basic networking course

1

© Luxoft Training 2012

1


Click to edit the outline text format

Second Outline Level Third Outline Level

Fourth Outline Level Fifth Outline Level Sixth Outline Level

Seventh Outline LevelClick to edit Master text styles

Basic Networking Course

Cristina Pauna2012

2


Agenda

History of telecommunications Basic telecommunication notions OSI and TCP/IP models MAC & VLAN Particularities STP ARP, RARP, InARP ICMP DHCP Routing Table Host Table DNS VRRP IP Multicast & Anycast

3


History of telecommunications

What was the first telecom system?

What was the first network?

How did the Internet appeared?

What is a RFC?

What does Ethernet mean?

4


Basic telecommunication notions

What do datagram, encapsulation, fragmentation and multiplexing mean?

What is the difference between port, protocol and socket?

What is the difference between a host, hub, switch and router?

What does a default gateway do?

What is the difference between LAN and VLAN

5


OSI Model

Open System Interconnect reference model is a basic architectural model that provides a common reference for discussing communications

6


TCP/IP Model

The layers of this model are not as rigidly defined as those from OSI model

Each layer in the stack adds control information to ensure properly delivery, called header

7


TCP/IP Model

When encapsulating the information from the upper layer, the previous header becomes data for the current layer

8


Internet Protocol It's a connectionless protocol It relies on other layers to provide error detection and error

recovery for the data - only header checksum is done It routes datagrams to remote hosts It performs fragmentation an re-assembly of datagrams

9


TCP vs UDP

10


MAC & VLAN particularities

The MAC address is an unique identifier of network interfaces used to communicate at physical level

If the multicast bit is set, the packet is sent to all nodes in the subnet

The broadcast MAC address ff:ff:ff:ff:ff:ff is a reserved L2 multicast address

11



The Ethernet header has different formats, depending on standard

Below is illustrated the Ethernet II frame containing the destination and source MAC address and the type of protocol

12



A VLAN can include one or more ports The IP assigned to a VLAN is not associated with any

particular physical port; the IP can be reached through any of the VLAN ports

The mapping between a port and its mac is contained in the MAC address table

13



When a frame is received for a unknown MAC destination address, the frame is flooded to the same VLAN except for the ingress port

When the destination station replies, the relevant MAC source address and ID are added to the table

The next time a frame is sent to that destination, it is directly sent to the correspondent port

MACs usually have an aging time after which are removed from the table, if they are unused for that amount of time

14



A physical port can belong to multiple VLANs To differentiate to which VLAN a packet is destined,

an encapsulation dot1q is added to the packet at source

This process is called VLAN tagging and it offers the possibility to create different broadcast domains for the same host.

15


Spanning Tree Protocol

STP is useful to prevent broadcast storms

If there's a loop in the network and a broadcast packet is sent, it will be replicated and multiplied infinitely throughout the network

STP detects and eliminates logical loops in a bridged or switched VLAN

When such a loop is detected some ports are shut down, to stop receiving any potential flooding traffic

16



17



It controls path redundancy by enabling only the most efficient path

The collection of ports in one spanning tree instance is called a group (STG) and each group is independent

Untagged ports can belong only to one STG while tagged ports can belong to more than one STG

STP nodes communicate with each other using BPDU (Bridge Protocol Data Unit) messages to gather information about MAC, IP, priority, cost, etc

18


ARP

The ARP table maps the IP address to the physical network address (MAC)

On a host it can be displayed with the command arp -n

19


ARP

On a router there's a distinctions between the MAC addresses of the local interfaces and the MAC addresses of remote interfaces

20


ARP

The table is built dynamically through the following process below

21


ARP

22


ARP

Gratuitous ARP– Is either a request that needs no reply, either a reply to

which no request was made– Is useful to detect IP conflicts and to update other

machines' ARP table– is usually sent when the interface comes up

23


RARP

RARP is used by hosts (diskless workstations) to dynamically find their IP when they only know their MAC

A server on the network has the mapping between IPs and MACs and it replies to RARP requests if the mapping is found in its database

On Linux, the mapping is held in file /etc/ethers It uses the same packet format as ARP but with different

option codes: 3 (request reverse) and 4 (reply reverse) The request is broadcasted and the reply unicasted It is obsoleted by BootP and DHCP

24


InARP

InARP is used to determine the IP of another node from its MAC

The request (as well as the reply) is unicasted because the MAC of the destination is known

A host that receives an InArp request assumes it is destined for itself and it replies to the originator of the request

InArp uses the same packet format as ARP but with option codes 8 (Request) and 9 (Reply)

It is used in Frame Relay and ATM networks

25


ICMP

It is part of IP protocol and it sends messages that perform control, error reporting and informational functions for TCP/IP

ICMP errors are directed to the source IP address of the originating packet

ICMP messages are usually processed as a special case, distinguished from normal IP processing, rather than processed as a normal sub-protocol of IP

It operates based on a type and code in order to identify the problem reported

26


ICMP

Flow control: if datagrams come too fast to be processes the destination host or an intermediate gateway sends an ICMP Source Quench message back to the sender

Detecting unreachable destinations: when a destination is unreachable, the system detecting the problem sends a Destination Unreachable message to the datagram's source

27


ICMP

Checking remote hosts: an Echo Request is used to see if a remote system's Internet Protocol is up and operational; an Echo Reply is sent back by the receiving host

28


ICMP

Redirecting routes: a gateway sends a Redirect Message to tell a host to use another gateway, presumably because is a better choice

This message can be used only when the source host is on the same network as both gateways

Other types of control packets check time to live, timestamp, IP header, etc

29


The IP Address

An IP Address has a network part and a host part The class is given by the first octets in the IP: the first

three classes A, B and C are used for addressing while the last two classes D and E are reserved for multicast and experimental purposes

30


The IP Address

The standard structure of an IP address can be locally modified by using host address bits as additional network bits

This creates additional networks and reduces the number of hosts

These newly designed network bits define a network within a larger network and it is called a subnet

The number of bits used for defining the network are called a subnet mask (ex: 10.1.1.1/24 means that 24 bits are used for network and 8 are used for hosts

31


The IP Address

An address with all host bits set to 0 is used to refer to the whole subnet

An address that has all the host bits set to 1 is called a broadcast address

A packet sent to a broadcast address will be sent to all the nodes in the subnet

32


DHCP

DHCP is used to assign an IP address to a host and to configure various parameters

It is based on a client-server model In order to have one server that responds to multiple

subnets, a relay agent can be configured on each subnet

33


DHCP

An IP can be allocated through DHCP using three different mechanisms: – automatic allocation: assigns a permanent IP– dynamic allocation: assigns an IP for a limited period

of time– manual allocation: assigns an IP to a specific host

Binding refers to the collection of configuration parameters which has to include at least an IP address

Lease refers to the amount of time for which a client can use the assigned IP

34


DHCP

35


DHCP

A DHCP Client: When it is initialized it sends a broadcast message to

discover the servers in the network It waits for offers for some time and then chooses one that

suits it best It broadcasts a request for the chosen address After the acknowledgement is received it configures the IP

and sets the timers depending on the lease received Before the lease expires it tries to extend its lease by

sending a renew message to the server which gave the address

If the server fails to respond, it will broadcast a rebind message, trying to reach any server

36


DHCP

37


DHCP

A DHCP Server: Processes incoming DHCP messages from a client based

on the current state of the binding for that client

Does not have to reply to all request

Does not have to assign the address requested by a client and it may choose to not allocate an address to a client even if it has available addresses

Does not have to assign the client's address from the same subnet as the relay if 'giaddr' is present

38


DHCP

39


DHCP

A relay agent receives a DHCP messages as a final destination and then generate new messages as a result rather than simply forwarding it

In case of the relay running on a router, it will accept packets from network 0

A relay should be configurable and must be disabled by default

Servers to which the packets are relayed are configurable, as well as the way of transmitting the packet (unicast or broadcast)

40


DHCP

41


DHCP

Practical example with and without a Relay Agent

42


Routing Table

Network devices make routing decisions based on the local routing table which can be built by the system administrator (static routes) or by routing protocols (RIP, BGP, OSPF)

All the gateways that appear in a routing table are on networks directly linked to the local system

A routing table does not contain end-to-end routes, it only shows the next hop to a destination

In linux commands route -n or netstat -nr will display the routing table

43


Routing Table

For most hosts the routing decisions are:– If the destination is on the local network, send the data

directly to it– If the destination is on a remote network and a route to that

network exists, send it to the specified gateway– If the destination is on a remote network and the routing

table has no entry, send it to the default gateway

44


Routing Table

A router can cave multiple routes to the same destination, that come from different sources

If there are more routes to the same destination, learned by different protocols, they are more or less preferred depending on the Administrative Distance

45


Routing Table

To route a packet to the next-hop the following process is followed:

– Search the destination IP in RTM– If a route is not found, drop the packet– If a route is found, retrieve the MAC of the next-hop– If the MAC of next-hop is not in ARP, send ARP

request to resolve the address– When the MAC of the next-hop is available, put the

MAC in the destination field at L2 and send the packet to the correspondent physical port

46


Routing Table

The routing process is illustrated below

47


Routing Table

Theoretical example on the following topology:

48


Routing Table

A destination can have multiple next-hops within the same routing protocol thus creating multiple routes to the same destination through a single protocol

The metric of a route refers to the value used by a routing protocol to determine if a route is better than another

The best path goes into FIB (Forwarding Information Base)

To filter the routes that go into the routing table, Route policies can be defined to both remove or add routes to the RTM

49


Routing Table

An Autonomous System (AS) is a network or a group of networks controlled by one or more administrators on behalf of a single administrative entity

An AS has a clearly defined routing policy and it is identified by an unique number (ASN)

An AS can be a university, a business enterprise or a Internet provider

A routing policy refers to several rules that control the routing behavior within the AS

50


Routing Table

The dynamic protocols that are populating the routing table are divided in four categories:

Distance vector:– RIP: it determines the best route based on number of

hops to destination– IGRP: it and supports multiple metric for each route,

like bandwidth, delay, load, MTU and reliability

Path vector:– BGP: it makes routing decisions based on path,

network policies and/or rule-sets and it is used for communication between Autonomous Systems

51


Routing Table

Link-state:– OSPF: constructs a topology map of the network

containing link-state information; the routing decision is based on the destination IP in the packet

– IS-IS: it is similar to OSPF, but the routing decisions are made at L2

Hybrid:– EIGRP: it is based on IGRP but uses some non

distance-vector techniques to compute the best routes such as discover adjacent routers using hello packets

52


Host Table

It associates an IP address with host names More than one name (aliases) can be defined for the same

IP The host table is mainly used on systems that don't run

DNS Even if DNS is used, a host table should be kept with the

localhost and essential gateways and servers in the network, as a backup

By default, the host table is used first: if the needed IP is found in the host table, then there is no need for a DNS query

On UNIX systems the host table is kept in /etc/hosts

53


DNS

Names are assigned to devices because they are easier to remember and type correctly, compared to IP addresses

DNS associates a domain name with the IP of networking devices connected to the Internet

A DNS query can either a recursive or a non-recursive query; DNS servers are not required to support recursive queries

DNS is based on the notions of Local Server, Remote Server and Authoritative Server

54


DNS

An authoritative server is any server that is responsible for maintaining accurate information about a domain

A server that is not authoritative caches the answers received and can reply itself the next time a query is made to the cached name

55


DNS

In a recursive search the remote server follows the pointers itself and returns a final answer to the local server

In a non-recursive query the remote server tells the local server who to ask next; the local server must follow the pointers itself

56


DNS

At the top DNS has a root domain that is served by a group of name servers called root servers

A new subdomain becomes available when pointers to the servers for the new domain are placed in the domain above

57


DNS

The notions domain and subdomain are relative to its position in the tree

Usually a default domain is defined for its subdomains

A zone contains all domain names from a certain point downward in the domain tree except those which are delegated to other zones

A zone can map exactly to a single domain, but could also include only part of a domain, the rest of which could be delegated to other name servers

58


DNS

59


DNS

60


VRRP

VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN

The VRRP router controlling the address associated with a virtual router is called the Master, and forwards packets sent to this address

The election process provides dynamic fail over in the forwarding responsibility should the Master become unavailable

The advantage gained from using VRRP is a higher availability default path without requiring configuration of dynamic routing or router discovery protocols on every end-host

61


VRRP

The master sends VRRP Advertisements to notify the backups that it is still up, and the configuration it has

62


VRRP

Each router has a priority assigned from 1 to 255; the VRRP router with the highest priority is elected master

VRRP is Address Owner if the router has the IP of the physical interface; an address owner will always have priority of 255

If the VRRP routers have the same priority, the one with the biggest physical IP address is elected master

The backup VRRP does not forward packets; it only waits in standby for VRRP advertisements

If the backup does not receive any advertisement in a configurable amount of time, then it takes ownership and becomes master

63


VRRP

Each VRRP router works on a state machine

64


VRRP

Below is an example of VRRP configuration

65


VRRP

Practical example of forwarding packets using VRRP

66


IP Multicast

IP multicast transmits messages to multiple recipients at the same time

Instead of sending individual packets to each destination, a single packet is sent to a multicast group, which then multiplies the packet and sends it to many receivers

It is similar to broadcasting in a subnet, except that multicasting transmits to specific groups and broadcasting transmits to all receivers on a network

It saves a considerable amount of bandwidth because it transmits only one stream of data to the network

67


IP Multicast

68


IP Multicast

Protocols that are implemented for multicast are: Internet Group Management Protocol (IGMP) – learns the

existence of host group members on directly attached subnets

Protocol Independent Multicast (PIM) – provides one-to-many and many-to-many distribution of data over a LAN, WAN or the Internet

Distance Vector Multicast Routing Protocol (DVMRP) – facilitates the transportation of IP Multicast packets among networks; it generates a routing table with the multicast group of which it knows the correspondent distances

69


IP Multicast

The collection of receivers of multicast datagrams is called a host group

Each host group uses a unique multicast address. To reach all members of the group, a sender uses the multicast address as the destination address of the datagram

Receivers who are interested in receiving the data can program their computers to listen for data that has these addresses by joining to a group

70


IP Multicast

An IP version 4 multicast address is a Class D address (the high-order bits are 1110) from 224.0.0.0 to 239.255.255.255

Some multicast addresses are reserved for particular purposes (well-known multicast addresses) such as 224.0.0.5 – all OSPF routers

Multicast routers do not forward datagrams with addresses in range 224.0.0.1 to 224.0.0.255 because the time-to-live (TTL) value for the packet is usually 1

71


IP Multicast

The IP multicast MAC address prefix is always 01:00:5e, which identifies the frame as a multicast frame, and the next bit is always 0

The next 23 bits are populated with the 23 least significant bits of the IPv4 multicast address

This means that 32 different addresses can be mapped to the same MAC (Ex. 224.8.8.5 and 229.136.8.5 both have the multicast MAC 01:00:05:08:08:05)

If two multicast streams share the same MAC in the network, the filtering is done by the higher-level protocols

72


Anycast

With anycast a datagram from a single sender is routed to the topologically nearest node in a group of potential receivers all identified by the same destination address

It is a one-to-one-of-many association

To distribute a service using anycast, the service is first associated with an IP address called Service Address

The reachability to that address is advertised in a routing system from multiple, independent service nodes

73


References

RFC's– 826 (Address Resolution Protocol)– 2131 (Dynamic Host Configuration Protocol)– 1035 (Domain Names)– 3768 (Virtual Router Redundancy Protocol)– 4786 (Operation of Anycast Services)

Man pages for BIND “TCP/IP Network Administration”, Author: Craig Hunt Cisco technical documentation www.wikipedia.com

74


74


Thank you!

Q&A

75


Annex A - Answers to questions in this presentation

1. What was he first telecom system? R: Smoke and drum signals used since ancient times 2. What was the first network? R: ARPANET was built in the 60's and initially had four nodes

connected. The first letters transmitted in 1969 were “lo” from “login” from Los Angeles to Stanford. By 1981 ARPANET had 213 nodes and it was formally closed in 1990

3. How did the Internet appeared? R: ARPANET was split in two in 1983 and the term “Internet” was used

to refer to both networks. 4. What is a RFC? R: A Request For Comments is a document published by IETF in which

are described methods and behaviors applicable to the working of the Internet. The first RFC described

76



5. What does Ethernet mean? R: Ethernet is a family of network technologies for LAN that provides

services up to and including the data link layer as per the OSI model. MAC addressing is one of the most known features of Ethernet.

6. What do datagram, encapsulation, fragmentation and multiplexing mean?

R: A datagram is the packet format defined by Internet Protocol. Encapsulation refers to the addition of delivery information (headers) at each layer to the data received from the layer above. If a datagram is too large to be processed by a device (exceeds MTU), the source of the packet divides it into smaller fragments for transmission; this process is called fragmentation. Multiplexing refers to delivering the data to the correct software module within a host by using protocol and port numbers.

77



7. What is the difference between port, protocol and socket? R: The notion port can refer to both a physical I/O entry (Ex: port 5/1)

or to an u nique number within a transport layer protocol that identifies an application (Ex: DHCP uses ports 67 and 68). On Unix systems port numbers for applications are defined in /etc/services file.

A protocol is a number used by Internet Protocol to identify transport protocols such as ICMP (1), TCP(6) or UDP (17). The protocol numbers can be seen in /etc/protocols file.

A socket is a combination of an IP address and a port number which uniquely identifies a single network process within the entire Internet. A pair of sockets – one for the sending and one for the receiving host – defines the connection for connection-oriented protocols such as TCP (Ex. 172.20.10.170.23 - telnet connection; 172.20.10.170.2233 – dynamically assigned port number).

78



8. What is the difference between a host, hub, switch and router? R: A host is a computer connected to a network that can offer

information, services and and applications to users or other nodes on the network.

A hub is a L1 device that floods an incoming packet to all ports except the ingress port.

A switch bridges traffic within a subnet; it sends packets only to the destination identified by the MAC address specified in the Ethernet header. This is a L2 device

A router forwards traffic between networks using the IP address to decide the destination thus being a L3 device.

9. What is a default gateway? A gateway is router that serves as an access point to another network.

A host sends a packet to the default gateway when it does not have the IP address of the destination in its routing table.

79



10. What is the difference between LAN and VLANR: One of the main difference between the two is that a LAN is limited to

the physical location of the nodes in the network, while the VLAN can have members in different physical locations and still be in the same subnet. Also, by configuring more VLANs on a switch you can use one physical device to act as more devices.

80


Annex B – Details about DHCP

In init state the client broadcasts a DHCPDISCOVER message on the local physical subnet

In selecting state the client waits for offers In requesting state the client chose an offer and requests the

chosen IP In bound state the client has an IP assigned and participates to

traffic In renewing state the client tries to extend its lease from the

server who originally gave the IP In rebinding state the client tries to extend its lease from any

server In rebooting/ init-reboot state the client directly requests the IP

it was previously assigned

81


DHCP

82



Example of tool: ISC dhclient In order to keep track of leases across system reboots and

server restarts, dhclient keeps a list of leases it has been assigned in the dhclient.leases file

On startup, after reading the dhclient.conf file, dhclient reads the dhclient.leases file to refresh its memory about what leases it has been assigned

When a new lease is acquired, it is appended to the end of the dhclient.leases file

When all attempts to contact a DHCP server have failed, dhclient will try to validate the static lease, and if it succeeds, will use that lease until it is restarted

83



When receiving a discover message the server follows the logic below

84



When receiving a request, the server either confirms the binding with an ACK or retrieves it offer with an NAK

85



Example of tool: ISC dhcpd On startup, dhcpd reads the dhcpd.conf file and stores a list of

available addresses on each subnet in memory In order to keep track of leases across system reboots and

server restarts, dhcpd keeps a list of leases it has assigned in the dhcpd.leases file

Whenever changes are made to the dhcpd.conf file, dhcpd must be restarted

The names of the network interfaces on which dhcpd should listen for broadcasts may be specified on the command line.

If no interface names are specified on the command line dhcpd will identify all network interfaces which are up, eliminating non-broadcast interfaces if possible, and listen for DHCP broadcasts on each interface.

86


Annex C – Details about DNS

BIND (Berkeley Internet Name Domain) is the most used implementation of DNS on UNIX systems

It is divided in two components: a resolver (who asks questions) and a name server (which responds to queries)

Traditionally, the resolver was a library of software routines that was linked to any program that needed to look up addresses

With BIND9 which resolves IPv6 addresses as well as IPv4, a daemon resolver runs on the local host in combination with a lightweight resolver library

87



On older versions of BIND, the resolver routines are called by the network process; BIND9 has a resolver daemon that can be started with the command lwresd

A computer that does not run a local name server process is called a resolver-only system; it relies only on other systems for all name service answers

88



Name servers fall in tree categories: Primary:– contains all data about a domain, being an authoritative

server– the data is entered by the domain a build their

administrator Secondary: – transfers the entire domain database from the primary

server thus being an authoritative server Cashing-only: – the domain database is built only by caching the answers

from other name-servers thus being a non-authoritative server

89



The BIND server has several configuration files:– named.boot: sets general parameters and points to the

sources of domain database information as primary and secondary servers

– named.ca: points to the root domain servers– named.local: used to locally resolve the loopback

address– named.hosts: the zone file that maps host names to IP

addresses– named.rev: the zone file for the reverse domain that

maps IP addresses to host names

basic networking course

Software