimal number. In this case, A*(161) equals 160, and A*(160)
equals 10, resulting in the formula 160+10=170. AA in hex equals 170 in decimal.
Notice that it takes eight binary digits 10101010 to write the binary equivalent to 170
(decimal), but it takes only two hex numbers to do the same. This is why hex is such a
popular numbering system. The primary use of hex numbering is addressing schemes is
to provide a shorthand method of writing binary octets. You seldom have to deal with hex
numbers greater than two digits. Layer two MAC addresses are typically written in hex.
For Ethernet and Token Ring, these addresses are 48 bits or six octets. A typical MAC
address will be represented in the following way:
10005ABABCBB
The first six digits represent the MAC identifier or company that manufactures the
Network Interface Card. It is a value assigned by IEEE to represent what company owns
and manufactures such interface. In this example, 10005A is an identifier for IBM. If
you follow the rules described for hex conversion, the values are 0-15. Given this
information, you can write the MAC address above in binary in the following way:
58
0001 0000 0000 0000 0101 1010 1011 1010 1011 1100 1011 1011
It is obviously much easier to remember the hex address that trying to remember 48 bits
corresponding to your MAC address.
5.1.5 Conclusion
Bridges are devices that can allow interconnecting multiple LANs. These devices are
much more complex and required a lot more parameters to manipulate. Some network
topologies nowadays still use bridges to exchange information although the bridge has
almost been completely replaced by the use of routers. Spanning Tree Algorithm is still
in use today as switching environments; need to provide loop-free environments to
prevent degradation and collapse of a network. Bridges opened the doors for routers, as
you will see in future sessions.
During this session, the topic of Boolean math or binary math was discussed briefly.
This topic of course, could not be discussed just in a few simple paragraphs as I have
done since Boolean math is a field of study in the mathematics arena, which is complex
and much more detailed than this explanation.
The final section of this session dealt with the basic conversion mechanisms between
decimal and binary numbers; as well as hexadecimal conversion to binary and decimal
numbers. Additionally, logic tables were introduced as the necessary mechanisms
required for performing the routing and switching functions on a network. In future
sessions you will have an opportunity to learn more about these functions.
Discussion Questions
59
Chapter 6: IP INTERNETWORKING
60
6.1 Introduction
The information covered in this section is one of most important topics covered in this
course. The ability to understand the IP addressing scheme and the different types of
networks available is necessary for a clear understanding of how the Internet works. As
well, this information is essential for understanding the principles of subnetting.
Our focus in this session is to examine how IP addresses originated and how the Internet
makes sense of each address. Our attention will then turn to the topic subnetting which is
a process that enables a network to expand. The final section will deal with the
importance of the Address Resolution Protocol (ARP). This session is meant to be a
mere introduction to the topic and provides the groundwork for future sessions. You are
encouraged to practice the techniques taught in this session, given that without practice,
future sessions will be more difficult to understand.
The Internet Protocol (IP) is a network protocol used on the Internet to communicate and
transport information across nodes. Intranets, Extranets and Internets use this protocol as
the de-facto protocol for routing. It is one of the most important protocols of the TCP/IP
suite of communication protocols. The TCP/IP suite of protocols uses IP as the network
layer protocol and TCP as the transport layer protocol. IP protocol is a connectionless
protocol that uses best-effort delivery of datagrams as well as provides fragmentation and
re-assembly of datagrams, whereas TCP is a connection-oriented protocol that requires
connection setup, maintenance, and termination via a mutual handshake between source
and destination.
A very common comparison is done with the IP protocol and the post office system,
which says the IP protocol is like the actual postal truck that carries the letter written to
the first postal center near the sender. At the postal center (first hop router), destinations
are sorted according to the postal code of the receiver. Intermediate postal centers will
receive the letter and continue sorting until the closest postal center to the receivers
postal code is reached. At, which time, another truck will deliver the letter to its final
destination. The TCP portion will make certain that there is a guaranteed delivery of this
letter, which can be thought of as certified mail. When the other party has received
your certified letter, you are notified by the post office that the party has signed for it.
Many other protocols that pertain to the TCP/IP suite reside on different OSI layers like
in the application layer such as:
File Transfer Protocol (FTP): http://www.ietf.org/rfc/rfc959
Simple Mail Transfer Protocol (SMTP): http://www.ietf.org/rfc/rfc821
Hyper Text Transfer Protocol (HTTP): http://www.ietf.org/rfc/rfc2616
These protocols were invented during the early days of the Internet, which was developed
by the Defense Advanced Research Projects Agency (DARPA) http://www.darpa.mil/, and
other scientific research centers, to allow intercommunication between dissimilar
61
computer systems. IP addresses logically identify a specific host or device on a network.
You can literally see what network the IP address belongs to and how it has been
assigned with respect to that network. It can also help you identify who owns the IP
address and the source that generated the address.
Designers of the IP protocol decided to use 32-bit integer address (4 bytes or 4 octets)
space since at the time common computer processor handled 32-bit words. It was logical
to define an IP address as just another word handled by the processor on each
computer. Routing was also considered when designing the addressing scheme as
routing needs to be as optimal and efficient as possible. Routers only route network
prefixes and not individual hosts. This allows the network to perform better in terms of
finding destinations across networks.
IP Packet Format
The IP datagram or packet contains specific fields that provide certain functionalities,
which are version, IP header length, type of service, total length, identification, flags,
fragment offset, and time to live, protocol, header checksum, source address, destination
address, options, and data.
Version: This field currently determines the IP version being used on the network. The
current version is IPv4. There were other IP versions but version 4 became the standard.
The new proposed standard for IP is called IP next generation of IPv6. This version uses
128-bit integers and includes authentication, QoS, and other features not in used on IPv4.
IP Header Length (IHL): This field indicates how long the datagram header is in 32- bit
words. You will recall that the header contains control information. In an IP packet,
there are 24 bytes of header information.
Type of Service: Type of service is very important when there is a need to prioritize the
packet. It specifies how an upper-layer protocol would like to handle the current packet
by manipulating the bits assigned to this field to give it different levels of importance.
This field is used often with multimedia applications. Video and voice packets have to be
preferred over data packets in a network. Quality of Service is also provided via this
field.
Total length: This field specifies the entire IP packet length in bytes including data and
header.
Identification: This field contains an ID number which identifies the packet should there
be any fragmentation along the way. This ID helps put together the IP packet fragments.
Flags: This field consists of three bits only. The low order bits controls the
fragmentation process. The low order bit specifies whether the packet can be
fragmented. The middle bit specifies whether the packet is the last fragment in a series of
fragmented packets. The third high order bit is not used.
62
Fragment Offset: This indicates the position of the fragments data relative to the
beginning of the data in the original packet, which allows the destination IP process to
properly re-construct the original datagram.
Time-to-Live: This is a counter that gradually decrements, usually from 255 to 0 as the
packet traverses the network. Every hop decreases the counter by one and it is used to
prevent a packet from looping endlessly on a network.
Protocol: This field indicates which upper- layer protocol is expected to process the
information passed onto the IP packet.
Header Checksum: This control field checks for errors on the header field to check for
proper integrity.
Options: This is not used to often but allows IP to use various options such as security.
Padding is also important as it adds 0s to the datagram should it need to have the right
byte size without being discarded as a malformed or too short of a packet.
Data: This is the actual users information, which is generated by upper-layer protocols.
Fig 6.1
32 bits
Type of Total
Version IHL Lengh
Service
Fragment
Identification Flags
Offset
Time to Header
Protocol
Live Checksum
Source
Address
Destination
Address
Options
(Padding)
DATA
63
6.1.2 Classes of IP networks
There are very specific ranges that were selected by the designers of the IP protocol that
represent different classes of networks. These were assigned with respect to how large or
small an entity could be and how these networks could be distributed around the world to
make sure routing was optimal. The IP address has been defined in such a way that it is
possible to extract the host ID or net ID portions quickly. Routers, which use the net ID
portion of an address when deciding where to send a packet, depend on efficient
extraction to achieve high speed.
Classification of networks are divided into three main groups, Class A, Class B and Class
C. Class A networks, were allocated for very large corporations or entities which had
millions of hosts available to addressed. Class B networks were intended for middle size
entities which have hosts in the thousands to be addressed. Class C networks were
allocated for small entities or individual users for allocation of addresses to a few
hundred hosts. There are also Class D and E networks. Class D networks are specific for
multicast applications and are assigned to entities, as they need it to develop their
applications. Class E networks are experimental and not in use right now.
In the section below, you will have an opportunity to examine the notion of Classical
networks from A through C in great detail. Classical networks are those networks
considered without any subnetting done to them. They are fully utilized without breaking
them into subnet ranges.
Class A networks
First octet ranges from 0.0.0.0 through 127.0.0.0 (written in decimal). The network 0 is
never assigned. The network 127 (loop back) is used specifically for some local
applications that run internally such as email servers or other web servers on a system
that acts both as client and server hence it is never assigned. All Class A networks have
been assigned and there are no more available networks to hand out at this point.
The usable class range is between 1.0.0.0-126.0.0.0. The highest order bit in the 32-bit
address is always set to zero. For example, a class a network of 122.0.0.0 will be written
this way in binary, for the network field and all zeros for the host field
128 64 32 16 8 4 2 1
0 1 1 1 1 0 1 0. 00000000.00000000.00000000
The numbers on top of the first octet represent the decimal value of each bit integer as
described on session 5.
Why is the highest order bit of the highest octet always 0? Because if that bit was turned
to ON or equal to binary 1, then it will no longer be in a class A network range (1-126). It
would jump to the next class.
64
In a class A network, the highest order 8 bits represent the network and the other 24 bits
left represent the hosts as shown below:
122 . 0. 0. 0
network. host. host .host
Fig 6.2
Decimal Value of first
Octet between 0 -127
First bit is
8 bits 24 bits
always = 0
representing representing
Network Hosts
Class A Network
Another rule implemented is that there should always be (2n-2) hosts available for use
where n represents the number of bits dedicated for hosts. In this case, there are 24 bits
representing hosts, which will provide (224-2) or 16,777,214 devices. This rule is in place
because you need to define a network address as well as a broadcast address for that
specific network. You should not assigned the first address of the range, in this case,
12.0.0.0 or the last address on that network, 12.255.255.255, as the 0's represent the
network (12) and the 255's represent the broadcast address. This is the reason for
subtracting the first and the last host addresses from the range.
Now as an example, Classical IP address 12.12.12.1 represents a host (device, router, PC,
printer, etc) in network 12.0.0.0. Host addresses 12.0.0.1, 12.0.0.255, 12.12.12.0,
12.255.255.254, 12.255.254.255 among others, represent valid hosts on this range but it
is sometimes customary not to assign these to avoid confusions.
In practical worlds, LAN administrators sometimes will not use the hosts with 0s or
255s. To avoid confusion they will start with 12.1.1.1 up to 12.254.254.255 However, it
can be proven that hosts with 0s and 255s will work. Take a look at the following
example (Figure 3) where the machine was configured for 10.10.10 (10 being Class A
network) and it responds to ICMP (Pings). This holds true for Class B and C networks.
65
Fig 6.3
Class B networks
First 2 octet ranges from 128.0.0.0 through 191.254.0.0 (written in decimal). The first
octet is always used to determine the network class. If it is between 128 and 191, the
network is a class B.
The definition for class B says that there are 16 bits for the network and 16 bits for the
host as such
128 64 32 16 8 4 2 1
1 0 0 0 1 0 1 0 =128+8+2=138
&
128 64 32 16 8 4 2 1
0 1 0 1 1 1 0 1 = 64+16+8+4+1=93
Hence, you need to consider not only the first octet but also the second octet as well when
reading back the network.
The definition also says that you can determine a class B network if the highest 2 bits of
the highest octet in that 32-bit string is 10 regardless of how the next bits are defined as
66
shown below:
If the second highest order bit on the highest octet were turned to 1 or ON, then it would
no longer be a class B network but instead jump to the next class range, which is C.
Fig 6.4
10
Again, the host rule is implemented which says that there should always be (2n-2) hosts
available for use where n represents the number of bits dedicated for hosts. In this case,
there are 16 bits representing hosts, which will provide (216-2) or 65,543 devices. This
rule is in place because we need to define a network address as well as a broadcast
address for that specific network.
You should not assigned the first address of the range, in this case, 138.93.0.0 or the last
address on that network, 138.93.255.255, as the 0's represent the network (138.93) and
the 255's represent the broadcast address. This is the reason for subtracting the first and
the last host address from the range.
67
Class C networks
First 3 octet ranges from 192.0.1.0 through 223.255.254.0 (written in decimal). The first
octet is always used to determine the network class. If it is between 192 and 223, the
network is a class C.
The definition for class C says that there are 24 bits for the network and 8 bits for the host
as such
128 64 32 16 8 4 2 1
1 1 0 0 0 0 0 0 =128+64=192
&
128 64 32 16 8 4 2 1
1 0 1 0 1 0 0 0 = 128+32+8=168
&
128 64 32 16 8 4 2 1
0 0 0 1 1 1 1 0 = 16+8+4+2=30
192.168.30.0 is a class C network and if you had a binary string representing this number
then the highest three bits in the string will always be 110.
You still need to take into consideration the next 21 bits as this make up the network
field.
Again, the host rule is implemented which says that there should always be (2n-2) hosts
available for use where n represents the number of bits dedicated for hosts. In this case,
there are 8 bits representing hosts, which will provide (28-2) or 254 devices. This rule is
in place because you need to define a network address as well as a broadcast address for
that specific network.
You should not assigned the first address of the range, in this case, 192.168.30.0 or the
last address on that network, 192.168.30.255, as the 0's represent the network
(192.168.30) and the 255's represent the broadcast address. This is the reason for
subtracting the first and the last host address from the range.
68
Fig 6.5
Decimal Value of
Decimal Value of first
second and third
Octet between 192 -223
Octets between 0 -255
110
Class D networks are networks assigned to multicast groups. The ranges are from
224.0.0.0 through 239.255.255.255. Class D networks will be discussed in the last
session of this course.
A MASK represents the network and how IP addresses are interpreted locally on that IP
network segment. The router uses it, for example, to determine where the network begins
and ends (it uses the logical AND operation to determine the network). There are
classical masks and there are subnet masks. For now, assume the following for classical
networks and masks:
The standard (classical) network mask says that all the network bits in an address are set
to 1 and all the host bits are set to 0. Every single IP address assigned to a node
anywhere has a mask defined otherwise it is not going to work. IP addressing needs a
mask. These need to co-exist for proper IP processing to work. Standard network masks
for the three major classes of networks are:
This is exactly what the definition says. Place a 1 on all the bits that represent the
network and a 0 on the bits that make up the hosts. Therefore, for a class A network, a
classical or standard mask will only have 8 bits, a class B standard mask will only have
16 bits, and a class C standard mask will only have 24 bits.
69
The network mask is not an IP address it is used to modify how local IP numbers are
interpreted locally in that subnet. Routers use this information to decide where that IP
address has come from. When an IP address is provided or configured somewhere in a
device, there HAS to be a mask included. This is the only way that you can tell if the IP
address given is a classical IP address or a subnet address.
Do you see the pattern here? It is not an IP address or number. It represents the network,
as you know it. Given a classical network IP, you can easily provide the mask by writing
all 1 where the network field is and all 0 where the host field is.
Finally yet importantly, there are two different ranges of networks. The public domain
or registered networks, which are assigned by the Internet group to any company,
university, or individual requesting, address space for connectivity to the Internet. These
networks are strictly owned by the company, which requests them by paying a yearly fee
to guaranty this network allocation.
A number of different entities allocate address space. The American Registry for Internet
Numbers (http://www.arin.net) manages the Internet numbering resources for North &
South America, the Caribbean, and sub-Saharan Africa. The Asia Pacific Network
Information Center (http://www.apnic.net) manages the Asia Pacific region. The
Reseaux IP Europeens (RIPE) (http://www.ripe.net) manages Internet numbering
resources for Europe, The Middle East, The North of Africa, and sections of Asia
Within the class A, B and C range, there are networks referred to as private networks.
These networks are not assigned to a specific corporation, University or individual as
they are reserved for internal use within any given network, anyone can use them. These
networks cannot route out to the Internet and are meant to be local since company A can
be using the same network as company B.
70
The following are private ranges that can be use to expand your local segments:
6.1.4 Subnetting
The reason for subnetting is very simple. There is a need to create more networks to
utilize the address space more efficiently. This allows for expansion and growth of your
companys infrastructure allowing multiple networks to be deployed in different places
without having to request more address space from the Internet administrating body as
this is very complex and tedious.
Subnetting is implemented by borrowing bits from the host field. For example, a class
A network such as 125.0.0.0 has a classical mask of 11111111.00000000.00000000.00000000.
If you borrow bits from the host field that would mean starting from bit number 9
counting from left to right. Bit 9 is the first bit that begins representing hosts on a
classical A network. Therefore, you can borrow from 1 bit to up to 22 bits to create
subnets. The reason you need to leave the last two bits available for hosts, is because of
the (2n-2) rule, which says, you need to have one network and one broadcast address.
Two bits will give you four combinations (24-2), where the first and the last address are
removed and all you have left are two usable host addresses.
When bits are borrowed from the host field, the number of bits borrowed creates a
number of combinations that will provide the actual number of subnets after all the
combinations have been written. For example, take three bits borrowed from the host
field. This means that there will be 8 different combinations that you can have which
will represent the number of subnets you can obtained from these combinations as
follows:
128 64 32
B2 B1 B0
0 0 0 = 1st subnet
0 0 1= 2nd subnet
0 1 0 = 3rd subnet
0 1 1 = 4th subnet
1 0 0 = 5th subnet
1 0 1 = 6th subnet
1 1 0 = 7th subnet
1 1 1 = 8th subnet
In this example, you had used a class A network, 125.0.0.0 with mask 255.0.0.0. Once
you borrowed bits from the host field, you no longer have a classical or standard
network so you need to apply a new mask. Remember that a mask writes all 1s where
71
the network or sub network is and all 0s where the hosts are. Using this definition, you
obtain the following sub networks:
The 224 in the new mask is obtained by adding the decimal value of each bits
position.
By subnetting this network, you have now incremented the number of possible networks
that can be used for deployment around your network globally but at the same time you
have reduced the amount of hosts by n number of bits borrowed. In this case, the
number of hosts is (221-2).
Keeping up with the idea of having (2n-2) usable hosts, there are also (2n-2) usable
networks. This means that the first and last subnet is not considered when allocating
network address space. This is not to say that they cannot be used. It is just another
customary deployment to make things simpler.
The first step in the planning process is to take the maximum number or subnets required
and round up that number to the nearest power of two. For example, if an organization
needs nine subnets, 23 (or 8) will not provide enough subnet addressing space, therefore
the network administrator will need to round up to 24 (or 16). It is imperative that the
administrator or designer allows for future growth. For example, if 14 subnets are
required today, then 16 subnets might not be enough in two years when the 17th subnet
needs to be deployed. It might be better to allow for more growth and select 25 (or 32) as
the maximum number of subnets. However, as you expand the number of subnets, you
72
simultaneously reduce the amount of hosts as the subnetting process steals away bits
from the host field.
The second step is to make sure that there are enough hosts addresses for the
organizations largest subnet. If the largest subnet needs to support 50 host addresses
today, 25 (or 32) will not provide enough host address space so the network administrator
will need to round up to 26 (or 64).
Subnet Example # 1
An organization has been assigned the network number 193.1.1.0/24 (255.255.255.0) and
it needs to define six subnets. The largest subnet is required to support 12 hosts. The
first step is to determine the number of bits required to define six subnets keeping in mind
the idea about growth. Since a network address can only be sub netted along binary
boundaries, subnets must be created in blocks of powers of two, i.e., 2, 4, 8, 16, 32, 64,
etc. Thus, it is impossible to define an IP address block such that it contains exactly 6
subnets. Here, the subnet block should be defined as 16 (24) and have 8 unused subnets
that can be reserved for future growth. Selecting only three bits from the host field will
provide 23 or 8 subnets but if you use the notion of (2n-2) usable networks, you would
have left only 6 without any room for growth.
Since 16 = 24, 4 bits are required to enumerate the sixteen subnets in the block. In this
example, the organization is subnetting a /24 so it will need 4 more bits, or /28, as the
extended-network prefix. A 28 bit extended network prefix can be expressed in dotted-
decimal notation as 255.255.255.240. A 28-bit network prefix leaves only 4 bits to
define host addresses on each subnet. 24 = (16) 2 =14 hosts.
73
In general, to define subnet #n, the network administrator places the binary representation
of n into the bits of the subnet-number field. For example, to define subnet #6, the
network administrator simply places the binary representation of 6 (0110) into the four
bits of the subnet-number first.
Subnet
255.255.255.240 = 11111111.11111111.11111111.|1111|0000
Now assuming subnet #2, we can define the following hosts for that sub network:
11000001.00000001.00000001.00100000 = 193.1.1.32/28
74
host #2: 11000001.00000001.00000001.00100010 = 193.1.1.34/28
host #3: 11000001.00000001.00000001.00100011 = 193.1.1.35/28
host #4: 11000001.00000001.00000001.00100100 = 193.1.1.36/28
host #5: 11000001.00000001.00000001.00100101 = 193.1.1.37/28
host #11: 11000001.00000001.00000001.00101011 = 193.1.1.43/28
host #12: 11000001.00000001.00000001.00101100 = 193.1.1.44/28
host #13: 11000001.00000001.00000001.00101101 = 193.1.1.45/28
host #14: 11000001.00000001.00000001.00101110 = 193.1.1.46/28
The broadcast address for subnet#2 is the next-lower address than the base address for
subnet#3 (193.1.1.48). This is always the case; the broadcast address for subnet#n
always has a value that is numerically one less than the base address for subnet# (n+1)
Fig 6.6
193.1.1.0/28
193.1.1.64/28
193.1.1.16/28 193.1.1.80/28
NET
193.1.1.96/28
193.1.1.32/28
193.1.1.48/28 193.1.1.112/28
75
Address Resolution Problem
The idea behind Address Resolution Problem (ARP) http://www.ietf.org/rfc/rfc826 is
very simple. Assume one of the hosts on the local segment is a router that is trying to
determine which machines are connected locally to its local interfaces. Packets arriving
at that router are delivered directly to connected devices that need to be framed using a
PDU specific to that topology. Having just an IP address is not enough because the
frame will be using physical MAC addresses to determine where each machine resides
physically. Therefore, ahead of time, the router broadcasts an ARP request to all the
machines requesting their physical MAC addresses.
The mapping occurs when host A says to the local segment I have IP address IPB ,
please respond to me with a MAC or physical address PB only if you have IPB as the IP
address configured. The router or host uses this information to create an ARP table,
which is updated usually every four hours. This table can change if the hosts ARP table
is cleared. The clearing will create the process to start again querying everyone locally
attached to respond with physical addresses.
To summarize:
The Address Resolution Protocol, ARP, allows a host to find the physical address of a
target host on the same physical network, given only the targets IP address
Fig 6.7
" Do you have IP address for host B?"
" Give me physical address PB"
A D H B
A D H B
Router
76
know where A is but also since A uses a broadcast packet, the IP to physical address
binding is also included so that everyone in the wire knows where A is.
6.1.6 Conclusion
In this session, you have examined the functions of an IP address, how these addresses
are represented on a network, the different classes of networks and also how and why to
subnet. The session was concluded with a brief look at the APR protocol.
This session requires a great of practice and extra examples have been provided in the
assignment section to allow you to practice further.
Discussion Questions
Subnet
4. Given subnet 8.1.1.0/24, how many total subnets are there with how many
hosts?
8. What is the maximum amount of bits you can borrow from the host
field, if you want to subnet a classical A network? B? C?
77
Chapter 7: IP ROUTING PRIMER
78
7.1 Introduction
Up to this point, references have been made to what packets are and what they actually
contain and carry across a network. Routing is the function that allows these packets to
reach their final destination. Routing processes performed by nodes called routers
usually run in software programs. Routing decisions are included in the operating system
of the router or sometimes, the process is done at the hardware level where much of the
routing decision functionality is moved to the ASIC or microprocessor. This allows the
algorithm to work at chip level making routing decisions extremely fast.
The focus of this session will be on how a router makes a decision to route a packet.
Additionally one type of dynamic routing algorithm called Distance Vector algorithm
will be discussed in detail. The session will conclude by examining the differences
between the Classful and Classless routing protocols. Finally, there will be a practical lab
scenario created specifically to show some of the characteristics and parameters
discussed in this session.
Routing is the process of moving packets across a network using a router from a source to
a destination. Routers are multi-protocol devices used to exchange these packets and
hence are layer three devices (Network layer of the OSI model). Multi-protocol means
that these devices can actually convert packets from a specific protocol such as Novell
IPX to an IP packet as well as it can take dissimilar frame PDUs such as Token Ring
frames and convert them to Ethernet PDUs.
Routing is necessary in order to move traffic flows from one network to another.
Multiple routers can be traversed when sending packets across a network. Each routers
function is to determine the best path to get the specific packet flow from source to
destination. Routers know of the entire topology by means of exchanging routing
updates that are kept in routing tables. These tables are analyzed every time there is a
need to determine the best path to the destination. The topology update is done through
continuous updates via hello packets spaced out every 30, 60, or 90 seconds depending
of the routing protocol in used. These hello packets contain the routing information
encapsulated for the entire topology. Routers then use these updates to maintain their
tables in a steady state form and only re-calculate the tables when there are changes in the
topology.
Changes in the topology can be related to networks that are being affected due to outages
attributed to additional networks being introduced to the topology, or routers failing due
to hardware issues, etc. Routing is based on destination prefixes. The main goal of a
router is to locate a way to deliver the packets to the closest router advertising that
network. Routers do not know of specific hosts on any network because trying to keep a
table on a router with every host on the network would require incredible amounts of
memory and very powerful hardware to maintain these enormous routing tables. This
course would not be scalable or even feasible.
79
Processing takes much less time when all that needs to be calculated is a network
destination. The Internet right now has over 110,000 network prefixes listed on routing
tables. Imagine if every host on the Internet was cached (stored) on every router
connecting to the Internet? It would be impossible to keep track of this process.
Traditional routing, which is done in software, uses specific algorithms to determine the
most optimal and efficient path to a destination. Routing infrastructures now are being
deployed with Layer 3 switching architectures. This means that the routing algorithms
(mechanics) have been moved down from the software operating level to the hardware
level right onto the ASIC (Application Specific Integrated Circuit) or the chip level
increasing the processing power allowing for faster routing calculations and less CPU
processing.
When host A sends its packet destined to host B on network X, gateway G will intercept
that packet. It will strip away the destination prefix from the destination address and it
will look at its routing table to determine what path to follow which was provided by
updates that arrived to that gateway G from its peers. The gateway does not know
exactly where the actual destination is but does have a next hop peer or neighbor
available, which provided the updates for that specific destination network and many
others. This means that routers use their neighbors to get updates for their tables.
Peer or neighbors are routers that are directly connected to the same LAN or network to
the hosts gateway router. These peer or neighbor routers also have their own peers and
neighbors, which pass on information about their local networks through updates that
have been provided by their peers or neighbors. This makes the process much easier as a
packet traveling through, say five different routers, will need to be completely analyzed
by the last hop router where the actual destination host is directly connected. The three
routers in between are not required to perform an analysis, other than to determine the
next hop path for the packet. This makes routing very simple and efficient.
80
Fig 7.1
1
R2 R4
1 1
R1 1 R6
A 1 1 B
R3 R5
1
Typically, a routing table contains pairs (N, G), where N is the IP address of the
destination network, and G is the IP address of the next gateway along the path to
network N. Thus, the routing table in gateway G only specifies one-step along the path
from G to a destination network the gateway does not know the complete path to the
destination.
In short, you want to make sure that routers (gateways) maintain routing tables to route
packets and the hosts use these gateways to transport their information across a network.
Hosts should not have routing tables larger than, its default gateway, unless these hosts
are systems that also participate in routing such as Unix systems that run RIP to
determine which gateway dynamically is the best one available.
To illustrate this information, let us look at a simple network topology, which shows a
couple of routers interconnecting a set of networks. The routing tables will reflect this
topology. The size of the routing table increases as the amount of routers increases on
the network. Each router has a table that reflects its knowledge of every network in the
topology. Conversely, the router does not need to know how many hosts are connected
to every network that is listed on the routing tables. Even if the router is not directly
connected to network Y, it will know of that network because its peer passes on the
update for network Y via a specific interface. This process should be dynamic, as you
want the network to determine another path to a destination in case the most efficient or
optimal path disappears due to hardware failure, link outages, etc.
81
Fig 7.2
30.0.0.0
.1
.1 RA .1
20.0.0.0 .3
10.0.0.0
RC
.2
.2
RB
RA's Table .1
Network Via Gateway 40.0.0.0 RD 50.0.0.0
.3 .1
10.0.0.0 Directly Connected
20.0.0.0 Directly Connected
30.0.0.0 Directly Connected
40.0.0.0 Via 20.0.0.3 or .2
50.0.0.0 Via 20.0.0.3 or .2
Choosing routes based on the destination network ID alone has several consequences.
First, in most implementations, all traffic headed for a given network prefix follows the
same path. Even if the there are multiple paths available advertising that network prefix
with equal costs or metrics, other paths might not be used concurrently. In addition, all
types of traffic follow the same path without regard to the delay or throughput of physical
networks.
Second, because only the final gateway along the path attempts to communicate with the
destination hosts, it can only determine if the host exists or is operational. Thus, you
need to arrange a way for that gateway to send reports of delivery problems back to the
original source.
Third, since each gateway routes traffic independently, packets traveling from host A to
host B may follow an entirely different path then packets traveling from host B back to
host A. This is a very important point. The packet will find a way to be routed and it
allows the higher OSI layers to worry about the reassembly process. This process
composes the actual data encapsulated in the packet.
82
Default Routes
Default routes are often used to route packets using a default gateway in case there are no
networks listed on the routing table for that specific destination network. Therefore if a
host is sending a packet to network Y, but router G does not have an entry on its routing
table for that specific network, it will use the default network entry to route that packet.
It says basically, let the next hop peer take care of that packet.
Host-Specific Routes
Although it can be stated that routing is based on networks and not on individual hosts,
most IP routing software allows per-host routes to be specified as a special case.
After executing the routing algorithm, IP passes the packet and the next hop address to
the network interface software responsible for the physical network over which the
packet must be sent. The network interface software binds the next hop address to a
physical address; it forms a frame using that physical MAC address, encapsulates the
packet in the data portion of the frame, and sends the frame across. This is only a
temporary process used to determine the physical address of the next hop gateway. Once
this is done, the network interface software discards the next hop address and the process
starts again as it traverses the network over each router hop.
For example, PC1 on network 10.10.1.0 with IP address 10.10.1.1 creates a packet
destined to PC2 on network 20.20.1.0 with IP address 20.20.1.1. The PC takes a packet
and encapsulates it into a frame. PC1 knows that the traffic is not destined for its local
network because of the mask therefore it sends the information on a frame using R1s
destination MAC address as R1 is the local gateway for PC1. If the MAC address is not
known, PC1 will ARP to find out R1s physical address. Router R1 receives the frame
and in order to route it punts it up the network layer to determine if the packet is destined
for itself. The router sees that the IP destination is not local to itself hence it must route
the packet to the destination. R1 then looks at its routing table to determine which next
hop gateway is advertising that packets destination and via which interface. R1 then
frames the original packet again with a new frame header using R2s MAC address as the
next hop physical destination to move the packet closer to PC2. R2 then picks up this
new frame (with the original IP information which has not changed) and sends it up to the
network layer again. It strips away the headers until it finds the IP destination. At this
time, the router determines that it knows about that very specific network and even about
the local device (PC2) because it is directly connected. It once again frames the
83
information with the destination MAC address of PC2 which will allow the data to be
delivered as originally intended by PC1.
Fig 7.3
Routing Algorithm
making decisions
SA DA 0111110111101010
IP Packet
Network
3
H 0111110111101010101 T Router A Router B
1 H 0111110111101010101 T
MAC Frame Data Link
New MAC Frame
PHY E0 -NIC containing Next hop E0 -NIC
2
IP and MAC
1 1 7 1 1
address of Router B
0 0 0 0
1 1 1 1
011111011110101010110101 0 0 011111011110101010110101 0 0
8
1
1. Host sends data information to the network. First hop router/gateway to that host "intercepts" the data and process it.
2. Data enters the NIC card of router A as a framed with MAC header and Trailer
3 - 4. Router A needs to know where to route the data. It takes the frame and strips away control information until it
reaches the Destination IP Address (DA).
5. Routing mechanism used by Router A (AND operation and Longest Match Lookup) is used to determined where to
send the packet next (determining next hop gateway)
6. ARP table is used to determine MAC address of next hop gateway (Router B).
7. New frame is created with new "temporary" IP address and MAC address of next hop gateway (Router B)
8. Next hop IP address packet is discarded and process begins again from the point of view of Router B
1. Routing is obviously based on the existing routing tables learned through a discovery
process were all available routes are determined to provide all possible paths for
every single packet that needs to be routed.
2. In addition, the routing process uses the technique of the Longest Match Lookup.
Before the longest match lookup, the router has to do the following. All routing tables
are made up of networks and sub networks and not specific hosts to lessen the amount of
cache and memory required storing every single host on the network. Every time a
84
packet is sent from a source, the first hop router to that source strips the IP destination
address and retrieves its internal subnet masks. The retrieval of the internal subnet mask
is necessary because the host does not include its mask on the IP datagram with routing
protocols such as RIP v1 and IGRP. It has to rely on the routers local mask
configuration to determine how that network is divided and what hosts belong to that
network.
The router strips away the destination IP address and executes an AND operation with the
mask obtained from the routers interface. This is done in order to obtain the final
destination network or sub network that the router needs to look up on its routing table to
send the packet to the closest router or next hop peer which provided that network update.
It then uses that AND operation result number, in our case, the destination sub network,
and matches it with the existing routing table entries using the longest match lookup.
When it finds the network that matches the destination route, it sends out the available
interface. The next router that receives that packet executes the same exact process until
the final destination is reached.
As the router is making comparisons, it will look at its cached information to determine
whether the next match was more accurate than the previous one. If the next match has
fewer bits in common than the previous match does, it realizes that anything below that
comparison will not be needed as it knows that in memory it has a closer match from an
earlier comparison. It will then stop the process and save the CPU cycles. Next, it looks
at where this path was learned from and forwards the packet to that interface for the next
router. This router will perform the same process. It will find the unique match and once
the match has been located, the packet will have reached its destination
85
The first step that is implemented by the router is the AND operation:
It takes the incoming packet and strips away the destination IP address:
10101100.00010000.00001010.00000001
11111111.11111111.11111111.00000000
Or
10101100.00010000.00001010.00000001
11111111.11111111.11111111.00000000
---------------------------------------------------
10101100.00010000.00001010.00000000
This yields network 172.16.10.0. The router now uses this result to query its internal
routing table by executing the longest match lookup. This process will tell the routing
process what interface of that router should be used to send this specific packet.
Now every bit obtained from the AND operation is match with this table starting from
left to right.
The first entry in the routing table is a perfect match on all the bits. The router caches
this information and continues to the second one. It does not know that this is the best
match. The second entry is matched from left to right and on the 13th bit, there is a
mismatch.
10101100.00011111.00000000.00000000
10101100.00010000.00001010.00000000
86
Fig 7.4
D=172.16.10.1 R
R
packet D=172.16.10.1
Route R
updates
172.16.10.0
172.31.0.0
172.16.0.0
172.15.0.0
AND process between 172.16.10.0 and mask
255.255.255.0 in binary mode
5.1.3.0/24 5.1.5.0/24
At this time, the router knows that there is no need to continue matching any further as it
has a better match cached in memory. It then uses that entry and routes the packet out
interface Ethernet 0. This procedure is done every single time a packet arrives to the
routing process.
87
7.1.2 Routing Protocols
Routing protocols fall into two categories: interior routing protocols, or IGPs, and
exterior routing protocols, or EGPs. IGPs are used to route IP traffic within a single
autonomous system. An Autonomous System (AS) is, generally speaking, a group of
networks under the same administrative authority. EGPs are used to route traffic
between autonomous systems that are connected to the Internet. Again, the Internet is a
great example of this scenario.
Every entity that has a presence on the Internet such as a company, University,
organization, etc will have to identify itself with a specific autonomous System. These
autonomous systems are identifiers like IP address ranges allocated to an entity. The AS
numbers are also registered through either ARIN, RIPE or any other registry available to
a region. EGP protocols such as BGP are used to exchange information between
different AS.
There is also a notion of internal AS systems. A company can have multiple AS running
on their internal network. For example, company A has been trying to migrate an old
legacy infrastructure to a new infrastructure created for improving service, efficiency, etc.
Legacy routers will be probably running one routing process using a specific AS, say
AS1 and new topology routers running a different AS number, say AS2. This allows the
two internal topologies to be separate and more controlled. Routers on AS1 will not see
updates or participate on any routing exchange with routers on AS2 even if they are
connected to the same local backbone. Now, if both topologies need to interface with
each other, there has to be a router in between the two worlds that understands both
routing processes. In other words, the router in between is a gateway between AS1 and
AS2. This is very common in the industry.
88
Fig 7.5
C om pany B
AS3
AS20
IS P B
AS30
AS2
IS P A
AS40
C om pany A
C om pany X
IN T E R N E T
IG P s
IG P s
C o m pa ny X 's
C om pa ny A 's Inte rna l N e tw o rk
In terna l N e tw o rk
Dynamic routing protocols can also be categorized specifically in using two types of
algorithms: Distance vector and link state.
89
Routers running the same routing process use specific multicast groups allocated for that
routing protocol where routers can listen and exchange their routing updates. Multicast is
used many times to provide updates between systems or just maintain keepalives. There
are defined multicast groups for each routing protocol. This gives the opportunity for
other routers running different routing protocols to co-exist on the same wire and not
have to process packets not meant for them. Routers that exchange routing updates of the
same routing process are called peers or neighbors.
Routing updates using distance vector algorithms are periodic. Every route entry is sent
during the update period. There is less CPU processing required as routing updates are
done only between peers. However, convergence time is much longer. These protocols
differ from Link- state protocols because they send incremental updates making them
more efficient and easier to converge. In addition, link-state protocols have a database of
all the routers in the topology allowing for very fast convergence, as there is no need to
wait for a peer to pass on the route failure information. One disadvantage about link-state
protocols is that CPU requirement is very large since it needs to keep the entire routing
topology cached on the routers database.
Fig 7.6
Another important component of routing and that is called metrics. Metrics generally
reflect how far away from the advertised network prefix the router perceives itself to be.
Metrics are used to find the best route to a specific destination prefix, which is listed on a
routing table. There can be multiple metrics advertised to the same network, which are
learned by a router.
The idea behind the metric is to have the router select the best metric available. This is
the shortest path in terms of hops, or best path in terms of bandwidth or delay, etc to the
final destination prefix and disregard other updates, which show a less optimal path.
90
Even though these are discarded by the routing process, they are still available by
means of updates in case there are issues with the best path. Cisco installs all RIP routes.
If there is a problem with the optimal path, the less optimal path becomes the best and
only path to get to the destination. This less optimal path will be installed on the
routing table allowing the routing process to select it and use it to send packets towards
that destination prefix. This is the advantage of having dynamic routing updates.
Fig 7.7
1
RB RC
1
1
RD
1
RA 1 B
1 RE RF RG
A 1 1
All distance vector routing protocols follow these considerations when calculating the
metrics:
Each interface on a router serviced by a certain routing protocol has a cost. The cost
is protocol specific.
When a router receives a routing update, it recalculates the metrics of the advertised
network prefix using the cost of the interface, which will be use to forward packets
out destined for that network prefix. In most cases, this interface coincides with the
interface on which the routing update was received.
The new metric that the router calculates must be greater than the one it received in
the original routing update, because it must incorporate the cost of the output
interface.
The router advertises the remote network prefixes using the recalculated metrics.
Initially, before a router has received any routing updates, it only advertises the networks
to which it is directly connected. As it receives routing updates from other routers on
directly connected segments, it recalculates the metrics for the learned network prefixes
and starts advertising this network prefix with a new metric. Therefore, router R1 hears
some updates that come from peer router R2, R1 uses those updates to create a routing
table and will allocate the correct metric to those network prefixes. R1 will also update
91
R2 with R2s updates and vice versa. Eventually all routers on all segments will learn the
entire network prefixes used throughout the network.
Routing instability can also occur throughout a network. This means that routing table
stability will no longer be available and a new convergence process has to take place.
Instability on a routing network can be caused by the following:
1. When new segments are added to a network, the router for the segment being
connected starts advertising the network prefix assigned to that segment. Other
routers on the network participating on the same routing process will listen to the new
update and will begin forwarding the update to their own peers until the update
reaches every router in the topology. At the same time, other routers will begin
updating back their routing tables to the first router that advertised the additional
segment.
2. Network component removals and failures can also cause instability on a routing
network.
Routers exchange routing updates on a regular basis for example, every 30 seconds in the
RIP protocol http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/rip.htm . Other
routers use the RFC standard http://www.ietf.org/rfc/rfc1058 and the IGRP protocol
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/igrp.htm updates every 90
seconds
These hello packets contain the routing information for every network prefix learned
via neighbors and peer routers. Every time a route is installed on a routing table, a timer
is kept for that specific routing entry. This timer is reset every time that route update is
received by that router via a hello packet update. Therefore, if the update timer is 30
seconds and network prefix A is included on the periodic update, the timer will be reset
back to 0 seconds until the next update for prefix A. Should the update for network
prefix A not arrived on the next periodic update, a new timer begins that will mark that
network prefix A as possibly down and a new set of timers begin to allow the network
prefix A to recuperate or if down hard to be removed from the routing tables completely.
The removal of the routing entry completely is loosely referred to as flushing out the
entry off the routing table. Every router on the network has to flush out the entry to reach
convergence once again. Should the network prefix A come back into operation, the
updates will include that prefix again, which will cause another convergence throughout
the network.
92
segment S1, picks up router R2s update. R2 is the only peer of router R3. Because
router R1 is directly connected to segment S1 and therefore has a better metric for
segment S1, it ignores router R2s updates for segment S1. This is a normal update
condition. Routers use their peers to obtain updates about network prefixes across a
network.
Fig 7.8
S1 S2 S3 S4
R1 R2 R3
S1 S1 S1 S1
S2 S2 S2 S2
S3 S3 S3 S3
S4 S4 S4 S4
Now suppose that segment S2 fails. Router R2 starts a timer for segment S1 that marks it
as invalid of possible down. Eventually, the timer expires, and router R2 stops
considering segment S1 as available via router R1. Until this happens, router R2
continues to advertise segment S1, which means that router R3 does not even know that
router R2 stopped receiving updates from router R1. After router, R2s timer for segment
S1 expires; router R2 considers an alternative route for that segment. Eventually, router
R2 gets the update from router R3, with R3s metrics. Router R2 recalculates its own
metric for this new route and sends it back to router R3 in the next regular update.
Router R3 then sees that the routing updates for segment S1 from router R2 have a worse
metric, so router R3 recalculates its own metric, which it sends out with the next regular
update.
All iterations of this process make the route to segment S1 worse, although it will never
disappear. This then becomes a ping-pong game between two routers, each
announcing what they think is the best metric to S1. The easiest way to solve this
problem is to consider any network prefix unreachable if the metric of the route is greater
than a certain value. RIP uses a value of 16 hops to determine a network not reachable
(16 hops is considered infinity). Since both routers point to each other, this creates a
routing loop. A few techniques have been developed to eliminate or lessen this counting
to infinity problem
93
Split Horizon
The split horizon rule http://www.freesoft.org/CIE/RFC/1058/9.htm forbids a route to
advertise a network prefix via the interface from which it learned of the prefix. A more
aggressive version is called split horizon with poisoned reverse. This rule instructs the
router to advertise a network prefix via the interface from which it learned of the prefix
with the metric set to infinity.
Hold-downs
Another technique is called hold-downs. The route, in addition to the regular route timer,
also maintains a garbage collection timer. The router starts the garbage collection timer
when the regular timer expires. The router also declares the corresponding network
prefix unreachable by setting the routes metric to infinity. Until the garbage collection
timer expires, the route cannot be removed from the routing table or modified even if
another routing update for that network prefix arrives.
Administrative Distance
A single router may possibly run several IP routing protocols that can be advertising the
same network prefixes. These separate processes are going to try to install routes for the
same destination, which will cause problems. The routing process needs to know which
routing protocol to execute with respect to resolving or installing a route on its routing
table. For this reason, there has been a parameter created to give a routing process
priority over another. This priority is called administrative distance. A numeric value is
associated with each routing protocol like RIP, IGRP, OSPF, EIGRP, BGP, etc. The
administrative distance reflects the level of trust that a router has in the routing
information supplied by the routing updates.
The higher the administrative distance, the less preferred that routing process would be.
For instance, router R1 sees that network 10.0.0.0 is being advertised via a routing
protocol with an administrative distance of 120. An update arrives for the network prefix
that has an administrative distance of 100. The route updates from the protocol with
higher administrative distance will be disregarded and not used to create routing tables
(see the lab at the end of the session for more details).
Classful routing protocols are protocols that do not include the subnet mask in their
routing advertisement hence devices connected to a local segment assume to have the
same mask as the local router interface. Routing updates between major nets are
summarized across the routers connecting these networks. For example, if there are sub
networks 172.16.10.0/24 and 10.2.0.0/16 passing across a router running a specific
classful routing protocol, the updates will be summarized to the net boundaries of
172.16.0.0/16 and 10.0.0.0/8.
Another important issue to know before implementing classful routing protocols is that a
technology group in charge of addressing has to agree ahead of time to a specific mask
for every segment connected to the topology supported by these routers. There is no
94
notion of a subnet mask included in the routing updates hence routers will not know how
to handle a mask other that the one agreed too ahead of time. These protocols lead to a
less efficient use of network address space since a point-to-point link, which only
requires two IP addresses will have to use the same mask as the user segment with 60
users with 60 IP addresses. The point-to-point link, which had a subnet mask identical to
the user segment, now has 58 IP addresses wasted, as this segment cannot be used
anywhere else on the network. Protocols that are considered Classful routing protocols
are RIPv1 and IGRP.
Classless routing protocols actually exchange the subnet mask on their routing updates.
This allows any network to be non-homogeneous with respect to the subnet masks
assigned per each segment. This basically means that if an entity requires a segment to
support only two hosts, such as point to point links, the given subnet mask of usually
255.255.255.252 or /30 will be assigned to that network. For example, 10.10.10.0/30
with usable hosts of 10.10.10.1 and 10.10.10.2 therefore 10.10.10.0 is the sub network
and 10.10.10.3 is the broadcast address.
Being able to create subnets with different masks allows for a better and more efficient
use of network space. You can continue allocating /30 subnets to all your point-to-point
links. This way, subnets are created by varying the mask as needed. This is called
Variable Length Subnet Mask (VLSM). Protocols like EIGRP, OSPF, BGP, and RIPv2
all are classless routing protocols.
The Routing Information Protocol (RIP) is the de facto standard protocol available
virtually on any IP host and router regardless of the vendor, whereas IGRP is a Cisco
proprietary protocol. This protocol uses very simple metrics, represented by positive
integers 1 through 16, where the metric of 16 is considered infinity. RIP calculates the
metric of a route as the sum of segments composing the route. IGRP metrics is rather
complex and calculated using five characteristics of the paths, which are bandwidth,
delay, load, and reliability and MTU size. Therefore, the network diameter- the
maximum number of router hops that a routing protocol can handle-of IGRP is much
bigger than that of RIP.
There can be only one RIP routing process on a router. On the other hand, there can be
multiple IGRP routing processes running on a single router, each servicing a separate
autonomous system. RIP can advertise individual IP addresses, such as 10.1.0.1/32
whereas IGRP cannot.
7.1.5 Conclusion
In this session, the basics of routing were introduced. It is very difficult to explain all the
characteristics and functionalities of every routing algorithm in this session. The
introduction serves as a guide for future understanding of how a network communicates
95
and exchanges traffic in the form of packets. The goal for this session is to provide you
the notion of routing without focusing specifically on a particular vendor so that when
time comes, you can actually work with a router and know what functionality to expect.
The idea is to make you think about the routing algorithm and its process and not the
actual commands as anyone can pick up a manual and configure a Cisco router, or a
Nortel router or a 3Com router.
Discussion Questions
1. What is the advantage of routing over switching?
2. How does a packet know what path to follow towards its final destination?
3. Why is there a need for EGPs?
4. What is one of the drawbacks of a distance vector algorithm?
5. What does it means when a router places a route into hold down?
96
ROUTING LAB SCENARIO
The following lab has been set up to illustrate the basis of routing. There are two routers
connected via a serial cable simulating a 56K circuit. One router is NY and the other is
London. NY router has one Ethernet segment and a couple of loop back interfaces.
London router has a couple of Loop back interfaces as well. You sometimes create loop
back interfaces, which are logical interfaces that never go down in the routers. They are
used to provide a keep-alive network.
Fig 7.9
L0 L1
10.3.3.0/24 10.6.6.0/24
.1
S0 S0
.1 NY .2 .1 London
E0 .1 .1
10.2.2.0/24
L1 L0
10.4.4.0/24 10.5.5.0/24
Both routers were first setup to run RIP between them using network10.0.0.0/8. The
capture file shows the normal operation of the routers and their routing tables. The next
step is to show how their timers are setup such as update timers, hold down timers, flush
timers, etc. Then the command debug is used, which enables the student to see detailed
information with respect to IP routing. Debug is not always used because it can crash a
router if the debug process is CPU intensive. It has to be used with care.
As the updates are being sent every 30 seconds (for RIP), the Ethernet cable for the router
NY is disconnected. It is important to notice how the routing updates display network
10.2.2.0 as inaccessible and with a metric of 16. The route becomes invalid after 180
seconds; it is then put on hold down for another 180 sec and then flushed after 240
seconds. You can see how long it takes this process to converge. Keep in mind that you
can tweak those timers. Also, notice the administrative distance of RIP that is 120 on the
show imp route statement below:
97
sh ip int brief This command shows how many interfaces are up and configured##
Interface IP-Address OK? Method Status Protocol
Ethernet0 10.2.2.1 YES manual up up
Loopback0 10.3.3.1 YES manual up up
Loopback1 10.4.4.1 YES manual up up
Serial0 10.1.1.2 YES manual up up
Serial1 unassigned YES unset administratively down down
TokenRing0 unassigned YES unset administratively down down
NY#sh ip route ## this command shows the routing table ##
Codes: C connected, S static, I IGRP, R RIP, M mobile, B BGP
D EIGRP, EX EIGRP external, O OSPF, IA OSPF inter area
E1 OSPF external type 1, E2 OSPF external type 2, E EGP
I IS-IS, L1 IS-IS level-1, L2 IS-IS level-2, * - candidate default
U per-user static route
98
NY#debug ip rip allows us to see more detail information of packet process in router
##
RIP protocol debugging is on
NY#This is a normal update routing table
RIP: received v1 update from 10.1.1.1 on Serial0
10.6.6.0 in 1 hops
10.5.5.0 in 1 hops
RIP: sending v1 update to 255.255.255.255 via Ethernet0 (10.2.2.1)
subnet 10.5.5.0, metric 2 this is telling us how far away the network is from
NY##
subnet 10.6.6.0, metric 2
subnet 10.4.4.0, metric 1
subnet 10.3.3.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Loopback0 (10.3.3.1)
subnet 10.2.2.0, metric 1
subnet 10.5.5.0, metric 2
subnet 10.6.6.0, metric 2
subnet 10.4.4.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Loopback1 (10.4.4.1)
subnet 10.2.2.0, metric 1
subnet 10.5.5.0, metric 2
subnet 10.6.6.0, metric 2
subnet 10.3.3.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Serial0 (10.1.1.2)
subnet 10.2.2.0, metric 1
subnet 10.4.4.0, metric 1
subnet 10.3.3.0, metric 1
RIP: received v1 update from 10.1.1.1 on Serial0
10.6.6.0 in 1 hops
10.5.5.0 in 1 hops
RIP: sending v1 update to 255.255.255.255 via Ethernet0 (10.2.2.1)
subnet 10.5.5.0, metric 2
subnet 10.6.6.0, metric 2
subnet 10.4.4.0, metric 1
subnet 10.3.3.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Loopback0 (10.3.3.1)
subnet 10.2.2.0, metric 1
subnet 10.5.5.0, metric 2
subnet 10.6.6.0, metric 2
subnet 10.4.4.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Loopback1 (10.4.4.1)
99
subnet 10.2.2.0, metric 1
subnet 10.5.5.0, metric 2
subnet 10.6.6.0, metric 2
subnet 10.3.3.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Serial0 (10.1.1.2)
subnet 10.2.2.0, metric 1
subnet 10.4.4.0, metric 1
subnet 10.3.3.0, metric 1
NY#u all
All possible debugging has been turned off
NY#debug ip rip
RIP protocol debugging is on
NY#
RIP: received v1 update from 10.1.1.1 on Serial0
10.6.6.0 in 1 hops
10.5.5.0 in 1 hops
RIP: sending v1 update to 255.255.255.255 via Ethernet0 (10.2.2.1)
subnet 10.5.5.0, metric 2
subnet 10.6.6.0, metric 2
subnet 10.4.4.0, metric 1
subnet 10.3.3.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Loopback0 (10.3.3.1)
subnet 10.2.2.0, metric 16 I disconnected the Ethernet segment off router NY
subnet 10.5.5.0, metric 2
subnet 10.6.6.0, metric 2
subnet 10.4.4.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Loopback1 (10.4.4.1)
subnet 10.2.2.0, metric 16
subnet 10.5.5.0, metric 2
subnet 10.6.6.0, metric 2
subnet 10.3.3.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Serial0 (10.1.1.2)
subnet 10.2.2.0, metric 16
subnet 10.4.4.0, metric 1
subnet 10.3.3.0, metric 1
RIP: received v1 update from 10.1.1.1 on Serial0
10.2.2.0 in 16 hops (inaccessible)
10.6.6.0 in 1 hops
10.5.5.0 in 1 hops
%LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state to
down
RIP: sending v1 update to 255.255.255.255 via Loopback0 (10.3.3.1)
100
subnet 10.2.2.0, metric 16
subnet 10.5.5.0, metric 2
subnet 10.6.6.0, metric 2
subnet 10.4.4.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Loopback1 (10.4.4.1)
subnet 10.2.2.0, metric 16
subnet 10.5.5.0, metric 2
subnet 10.6.6.0, metric 2
subnet 10.3.3.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Serial0 (10.1.1.2)
subnet 10.2.2.0, metric 16
subnet 10.4.4.0, metric 1
subnet 10.3.3.0, metric 1
RIP: sending general request on Loopback0 to 255.255.255.255
RIP: sending general request on Loopback1 to 255.255.255.255
RIP: sending general request on Serial0 to 255.255.255.255
RIP: received v1 update from 10.1.1.1 on Serial0
10.2.2.0 in 16 hops (inaccessible)
10.6.6.0 in 1 hops
10.5.5.0 in 1 hops
10.1.1.0 in 1 hops
RIP: received v1 update from 10.1.1.1 on Serial0
10.2.2.0 in 16 hops (inaccessible)
10.6.6.0 in 1 hops
10.5.5.0 in 1 hops
RIP: sending v1 update to 255.255.255.255 via Loopback0 (10.3.3.1)
subnet 10.5.5.0, metric 2
subnet 10.6.6.0, metric 2
subnet 10.4.4.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Loopback1 (10.4.4.1)
subnet 10.5.5.0, metric 2
subnet 10.6.6.0, metric 2
subnet 10.3.3.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Serial0 (10.1.1.2)
subnet 10.4.4.0, metric 1
subnet 10.3.3.0, metric 1
NY#sh ip route Showing the ip route table of NY when 10.2.2.0/24 is not available.
The route disappears from its routing table as it was a directly connected network but it
will not go away immediately as you will see on router London
Codes: C connected, S static, I IGRP, R RIP, M mobile, B BGP
D EIGRP, EX EIGRP external, O OSPF, IA OSPF inter area
E1 OSPF external type 1, E2 OSPF external type 2, E EGP
101
I IS-IS, L1 IS-IS level-1, L2 IS-IS level-2, * - candidate default
U per-user static route
Password:
London>sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route
London>en
Password:
London
London#debug ip rip
RIP protocol debugging is on
London#
RIP: sending v1 update to 255.255.255.255 via Loopback0 (10.5.5.1)
subnet 10.2.2.0, metric 16
102
subnet 10.3.3.0, metric 2
subnet 10.4.4.0, metric 2
subnet 10.6.6.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Loopback1 (10.6.6.1)
subnet 10.2.2.0, metric 16
subnet 10.3.3.0, metric 2
subnet 10.4.4.0, metric 2
subnet 10.5.5.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Serial0 (10.1.1.1)
subnet 10.2.2.0, metric 16
subnet 10.6.6.0, metric 1
subnet 10.5.5.0, metric 1
RIP: received v1 update from 10.1.1.2 on Serial0
10.4.4.0 in 1 hops
10.3.3.0 in 1 hops
RIP: sending v1 update to 255.255.255.255 via Loopback0 (10.5.5.1)
subnet 10.2.2.0, metric 16
subnet 10.3.3.0, metric 2
subnet 10.4.4.0, metric 2
subnet 10.6.6.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Loopback1 (10.6.6.1)
subnet 10.2.2.0, metric 16
subnet 10.3.3.0, metric 2
subnet 10.4.4.0, metric 2
subnet 10.5.5.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Serial0 (10.1.1.1)
subnet 10.2.2.0, metric 16
subnet 10.6.6.0, metric 1
subnet 10.5.5.0, metric 1
London#
London#exit
103
Interface Send Recv Key-chain
Ethernet0 1 12
Loopback0 1 12
Loopback1 1 12
Serial0 1 12
Routing for Networks:
10.0.0.0
Routing Information Sources:
Gateway Distance Last Update
10.1.1.1 120 00:00:25
Distance: (default is 120)
NY#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed state
to up I reconnect the Ethernet interface again. Routing updates then get back to
normal##
NY#debug ip rip
RIP protocol debugging is on
NY#
RIP: sending v1 update to 255.255.255.255 via Ethernet0 (10.2.2.1)
subnet 10.5.5.0, metric 2
subnet 10.6.6.0, metric 2
subnet 10.4.4.0, metric 1
subnet 10.3.3.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Loopback0 (10.3.3.1)
subnet 10.2.2.0, metric 1
subnet 10.5.5.0, metric 2
subnet 10.6.6.0, metric 2
subnet 10.4.4.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Loopback1 (10.4.4.1)
subnet 10.2.2.0, metric 1
subnet 10.5.5.0, metric 2
subnet 10.6.6.0, metric 2
subnet 10.3.3.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Serial0 (10.1.1.2)
subnet 10.2.2.0, metric 1
subnet 10.4.4.0, metric 1
subnet 10.3.3.0, metric 1
NY#u all
All possible debugging has been turned off
NY#london
Trying London (10.1.1.1)... Open
104
User Access Verification
Password:
London>en
Password:
London#debug ip rip
RIP protocol debugging is on
London#term mon
RIP protocol debugging is on
London#
RIP: sending v1 update to 255.255.255.255 via Loopback0 (10.5.5.1)
subnet 10.2.2.0, metric 2
subnet 10.3.3.0, metric 2
subnet 10.4.4.0, metric 2
subnet 10.6.6.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Loopback1 (10.6.6.1)
subnet 10.2.2.0, metric 2
subnet 10.3.3.0, metric 2
subnet 10.4.4.0, metric 2
subnet 10.5.5.0, metric 1
subnet 10.1.1.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Serial0 (10.1.1.1)
subnet 10.6.6.0, metric 1
subnet 10.5.5.0, metric 1
London#
RIP: received v1 update from 10.1.1.2 on Serial0
10.2.2.0 in 1 hops
10.4.4.0 in 1 hops
10.3.3.0 in 1 hops
All possible debugging has been turned off
London#sh ip rout
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route
105
C 10.1.1.0 is directly connected, Serial0
London#
Below is each routers configuration. (This is the most simplistic configuration you can
have but it proves what I said in class)
NY#sh run this command is used to show the running configuration of the router
Building configuration...
Current configuration:
!
version 11.1
service udp-small-servers
service tcp-small-servers
!
hostname NY
!
enable password cisco
!
!
interface Loopback0
ip address 10.3.3.1 255.255.255.0
!
interface Loopback1
ip address 10.4.4.1 255.255.255.0
!
interface Ethernet0
ip address 10.2.2.1 255.255.255.0
!
interface Serial0
ip address 10.1.1.2 255.255.255.0
no fair-queue
!
interface Serial1
no ip address
shutdown
!
interface TokenRing0
no ip address
shutdown
!
router rip
network 10.0.0.0
!
router igrp 1000
106
network 10.0.0.0
!
ip host London 10.1.1.1 We used this to actually telnet using names not addresses
no ip classless
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end
London#sh run
Building configuration...
Current configuration:
!
version 11.1
service udp-small-servers
service tcp-small-servers
!
hostname London
!
enable password cisco
!
no ip domain-lookup
!
interface Loopback0
ip address 10.5.5.1 255.255.255.0
!
interface Loopback1
ip address 10.6.6.1 255.255.255.0
!
interface Serial0
ip address 10.1.1.1 255.255.255.0
clock rate 56000 - A device has to provide the clock. Since I do not have a
CSU/DSU on each side of the routers, we simulate the clocking by entering this
command and putting a cross over cable between the serial ports.
!
interface Serial1
no ip address
shutdown
!
107
interface TokenRing0
no ip address
shutdown
!
You can have multiple routing processes working on the router. Nevertheless, since
IGRP has a more trusted administrative distance, (100) notice how the new routing table
for the same segments prefer to use the IGRP protocol to RIP.
router rip
network 10.0.0.0
!
router igrp 1000
network 10.0.0.0
!
ip host NY 10.1.1.2
no ip classless
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end
Here are the routing tables from both routers as they prefer the IGRP protocol to RIP due
to the administrative distance value.
NY#sh ip rout
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route
108
London#sh ip rout
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route
Gateway of last resort is not set
NY#
IGRP: received update from 10.1.1.1 on Serial0
subnet 10.6.6.0, metric 8976 (neighbor 501)
subnet 10.5.5.0, metric 8976 (neighbor 501)
IGRP: sending update to 255.255.255.255 via Ethernet0 (10.2.2.1)
subnet 10.5.5.0, metric=8976
subnet 10.6.6.0, metric=8976
subnet 10.1.1.0, metric=8476
subnet 10.4.4.0, metric=501
subnet 10.3.3.0, metric=501
IGRP: sending update to 255.255.255.255 via Loopback0 (10.3.3.1)
subnet 10.5.5.0, metric=8976
subnet 10.6.6.0, metric=8976
subnet 10.1.1.0, metric=8476
subnet 10.4.4.0, metric=501
subnet 10.2.2.0, metric=1100
IGRP: sending update to 255.255.255.255 via Loopback1 (10.4.4.1)
subnet 10.5.5.0, metric=8976
subnet 10.6.6.0, metric=8976
subnet 10.1.1.0, metric=8476
subnet 10.3.3.0, metric=501
subnet 10.2.2.0, metric=1100
IGRP: sending update to 255.255.255.255 via Serial0 (10.1.1.2)
subnet 10.4.4.0, metric=501
subnet 10.3.3.0, metric=501
subnet 10.2.2.0, metric=1100
109
Chapter 8: OVERVIEW OF ROUTING PROTOCOLS
110
8.1 Introduction
In this session, the goal is to relate the theory learned on session seven. This will be
accomplished by creating various lab scenarios using different routing protocols. This
session is intended to provide a practical overview of the theory learned thus far. The
student will understand the concepts much faster if actual commands and outputs are
executed to correlate theories and other concepts.
The Routing Information Protocol v1 (RIP v1) was one of the first Distance Vector
protocols developed to work on the Internet during its early stages. This routing protocol
was used as the basis for many other routing protocols that enhanced and optimized RIPs
functionality. It is a protocol that is not scalable and not very efficient on large enterprise
entities. Its convergence time is very long and can cause a network to be out of reach for
at least 5 minutes, which is unacceptable in a production environment.
For more information on the RIP v1 protocol, you can view following document at
http://www.ietf.org/rfc/rfc1058
Protocol Operation
How does a router know what networks or segments are located around its infrastructure?
The only way is for peer routers to send updates to each other advertising what segments
and networks are directly connected to them. These updates are passed along peer
routers, which in turn pass them to their peer, or neighbor routers until the entire topology
is covered. RIP v1 sends updates periodically (regular intervals) as well as when there
are changes on the topology. RIP v1 uses only hop counts, as it only metric.
When a RIP router receives an update about a network that has been added to the
topology, the router updates its routing table and increases the metric path value by one.
The closest neighbor router to that network will be considered as the next hop. RIP v1
only understands the best route available on the network.
For example, if router RA connects to RB and RC directly, both routers know of network
X but RB sends the metric of hop counts to network X of 2 and router RC sends the
metric of hop counts to network X of 3. Only RBs updates will be considered as the
only and best path (It has the lowest metric). RIP v1 does not understand equal metrics
so it is a protocol that by nature cannot load balanced between two links equidistant to the
same destination. Changes in the topology cause updates to be sent across the board but
they are independent of the periodic updates that are sent every 30 seconds between peer
RIP routers.
RIP v1 updates are not incremental. This means that when there is a change, additional
subnets advertised or some type of issue with the network, the entire routing tables are
111
exchanged instead of just the route that changed. Link State protocols use incremental
updates, which make them more efficient routing protocols.
Since RIP v1 uses a Distance Vector Algorithm as its main process, it suffers from
counting to infinity issues. In order to avoid this, RIP v1 prevents the routing loops that
counting to infinity creates by introducing a hop count infinity value of 16. This means
that the network diameter or a network packet can only traverse 15 routers or hops until it
is considered infinity. As a result, this makes RIP a non-scalable routing protocol that
can only be used in small venues. RIP also uses split horizon and hold down mechanisms
to prevent routing information from creating loops on the network. RIP v1 uses a set of
timers (used for the hold down mechanisms) which are the following:
1. Routing update timer: This timer is usually set to 30 seconds and measures interval
between periodic routing updates.
2. Route-timeout timer: This timer begins only when a route on a routing table does
not appear. The route is marked invalid but it is retained in the table until the route
is removed.
3. Route-flush timer: This timer is used to remove the invalid entry off the routing
table. The timer flushes out the invalid route.
RIP v1 does not support sub net masks hence it is considered a classful routing protocol.
RIP v2 is an enhancement to RIP v1. For more information on this topic, you can visit
the following website http://www.ietf.org/rfc/rfc2453. The following are some
characteristics of the protocol as they work in a real life scenario. Use figure 1 as a
reference for all routing protocols scenarios described here.
Fig 8.1
10.1.1.0/24 L0
10.3.3.0/24
S0 S0
RA .1 .2 RB
L0
10.5.5.0/24
L1
L1 10.4.4.0/24
10.6.6.0/24
112
Routing timers as viewed on router RA. This command, show ip protocol displays the
routing protocols that are currently running on a router. In this case, you are only running
RIP as the only routing protocol. Notice the timers discussed above. The update timer is
every 30 seconds. The route-timeout timer, which creates the entry invalid, is 6 times the
update timer or after 180 seconds. Hold down timer is also 180 seconds and the route
gets flushed after 240 seconds.
RIP updates are periodic as shown below from the point of view of both routers. Updates
are done via broadcast address of 255.255.255.255.
RA#
RIP: received v1 update from 10.1.1.2 on Serial0 this is the IP address of RB interface
10.4.4.0 in 1 hop
10.3.3.0 in 1 hop
RIP: sending v1 update to 255.255.255.255 via Loopback0 (10.5.5.1)
Subnet 10.3.3.0, metric 2 this metric tells RA that there are two hops to this net
subnet 10.4.4.0, metric 2
subnet 10.1.1.0, metric 1
subnet 10.6.6.0, metric 1 10.5.5.0 net is not advertised to itself- Split Horizon
RIP: sending v1 update to 255.255.255.255 via Loopback1 (10.6.6.1)
subnet 10.3.3.0, metric 2
subnet 10.4.4.0, metric 2
subnet 10.1.1.0, metric 1
subnet 10.5.5.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Serial0 (10.1.1.1)
subnet 10.6.6.0, metric 1
113
subnet 10.5.5.0, metric 1
RB#
RIP: received v1 update from 10.1.1.1 on Serial0 this is the IP address of RA interface
10.6.6.0 in 1 hop
10.5.5.0 in 1 hop
RIP: sending v1 update to 255.255.255.255 via Loopback0 (10.3.3.1)
subnet 10.5.5.0, metric 2
subnet 10.6.6.0, metric 2
subnet 10.1.1.0, metric 1
subnet 10.4.4.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Loopback1 (10.4.4.1)
subnet 10.5.5.0, metric 2
subnet 10.6.6.0, metric 2
subnet 10.1.1.0, metric 1
subnet 10.3.3.0, metric 1
RIP: sending v1 update to 255.255.255.255 via Serial0 (10.1.1.2)
subnet 10.4.4.0, metric 1
subnet 10.3.3.0, metric 1
If you look at the routing tables created after these updates are cached you will see that
every network directly or not directly connected is listed on the table. The process also
tells the router the next hop interface that needs to be used to reach that particular
network. The command, show ip route details the table. The codes are important
because it lets the administrator know about the routing protocol in used.
114
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route
Now assume that one network goes away (network 10.5.5.0/24). How does the update
and routing table change?
115
RIP: received v1 update from 10.1.1.1 on Serial0
10.6.6.0 in 1 hop
It will continue for a while until the timer that flushes out the entry is activated and the
route is no longer available as shown below:
The whole process from beginning to end (from the network marked as possibly down)
and route for 10.5.5.0/24 no longer available took 600 seconds or 180 + 180 + 240 as
specified by the protocol. This is about 10 minutes of convergence for a network that has
only two routers connected via a high-speed line and six networks. Imagine how long it
would take for a network that had many more routers. It would be unacceptable in a
production environment. There are ways to manipulate the timers to reduce the
convergence time but this has to be done with a great deal of care.
The Interior Gateway Routing Protocol (IGRP) is another protocol based on Distance
Vector algorithms. It is a Cisco proprietary routing protocol. It is also a classful routing
protocol and can be thought of RIP on steroids. IGRP is a more robust routing protocol
and can be used within an Autonomous System (AS). This routing protocol is considered
an Interior Gateway Protocol. IGRP has more parameters taken into consideration with
respect to calculating its metrics. The five parameters in question are bandwidth, delay,
reliability, load, and MTU size.
For more information about the IGRP protocol, you can view the following document at
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/igrp.htm.
Protocol Operation
The metric that IGRP uses is called a composite metric because it includes all five
parameters. These parameters are taken into consideration when calculating the
mathematics to provide a metric for an IGRP router. For example, reliability and load
can take on values from 1 to 255; bandwidth can take on different speed values from very
low bandwidths like 1200 bits per second (bps) to 10 Gbps while delay can take on
116
values from 1 to 224 measured in microseconds. The network administrator can actually
manipulate the metrics by changing the values of these five parameters. These changes
are sometimes necessary to influence routing paths to be specifically selected but the
general rule is that the only values that should be manipulated are bandwidth and delay
statements. Cisco suggests leaving reliability, load, and MTU size alone.
Below is the actual formula that is used to calculate IGRP metrics on a network. Routers
that run this routing protocol will always use this formula to calculate a metric to a
specific network destination.
Where BIGRP is the minimum bandwidth on the outgoing interfaces towards the final
destination scaled by 10,000,000 kbps or 10000000/Bmin. DIGRP is equal to the sum of
delays from the outgoing interfaces divided by 10. Constants are usually by default equal
to K1 = K3 = 1 and K2 = K4 = K5 = 0, which reduces the formula to:
Returning to our network example lets now apply this formula to verify the information
displayed by the router in fact matches the mathematical explanation.
Fig 8.2
10.1.1.0/24 L0
10.3.3.0/24
S0 S0
RA .1 .2 RB
L0
10.5.5.0/24
L1
L1 10.4.4.0/24
10.6.6.0/24
Bandwidth = 8000000 kpbs
Delay = 5000 usecs
To calculate metric take
Outbound interfaces only
from RA to segment
10.3.3.0/24
117
In order to calculate the metrics from RA to a network behind RB (10.3.3.0/24), let us
look at the path a packet will take to get from RA to segment 10.3.3.0/24. Packet
destined to 10.3.3.0 will route out interface serial 0 of RA and enter RB on interface
serial 0 and route out interface Loop back 0 to 10.3.3.0/24 network. Taking into
consideration only the outbound parameters as specified by the protocol, you have:
Having this information, you can now calculate the metric from RA to destination
network 10.3.3.0/24 as follows:
Now, from RA, issue command, show ip route 10.3.3.0 and compare to see if the
mathematics make sense:
118
Total delay is 25000 microseconds, minimum bandwidth is 1544 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 0
As illustrated by the example the information has been verified by the mathematical
explanation. This is how every IGRP router calculates a metric to a network. It is done
per every network listed on their routing tables.
In the following example, the actual routing process can be viewed as well as how each
parameter is used. Additionally, the routing table of RA, which shows the code used for
each route entry, is displayed along with the administrative distance with its specific
metric.
119
IGRP gives the network much more flexibility and reliability by permitting multi-path
routing. If router RA connects via RB and RC and both connections have identical
metrics, the routing mechanism can actually forward packets on a destination based
(round robin) process or on a packet per packet process. The routing table will actually
show two equal metrics to the same destination.
Take a look at these two routing entries for network 10.3.4.0 that appear on
MyRouterTEST (test router) routing table. Routing protocols (IGRP) allow you to load
balanced multiple paths to the same destination. In RIP, you will only have one
advertised route entry on MyRouterTEST table to network 10.3.4.0. This is the big
difference between RIP and IGRP and other advance distance vector protocols.
(See the five parameters discussed above, bandwidth, delay, reliability, load, and MTU
size). RIP only uses hop count as its metric and NOTHING else.
What you see here is that there are two possible ways to get to network 10.3.4.0 using the
two neighbors, 10.2.2.1, and 10.1.1.1. When packets are routed, they use a processing
method like fast switching (round robin) or process-switching (packet per packet).
In this case, the * (asterisk) represents the time the queried is done on MyRouterTEST.
The route entries, neighbor 10.1.1.1 are being used as the next hop gateway to reach the
final destination, 10.3.4.10.
_____
/ R1 ------> |
MyRouterTEST | ------10.3.4.10
\______*R2 -------> |
120
The asterisk represents the router or first hop gateway used at the time to reach the
destination 10.3.4.10.
IGRP also uses features such as split horizon and hold down timers to control against
counting to infinity or other types of instabilities. There are also specific timers for this
routing protocol, which were developed modeling a lot of the functionality that RIP had
provided. IGRP has been a very successful IGP protocol. Of course, one of its major
disadvantages is that it is a protocol that cannot support Variable Length Subnet Masks
(VLSM) as well as it takes a few minutes to converge.
Below you can see the updates that are sent between routers in a periodic matter.
RA#
IGRP: sending update to 255.255.255.255 via Loopback0 (10.5.5.1)
subnet 10.3.3.0, metric=8976
subnet 10.4.4.0, metric=8976
subnet 10.1.1.0, metric=8476
subnet 10.6.6.0, metric=501
IGRP: sending update to 255.255.255.255 via Loopback1 (10.6.6.1)
subnet 10.5.5.0, metric=501
subnet 10.3.3.0, metric=8976
subnet 10.4.4.0, metric=8976
subnet 10.1.1.0, metric=8476
IGRP: sending update to 255.255.255.255 via Serial0 (10.1.1.1)
subnet 10.5.5.0, metric=501
subnet 10.6.6.0, metric=501
IGRP: received update from 10.1.1.2 on Serial0
subnet 10.4.4.0, metric 8976 (neighbor 501)
subnet 10.3.3.0, metric 8976 (neighbor 501)
RB#
IGRP: received update from 10.1.1.1 on Serial0
subnet 10.5.5.0, metric 8976 (neighbor 501)
subnet 10.6.6.0, metric 8976 (neighbor 501)
IGRP: sending update to 255.255.255.255 via Loopback0 (10.3.3.1)
subnet 10.5.5.0, metric=8976
subnet 10.6.6.0, metric=8976
subnet 10.1.1.0, metric=8476
subnet 10.4.4.0, metric=501
IGRP: sending update to 255.255.255.255 via Loopback1 (10.4.4.1)
subnet 10.5.5.0, metric=8976
subnet 10.6.6.0, metric=8976
subnet 10.1.1.0, metric=8476
subnet 10.3.3.0, metric=501
IGRP: sending update to 255.255.255.255 via Serial0 (10.1.1.2)
subnet 10.4.4.0, metric=501
121
subnet 10.3.3.0, metric=501
Now assume that network 10.5.5.0/24 goes down. This is what happens to the routing
updates:
122
RB#sh ip route 10.5.5.0
Routing entry for 10.5.5.0/24
Known via "igrp 1000", distance 100, metric 4294967295 (inaccessible)
Redistributing via igrp 1000
Advertised by igrp 1000 (self originated)
Last update from 10.1.1.1 on Serial0, 00:04:36 ago
Hold down timer expires in 5 secs
After a while, 630 seconds, the route is flushed out of the routing tables. Convergence
takes very long as well.
123
subnet 10.6.6.0, metric=8976
subnet 10.1.1.0, metric=8476
subnet 10.4.4.0, metric=501
IGRP: sending update to 255.255.255.255 via Loopback1 (10.4.4.1)
subnet 10.6.6.0, metric=8976
subnet 10.1.1.0, metric=8476
subnet 10.3.3.0, metric=501
subnet 10.3.3.0, metric=501
subnet 10.4.4.0, metric=501
If you check the routers routing table, network 10.5.5.0 that was possibly down it will be
no longer listed.
The Enhanced Interior Gateway Routing Protocol (EIGRP) exchanges information more
efficiently than with earlier network protocols. The update is incremental and only sent
across the network when there is a need for it. Below, one of the segments on our lab
scenario (10.5.5.0/24) is shut down. See how the metric is immediately turned into
infinity (4294967295). Every router in the topology has a database about every router in
the network. There is no notion of waiting for the peer to update its peer periodically.
Every router has a map of the network and as soon as a segment goes down, every peer
sends a query to each other claiming that a network is no longer available and it is
removed from their routing tables.
For more information on this protocol, you can view the EIGRP document at
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/en_igrp.htm.
124
Protocol Operation
EIGRP exchanges neighbor relationships through hello packets. These hello packets
are exchanged using multicast. A specific multicast address is dedicated for the updating
of EIGRP routers. These routers will join the specific multicast group to obtain the
routing information. EIGRP uses the multicast address 224.0.0.10. Updates and queries
are always sent as multicast packets while acknowledgements to these queries or updates
use Unicast packets. The foundations of EIGRP are the Diffusing Update Algorithm or
DUAL, this is a method of finding loop-free paths through a network, proposed by J.J.
Garcia-Luna. This is the actual theoretical work by Dr. Garcia-Luna:
http://www.cse.ucsc.edu/research/ccrg/publications/shree.infocom95.pdf .
EIGRP relies on four fundamentals routing concepts: neighbor tables, topology tables,
route states, and route tagging.
Neighbor Tables
Routers add their neighbors IP address and interface when they discover them as peers.
These become part of the neighbor tables. Each neighbor advertises a hold time within
each hello packet exchanged among neighbor routers. This hold time is the amount of
time that a router uses to see how reachable a neighbor is. If the hello packet is not
received within the hold time, the DUAL process is informed of the topology change.
Topology Tables
This is what was referred to earlier regarding the router having the entire topology map
defined as a database. This topology table contains all the destinations advertised by
neighboring routers. DUAL uses this table to create the loop-free paths.
Route States
A topology table entry for a destination can exist on two states, active or passive. It is
very simple. If an entry on the table is in passive state, there is no re-computation going
on but if the entry is on active state, a re-computation is taking place.
Route Tagging
Route tagging refers to EIGRP being able to tag external or internal routes. External
routes are learned from another protocol or they can be static routes entered on one of the
routers. EIGRP tags the routes with information that will identify certain parameters
125
such as ID of the external protocol, metric from the external protocol and AS number of
the destination among others.
EIGRP also uses the same IGRP parameters to compute its metrics. These are
bandwidth, delay, reliability, load, and MTU size. Metrics calculation follows exactly
how IGRP metrics are found except that
is multiplied by 256 or
Below you can see the incremental updates using DUAL when a network is down hard or
is having problems like 10.5.5.0/24:
RA#
IP-EIGRP: Callback: route_adjust Loopback0
IP-EIGRP: 10.5.5.0/24, - do advertise out Serial0
IP-EIGRP: Int 10.5.5.0/24 metric 4294967295 - 0 4294967295
IP-EIGRP: Processing incoming REPLY packet
IP-EIGRP: Int 10.5.5.0/24 M 4294967295 - 1657856 4294967295 SM 4294967295 -
1657
856 4294967295
IP-EIGRP: 10.5.5.0/24, - do advertise out Serial0
IP-EIGRP: Int 10.5.5.0/24 metric 4294967295 - 0 4294967295
IP-EIGRP: Callback: redist connected 10.5.5.0/24. Event: 2
IP-EIGRP: Callback: reload_iptable Loopback0
IP-EIGRP: Processing incoming UPDATE packet
IP-EIGRP: Int 10.5.5.0/24 M 4294967295 - 1657856 4294967295 SM 4294967295 -
1657
856 4294967295
Now you can see the incremental update sent across the network once the segment
10.5.5.0/24 comes back on line.
RA#
IP-EIGRP: 10.5.5.0/24, - do advertise out Serial0
IP-EIGRP: Int 10.5.5.0/24 metric 128256 - 256 128000
IP-EIGRP: Processing incoming UPDATE packet
IP-EIGRP: Int 10.5.5.0/24 M 4294967295 - 1657856 4294967295 SM 4294967295 -
1657856 4294967295
126
8.1.4. Open Shortest Path Forwarding (OSPF)
The Open Shortest Path Forwarding (OSPF) protocol is considered another Interior
Gateway Protocol. In the mid 80s it was necessary to come up with a successor to the
RIP protocol as networks were increasingly growing and getting more complex. RIP and
OSPF are two of the few routing protocols that are open standard. This means that any
router regardless of the vendor can actually implement this process.
For more information about the OSPF protocol, you can view the following document at
http://www.ietf.org/rfc/rfc2328
Protocol Operation
OSPF algorithms are based on the SPF algorithm, which is sometimes referred to as the
Dijkstra algorithm. OSPF is referred to as a Link State Protocol that uses Link State
Advertisement (LSAs) to all routers within the same area. Metric information as well as
other parameters is exchanged among OSPF routers by means of LSAs. As a result of
these LSAs, routers running OSPF can create a SPF path to each node. There is a prior
knowledge of the routing topology ahead of time. OSPF can operate within a hierarchy
where the largest hierarchy is the Autonomous System (AS). An AS can be divided into
multiple areas where there can be routers acting as gateways between these multiple areas
and are called Area Border Routers. Each Area Border Router maintains its topological
database for that area. This basically reduces the amount of routing exchanged between
networks. Routers within the same area exchanged LSAs that allow them to maintain
identical topological databases. Routing can occur within the same area (intra-domain)
or between areas (inter-domain).The ABRs will provide access between multiple areas.
There is a notion of an OSPF backbone area, which is the area, formed between all the
Area Border Routers. If host A connected to a router RA on area 1 needs to send
information to host B connected to a router RB on area 2. Packets from host A would
have to go to RA and then to RC, which will then send the packet over to RB to host B.
RC, is an Area Border Router, which acts as the gateway between different domains or
areas. OSPF is a classless routing protocol. It actually understands Variable Length
Subnet Masks as the subnet masks are included in the advertisements.
Below you will see output from two OSPF routers on the same area 1 connected as
shown on Figure 1. RA and RB are directly connected.
When the following command is issued, show ip route, you obtain the following
127
U - per-user static route
If you want to see which neighbors connect to the same Area 1, you can issue the
following command: show ip ospf neighbor details
When a segment goes down, SPF (Shortest Path Forwarding), recalculation has to be
done to make sure that every segment is reachable via the shortest path.
128
RA#
OSPF: Interface Loopback0 going Down
OSPF: neighbor 10.6.6.1 is dead, state DOWN
OSPF: Build router LSA, router ID 10.6.6.1
OSPF: Build router LSA, router ID 10.6.6.1
OSPF: running SPF for area 1
OSPF: Initializing to run spf
It is a router LSA 10.6.6.1. Link Count 3
Processing link 0, id 10.4.4.1, link data 10.1.1.1, type 1
Add better path to LSA ID 10.4.4.1, gateway 10.1.1.2, dist 64
Add path: next-hop 10.1.1.2, interface Serial0
Processing link 1, id 10.1.1.0, link data 255.255.255.0, type 3
Add better path to LSA ID 10.1.1.255, gateway 10.1.1.0, dist 64
Add path: next-hop 10.1.1.1, interface Serial0
Processing link 2, id 10.6.6.1, link data 255.255.255.255, type 3
Add better path to LSA ID 10.6.6.1, gateway 10.6.6.1, dist 1
Add path: next-hop 10.6.6.1, interface Loopback1
It is a router LSA 10.4.4.1. Link Count 4
Processing link 0, id 10.6.6.1, link data 10.1.1.2, type 1
Ignore newdist 128 olddist 0
Processing link 1, id 10.1.1.0, link data 255.255.255.0, type 3
Add better path to LSA ID 10.1.1.255, gateway 10.1.1.0, dist 128
Add path: next-hop 10.1.1.2, interface Serial0
Processing link 2, id 10.4.4.1, link data 255.255.255.255, type 3
Add better path to LSA ID 10.4.4.1, gateway 10.4.4.1, dist 65
Add path: next-hop 10.1.1.2, interface Serial0
Processing link 3, id 10.3.3.1, link data 255.255.255.255, type 3
Add better path to LSA ID 10.3.3.1, gateway 10.3.3.1, dist 65
Add path: next-hop 10.1.1.2, interface Serial0
OSPF: Adding Stub nets
OSPF: delete lsa id 10.1.1.255, type 0, adv rtr 10.6.6.1 from delete list
OSPF: insert route list LS ID 10.1.1.255, type 0, adv rtr 10.6.6.1
OSPF: delete lsa id 10.3.3.1, type 0, adv rtr 10.4.4.1 from delete list
OSPF: Add Network Route to 10.3.3.1 Mask /32. Metric: 65, Next Hop: 10.1.1.2
OSPF: insert route list LS ID 10.3.3.1, type 0, adv rtr 10.4.4.1
OSPF: delete lsa id 10.4.4.1, type 0, adv rtr 10.4.4.1 from delete list
OSPF: Add Network Route to 10.4.4.1 Mask /32. Metric: 65, Next Hop: 10.1.1.2
OSPF: insert route list LS ID 10.4.4.1, type 0, adv rtr 10.4.4.1
OSPF: delete lsa id 10.6.6.1, type 0, adv rtr 10.6.6.1 from delete list
OSPF: insert route list LS ID 10.6.6.1, type 0, adv rtr 10.6.6.1
OSPF: Entered old delete routine
OSPF: No ndb for STUB NET old route 10.5.5.1, mask /32, next hop 10.5.5.1
OSPF: delete lsa id 10.5.5.1, type 0, adv rtr 10.6.6.1 from delete list
OSPF: running spf for summaries area 1
OSPF: sum_delete_old_routes area 1
129
OSPF: Started Building External Routes
OSPF: ex_delete_old_routes
OSPF as any other routing protocol has many other characteristics but because this
session is meant really to be an introduction, time, and complexity of the topic does not
allow this to be in more detail. Use the URLs provided to obtain additional information.
Fig 8.3
ABR
RC
AREA 2
AREA 1
RB
RA
B
A
8.1.4 Border Gateway Protocol (BGP)
The Border Gateway Protocol (BGP) is the most important EGP protocol in existence
right now. It is the routing protocol that every Internet router uses to communicate over
different Autonomous Systems or domains. It is the de facto protocol for the Internet.
Every Internet Service Provider (ISP), corporation, University or even a small entity has
to use BGP if they want to route packets over the cloud called the Internet.
BGP is a distance vector routing protocol. BGP uses route parameters called attributes
that are taken into consideration when calculating a route in metric as well as use to
create route policies and stability. It is very robust and scalable as there are over 110,000
BGP routes advertised at the time of this writing. Keep in mind the idea about routing;
only network and sub network prefixes are kept on routing tables and not individual
hosts.
BGP is capable of handling many routes because it uses a Classless Inter-domain Routing
(CIDR) http://www.ietf.org/rfc/rfc1519 . This means that a router from an ISP can
advertise to its peers or neighbors a supernet representing a conglomeration of multiple
class C networks, that are contiguous and that can be advertised to the world with one
mask of a class B network.
130
For example, assume that an ISP owns a specific block of C networks, 202.15.x.x. This
block consists of 202.15.0.x through 202.15.255.x. 256 clients to that ISP could be
assigned one of this Class C networks. If there were, no CIDR or supernetting
implemented, the ISP would have to advertise 256 Class C networks over to its BGP
peers by individually sending routes with a mask of /24. Instead, CIDR allows the ISP to
send one route (supernet) 202.15.0.0/16. It uses a Class B mask but it makes the routing
incredibly efficient and optimal.
For additional information on the Border Gateway Protocol, you can visit the following
website: http://www.ietf.org/rfc/rfc1771 .
Fig 8.4
ISP B
BGP
only send
202.15.0.0/
16 route or
CIDR block
ISP A
BGP
202.15.1.0/24
Company A
202.15.100.0/24
Company B
202.15.254.0/24
Company C
Protocol Operation
BGP neighbors exchange their information using a TCP connection (usually over port
179). During this peering, all the routing updates are exchanged but there are no periodic
updates as other routing protocols do. Only when there are changes on the network, BGP
routers will send to their neighbors these changes. Again, BGP routing always looks for
the best path available to the final destination.
BGP uses the following attributes to compute route selection and metrics:
131
1. Weight
2. Local Preference
3. Multi-exit discriminator
4. Origin
5. AS_Path
6. Next hop
7. Community
Weight: This is a Cisco defined attribute local to a router. If a router has multiple routes
to the same destination, the route with the highest weight will be considered and installed
on the routing table. This weight attribute is not advertised to neighboring routers.
Local Preference: Local preference is an attribute used to select the best exit point out of
a local Autonomous System. The attribute is actually advertised to neighboring routers
within the same AS. If there are multiple exit points from the local AS, the BGP router
with the highest local preference will be used as the exit point towards a network
destination. Local routers on the local AS exchange this attribute and that is how they
determine which router will be use to exit out.
Origin: This attribute tells the BGP router how the BGP route was learned. There are
three different ways that a route can be learned: IGP, EGP, and Incomplete. IGP means
that the route is interior to the originated AS. EGP means the route was learned via an
external routing process and Incomplete means that the origin is unknown but it usually
means that the route has been redistributed into BGP.
AS Path: Every time a route advertisement goes through an Autonomous System (AS),
the AS number is added to a list kept by the route as it traverses from source to
destination. The shorter the AS list is the more preferred that path will be between source
and destination. The AS_Path attribute can tell you how many AS or domains were
crossed. This can help in the troubleshooting process should there be issues with optimal
routing, etc.
Next-Hop: The Next-Hop attribute is an IP address that is used to reach the advertising
router of a specific route. In order to exchange BGP routing updates, all participating
routers have to be peers or neighbors of each other. This creates a fully mesh network.
The Next-hop does not necessarily have to be directly connected to the BGP router using
the next-hop address.
132
Now, using all these attributes or parameters, how does BGP select the right path to a
destination? BGP uses an algorithm based on these parameters called the BGP Path
Selection.
The following is the criteria used to select a path. This information was obtained from
the Cisco website.
1. If the path specifies a next hop that is inaccessible, drop the update.
2. Prefer the path with the largest weight.
3. If the weights are the same, prefer the path with the largest local preference.
4. If the local preferences are the same, prefer the path that was originated by BGP
running on this router.
5. If no route was originated, prefer the route that has the shortest AS_path.
6. If all paths have the same AS_path length, prefer the path with the lowest origin
type (where IGP is lower than EGP and EGP is lower than incomplete).
7. If the origin codes are the same, prefer the path with the lowest MED attribute.
8. If the paths have the same MED, prefer the external path to the internal path.
9. If the paths are still the same, prefer the path through the closest IGP neighbor.
10. Prefer the path with the lowest IP address, as specified by the BGP router ID.
Using Figure 1 as the example, some outputs with respect to BGP have been obtained.
On router RB, networks on interfaces L0 and L1 were changed from 10.x.x.x networks to
20.x.x.x networks to simulate the connection between one AS (RA with AS=100) and
another AS (RB with AS=200)
133
RA# show ip bgp summary
BGP table version is 4, main routing table version 4
2 network entries (3/4 paths) using 372 bytes of memory
2 BGP path attribute entries using 176 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
RA# show ip protocol this is the command that shows you routing protocol
Routing Protocol is "bgp 100"
Sending updates every 60 seconds, next due in 0 seconds
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
IGP synchronization is enabled
Automatic route summarization is enabled
Neighbor(s):
Address FiltIn FiltOut DistIn DistOut Weight RouteMap
10.1.1.2
Routing for Networks:
10.0.0.0
Routing Information Sources:
Gateway Distance Last Update
10.1.1.2 20 00:02:28
Distance: external 20 internal 200 local 200
134
10.0.0.0/8 is sub netted, 1 subnets
C 10.1.1.0 is directly connected, Serial0
20.0.0.0/8 is sub netted, 2 subnets
C 20.4.4.0 is directly connected, Loopback1
C 20.3.3.0 is directly connected, Loopback0
135
Gateway Distance Last Update
10.1.1.1 20 00:01:08
Distance: external 20 internal 200 local 200
When one of the connections between the two AS goes down and recuperates, you can
see how the protocol tries to calculate its routing tables:
RA#
BGP: no valid path for 20.0.0.0/8
BGP: nettable_walker 20.0.0.0/255.0.0.0 no best path selected
BGP: 10.1.1.2 computing updates, neighbor version 0, table version 6, starting at 0.0.0.0
BGP: 10.1.1.2 sends UPDATE 10.0.0.0/8, next 10.1.1.1, metric 0, path 100
BGP: 10.1.1.2 1 updates enqueued (average=50, maximum=50)
BGP: 10.1.1.2 update run completed, ran for 4ms, neighbor version 0, start version 6,
throttled to 6, check point net 0.0.0.0
BGP: 10.1.1.2 rcv UPDATE about 20.0.0.0/8, next hop 10.1.1.2, path 200 metric 0
BGP: nettable_walker 20.0.0.0/255.0.0.0 calling revise_route
BGP: revise rouconfig tte installing 20.0.0.0/255.0.0.0 ->
BGP: 10.1.1.2 computing updates, neighbor version 6, table version 7, starting at 0.0.0.0
BGP: 10.1.1.2 update run completed, ran for 0ms, neighbor version 6, start version 7,
throttled to 7, check point net 0.0.0.0
Again, BGP has so many intricacies that it is impossible to go over all the characteristics
of this routing protocol. Please refer to all the links about BGP.
The Hot Standby Routing Protocol (HSRP) protocol is a Cisco proprietary protocol. It is
meant to be a redundant routing protocol that uses an active and standby set of routers
meant to provide users with transparent connectivity to a network should the active router
have any issues.
For more information on the Hot Standby Protocol, you can visit the following website
http://www.ietf.org/rfc/rfc2281 .
136
Protocol Operation
Both of these routers connected to the same user segment share one IP address (HSRP IP
address) and MAC address which is used by hosts as a default gateway or next hop
router. The virtual IP address and MAC address is tied to the active router, which will
act as the next, hop router for the local users. Both active and standby HSRP routers
exchange hello packets with each other including parameters such as group number,
priority, virtual IP address, etc between each other. These hello packets once again use
multicast groups specific for HSRP to exchange this information.
A Group number is necessary as there can be multiple routers on the same segment that
belong to different HSRP processes. It is also used to determine which routers should
participate on that specific HSRP process. Priority is necessary to determine which of the
two or more routers under the same group number serving a specific segment should be
selected as the active router.
An active router is selected when the priority of that router is higher than the others under
the same group number. Virtual IP addresses are the addresses used to create the illusion
to the users that there is only one device acting as the next hop router. Hello packets or
keepalive packets are exchanged every three seconds. During those three seconds, each
router exchanges all the parameters mentioned above. Should there be a problem with
the active router, which caused an update to be missed after three seconds, a second timer
begins where the HSRP process will wait at least three times the update timer, or 10
seconds before a standby router becomes the active one. This means that for at least 10
seconds, there is no next hop router available for the users. However, since most of the
connections between end user and server are TCP based, the TCP protocol is connection-
oriented; it will try to maintain the session by sending retransmissions until the network
path is once again available. HSRP process waits 10 seconds and then begins the
switching process. The active routers priority is reduced by some value until the value
of the standby router is greater than the active router one.
When this happens, the standby router begins to route traffic as it recognizes itself to
have a higher priority. The standby router starts advertising to other HSRP routers under
the same group number that it is now the new active router, the virtual IP and MAC
address shift over to that router and connectivity continues. The outage is minimal
where the users do not even notice the problem. This is a very important redundant
protocol that should be implemented whenever there are Cisco networks deployed. It
gives the users the benefit of rarely losing their default gateway or next hop router.
HSRP also has a way to detect other uplinks connected locally that can be experiencing
issues, which could prevent packets from leaving off towards the network. If there is no
issue with the local segment, packets are always going to be routed to the active router.
But if the active router has an uplink (another interface connecting other networks) that
goes down or has issues, packets will not be able to route out towards the destination
hence these packets need to be able to re- route without having to afford a long down
time for the user.
137
Therefore, local interfaces where user segments attached can be configure to keep track
of how the uplinks of those routers towards the rest of the network are behaving. If there
are any issues detected where the active router knows that the uplink to the next network
is having problems, tracking will instigate the updating between active and standby and
will cause the HSRP process to fail over towards the standby router. This means that
traffic gets re- routed to the standby router until the uplink on the active router that was
having problems or that was down is fixed. Tracking is important as it provides the extra
redundancy required for multiple user segments.
Fig 8.5
NET
Tracking
these links
HSRP
Address
Priority 105 Priority 100
Active Router RA RB Standby Router
Group 1 Group 1
.3
.1 .2
10.1.1.0/24
8.1.7 Conclusion
This session was meant to provide the student some insight to the most commonly used
routing protocols. There are books written on every routing protocol described here so it
would be very difficult to provide all the functionalities and properties of these protocols
without extending the session. The student should be able to recognize the most
important facts about these protocols and use the URLs that have been provided for
additional reading.
138
Chapter 9: TRANSMISSION CONTROL PROTOCOL
139
9.1 Introduction
This session is dedicated to introducing how a portion of the Transport Control Protocol
(TCP) operates. Along with explaining how it has been designed to provide reliable
connectivity between source and destination. The student will gain a clear understanding
of connection establishment between client and server or source and destination. The
session will also include information on how the TCP works with respect to flow control
and how windowing is an important role in any type of TCP connection.
A lab scenario will be set up that provides details of data that has captured from a TCP
connection between a client and a web server. All the specific parameters that were
negotiated during the three-way handshake will also be described. The session will
conclude with a few sets of application protocols that use TCP as the underlying transport
protocol.
TCP uses specific ports to represent different applications. There are well known TCP
ports that describe the application in use. TCP ports less than 1024 are considered well-
known server/application ports such as port 23 for Telnet, 25 for SMTP (Simple Mail
Transfer Protocol), port 80 for http, etc. One of the most important functions that the
TCP protocol has is that it uses sequence numbers to keep a session active.
The sequence number is a special number that is randomly generated which is exchanged
during the initial handshake and is used to keep proper data flow exchange resulting in
order and sequence. Once the session is established between two TCP devices, the
sequence number is exchanged and agreed with. TCP works together with the IP
protocol and they are known as TCP/IP processes. Most of the applications that run on
the Internet are TCP oriented. This means that the protocol is necessary to operate
applications such as web browsers, databases, and other programs commonly used in the
industry.
TCP segments encapsulate the data that has been passed from above layers such as the
Application, Presentation, and Session layers. Each one of these layers adds their own
header (encapsulation). When TCP gets this information, it creates a segment. IP
protocol encapsulates this segment into a packet and it then routes the packets across the
network. Eventually the Data Link Layer encapsulates the packet and creates a frame.
140
The frame is then moved across physical networks until the information reaches its
final destination. (Go back to OSI model and see review this process). We discussed the
datagram layout of an IP packet and how it was divided into fields, each with a specific
function. The TCP segment is also divided into fields that are interpreted by the network
accordingly.
How does a TCP segment break down? TCP segments are also 32-bit words just as IP
packets. It includes a 20-byte header and its layout is the Protocol Fields are the
following: Source Port number, Destination Port number, Sequence number,
Acknowledgement number, Header length, Flag bits, Window size, Checksum, Urgent
pointer, Options & Data
Source port number: TCP uses this port to determine what upper layer application needs
data to be delivered. There can be multiple TCP data streams between client and server.
TCP source and destination ports make it easier to identify a specific conversation. It is
part of the de-multiplexing and multiplexing that Transport Layer uses to maintain
sessions. This field uses 16 bits, which allows for over 65,000 ports.
Destination port number: This is the target port on the receiving end. This field uses 16
bits, which allows for over 65,000 ports.
Sequence number: This 32-bit number identifies the first byte of the data in the segment.
Acknowledgement number: This 32-bit number is the number that the source expects to
receive next.
Header Length: This number identifies how many bytes are used for header. It uses 4
bits.
Flag bits: These bits are important because they identify special states in the protocol.
There can be segments that only have an acknowledgement on them, there are others with
data, others are reset because of a malfunctioning in the process, other segments are
specific replies to the starting and closing of a session, etc.
141
Window size: This translates to buffer space on the system side. This field is 16 bits and
it is measured in bytes.
Checksum: It consists of 16-bit integer checksum used to verify the integrity of the data
as well as the TCP header.
Urgent Pointer: This is how TCP signals that there is urgent data to be sent. It overtakes
normal data stream. The URG bit is set when this is the case.
Options: This field is used to negotiate with the TCP software at the other end of the
connection options such as maximum segment size (MSS). It is a form of introducing
flow control.
Fig 9.1
TCP Segment
32 bits
Sequence number
Acknowledge number
U A P R S F
HLEN R C S S Y I Window Size
G K H T N N
Options
(Padding)
DATA
142
9.1.2 How does Three-way Handshaking work in detail?
Assume there are two devices that wish to communicate with each other. The protocol
selected is TCP hence this means that the connectivity is going to use a connection-
oriented mechanism and specific parameters need to be exchanged to allow this to work.
To illustrate this concept an example (see below) has been setup between a browser on a
client machine and a web server. The sniffer is a device that is used in industry to
analyze data flows on networks. It decodes the data into a readable form (as shown
below) that allows anyone doing troubleshooting to follow the protocol in detail. The
trace below will show exactly how the three-way handshaking works.
Let us follow each line systematically. The first shaded region shows a client with IP
10.2.2.1 setting up a TCP session with web server, 10.1.1.1. How do we know this is the
case? Well, look at the source and destination ports. Port 80 is the destination port (80 is
http and is within the range less than 1024 which represent well-known TCP ports)
Source port 1829 is the clients TCP port in use to set up the connection. There are other
sessions from the same machine, 10.2.2.1, using source port 1830, which clearly indicate
the multiplexing discussed before that transport layer uses. Now follow the connection
using TCP ports 1829 and 80 on the trace below which is highlighted by the gray shade.
Start with line three in the trace.
The third line on the sniffer trace shows the first step of the three-way handshaking.
This is done via SYN. Client 10.2.2.1 sends a request to connect to the server, which is
interpreted as a SYN segment. A sequence number is randomly created which reads
202223088. Length is equal to 0 because this is not a data segment. It is meant to be a
connection segment. The client also exchanges its window size, which equals to
win=8192.
The second step of the three-way handshaking begins the moment the server replies
back to the client. Notice on line 6, how the server is now replying to the SYN from
client 10.2.2.1. It accepts the segment, increases the acknowledgement number by one,
20223089, the source port number is now S=80 and the destination is the clients TCP
port number or D=1829. After accepting the connection with an acknowledgement, the
server generates a random sequence number as shown equal to 4187161162. It too has no
data to send so its Length is equal to 0 and its window is advertised back to the client as
being equal to win=8760.
For the third and final step of the three-way handshaking, look at line 9. This TCP
segment shows that the client with IP address of 10.2.2.1 and with TCP source port 1829
is acknowledging the sequence number generated by the web server by one as shown
143
4187161163. There is no data hence no length field is present and once again, the
window size is equal to 8760. Line 21 (next shaded region), continues with the setup by
getting the client ready to send data with parameters negotiated within the handshake.
The client, uses the acknowledge obtained before on line 9, 4187161163 and the
sequence number obtained on line 6 of 20223089 and now it begins to send data. The
Length is now LEN=468 (in bytes) with the same window size of 8760.
The client will continue sending data maintaining the connection until some one closes it.
Now the next acknowledgement from the server to the data sent by the client will include
the number 20223089 plus 468 as seen on line 29.
On line 35, the server now is ready to send data back to the client. The client will now
use its sequence number obtained before during the handshake of 4187161163 and will
send data of LEN=132 with a constant window equal to WIN=8760.
On line 43, the client acknowledges the server data by increasing its sequence to
4187161295 and a window equal to WIN= 8628. This window is smaller because data is
being buffered in the client side hence reducing the memory space to store data. If this
number goes down to zero and does not come back would mean no more buffer space
and the session would have to be reset (abnormal termination)
This is how the sequencing is maintained. The most important process in a TCP session is
keeping segments in order. Continue looking through the shaded regions of this trace to
see the sequencing and data flow.
On line 109, the server requests a FIN. This means that session is going to close in a
normal way.
144
The client acknowledges the FIN segment with line 112 by increasing its sequence
number by one as shown below.
And the client then sends its FIN segment to terminate the session as requested by the
server as shown on line 115.
145
32 [10.2.2.1] [10.1.1.1] TCP D=1830 S=80 ACK=20223557 WIN=8760"
33 [10.2.2.1] [10.1.1.1] DLC Ethertype=0800, size=186 bytes"
34 [10.2.2.1] [10.1.1.1] IP D=[10.2.2.1] S=[10.1.1.1] LEN=152 ID=8691"
35 [10.2.2.1] [10.1.1.1] TCP D=1829 S=80 ACK=20223557 SEQ=4187161163 LEN=132 WIN=8760"
36 [10.2.2.1] [10.1.1.1] ","HTTP", " R Port=1829 HTML Data"
37 [10.2.2.1] [10.1.1.1] DLC Ethertype=0800, size=186 bytes"
38 [10.2.2.1] [10.1.1.1] IP D=[10.2.2.1] S=[10.1.1.1] LEN=152 ID=8947"
39 [10.2.2.1] [10.1.1.1] TCP D=1830 S=80 ACK=20223557 SEQ=4187283540 LEN=132 WIN=8760"
40 [10.2.2.1] [10.1.1.1] ","HTTP", " R Port=1830 HTML Data"
41 [10.1.1.1] [10.2.2.1] DLC Ethertype=0800, size=60 bytes"
42 [10.1.1.1] [10.2.2.1] IP D=[10.1.1.1] S=[10.2.2.1] LEN=20 ID=59288"
43 [10.1.1.1] [10.2.2.1] TCP D=80 S=1829 ACK=4187161295 WIN=8628"
44 [10.1.1.1] [10.2.2.1] DLC Ethertype=0800, size=60 bytes"
45 [10.1.1.1] [10.2.2.1] IP D=[10.1.1.1] S=[10.2.2.1] LEN=20 ID=59544"
46 [10.1.1.1] [10.2.2.1] TCP D=80 S=1830 ACK=4187283672 WIN=8628"
47 [10.2.2.1] [10.1.1.1] DLC Ethertype=0800, size=1514 bytes"
48 [10.2.2.1] [10.1.1.1] IP D=[10.2.2.1] S=[10.1.1.1] LEN=1480 ID=9203"
49 [10.2.2.1] [10.1.1.1] TCP D=1829 S=80 ACK=20223557 SEQ=4187161295 LEN=1460 WIN=8760"
50 [10.2.2.1] [10.1.1.1] ","HTTP", " R Port=1829 HTML Data"
51 [10.2.2.1] [10.1.1.1] DLC Ethertype=0800, size=777 bytes"
52 [10.2.2.1] [10.1.1.1] IP D=[10.2.2.1] S=[10.1.1.1] LEN=743 ID=9459"
53 [10.2.2.1] [10.1.1.1] TCP D=1829 S=80 ACK=20223557 SEQ=4187162755 LEN=723 WIN=8760"
54 [10.2.2.1] [10.1.1.1] ","HTTP", " R Port=1829 HTML Data"
55 [10.2.2.1] [10.1.1.1] DLC Ethertype=0800, size=656 bytes"
56 [10.2.2.1] [10.1.1.1] IP D=[10.2.2.1] S=[10.1.1.1] LEN=622 ID=9715"
57 [10.2.2.1] [10.1.1.1] TCP D=1830 S=80 FIN ACK=20223557 SEQ=4187283672 LEN=602 WIN=8760"
58 [10.2.2.1] [10.1.1.1] ","HTTP", " R Port=1830 HTML Data"
59 [10.1.1.1] [10.2.2.1] DLC Ethertype=0800, size=60 bytes"
60 [10.1.1.1] [10.2.2.1] IP D=[10.1.1.1] S=[10.2.2.1] LEN=20 ID=59800"
61 [10.1.1.1] [10.2.2.1] TCP D=80 S=1829 ACK=4187163478 WIN=8760"
62 [10.1.1.1] [10.2.2.1] DLC Ethertype=0800, size=60 bytes"
63 [10.1.1.1] [10.2.2.1] IP D=[10.1.1.1] S=[10.2.2.1] LEN=20 ID=60056"
64 [10.1.1.1] [10.2.2.1] TCP D=80 S=1830 ACK=4187284275 WIN=8026"
65 [10.2.2.1] [10.1.1.1] DLC Ethertype=0800, size=1514 bytes"
66 [10.2.2.1] [10.1.1.1] IP D=[10.2.2.1] S=[10.1.1.1] LEN=1480 ID=9971"
67 [10.2.2.1] [10.1.1.1] TCP D=1829 S=80 ACK=20223557 SEQ=4187163478 LEN=1460 WIN=8760"
68 [10.2.2.1] [10.1.1.1] ","HTTP", " R Port=1829 HTML Data"
69 [10.1.1.1] [10.2.2.1] DLC Ethertype=0800, size=60 bytes"
70 [10.1.1.1] [10.2.2.1] IP D=[10.1.1.1] S=[10.2.2.1] LEN=20 ID=61848"
71 [10.1.1.1] [10.2.2.1] TCP D=80 S=1830 FIN ACK=4187284275 SEQ=20223557 LEN=0 WIN=8026"
72 [10.2.2.1] [10.1.1.1] DLC Ethertype=0800, size=60 bytes"
73 [10.2.2.1] [10.1.1.1] IP D=[10.2.2.1] S=[10.1.1.1] LEN=20 ID=11507"
74 [10.2.2.1] [10.1.1.1] TCP D=1830 S=80 ACK=20223558 WIN=8760"
75 [10.1.1.1] [10.2.2.1] DLC Ethertype=0800, size=60 bytes"
76 [10.1.1.1] [10.2.2.1] IP D=[10.1.1.1] S=[10.2.2.1] LEN=20 ID=62104"
77 [10.1.1.1] [10.2.2.1] TCP D=80 S=1829 ACK=4187164938 WIN=8760"
78 [10.2.2.1] [10.1.1.1] DLC Ethertype=0800, size=1514 bytes"
146
79 [10.2.2.1] [10.1.1.1] IP D=[10.2.2.1] S=[10.1.1.1] LEN=1480 ID=14067"
80 [10.2.2.1] [10.1.1.1] TCP D=1829 S=80 ACK=20223557 SEQ=4187164938 LEN=1460 WIN=8760"
81 [10.2.2.1] [10.1.1.1] ","HTTP", " R Port=1829 HTML Data"
82 [10.2.2.1] [10.1.1.1] DLC Ethertype=0800, size=1230 bytes"
83 [10.2.2.1] [10.1.1.1] IP D=[10.2.2.1] S=[10.1.1.1] LEN=1196 ID=14323"
84 [10.2.2.1] [10.1.1.1] TCP D=1829 S=80 ACK=20223557 SEQ=4187166398 LEN=1176 WIN=8760"
85 [10.2.2.1] [10.1.1.1] ","HTTP", " R Port=1829 HTML Data"
86 [10.2.2.1] [10.1.1.1] DLC Ethertype=0800, size=1514 bytes"
87 [10.2.2.1] [10.1.1.1] IP D=[10.2.2.1] S=[10.1.1.1] LEN=1480 ID=14579"
88 [10.2.2.1] [10.1.1.1] TCP D=1829 S=80 ACK=20223557 SEQ=4187167574 LEN=1460 WIN=8760"
89 [10.2.2.1] [10.1.1.1] ","HTTP", " R Port=1829 HTML Data"
90 [10.1.1.1] [10.2.2.1] DLC Ethertype=0800, size=60 bytes"
91 [10.1.1.1] [10.2.2.1] IP D=[10.1.1.1] S=[10.2.2.1] LEN=20 ID=63896"
92 [10.1.1.1] [10.2.2.1] TCP D=80 S=1829 ACK=4187167574 WIN=8760"
93 [10.2.2.1] [10.1.1.1] DLC Ethertype=0800, size=1514 bytes"
94 [10.2.2.1] [10.1.1.1] IP D=[10.2.2.1] S=[10.1.1.1] LEN=1480 ID=14835"
95 [10.2.2.1] [10.1.1.1] TCP D=1829 S=80 ACK=20223557 SEQ=4187169034 LEN=1460 WIN=8760"
96 [10.2.2.1] [10.1.1.1] ","HTTP", " R Port=1829 HTML Data"
97 [10.1.1.1] [10.2.2.1] DLC Ethertype=0800, size=60 bytes"
98 [10.1.1.1] [10.2.2.1] IP D=[10.1.1.1] S=[10.2.2.1] LEN=20 ID=64152"
99 [10.1.1.1] [10.2.2.1] TCP D=80 S=1829 ACK=4187170494 WIN=8760"
100 [10.2.2.1] [10.1.1.1] DLC Ethertype=0800, size=713 bytes"
101 [10.2.2.1] [10.1.1.1] IP D=[10.2.2.1] S=[10.1.1.1] LEN=679 ID=15091"
102 [10.2.2.1] [10.1.1.1] TCP D=1829 S=80 ACK=20223557 SEQ=4187170494 LEN=659 WIN=8760"
103 [10.2.2.1] [10.1.1.1] ","HTTP", " R Port=1829 HTML Data"
104 [10.1.1.1] [10.2.2.1] DLC Ethertype=0800, size=60 bytes"
105 [10.1.1.1] [10.2.2.1] IP D=[10.1.1.1] S=[10.2.2.1] LEN=20 ID=64408"
106 [10.1.1.1] [10.2.2.1] TCP D=80 S=1829 ACK=4187171153 WIN=8101"
107 [10.2.2.1] [10.1.1.1] DLC Ethertype=0800, size=60 bytes"
108 [10.2.2.1] [10.1.1.1] IP D=[10.2.2.1] S=[10.1.1.1] LEN=20 ID=15347"
109 [10.2.2.1] [10.1.1.1] TCP D=1829 S=80 FIN ACK=20223557 SEQ=4187171153 LEN=0 WIN=8760"
110 [10.1.1.1] [10.2.2.1] DLC Ethertype=0800, size=60 bytes"
111 [10.1.1.1] [10.2.2.1] IP D=[10.1.1.1] S=[10.2.2.1] LEN=20 ID=64664"
112 [10.1.1.1] [10.2.2.1] TCP D=80 S=1829 ACK=4187171154 WIN=8101"
113 [10.1.1.1] [10.2.2.1] DLC Ethertype=0800, size=60 bytes"
114 [10.1.1.1] [10.2.2.1] IP D=[10.1.1.1] S=[10.2.2.1] LEN=20 ID=64920"
115 [10.1.1.1] [10.2.2.1] TCP D=80 S=1829 FIN ACK=4187171154 SEQ=20223557 LEN=0 WIN=8101"
116 [10.2.2.1] [10.1.1.1] DLC Ethertype=0800, size=60 bytes"
117 [10.2.2.1] [10.1.1.1] IP D=[10.2.2.1] S=[10.1.1.1] LEN=20 ID=15603"
118 [10.2.2.1] [10.1.1.1] TCP D=1829 S=80 ACK=20223558 WIN=8760"
147
Fig 9.2
TCP
"Three Way
Client Handshaking" Server
1 requ
est
- SY
N
2
SYN
ed -
w ledg
no
Ac k
3
Esta
blis
hed
- Ack
+1
+2
ck
-A
ed
b lish
E sta
Data
Data
Data
What is the idea behind sliding windows? Sliding windows protocols are used because
they can use network bandwidth better and more efficiently. They allow the sender to
transmit multiple packets before waiting for an acknowledgement. Protocols that do not
use sliding windows are considered to be non-efficient. A sender using a non-sliding
window protocol will send a packet and expect an acknowledgement for every packet
sent. This makes communication flow non-optimal.
148
A sliding window can be thought of as a sequence of packets that are transmitted
together. The protocol places a fixed window size on the sequence and transmits all
packets that lie inside the window. Assume there are 8 packets in the window. All 8
packets can be sent expecting only one acknowledgement. If the last packet inside the
window is acknowledged then there was no packet loss. If packet 5 is acknowledged and
the sender sent all 8 packets, this means that packets 6, 7 and 8 were lost along the way.
The sender will retransmit packet 6, 7, and 8 and expect an acknowledgement for 8.
Only packets 1 through 8 will be sent as these are all inside the window. The window will
only slide to include the 9th packet when packet 1 has been acknowledged. The motion
is very fast from left to right. A host sending packets advertises the maximum window
size.
The window is constantly moving back and forth but never reaching zero. If a window
reaches a value of zero, then data can no longer be sent. A window size is not negotiated
so it is up to the sender not to over run the receivers buffer space. This is known as flow
control. Flow control is a mechanism that allows two devices to manage and control data
flow between each other. The purpose of flow control is to have either sender or receiver
tell each other to slow down or speed up data transfer. Flow control is necessary so not
to overrun each others buffers. This is the basic idea of congestion control.
The sender keeps three pointers while the host is connected. One pointer represents the
octets that have been sent and acknowledged. These octets are outside the window to the
left. The second pointer represents octets that have been sent but are yet to be
acknowledged. These octets are not outside the window. Once they leave the window,
they are acknowledged. The third pointer represents octets that have not been sent but
will be sent without any delay. Any other octet outside the window cannot be send until
the window moves. The receiver is also keeping the same type of window mechanism to
properly send its data stream back to the sender. These mechanisms act under a full
duplex mode, which means that they simultaneously interact in opposite directions.
To learn more about the sliding window protocol you can visit this website
http://authors.phptr.com/tanenbaumcn4/samples/section03_04.pdf or you can read the
following paper at http://www.ietf.org/rfc/rfc2001 .
TCP differs from other sliding window implementations by allowing the window size to
vary over time. Each acknowledgement contains a window advertisement that specifies
how many additional octets of data the receiver is prepared to accept. This creates a more
reliable transfer and more efficient use of the network bandwidth. As the buffer space or
window starts to become smaller, the transfer becomes proportional to that window. In
other words, the receiver will advertise a smaller window size allowing the sender to
149
fulfill such advertisement without overflowing the receivers buffer. This is how
congestion control works.
Fig 9.3
Octets
...... 1 2 3 4 5 6 7 8 9 10 11 12 ....
...... 1 2 3 4 5 6 7 8 9 10 11 12 13 ....
Window = 7
Window moves from
left to right very quickly
This is the port used by the client to execute the commands to get the file ready for
download. TCP port 20 is used strictly to download the actual data. It is the data port.
Telnet
The Telnet http://www.ietf.org/rfc/rfc137 is a terminal emulator program used on TCP/IP
networks. The program runs on a computer and it is used to connect to servers or other
150
communication nodes. These commands can be entered on these servers or
communication nodes just as if the user was entering them directly on the server or
communication console port. Telnet sessions allow the user to control and communicate
with the end device and allow the user to execute commands that perform specific
functions. Telnet usually uses some type of authentication where the user is prompted for
username and password. The server or communication node uses this mechanism to
restrict access to the device.
Returning back to the previous example of our simple network of routers RA and RB
interconnected.
Fig 9.4
10.1.1.0/24 L0
10.3.3.0/24
S0 S0
RA .1 .2 RB
L1
L1 10.4.4.0/24
10.6.6.0/24
The following router debug will show how a session is created using Telnet from RA to
RB.
Password:
tcp0: O CLOSED 10.3.3.1:23 10.1.1.1:11000 seq 2841117597
OPTS 4 SYN WIN 2144
tcp0: I SYNSENT 10.3.3.1:23 10.1.1.1:11000 seq 2827296498
151
OPTS 4 ACK 2841117598 SYN WIN 2144
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117598
ACK 2827296499 WIN 2144
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117598
DATA 12 ACK 2827296499 PSH WIN 2144
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117610
ACK 2827296499 WIN 2144
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296499
DATA 9 ACK 2841117598 PSH WIN 2144
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117610
DATA 3 ACK 2827296508 PSH WIN 2135
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117613
DATA 3 ACK 2827296508 PSH WIN 2135
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296508
DATA 42 ACK 2841117598 PSH WIN 2144
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296550
DATA 3 ACK 2841117610 PSH WIN 2132
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296553
DATA 3 ACK 2841117610 PSH WIN 2132
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117616
DATA 3 ACK 2827296556 PSH WIN 2087
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117619
DATA 3 ACK 2827296556 PSH WIN 2087
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296556
DATA 3 ACK 2841117610 PSH WIN 2132
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296559
DATA 6 ACK 2841117613 PSH WIN 2129
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296565
DATA 3 ACK 2841117619 PSH WIN 2123
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117622
ACK 2827296568 WIN 2075
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296568
ACK 2841117622 WIN 2120
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117622
DATA 1 ACK 2827296568 PSH WIN 2075
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117623
DATA 1 ACK 2827296568 PSH WIN 2075
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117624
DATA 1 ACK 2827296568 PSH WIN 2075
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117625
DATA 1 ACK 2827296568 PSH WIN 2075
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296568
ACK 2841117625 WIN 2117
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117626
DATA 1 ACK 2827296568 PSH WIN 2075
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296568
152
ACK 2841117627 WIN 2115
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117627
DATA 2 ACK 2827296568 PSH WIN 2075
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296568
DATA 5 ACK 2841117629 PSH WIN 2113
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117629
ACK 2827296573 WIN 2070
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117629
DATA 2 ACK 2827296573 PSH WIN 2070
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296573
DATA 2 ACK 2841117631 PSH WIN 2111
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296575
DATA 3 ACK 2841117631 PSH WIN 2111
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117631
ACK 2827296578 WIN 2065
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117631
DATA 2 ACK 2827296578 PSH WIN 2065
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296578
DATA 2 ACK 2841117633 PSH WIN 2109
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296580
DATA 3 ACK 2841117633 PSH WIN 2109
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117633
DATA 1 ACK 2827296583 PSH WIN 2060
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296583
DATA 1 ACK 2841117634 PSH WIN 2108
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117634
DATA 1 ACK 2827296584 PSH WIN 2059
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296584
DATA 1 ACK 2841117635 PSH WIN 2107
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117635
DATA 1 ACK 2827296585 PSH WIN 2058
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296585
DATA 1 ACK 2841117636 PSH WIN 2106
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117636
DATA 1 ACK 2827296586 PSH WIN 2057
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296586
DATA 1 ACK 2841117637 PSH WIN 2105
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117637
DATA 2 ACK 2827296587 PSH WIN 2056
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296587
DATA 2 ACK 2841117639 PSH WIN 2103
tcp0: I ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2827296589
ACK 2841117639 FIN PSH WIN 2103
tcp0: O ESTAB 10.3.3.1:23 10.1.1.1:11000 seq 2841117639
ACK 2827296590 WIN 2054
tcp0: O LASTACK 10.3.3.1:23 10.1.1.1:11000 seq 2841117639
153
ACK 2827296590 FIN PSH WIN 2054
tcp0: I LASTACK 10.3.3.1:23 10.1.1.1:11000 seq 2827296590
ACK 2841117640 WIN 2103
(See all the parameters discussed during the analysis of previous data trace explained in
the handshaking session).
154
9.1.4 Conclusion
Due to the complex nature of the TCP protocol, a brief introduction was provided during
this session. As mentioned in previous sessions there is a large number of books that
have been written on this subject, which cannot be covered during the duration of this
course. However, this session has provided a basic understand of the TCP connectivity
between client and server.
An important concept covered in this session was three-way handshaking. This concept
requires a three-way exchange of messages to set up a connection. Understanding three-
way handshaking will allow the student to continue studying all the characteristics and
intricacies that TCP uses. The idea of flow control and windowing was introduced which
led to the mentioning of congestion control. Congestion control is a topic that will
require an entire semester to discuss and it is beyond the scope of this course.
Finally, a few application protocols that use TCP as the underlying protocol for its
transport mechanism where introduced. These are just a few of many protocols that are
using TCP now.
Discussion Questions
155
Chapter 10: INTRODUCTION TO IP MULTICAST
156
10.1 Introduction
IP Multicast is the transmission of data to a selected group of hosts in a network.
Broadcast is the transmission of data to ALL the hosts in a network. Multicast is a more
reliable way to deliver data as not everyone connected to the same network needs to
process or manipulate unwanted data.
To lean more about Deerings multicast thesis you can visit this website
http://www.ietf.org/rfc/rfc1075 .
Unicast Traffic
In order to understand why multicast works better in some environments it is important to
discuss the difference between Unicast traffic and Multicast traffic. Unicast traffic is an
application that sends one copy of each packet to every clients Unicast address. This
creates restrictions in scaling the network. If there is a large set of hosts requesting the
same information, that information has to be carried multiple times, even on shared links.
If the request is for a video feed, every client that needs the video feed will request
directly to the server which then will provide n number of video feeds to n hosts
requesting that file. As a result, saturation issues can occur due to multiple requests for
the same information. Additionally, the server can crash because the network is over
utilized.
Multicast Traffic
IP multicasting is the transmission of an IP data frame to a host group. Multicast
addresses may be dynamically or statically allocated. Dynamic multicast addressing
provides applications with a group address on demand. Statically allocated addresses are
reserved for specific protocols that require well-known ports. This is similar in concept to
the well-known TCP and UDP ports.
Addresses range from 224.0.0.0 through 224.0.0.255, are reserved for local purposes,
such as administrative, and maintenance tasks and has a TTL of only 1.
157
Addresses ranging from 239.0.0.0 to 239.255.255.255 are reserved for administrative
scoping. Scoping allows network administrators to control multicast traffic from
leaking across regions or other domains that might not have enough bandwidth to
support the traffic. Routers can deny multicast traffic in a particular address range from
entering or leaving the zone. This technique prevents high bandwidth streams from
entering zones defined with other lower stream rates. This address range is considered a
private range very similar to the 10.x.x.x. 172.16.x.x through 172.31.x.x and 192.168.1.x
through 192.168.255.x private ranges.
01-00-5E identifies the frame as multicast; the next bit is always 0, leaving only 23 bits
for the multicast addresses. Because IP multicast groups are 28 bits long, the mapping
cannot be one-to-one. Only the 23 least-significant bits of the IP multicast group are
placed in the frame. The remaining five high order bits are ignored, resulting in 32
different multicast groups being mapped to the same Ethernet address. Since 32
multicast addresses can be mapped to a single Ethernet address, the address is not unique.
When a host wants to receive multicast group 224.1.1.1, it will program the hardware
registers in the network interface card to interrupt the CPU when a frame with a
destination multicast address of 0x0100.5e00.0101 is received. Unfortunately, this same
multicast MAC address is also used for 31 other IP multicast groups. If any of these 31
groups are also active on the local LAN, the hosts CPU will receive interrupts any time a
frame is received for any of these other groups. The CPU will have to examine the IP
portion of each received frame to determine whether it is the desired group.
Advantages of IP Multicasting
1. One IP address defines a specific group, which allows any host capable of joining that
group to participate in the exchanging of data.
2. Hosts can join multiple groups.
3. Servers do not need to provide multiple feeds for every host on the network as in
Unicast. Only one feed is necessary to let everyone interested in that group join.
4. Bandwidth utilization is reduced.
Disadvantages of IP Multicasting
158
4. Network congestion is a problem since there is no established connection created
between source and destination. There is no built-in congestion avoidance
mechanism to prevent a multicast stream from over-utilizing a links bandwidth.
All hosts receive the IGMPv1 Membership Query, and one host responds first by
multicasting an IGMPv1 Membership report to the multicast group 224.1.1.1 of
which the host is a member. This report informs the routers on the subnet that a host
is interested in receiving multicast traffic for group 224.1.1.1.
Since other hosts are listening to multicast group 224.1.1.1, they hear the IGMPv1
Membership Report that was multicast by the first host. Other hosts, therefore,
suppress the sending of their report for that group. This mechanism helps reduce the
amount of traffic on the local network.
IGMPv1 does not know of hosts that leave the group so there are timers that are initiated
when there is no activity for that specific group. If there are no Membership Reports
from any host to a specific group, the router assumes that no group members are present
on a particular interface and removes the group after a specific amount of time.
IGMPv2 improves the mechanism by providing a Leave Message and reducing the
amount of time the router needs to wait to remove the non-active multicast group from its
cache.
159
Fig 10.1
IGMP v1 Example
IGMP v1 joining a group
H1 H2 H3 H1 H2 H3
IGMP Report
trying to join
group 224.2.2.2
General Query to
224.0.0.1. Trying
RA RA to find which host
is interested in
which group
Multicast Multicast
Router Router
IGMP Report
IGMP Report
H2 trying to join
Suppressed
group 224.2.2.2
H1 H2 H3 H1 H2 H3
It sensed H3
Report already
requested to the
same group
RA RA
Multicast Multicast
Router Router
Designated routers construct a tree that connects all members of an IP multicast group. A
distribution tree specifies a unique forwarding path between the subnet of the source and
each subnet containing members of the multicast group. A distribution tree is a loop-free
path created between every source and receiver. Since multicast groups are dynamic,
with members joining or leaving a group at any time, the distribution tree must be
dynamically updated. This means that branches have to be grafted or pruned
accordingly. Grafting means that a branch needs to be added to the multicast tree. It will
be created should a receiver request a join towards a multicast tree that has not reached
the receivers first hop router. Pruning means that the branch is no longer needed. In
simple words, the receivers of that branch no longer need multicast traffic or have left the
tree. There are two basic specific trees: Source Trees and Shared Trees.
160
Source Trees
It is the simplest form of multicast distribution tree where the root of the tree is the actual
source of the multicast traffic. It builds a spanning tree for each potential source. A
spanning tree is a loop-free path created on a network. This kind of distribution tree is
also known as the Shortest Path Tree network (SPT). There is also a special notation that
needs to be kept in mind when checking for multicast routes on a router. The special
notation of (S1, G1) identifies an SPT where S1 is the IP address of the source and G1 is
the multicast group address. In addition, a separate SPT exists for every multicast source
on the network hence increasing CPU processing on a multicast router. This means that
if there are 1000 hosts joining multicast groups and the distribution tree in use is a source
tree or SPT, there will be 1000 (S,G)s cached on the multicast routing table. The more
routing entries in the table, the more processing the router needs to do to direct the data
stream.
Fig 10.2
Source Trees
Source Source
S1 S1
10.1.1.1 10.1.1.1
RA RB RC RD RA RB RC RD
RE RF Traffic to RE RF
group
224.2.2.2
Source
S1
10.1.1.1
RA RB RC RD
Traffic to RE RF
group
224.2.2.2
20.1.1.1 30.1.1.1
Receiver Receiver
Fig 2.c
161
Shared Trees
Shared trees use a single common root placed at some chosen point in the network. The
chosen root in the network is called a Rendezvous Point or RP. The RP is the central
point in the network where all multicast traffic using Shared trees must meet. All sources
in the multicast network must send their traffic to the root for the traffic to reach all
receivers. The RP will have a shared tree path to most of the sources utilizing only one
path to multiple areas instead of installing individual paths as source trees. There is also
a special notation that needs to be understood to identify a shared tree when looking at a
multicast routing table. The special notation is (*, G1), which identifies a common shared
tree (*) for multicast group G1. Now since there is one common tree for each multicast
group, there is less CPU processing on a multicast router. Even if there are 1000 hosts
joining group G1, there will only be one entry in the multicast table.
Fig 10.3
Shared Trees
Source
Shared
S1
Root or RP
10.1.1.1
Source
S2
RA RB RC RD
Source
S2
Source Shared
RE RF S1 Root or RP
10.1.1.1
20.1.1.1 30.1.1.1
Receiver Receiver RA RB RC RD
Fig 3.a
Traffic to
group RE RF
224.2.2.2
20.1.1.1 30.1.1.1
10.1.1.1
Fig 3.b
RA RB RC RD
Source
S2
Traffic to RE RF
group
224.2.2.2
20.1.1.1 30.1.1.1
Receiver Receiver
162
Fig 3.c
10.1.3 Multicast Routing Protocols
Multicast routing protocols are responsible for the construction of multicast delivery trees
and enabling multicast packet forwarding. Different IP multicast routing protocols use
different techniques when constructing multicast spanning trees and forward packets.
Routing protocols that flood the entire network regardless of the hosts needs,
are referred to as Dense protocols
Routing protocols that sparsely distribute multicast information throughout the
network, which are referred to as Sparse mode
There are many types of dense mode routing protocols available such as the following:
DVMRP
The Distance Vector Multicast Routing Protocol (DVMRP)
http://www.ietf.org/rfc/rfc1075 is widely used on the MBone (Multicast Backbone)
http://www-mice.cs.ucl.ac.uk/multimedia/projects/mice/mbone_review.html which is
used regularly to provide multicast connectivity across the Internet. Multiple entities can
exchange videoconferencing information as well training and distance learning at very
high speeds. It uses reverse path flooding. When a router receives a packet, it floods the
packet out all paths except the one that leads back to the packet source. DVMRP will
periodically flood packets in order to reach any new hosts that want to receive a
particular group. DVMRP implements its own Unicast routing protocol in order to
determine which interface leads back to the source of the data stream. It is similar to RIP
and it is based on hop count.
MOSPF
Multicast Open Shortest Path First (MOSPF) http://www.ietf.org/rfc/rfc1585 is intended
for use within a single routing domain, such as a network controlled by a single
organization. It is depending on the OSPF Unicast routing protocol. Each router
maintains an up-to-date image of the entire topology. It includes multicast information
on the link state advertisements. MOSPF is best suited for environments that have
relatively few (source, group) pairs active at any given time. Cisco routers do not support
MOSPF.
PIM-DM
The Protocol Independent Multicast (PIM-DM) http://netweb.usc.edu/pim/internet-
drafts/draft-ietf-pim-dm-new-v2-01.txt is similar to DVMRP. This protocol works best
when there are numerous members belonging to each multimedia group. PIM floods the
multimedia packet out to all routers in the network and then prune routers that do not
support members of that particular multicast group.
163
It is most useful when:
senders and receivers are in close proximity to one another
there are few senders and many receivers
the volume of multicast traffic is high
the stream of multicast traffic is constant
it creates a lot of state on the routers as it caches many (S, G)
PIM-SM
The Protocol Independent Multicast http://www.ietf.org/rfc/rfc2362 is based on the
assumption that the multicast group members are sparsely distributed throughout the
network and bandwidth is not necessarily widely available. Sparse mode is optimized for
environments where there are many multipoint data streams.
Instead of flooding the network to determine the status of multicast members, PIM sparse
mode defines a rendezvous point or RP. The RP is configured with multicast addresses
specific to different applications. The RP then announces to the completely multicast
world that it is a candidate RP for some given multicast addresses. The RP also discovers
other candidates RPs in the network, which advertised their own multicast networks.
Cisco implements something called Auto-RP, which is a dynamic way for a router to
announce itself as a candidate RP as well as allow it to discover other group to RP
mappings around the topology from other RPs.
Auto-RP uses Dense mode to flood every Cisco router running IP multicast using Cisco
registered multicast addresses of 224.0.1.39 for announcements and 224.0.1.40 for
discoveries. If a router wants to know about possible candidate RPs, it will join group
224.0.1.39. If a router wants to know about the entire active group to RP mappings in the
network, it will join group 224.0.1.40. Multicast addresses advertised by RPs represent
an application, a video feed, a market data feed, etc. When a sender wants to send data,
the sender first sends to the RP. The RP is once again, the root of the network. When a
receiver wants to receive data, the receiver signals its local router that it wants to join a
specific group advertised by one of the RPs in the network. The local router, called the
first hop router will register with the RP using a Unicast packet, which encapsulates the
multicast information. The RP gets the registration packet, strips away the Unicast
information, leaving the multicast portion intact.
It then starts to create a tree down towards that receiver. Once the first hop router starts
receiving multicast traffic for that specific group the receiver signaled to join, the
registration process stops and a tree is now build between receiver and RP. Once the data
stream begins to flow from the sender to RP to receiver, the routers in the path will
164
optimize the path automatically to remove any unnecessary hops. PIM Sparse mode
assumes that no hosts want the multicast traffic unless they specifically ask for it.
In Sparse mode, a router assumes that other routers do not want to forward multicast
packets for a group unless there is an explicit request for the traffic. Rendezvous points
(RPs) are used by senders to a multicast group to announce their existence and by
receivers of multicast packets to learn about new senders. The RP keeps track of
multicast groups. Hosts that send multicast packets are registered with the RP. The RP
sends join messages toward the source. Packets are then forwarded on a shared
distribution tree. When no RP is known, the packet is flooded in a dense mode fashion.
Sparse mode interfaces are added to the table only when periodic join messages are
received from downstream routers, or when there is a directly connected member on the
interface.
10.1.4 Conclusion
This session was meant to introduce the idea of multicasting on a network and how the
network benefits from having this protocol over it. A very important topic was described,
which summarized the differences between source and shared trees. Understanding these
two tree processes is crucial for the understanding of multicast.
165
Glossary
ABR: Available Bit Rate A type 3 or 4 Asynchronous Transfer Mode Adaptation Layer
(AAL) service designed for non-time-critical applications such as LAN emulation and
LAN internetworking.
Analog: Describes any device that represents changing values by a continuously variable
physical property, such as voltage in a circuit. Analog often refers to transmission
methods developed to transmit voice signals rather than high-speed digital signals.
Application layer: The seventh, or highest, layer in the OSI Reference Model for
computer-to-computer communications. This layer uses services provided by the lower
layers but is completely insulated from the details of the network hardware. It describes
how applications interact with the network operating system, including database
management, electronic mail, and terminal emulation programs.
Asynchronous Transmission: A method of data transmission that uses start bits and stop
bits to coordinate the flow of data so that the time intervals between individual characters
do not need to be equal. Parity also may be used to check the accuracy of the data
received.
Autonomous System: On the Internet, an autonomous system (AS) is the unit of router
policy, either a single network or a group of network that is controlled by a common
network administrator (or group of administrators) on behalf of a single administrative
entity (such as a university, a business enterprise, or a business division). An autonomous
system is also sometimes referred to as a routing domain. An autonomous system is
assigned a globally unique number, sometimes called an Autonomous System Number
(ASN).
166
allow channel sharing. A baseband network can operate over relatively short distances
(up to 2 miles if network traffic is light) at speeds from 50Kbps to 100Mbps. Ethernet,
AppleTalk, and most PC local-area networks (LANs) use baseband techniques.
BGP: Border Gateway Protocol a routing protocol designed to replace EGP (External
Gateway Protocol) and interconnect organizational networks. BGP, unlike, EGP,
evaluates each of the possible routes for the best one.
Bit: A bit (short for binary digit) is the smallest unit of data in a computer. A bit has a
single value, either 0 or 1.
BPDU: Acronym for bridge protocol data unit. BPDUs are data messages that are
exchanged across the switches within an extended LAN that uses a spanning tree protocol
topology. BPDU packets contain information on ports, addresses, priorities and costs and
ensure that the data ends up where it was intended to go. BPDU messages are exchanged
across bridges to detect loops in a network topology. The loops are then removed by
shutting down selected bridge interfaces and placing redundant switch ports in a backup,
or blocked, state.
Bridge: It is a device that connects a local area network (LAN) with another local area
network that uses the same protocol (for example Ethernet or token ring). Bridges learn
which addresses are on which network and develop a learning table so that subsequent
messages can be forwarded to the right network.
Buffer: A buffer is a data area shared by hardware devices or program processes that
operate at different speeds or with different sets of priorities. The buffer allows each
device or process to operate without being held up by the other. In order for a buffer to be
effective, the size of the buffer and algorithms for moving data into and out of the buffer
need to be considered by the buffer designer. Like a cache, a buffer is a midpoint holding
place but exists no so much to accelerate the speed of an activity as to support the
coordination of separate activities.
Bus: A bus is a transmission path on which signals are dropped off or picked up at every
device attached to that line. Only devices addressed by the signals pay attention to them;
the others discard the signals.
167
of available Internet addresses has been greatly increased. CIDR is now the routing
system used by virtually all gateway hosts on the Internets backbone network. The
Internets regulating authorities now expect every Internet service provider (ISP) to use it
for routing.
Contention: A type of network protocol that allows nodes to contend for network access.
That is, two or more nodes may try to send messages across the network simultaneously.
The contention protocol defines what happens when this occurs. The most widely used
contention protocol is CSMA/CD, used by Ethernet.
Convergence: The time it takes for a router to update its routing tables.
Counting to Infinity: In distance vector routing (like RIP) a condition can be reached
when destination networks which become unreachable will be advertised with increased
distance until their distance reaches infinity. To speed up this process, infinity is set to
16.
CPU: Central Processing Unit is an older term for processor and microprocessor, the
central unit in a computer containing the logic circuitry that performs the instructions of a
computers programs.
CSMA/CD: Carrier Sense Multiple Access/Collision Detect is the protocol for carrier
transmission access in Ethernet networks. On Ethernet, any device can try to send a frame
at any time. Each device senses whether the line is idle and therefore available to be used.
If it is, the device begins to transmit its first frame. If another device has tried to send at
the same time, a collision is said to occur and the frames are discarded. Each device then
waits a random amount of time and retries until successful in getting its transmission
sent.
CSU/DSU: Channel Service Unit/Data Service Unit is a hardware device about the size
of an external modem that converts a digital data frame from the communications
168
technology used on a local area network (LAN) into a frame appropriate to a wide-area
network (WAN) and vice versa.
Dark Fiber: Optical fiber infrastructure (cabling and repeaters) that is currently in place
but is not being used. Dark fiber service is service provided by local exchange carriers
(LECs) for the maintenance of optical fiber transmission capacity between customer
locations in which the light for the fiber is provided by the customer rather than the LEC.
Data link layer: The second of seven layers of the OSI Reference Model for computer-
to-computer communications. The data-link layer validates the integrity of the flow of
data from one node to another by synchronizing blocks of data and controlling the flow
of data. The Institute of Electrical and Electronic Engineers (IEEE) has divided the data-
link layer into two other layers--the logical link control (LLC) layer sits above the media
access control (MAC) layer.
Datagram Packet switching: Refers to protocols in which messages are divided into
packets before they are sent. Each packet is then transmitted individually and can even
follow different routes to its destination. Once all the packets forming a message arrive at
the destination, they are recompiled into the original message.
Digital: Electronic technology that generates, stores, and processes data in terms of two
states, positive and non-positive. Positive is expresses or represented by the number 1 and
non-positive by the number 0. Thus, data transmitted or stored with digital technology is
expressed as a string of 0s and 1s. Each of these state digits is referred to as a bit.
Distance Vector Algorithm: The distance vector routing protocol was invented by
Bellman in 1957 and then by Ford and Fulkerson in 1962. Routers that use the same
distance vector routing protocol can only exchange routing updates if they are separated
by a single physical network. Routing updates using distance vector algorithms are
periodic. Every route entry is sent during the update period. There is less CPU
processing required as routing updates are done only between peers. However,
convergence time is much longer.
169
DVMRP: Distance Vector Multicast Routing Protocol is the oldest routing protocol that
has been used to support multicast data transmission over networks. The protocol sends
multicast data in the form of Unicast packets that are reassembled into multicast data at
the destination.
EIGRP: Enhanced Interior Gateway Routing Protocol is a network protocol that lets
routers exchange information more efficiently than the earlier network protocols. EIGRP
evolved from IGRP (Interior Gateway Routing Protocol) and routers using either EIGRP
or IGRP can interoperate because the metric used with one protocol can be translated into
the metrics of the other protocol.
Encryption: Encryption is the conversion of data into a form, called a cipher text, which
cannot be easily understood by unauthorized people.
Extranet: An extranet is a private network that uses the Internet Protocol and the public
telecommunication system to securely share part of a businesss information or
operations with suppliers, vendors, partners, customers, or other businesses.
File Transfer Protocol: Abbreviated FTP. The TCP/IP Internet protocol used when
transferring single or multiple files from one computer system to another.
FTP uses a client/server model, in which a small client program runs on your computer
and accesses a larger FTP server running on an Internet host. FTP provides all the tools
needed to look at directories and files, change to other directories, and transfer text and
binary files from one system to another.
170
and the Internet.A firewall provides a single point of entry where security can be
concentrated. It allows access to the Internet from within the organization and provides
tightly controlled access from the Internet to resources on the organization's internal
network.
Frame : A block of data suitable for transmission as a single unit; also referred to as a
packet or a block. Some media can support multiple frame formats.
171
Hardware Address: The address assigned to a network interface card (NIC) by the
original manufacturer or by the network administrator if the interface card is
configurable. This address identifies the local device address to the rest of the network
and allows messages to find the correct destination. Also known as the physical address,
media access control (MAC) address, or Ethernet address.
High Data Link Control: Abbreviated HDLC. An international protocol defined by the
ISO (International Organization for Standardization), included in CCITT X.25 packet-
switching networks. HDLC is a bit-oriented, synchronous protocol that provides error
correction at the data-link layer. In HDLC, messages are transmitted in variable-length
units known as frames.
Header : In a data transmission, the header may contain source and destination address
information, as well as other control data.
Hexadecimal System : Abbreviated hex. The base-16 numbering system that uses the
digits 0 through 9, followed by the letters A through F, which are equivalent to the
decimal numbers 10 through 15. Hex is a convenient way to represent the binary numbers
that computers use internally because it fits neatly into the 8-bit byte. All the 16 hex
digits 0 through F can be represented in 4 bits, and 2 hex digits (1 digit for each set of 4
bits) can be stored in a single byte. This means that 1 byte can contain any one of 256
different hex numbers, from 0 through FF.
Hot Standby Routing Protocol: Is a proprietary protocol from Cisco. HSRP is a routing
protocol that provides backup to a router in the event of failure. Using HSRP, several
routers are connected to the same segment of an Ethernet, FDDI or token-ring network
and work together to present the appearance of a single virtual router on the LAN. The
routers share the same IP and MAC addresses, therefore in the event of failure of one
router, the hosts on the LAN are able to continue forwarding packets to a consistent IP
and MAC address. The process of transferring the routing responsibilities from one
device to another is transparent to the user.
Hyper Text Protocol : Abbreviated HTTP. The command and control protocol used to
manage communications between a Web browser and a Web server. When you access a
Web page, you see a mixture of text, graphics, and links to other documents or other
Internet resources. HTTP is the mechanism that opens the related document when you
select a link, no matter where that document is located.
Hub: A device used to extend a network so that additional workstations can be attached.
There are two main types of hubs:
Active hubs amplify transmission signals to extend cable length and ports.
Passive hubs split the transmission signal, allowing additional workstations to be
added, usually at a loss of distance.
172
In some star networks, a hub is the central controlling device.
Interior Gateway Protocol: Abbreviated IGP. The protocol used on the Internet to
exchange routing information between routers within the same domain.
Internet Protocol: Abbreviated IP, IP version 4, and IPv4. The session-layer protocol
that regulates packet forwarding by tracking addresses, routing outgoing messages, and
recognizing incoming messages in TCP/IP networks and the Internet.
IP Multicast: An Internet standard that allows a single host to distribute data to multiple
recipients. IP multicasting can deliver audio and video content in real time so that the
person using the system can interact with the data stream. A multicast group is created,
and every member of the group receives every datagram. Membership is dynamic; when
you join a group, you start to receive the data stream, and when you leave the group, you
no longer receive the data stream.
173
switching hardware. The IP protocol stack is implemented on ATM hardware, allowing
the system to adapt dynamically to the flow requirements of the network traffic as
defined in the packet header. A technique that uses network-layer protocols which
provide routing services to add capabilities to layer 2 switching. IP switching locates
paths in a network by using routing protocols and then forwards packets along that route
at layer 2. IP switching is designed for networks that use switches rather than networks
built around repeater hubs and routers.
Intranet: A private corporate network that uses Internet software and TCP/IP networking
protocol standards. Many companies use intranets for tasks as simple as distributing a
company newsletter and for tasks as complex as posting and updating technical support
bulletins to service personnel worldwide. An intranet does not always include a
permanent connection to the Internet.
Link State Algorithm: A routing algorithm in which each router broadcasts information
about the state of the links to all other nodes on the internetwork. This algorithm reduces
routing loops but has greater memory requirements than the distance vector algorithm.
Logical Link Control: Abbreviated LLC. The upper component of the data-link layer
that provides data repackaging functions for operations between different network types.
The media access control is the lower component that gives access to the transmission
medium itself.
Media Access Control: Abbreviated MAC. The lower component of the data-link layer
that governs access to the transmission medium. The logical link control layer is the
upper component of the data-link layer. MAC is used in CSMA/CD and token-ring LANs
as well as in other types of networks.
Mask: A binary number that is used to remove bits from another binary number by use of
one of the logical operators (AND, OR, NOT, XOR) to combine the binary number and
the mask. Masks are used in IP addresses and file permissions.
174
Modem: Contraction of modulator/demodulator; a device that allows a computer to
transmit information over a telephone line. The modem translates between the digital
signals that the computer uses and analog signals suitable for transmission over telephone
lines. When transmitting, the modem modulates the digital data onto a carrier signal on
the telephone line. When receiving, the modem performs the reverse process to
demodulate the data from the carrier signal. Modems usually operate at speeds up to
56Kbps over standard telephone lines and at higher rates over leased lines.
Network layer: The third of seven layers of the OSI Reference Model for computer-to-
computer communications. The network layer defines protocols for data routing to ensure
that the information arrives at the correct destination node and manages communications
errors.
Octet: The Internet's own term for a unit of data containing exactly eight bits. Some of
the computer systems attached to the Internet use bytes with more than eight bits; hence,
the need for this term.
175
Open Systems Interconnect: A networking reference model defined by the ISO
(International Organization for Standardization) that divides computer-to-computer
communications into seven connected layers. Such layers are known as a protocol stack.
Open Shortest Path First: Abbreviated OSPF. A routing protocol used on TCP/IP
networks that takes into account network loading and bandwidth when routing
information over the network. Routers maintain a map of the network and swap
information on the current status of each network link. OSPF incorporates least-cost
routing, equal-cost routing, and load balancing.
Packet: Any block of data sent over a network or communications link. Each packet may
contain sender, receiver, and error-control information, in addition to the actual message,
which may be data, connection management controls, or a request for a service. Packets
may be fixed- or variable-length, and they will be reassembled if necessary when they
reach their destination. The actual format of a packet depends on the protocol that creates
the packet; some protocols use special packets to control communications functions in
addition to data packets.
Physical layer: The first and lowest of the seven layers in the OSI Reference Model for
computer-to-computer communications. The physical layer defines the physical,
electrical, mechanical, and functional procedures used to connect the equipment.
Presentation layer: The sixth of seven layers of the OSI Reference Model for computer-
to-computer communications. The presentation layer defines the way in which data is
formatted, presented, converted, and encoded.
Protocol: In networking and communications, the formal specification that defines the
procedures to follow when transmitting and receiving data. Protocols define the format,
timing, sequence, and error checking used on the network.
176
Repeater: A simple hardware device that moves all packets from one local-area network
segment to another by regenerating, retiming, and amplifying the electrical signals. The
main purpose of a repeater is to extend the length of the network transmission medium
beyond the normal maximum cable lengths.
Router: An intelligent connecting device that can send packets to the correct LAN
segment to take them to their destination. Routers link LAN segments at the network
layer of the OSI Reference Model for computer-to-computer communications. The
networks connected by routers can use similar or different networking protocols.
Storage Area Network: Abbreviated SAN. A method used to physically separate the
storage function of the network from the data-processing function. SAN provides a
separate network devoted to storage and so helps to reduce network traffic by isolating
large data transfers such as backups. Most of the SAN vendors, including StorageTek and
Compaq, use a Fibre Channel-based SAN system, although IBM has proposed a
proprietary architecture.
Script: A small program or macro invoked at a particular time. For example, a login
script may execute the same specific set of instructions every time a user logs in to a
network. A communications script may send user-identification information to an
Internet Service Provider (ISP) each time a subscriber dials up the service.
Server: Any computer that makes access to files, printing, communications, and other
services available to users of the network. In large networks, a dedicated server runs a
special network operating system; in smaller installations, a non-dedicated server may
177
run a personal computer operating system with peer-to-peer networking software running
on top. A server typically has a more advanced processor, more memory, a larger cache,
and more disk storage than a single-user workstation. A server may also have several
processors rather than just one and may be dedicated to a specific support function such
as printing, e-mail, or communications. Many servers also have large power supplies,
UPS (uninterruptible power supply) support, and fault-tolerant features, such as RAID
technology. On the Internet, a server responds to requests from a client, usually a Web
browser.
Session layer: The fifth of seven layers of the OSI Reference Model for computer-to-
computer communications. The session layer coordinates communications and maintains
the session for as long as it is needed, performing security, logging, and administrative
functions.
Sniffer is also the name of a network analyzer product from Network General.
178
Source address: The portion of a packet or datagram that identifies the sender.
Spanning Tree Algorithm: A technique based on the IEEE 802.1 standard that finds the
most desirable path between segments of a multilooped, bridged network. If multiple
paths exist in the network, the spanning tree algorithm finds the most efficient path and
limits the link between the two networks to this single active path. If this path fails
because of a cable failure or other problem, the algorithm reconfigures the network to
activate another path, thus keeping the network running.
Split Horizon: The split horizon rule forbids a route to advertise a network prefix via the
interface from which it learned of the prefix.
Stack: A set of network protocol layers that work together. The OSI Reference Model
that defines seven protocol layers is often called a stack, as is the set of TCP/IP protocols
that define communication over the internet.
Star topology: A network topology in the form of a star. At the center of the star is a
wiring hub or concentrator, and the nodes or workstations are arranged around the central
point representing the points of the star. Wiring costs tend to be higher for star networks
than for other configurations, because each node requires its own individual cable. Star
networks do not follow any of the IEEE standards.
Store and Forward: A method that temporarily stores messages at intermediate nodes
before forwarding them to the next destination. This technique allows routing over
networks that are not available at all times and lets users take advantage of off-peak rates
when traffic and costs might be lower.
Subnet: A logical network created from a single IP address. A mask is used to identify
bits from the host portion of the address to be used for subnet addresses.
Switch: Is a device that filters and forwards packets between LAN segments. Switches
operate at the data link layer (layer 2) and sometimes the network layer (layer 3) of the
OSI Reference Model and therefore support any packet protocol. LANs that use switches
to join segments are called switched LANs or, in the case of Ethernet networks, switched
Ethernet LANs.
179
intervals. Timing must be controlled precisely on the sending and the receiving
computers. Special characters are embedded in the data stream to begin synchronization
and to maintain synchronization during the transmission, allowing both computers to
check for and correct any variations in timing.
Telnet: A terminal emulation protocol, part of the TCP/IP suite of protocols and
common in the Unix world, that provides remote terminal-connection services. The most
common terminal emulations are for Digital Equipment Corporation (DEC) VT-52, VT-
100, and VT-220 terminals, although many companies offer additional add-in emulations.
Token Ring network: A LAN with a ring structure that uses token passing to regulate
traffic on the network and avoid collisions. On a token-ring network, the controlling
network interface card generates a token that controls the right to transmit. This token is
continuously passed from one node to the next around the network. When a node has
information to transmit, it captures the token, sets its status to busy, and adds the message
and the destination address. All other nodes continuously read the token to determine if
they are the recipient of a message. If they are, they collect the token, extract the
message, and return the token to the sender. The sender then removes the message and
sets the token status to free, indicating that it can be used by the next node in sequence.
Transmission Medium : The physical cabling used to carry network information, such
as fiber-optic, coaxial, shielded twisted-pair (STP), and unshielded twisted-pair (UTP)
cabling.
Transport layer: The fourth of seven layers of the OSI Reference Model for computer-
to-computer communications. The transport layer defines protocols for message structure
and supervises the validity of the transmission by performing some error checking.
Tree topology: A tree topology combines characteristics of linear bus and star
topologies. It consists of groups of star-configured workstations connected to a linear bus
backbone cable.
180
Unicast: The broadcast of individual audio or video signals from a server to individual
clients to provide an on-demand video service.
181
About the Author
Andres Rengifo obtained his undergraduate degree in Electrical
Engineering from the City College of New York in 1992. He holds a
Masters degree in Educational Computing from Stony Brook University
and it is currently enrolled in an Instructional Technology and
Distance Education Ph.D. program at Nova Southeastern University. He
has over 15 years experience in data networking ranging from operation
support, implementations, network engineering, and architecture.
Andres has spent his entire professional career in the financial
industry providing solutions to customers and clients using multiple
technologies such as multicast, TCP/IP and various other network
protocols. Currently, he is a vice president at Barclays Capital under
the Infrastructure Engineering and Support group. His main interest
revolves around routing protocols and data center architectures. In
addition to his busy career he is also an Adjunct Assistant Professor
at New York University's School of Continuing and Professional Studies,
Information Technologies Institute were he teaches Internetworking
Fundamentals.
182