basic networking trendmicro

8/20/2019 Basic Networking Trendmicro

http://slidepdf.com/reader/full/basic-networking-trendmicro 1/269

Basic Networking

Trend Micro

Basic NetworkingCourse

Student Textbook



Information in this document is subject to change without notice, The names of companies, products, people,characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual,company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is theresponsibility of the user.

Copyright © 2005 Trend Micro Incorporated. All rights reserved.

No part of this publication may be reproduced, photocopied, stored in a retrieval system, or transmitted without theexpress prior written consent of Trend Micro Incorporated.

All other brand and product names are trademarks or registered trademarks of their respective companies ororganizations.

Program Manager: Remo MatteiEditorial: Tom Brandon, Remo MatteiWriter: Germelyn (Peaches) Pira

Released: June 30, 2005



Basic Networking

Table of ContentsBasic Networking................................................................................................5

Course Goal.................................................................................................................. 5 Course Objectives......................................................................................................... 5

Chapter 1: Basic Network Concepts ...............................................................10 Introduction ................................................................................................................. 21 The Advantages (Benefits) of Networking .................................................................. 21 The Disadvantages (Costs) of Networking ................................................................. 23 Basic Network Components........................................................................................ 24 Types of Network Categories...................................................................................... 28 Network Architecture................................................................................................... 33 Network Topology ....................................................................................................... 35

Chapter 2: Basic Network Topologies ............................................................39 Introduction ................................................................................................................. 51 Understanding Physical and Logical Topology........................................................... 51 Basic Network Topologies .......................................................................................... 52 Types of Networks - LANs, WANs, and Others .......................................................... 59

Chapter 3: Basic Network Cabling ..................................................................63 Introduction ................................................................................................................. 74 Twisted-Pair Cable...................................................................................................... 74 UTP Cable Grades...................................................................................................... 77 Fiber Optic Cable ........................................................................................................ 79 Understanding Attenuation and Crosstalk .................................................................. 82

A General Guide on Cable Installation........................................................................ 87

Chapter 4: LAN Architecture............................................................................90

Introduction ............................................................................................................... 102 LAN Media Access Methods..................................................................................... 102 LAN Transmission Methods...................................................................................... 104 LAN Devices ............................................................................................................. 106 Ethernet Network ...................................................................................................... 107

Chapter 5: Network Connectivi ty Devices ....................................................115 Introduction ............................................................................................................... 132 Connection Devices in Networking ........................................................................... 132 Hubs.......................................................................................................................... 133 Repeaters ................................................................................................................. 134 Bridges...................................................................................................................... 134 Switches.................................................................................................................... 135

Routers ..................................................................................................................... 136 Brouters .................................................................................................................... 139 Gateways.................................................................................................................. 140 Overview of Wide Area Network (WAN) ................................................................... 146

Chapter 6: The OSI Model .............................................................................. 151 Introduction ............................................................................................................... 156 The OSI Networking Model....................................................................................... 156 Communication Protocols ......................................................................................... 158



The Application Layer ............................................................................................... 159 The Presentation Layer............................................................................................. 161 The Session Layer.................................................................................................... 163 The Transport Layer ................................................................................................. 164 The Network Layer.................................................................................................... 165 The Data Link Layer.................................................................................................. 167

The Physical Layer ................................................................................................... 169

Chapter 7: TCP/IP Protocol Sui te ..................................................................175 Introduction ............................................................................................................... 196 The Characteristics of the TCP/IP Protocol Suite ..................................................... 197 Resolving MAC Address in TCP/IP Protocol ............................................................ 198 Components of the TCP/IP Protocol Suite................................................................ 199 The Internet Protocol (IP).......................................................................................... 200 Transmission Control Protocol (TCP) ....................................................................... 207 User Datagram Protocol (UDP) ................................................................................ 208 Function of Dynamic Host Configuration Protocol (DHCP).......................................209 Implementing NetBIOS Name Resolution................................................................. 211

Function of Windows Internet Name Service (WINS) ............................................... 215 Function of Domain Name System (DNS) ................................................................ 216 WINS and DNS Integration in Name Resolution....................................................... 220 TCP/IP Utilities and Services.................................................................................... 220 The TCP/IP Request for Comments (RFCs)............................................................. 223

Chapter 8: Network Troubleshooting and Monitoring .................................228 Introduction ............................................................................................................... 235 Network Connectivity Problems................................................................................ 235 Network Troubleshooting Framework....................................................................... 236 Network Troubleshooting Strategy............................................................................ 237 Commonly Used Troubleshooting Tools................................................................... 242 Effective Network Management................................................................................ 248

Recommendation for Effective Network Troubleshooting......................................... 249 Prevention Tips ......................................................................................................... 258 Tips for Solving Problems......................................................................................... 260

Appendix A: Answers to Review Questions.................................................262

Endnotes .........................................................................................................269



Basic Networking

© 2005 Trend Micro Incorporated 5

Basic Networking

Course GoalUpon completion of this course, students will be able to

• Understand the fundamentals of networking

• Define the different components that comprise a simple network

• Know how to perform basic troubleshooting on a network

Course

Objectives

After taking this course, you should be able to

• Define what is networking and how does it work

• Discuss the components in a network and their functions

• Learn how to monitor and perform basic troubleshooting steps on a network

Knowledge

• Understand the fundamentals of a basic network

• Discuss the components of networking

Skills

• Setup a simple network

• Perform basic network troubleshooting

How to Use This Material

This course is designed to teach the basic concepts of networking. To help you understandhow a network works, this course is based on a learning model comprised of the following:

Chapters

Each chapter focuses on different components of a network. Each chapter discussesimportant concepts and terms used for networking it outlines.



Trend Micro Basic Networking Student Textbook

6 © 2005 Trend Micro Incorporated

Chapter Objectives

Every chapter starts with a list of objectives so that you can see how the chapter fits intoyour overall course goal. After reading the chapter, you should be able to fulfill the chapterobjectives.

Introduction

Each chapter has a short introduction that follows the chapter objectives. The introduction provides information that will act as a foundation for the rest of the chapter. Sometimes theintroduction will contain new information, and sometimes the introduction will be a briefreview of a concept you might have learned in a previous chapter.

Summary

Every chapter ends with a summary, outlining the important information explained in thechapter.



Basic Networking


Basic Networking

Notes





Copyright 2005 -Trend Micro Inc. 2

Course Goals

Understand the fundamentals of networking Define the different components that comprise a

simple network

Know how to perform basic troubleshooting on

a network

Notes



Basic Networking



Course Objectives – Knowledge - Skills

Objectives

Define what is networking and how does it work Discuss the components in a network and their

functions

Learn how to monitor and perform basictroubleshooting steps on a network

Knowledge

Understand the fundamentals of a basic network

Discuss the components of networking

Skills

Setup a simple network

Perform basic network monitoring and troubleshooting

Notes





Chapter 1: Basic Network Concepts

Chapter Objectives

After completing this chapter, you should be able to

• Understand basic networking concepts

• Identify the advantages and disadvantages of networking

• Describe the advantages of a peer-to-peer network.

• Describe the advantages of a server-based network.

• Define network architecture

• Define network topology

• Identify the basic networking components







The Advantages (Benefits) of Networking

The Disadvantages (Costs) of Networking

Basic Network Components

Types of Network Categories

Network Architecture

Network Topology

Notes






Chapter 1 - Objectives

Understand the basic networking concepts

Descr ibe the advantages of a peer-to-peer

network.

Descr ibe the advantages of a server-based

network.

Define network architecture

Define network topology

Identify the basic networking components

Identify the advantages and disadvantages of

networking

Notes






Basic Networking Components

Servers

– Dedicated – Back-up

Clients

Network Cables

Network Interface Card

(NIC)

Media Access Control

(MAC)

Connectivity Devices

Network Operating

System

Basic Networking

Notes







P2P Networking

Can act both as cl ient and server, also known as “ peers” Also cal led “ workgroup”

Advantages:

• Computers are locatedat users' desks

• Users act as their ownadministrators and plantheir own security

• Computers in thenetwork are connectedby a simple, easily

visible cabling system

Notes







Server-Based Networking

Dedicated servers for f ile and print servers, applicationservers, mail servers, fax servers, communication servers,and even directory services servers.

Advan tages:

• Provides access tomany files and printers

• One administrator whooversee networksecurity

• Regular / set scheduleddata backups

• Supports many users

Notes







Provides framework and technology

foundation for designing, building andmanaging a communication network

defines the structure of the network, including

hardware, software and layout

Notes







Open System Interconnection (OSI) Model

Notes






IEEE 802 Standards

IEEE 802.1 Higher layer LAN protocols

IEEE 802.2 Logical li nk con trol

IEEE 802.3 Ethernet

IEEE 802.5 Token Ring

IEEE 802.11 Wireless LAN

IEEE 802.12 demand priority

IEEE 802.15 Wireless PAN

IEEE 802.16 Broadband wireless access

IEEE 802.17 Resilient packet ring

IEEE 802.18 Radio Regulator y TAG

IEEE 802.19 Coexistence TAG

IEEE 802.20 Mobile Broadband Wireless Access

IEEE 802.21 Media Independent Handoff

IEEE 802.22 Wireless Regional Area Network

Notes






Network Topology

The choice of network topology will beinfluenced by some considerationsincluding:

Centralization

Cost

Maintenance and troubleshooting

Scalability

Security

Speed

Stability

Distances

Single point of failure

It’s the “ layout” of a network, can be physical or logical.

Bus Topology, Ring Topology and Star Topology

Notes






Advantages & Disadvantages of Networking

Benefits Connectivity and

Communication

Data Sharing

Hardware Sharing

Internet Access

Internet Access Sharing

Data Security and Management

Performance Enhancement andBalancing

Entertainment

Cost Network Hardware,

Software and Setup Costs

Undesirable Sharing

Illegal or UndesirableBehavior

Data Security Concerns

Notes





Introduction

Networks can be described as devices that are connected together using a network interfacecard and network operating system, to allow them to exchange information. Many peoplefind networking difficult to learn because it can be a very complicated subject. One of themain reasons why it seems complex is that networks consist of a number of hardwaredevices and software elements, each with its own function dependent on one or the other.While a network user may only perceive that he or she is using one computer application(like a Web browser) and one piece of hardware (cable connector), these are only parts of amuch larger puzzle. In order for even the simplest task to be accomplished on a network,dozens of different components must cooperate, passing control information and data toaccomplish the overall goal of network communication.

The best way to understand any complex system is to break it down into pieces and thenanalyze what they do and how they interact. The most logical approach to do this is todivide the overall set of functions into modular components, each of which is responsible

for a particular function. We also need to identify the interface that connects thesecomponents and describe how they fit together. By simplifying the approach, we can beginto eliminate the complexity of understanding networking.

A network has two main characteristics:

Interconnectivity

Interconnectivity describes anything that is tied together through many intersection points (such as a grid). Computer networks work like a freeway system where roadsintersect, but instead of relying on a patchwork of roads, computer networks dependupon a patchwork of wires.

The capability to facilitate communication

In networks, machines 'talk' to one another by packaging data into small units and bysending these units across the network. Network communications use protocols. A protocol is a set of rules that govern communications. Protocols detail what “language”the computers are speaking when they talk over a network. If two computers are goingto communicate, they both must use the same protocol.

The first chapter provides a quick overview of basic networking concepts and itscomponents. It is also targeted to familiarize the students on general network terms andtheir usages.

The Advantages (Benefits) of Networking

The phrase, “The whole is greater than the sum of its parts”, effectively describesnetworking and explains why it has become so popular. A network is not just a number ofcomputers with wires or cables running between them. Properly implemented, a network isa system that provides it users with unique capabilities, above and beyond what theindividual machines and their software applications can provide.





Most of the benefits of networking can be divided into two generic categories: connectivityand sharing. Networks allow computers, and hence their users, to be connected together.They also allow for the easy sharing of information and resources, and cooperation betweenthe devices in other ways. Since modern business depends so much on the intelligent flowand management of information, suffice to say that networking is indeed, so valuable.

In no particular order, here are some of the specific advantages generally associated withnetworking:

Connectivity and Communication: Networks connect computers and the users ofthose computers. Individuals within a building or work group can be connected intolocal area networks (LANs); LANs in distant locations can be interconnected into largerwide area networks (WANs). Once connected, it is possible for network users tocommunicate with each other using technologies like e-mail or instant messaging. Thismakes the transmission of business (or non-business) information easier, faster, moreefficient and less expensive than it would be without the network.

Data Sharing: One of the most important uses of networking is to allow the sharing ofdata. Before networking became a norm in the business world, an accounting employee

who wanted to prepare a report for her manager would have to produce it on her PC, putit on a floppy disk, and then walk it over to the manager, who would transfer the data toher PC's hard disk. (This sort of “shoe-based network” had been sometimessarcastically referred to as “sneakernet ”.)

Networking allows thousands of employees to share data much more easily and quicklythan this. More so, it makes possible applications that rely on the ability of many peopleto access and share the same data, such as databases, group software development, andmuch more. Intranets and extranets can be used to distribute corporate information between sites and to business partners. The term intranet refers to an internal networkthat uses TCP/IP technologies like the Internet does.

The term “Internet” refers to the global internetwork of Transmission ControlProtocol / Internet Protocol (TCP/IP) networks we all know and use.

Hardware Sharing: Networks facilitate the sharing of hardware devices. For example,instead of giving each of 10 employees in a department an expensive color printer (orresorting to the “sneakernet ” again), one printer can be placed on the network foreveryone to share.

Internet Access: The Internet is in itself, an enormous network, so whenever youaccess the Internet, you are using a network. The significance of the Internet on modernsociety is hard to exaggerate, especially for those of us in technical fields.

Internet Access Sharing: Small computer networks allow multiple users to share asingle Internet connection. Special hardware devices allow the bandwidth of theconnection to be easily allocated to various individuals as they need it, and permit anorganization to purchase one high-speed connection instead of many slower ones.

Data Security and Management: In a business environment, a network allows theadministrators to more effectively manage the company's critical data. Instead of havingthis data spread over dozens or even hundreds of small computers in a haphazardfashion as some of their users usually create it, data can be centralized on shared





servers. This makes it easy for everyone to find the data, makes it possible for theadministrators to ensure that the data is regularly backed up, and also allows for theimplementation of security measures to control who can read or change various piecesof critical information.

Performance Enhancement and Balancing: Under some circumstances, a network

can be used to enhance the overall performance of some applications by distributing thecomputation tasks to various computers on the network.

Entertainment: Networks facilitate many types of games and entertainment. TheInternet offers many sources of entertainment, of course. In addition, many multi-playergames exist that operate over a local area network. Many home networks are set up forthis reason, and gaming across wide area networks (including the Internet) has also become quite popular. Of course, if you are running a business and have easily-amusedemployees, you might insist that this is really a disadvantage of networking and not anadvantage!

The Disadvantages (Costs) of Networking Networking has a few drawbacks that balance against its many positive aspects. Setting up anetwork has costs in hardware, software, maintenance and administration. It is alsonecessary to manage a network to keep it running smoothly, and to address possible misuseor abuse. Data security also becomes a much bigger concern when computers are connectedtogether.

Network Hardware, Software and Setup Costs: Setting up a network requires aninvestment in hardware and software, as well as funds for planning, designing andimplementing the network. For a home with a small network of two or three PCs, this isrelatively inexpensive, possibly amounting to less than a hundred dollars with today's

low prices for network hardware, and operating systems already designed for networks.For a large company, your cost can easily run into tens of thousands of dollars—ormore.

Hardware and Software Management and Administration Costs:Allimplementations, ongoing maintenance and management of the network require thecare and attention of an IT professional. In a smaller organization that already has asystem administrator, a network may fall within this person's job responsibilities, but itwill take time away from other tasks. In more substantial organizations, you need tohire a network administrator, and in large companies, you may need an entiredepartment.

Undesirable Sharing: While networking allows user to share useful information easily,

it also allows the sharing of undesirable data (whether done unconsciously or not). Onesignificant consequence to this has to do with spreading Malware, which easily spreadover networks and the Internet. Mitigating these effects costs more time, money andadministrative effort.

Illegal or Undesirable Behavior: Similarly, networking facilitates useful connectivityand ease of communication, but it also brings difficulties along with it. Typical problems include abuse of company resources, distractions that reduce productivity,downloading of illegal or illicit materials, and even software piracy. In larger





organizations, these issues must be managed through explicit policies and monitoring,which again, further increases management costs.

Data Security Concerns: If a network is implemented properly, it is possible to greatlyimprove the security of important data. In contrast, a poorly-secured network putscritical data at risk, exposing it to the potential problems associated with hackers,

unauthorized access and even sabotage.

Basic Network Components

The basic network components are the physical hardware to be used such as computers,connectivity devices that connect the hardware, the communication media used to transferthe data and the software that will support the applications on the computers.

Networking hardware includes all computers, peripherals, interface cards and otherequipment needed to perform data-processing and communications within the network.

Figure 1-1 Common network elements

When a company buys office supplies such as papers, ribbons, toner, or other consumablesfor only one, two, or maybe three printers for the entire office, the costs are dramaticallylower than the costs for supplying printers at every workstation. Networks also allow morespace to store files. Client computers are not always able to handle the overhead involved in

storing large files like a database, for example, because they are already heavily involved inthe day-to-day work activities of the users. Because servers in a network can be dedicatedto only certain functions, a server can be allocated to store all the larger files that usersaccess everyday, freeing up disk space on the clients. Similarly, users can access anapplications that allow multiple users to use it in a single installation (this is called a site

license). If the server is capable of handling the overhead required by an application, then itcan reside on the server and be used by workstations through a network connection.





Servers

A server may come in many shapes and sizes. It is a machine that provides a service.Servers are a core component of the network, providing a link to the services or resourcesnecessary to perform any task. The link it provides could be to a resource existing on theserver itself or a resource on a client computer. The server is the “leader of the pack”

offering distinctions to the client computers regarding where to go to get what they need.

Servers offer networks to the capability of centralizing the control of resources and can thusreduce administrative difficulties. They can be used to distribute processes for balancingthe load on the computers and can thus reduce administrative difficulties. They can alsooffer departmentalizing of files for improved readability. That way, if one server goesdown, then not all of the files are lost.

Servers perform several tasks. For example, servers that provide files to the user on thenetwork are called file servers. Likewise, servers that host printing services for users arecalled print servers. There are other tasks as well, such as remote access services (alsoknown as RAS), administration, mail and so on. Servers can be multi-purpose or single- purpose. If they are multi-purpose, they can be, for example, both a file server and a print

server at the same time. If the server is a single-purpose server, it is a file server only or print server only.

In Windows NT-based systems, Remote Access Service or RAS is a built-in featurethat enables users to log into an NT-based LAN using a modem, X.25 connection orWAN link. It works with several major network protocols, including TCP/IP, IPX, andNetbeui.

A server is dedicated for network services. When a server encounters a system downtime, a backup server is necessary to keep the services running.

These are the two types of servers in a network:

Dedicated Servers. These are assigned to provide specific applications or servicesfor the network, and nothing else. Since a dedicated server specializes in only afew tasks, it requires fewer resources from the computer that is hosting it.

Backup Servers. These are assigned to provide one or more network services orlocal access such as the DHCP (Dynamic Host Configuration Protocol) or DNS(Domain Name System) server. A backup server is expected to be slightly moreflexible in its day-to-day use than a dedicated server. It can be used not only todirect network traffic and perform administrative actions, but often to serve as frontend for the administrator to work with other applications or services. The backupserver can act as a workstation as well as a server.

Clients

In network terms, workstations are also known as clients. These are the computers that theusers on a network use to perform their tasks such as word processing, database design,graphic design, email, and other office or personal tasks.

To make a workstation into a client computer, you must install a network interface card(NIC), a special expansion card that allows the PC to talk on a network. You must connect





it to a cabling system that connects to another computer to talk to the servers. Once all thishas been accomplished, the computer will be “on the network”.

Workstations can range from a diskless computer system, a remote computer that has nohard drive, floppy, CD-ROM or permanent storage media of any sort, to a desktop system.As clients, they are allowed to communicate with the servers in the network in order to use

the network’s resources.

To the client, the server may be just another drive letter. However, because it is a networkenvironment, the client is able to use the server as a doorway to more storage or moreapplications, or though which it may communicate with other computers or other networks.To a user, being on a network changes a few things:

• Store more information and data on other computers on the network.

• Share and receive information from other users, or even collaborate on the samedocument.

• Use programs that would be too large for their computer to use by itself because ofthe memory it requires to run it.

Network Cables

When the data is passed from one computer to another, it must find its way into the mediumthat is used to physically transfer data from computer to computer. In traditional networks,this medium is cable. In today’s networks, Wireless technology allows data to be passedthrough the air. The cable you choose, however, must support both the network architectureand topology.

Cable is the medium through which information usually moves from one network device toanother. There are several types of cable which are commonly used with networks. In somecases, a network will utilize only one type of cable, other networks will use a variety of

cable types. The type of cable chosen for a network is related to the network's topology(layout), protocol, and size.

When choosing network cable, some of the factors such as characteristic impedance, noise,cost, expandability, location of your computers and speed.

The Media Access Methods, also known as cable access methods, define how you put thedata on the cable. These define a set of rules for how computers put data on and retrieve itfrom a network cable.

To know more about media access methods, specifically in alocal area network, go to Chapter 4, “LAN Architecture”.

Media Access Control (MAC)

The Media Access Control (MAC) is used to identify each component in your network.You will find this MAC number on any adapter card, switcher, Wireless Access Point,or modem - any addressable component of any network. This is a twelve-digit numberin which each digit is hexadecimal; that is, the digit can be any value form 0 to F. For

example, Dell Ethernet card made by 3Com has a MAC address 0050045B3CB1. The

first half of this address represents the manufacturer, and the second half is a unit from





that manufacturer. The numbers are never duplicated. This system permits a givenmanufacturer to make 16 million devices with unique numbers.

The MAC address is often called the physical address of your system. It isactually burned into the device. You can override it with software; but this is not

advisable because doing so can cause problems on the network if you duplicatean existing MAC.

Each time you log onto the Internet, your IP may have changed but your physicaladdress doesn't unless you change your hardware. This physical address is broadcastinto the Internet. Your host can track that. If someone manages to come into yourwireless network at 2 a.m. and do a little spamming off your IP; their MAC address getssent into the host for tracking where the spam came from.

Network Interface Cards

The network interface card (NIC), also known a network adapter, provides the physical

interface between computer and cabling. This comes in different shapes and sizes. It prepares data, sends data, and controls the flow of data. It can also receive and translatedata into bytes for the CPU (central processing unit) to understand. It communicates at thePhysical layer of the OSI model.

Here are the following functions of NIC:

• Receives the data packet from the Network Layer

• Attaches source address (MAC) to the data packet

• Attaches source address (MAC) of the destination device to the data packet

• Converts data in to packets suitable for the particular network (Ethernet, Token

Ring, FDDI)

• Converts packets in to electrical, light or radio signals

• Provides the physical connection to the media

Connectivity Devices

Network connectivity devices such as hubs, or repeaters, are simple devices thatinterconnect groups of users. For instance, hubs forward any data packets including e-mail,word-processing documents, spreadsheets, graphics, print requests that they receive overone port from one workstation to all their remaining ports. All users connected to a single

hub or stack of connected hubs are in the same "segment," sharing the hub bandwidth ordata-carrying capacity. As more users are added to a segment, they compete for a finiteamount of bandwidth devoted to that segment.

To know more about network connectivity devices, go to Chapter5, “Network Connectivity Devices”.





Network Operating Systems

A Network Operating System (NOS) controls the interaction between all the machines onthe network. The network operating system is responsible for controlling the wayinformation is sent over the network medium and handles the way data from one machine is packaged and send to another. The NOS also has to handle what happens when two or more

machines try to send at the same time.

• Local area networks that have a single server with many clients connected to it who put the NOS on the server. The main part of the NOS sits on the server, while thesmaller client software packages are loaded onto each client.

• With larger networks that don't use a single server, such as a network runningTCP/IP, the NOS may be part of each machine's software.

Network operating systems (NOS) typically are used to run computers that act as servers.They provide the capabilities required for network operation. These are also designed forclient computers and provide functions so the distinction between network operatingsystems and stand alone operating systems is not always obvious.

• NOS ties together all of the computers and peripherals in the network

• Coordinates the functions of all computers and peripherals such as file and printsharing; allows backing up of data

• Provides security for and access to data and peripherals in a network such asaccount administration for users.

A network operating system includes versions of Windows NT, Windows XP, Windows2000/2003 Server, Novell Netware, Linux, Unix and others.

In general, all networks have certain components, functions, and features in common:

Shared data - Files provided to clients by servers across the network.

Shared printers and other peripherals - Additional resources provided by servers.

Resources - Any service or device made available for use by members of thenetwork.

A Local Resource is any peripheral (optical drive, printer, scanner, modem, and soon) that is attached to your machine. Since the machine doesn't have to go on thenetwork to get to the device, it is called a local device or a local resource.

A Remote Resource is any device that must be reached through the network. Any

devices attached to a server, are remote resources.


Network categories are peer-to-peer network and server-based network . The distinction between these two types is important because each type has different capabilities. The typeof network you choose to implement will depend on factors such as the:





• Size of the organization

• Level of security required

• Type of business

• Level of administrative support available

• Amount of network traffic• Needs of the network users

• Network budget

Peer-to-peer (P2P) network

In a peer-to-peer network, various computers on the network can act both as clients (alsoknown as workstations; computers that request and use the service) and servers (thecomputers providing the service. There are no dedicated servers, and there is no hierarchyamong the computers.

P2P networks are also called workgroups. The term "workgroup" implies a small group of

people. There are typically 10 or fewer computers in a peer-to-peer network. For instance,many Microsoft Windows based computers will allow file and print sharing. Thesecomputers can act both as a client and a server and are also referred to as peers. Nearly all NOS installed in computers come with the ability to act as some kind of a server to shareresources. You can setup different computers to allow others to use its peripherals such as printers or CDROM drives, allow others to read or write to its hard disk allowing sharing offiles, while other computers may allow access to its Internet connection.

P2P networks are relatively simple. Because each computer functions as a client and aserver, there is no need for a powerful central server or for the other components requiredfor a high-capacity network. P2P networks can be less expensive than server-basednetworks since P2P networking is already built into many operating systems. In those cases,

no additional software is required to set it up. The networking software does not require thesame standard of performance and level of security as the networking software designed fordedicated servers.

Dedicated servers function only as servers and not as clients orworkstations.

In typical networking environments, a P2P implementation offers the following advantages:

• Computers are located at users' desks

• Users act as their own administrators and plan their own security

• Computers in the network are connected by a simple, easily visible cabling system

P2P networks are good choices for environments in the following instances:

• Where there are 10 users or fewer

• Where users share resources, such as files and printers, but no specialized serversexist





• Where network security is not an issue and the organization and the network willexperience only limited growth within the foreseeable future.

Although a peer-to-peer network might meet the needs of small organizations, it is notappropriate for all environments.

The rest of this section describes some of the considerations a network planner needs toaddress before choosing which type of network to implement including administration,resource-sharing, server requirements, security and training.

Network administration includes the task of managing users and security, makingresources available, maintaining applications and data, and installing and upgradingapplication and operating system software. In a typical peer-to-peer network, nosystem manager oversees administration for the entire network. Instead, individualusers administer their own computers.

On resource-sharing, all users can share any of their resources in any manner theychoose. These resources include data in shared directories, printers, and so on.

On server requirements, each computer must use a large percentage of its resourcesto support the user at the computer (known as the local user). Also, to use additionalresources such as hard-disk space and memory, to support the user's accessingresources on the network, known as the remote user. While a server-based networkrelieves the local user of these demands, it requires at least one powerful, dedicatedserver to meet the demands of all the clients on the network.

Network security (that is, making computers and data stored on them safe fromharm or unauthorized access) consists of setting a password on a resource, such as adirectory, that is shared on the network. All P2P network users set their ownsecurity, and shared resources can exist on any computer rather than on acentralized server only; consequently, centralized control is very difficult tomaintain. This lack of control has a big impact on network security because some

users may not implement any security measures at all. If security is an issue, aserver-based network might be a better choice.

Lastly, because every computer in a peer-to-peer environment can act as both aserver and a client, users need training before they are able to function properly as both users and administrators of their computers.





Figure 1-2 Illustration of a peer-to-peer network

Server-based networking

In an environment with more than 10 users, a peer-to-peer network—with computers actingas both servers and clients—will probably not be adequate. Therefore, most networks havededicated servers. A dedicated server is one that functions only as a server and is not usedas a client or workstation. Servers are described as "dedicated" because they are notthemselves clients, and because they are optimized to service requests from network clientsquickly and to ensure the security of files and directories. Server-based networks have become the standard models for networking.

The number of connected computers and the physical distance and traffic between themgrows as networks increase in size. Because of this, more than one server is usually needed.Spreading the networking tasks among several servers ensures that each task will be performed as efficiently as possible.

Servers must perform varied and complex tasks. Servers for large networks have becomespecialized to accommodate the expanding needs of users.

Examples of different types of servers included on many large networks are file and printservers, application servers, mail servers, fax servers, communication servers, and evendirectory services servers.





Figure 1-3 shows an example of a server-based networking using a star topology

File and print servers manage user access and use of file and printer resources. To give anexample, when you are running a word-processing application, the word-processingapplication runs on your computer. The word-processing document stored on the file and print server is loaded into your computer's memory so that you can edit or use it locally. Inother words, file and print servers are used for file and data storage.

Application servers make the server side of client/server applications, as well as the data,available to clients. In fact, servers store vast amounts of data that is organized to make iteasy to retrieve. Thus, an application server differs from a file and print server. With a fileand print server, the data or file is downloaded to the computer making the request. With an

application server, the database stays on the server and only the results of a request aredownloaded to the computer making the request.

A client application running locally accesses the data on the application server, can beanother example. You might search the employee database for all employees who were born in November. Instead of the entire database, and only the result of your query isdownloaded from the server onto your local computer.

Mail servers operate like application servers in that there are a separate server and clientapplications, with data selectively downloaded from the server to the client. Fax serversmanage fax traffic into and out of the network by sharing one or more fax modem boards.

Communications servers handle data flow and e-mail messages between the servers' own

networks and other networks, mainframe computers, or remote users who dial in to theservers over modems and telephone lines.

Directory services servers enable users to locate, store, and secure information on thenetwork. For example, some server software combines computers into logical groupings(called domains) that allow any user on the network to be given access to any resource onthe network.





Planning for specialized servers becomes important with an expanded network. The plannermust take into account any anticipated network growth so that network use will not bedisrupted if the role of a specific server needs to be changed.

In order to plan an effective network, a planner must understand the role of software in aserver-based Environment.

A network server and its operating system work together as a unit. No matter how powerfulor advanced a server might be, it is useless without an operating system that can takeadvantage of its physical resources. Advanced server operating systems, such as those fromMicrosoft and Novell, are designed to take advantage of the most advanced serverhardware.

Although a server-based network it is more complex to install, configure, and manage, ithas many advantages over a simple peer-to-peer network including sharing of resources,management of network security, redundancy systems and large user-support.

A server is designed to provide access to many files and printers while maintaining performance and security for the user. Server-based data sharing can be centrally

administered and controlled. Because these shared resources are centrally located,they are easier to find and support than resources on individual computers.

One administrator who sets the policy and applies it to every user on the network.This is often the primary reason for choosing a server-based approach tonetworking.

Backups can be scheduled several times a day or once a week depending on theimportance and value of the data. Server backups can be scheduled to occurautomatically, according to a predetermined schedule, even if the servers arelocated on different parts of the network.

Through the use of backup methods known as redundancy systems, the data on any

server can be duplicated and kept online. Even if harm comes to the primary datastorage area, a backup copy of the data can be used to restore the data.

Another advantage is that, a server-based network can support a large number ofusers. This type of network would be impossible to manage as a peer-to-peernetwork, but current monitoring and network-management utilities make it possibleto operate a server-based network for large numbers of users.


A network architecture is a blueprint of the complete computer communication network,

which provides a framework and technology foundation for designing, building andmanaging a communication network. It defines the structure of the network, includinghardware, software and layout. We differentiate architecture by the hardware and softwarerequired to maintain optimum performance levels.

There are so many existing types of network architecture. The most basic of these is theLocal-Area Network (LANs). This is a network that connects computers together that arerelatively close to each other—generally, within the same room or building. The vastmajority of regular LANs connect using cables, so the term “LAN” by itself usually implies





a wired LAN, but not always. There are many different types of LANs Ethernets being themost common for PCs.

A proprietary network architectures used in the networking industry is the OSI (OpenSystems Interconnection) model defined by the International Organization forStandardization.

The OSI Model was designed to promote interoperability by creating guideline for networkdata transmission between computers that have different hardware vendors, software,operating systems, and protocols. A protocol suite is most easily defined as a set of rulesused to determine how computers communicate with each other. The OSI model is used todescribe what tasks a protocol suite performs as you explore how data moves across anetwork. Although not all protocols map directly according to what the model provides,there are enough similarities that can be used to examine how these protocols function.

The OSI model consists of seven layers. Each layer performs a special function and then passes on the result to another layer. When a sending node is transmitting a data, it formatsa network request and then passes the request to the network protocol at the top layer, theApplication layer. The protocol that runs at this layer performs an operation on the request

and then passes it to the next, lower layer. Each layer of protocols below the Applicationlayers perform it own calculation and appends its own information to the data sent from thelayer above it. At the receiving station, the process happens in reverse.

To know more information about the OSI model, go to Chapter 6

The IEEE Standard

This is a standard developed by the Institute of Electrical and Electronics Engineers (IEEE),a nonprofit, technical professional association based in the United States that develops,among other things, data communication standards. It consists of committees that are

responsible for developing drafts that are passed on to the ANSI (American NationalStandards Institute) for approval and standardization within the United States. The IEEEalso forwards the drafts to the ISO.

The IEEE is composed of working groups that are involved in standards development in anumber of areas, including aerospace electronics, circuits, communications,instrumentation, electrical code, nuclear engineering, power electronics,telecommunications, and vehicular technology, among many others. An informationtechnology (IT) section includes working groups for bus architectures, local andmetropolitan area networks, software engineering, storage systems, and testingtechnologies, among others.

One of these groups is the LAN/MAN Standards Committee (LMSC), which develops LAN

(local area network) and MAN (metropolitan area network) standards, mainly for the lowesttwo layers in the OSI reference model. LMSC is also called the IEEE Project 802, so thestandards it develops are referenced as IEEE 802 standards. In general, IEEE 802 standardsdefine physical network interfaces such as network interface cards, bridges, routers,connectors, cables, and all the signaling and access methods associated with physicalnetwork connections.





Types of IEEE 802 Networking Standards

One of the major components of the Data Link Layer in the OSI Model is the result ofIEEE 802 networking standards. The following are some of the more common IEEE802 Standards used in networking industries:

IEEE 802.1 Higher layer LAN protocols IEEE 802.2 Logical link control

IEEE 802.3 Ethernet

IEEE 802.5 Token Ring

IEEE 802.11 Wireless LAN

IEEE 802.12 demand priority

IEEE 802.15 Wireless PAN

IEEE 802.16 Broadband wireless access

IEEE 802.17 Resilient packet ring

IEEE 802.18 Radio Regulatory TAG

IEEE 802.19 Coexistence TAG

IEEE 802.20 Mobile Broadband Wireless Access

IEEE 802.21 Media Independent Handoff

IEEE 802.22 Wireless Regional Area Network

Network Topology

Once you choose the type of network to use, choose the manner in which your network will be wired. A topology is a way of “laying out” the network. Topologies can be either physical or logical. Physical topologies describe how the cables are run. Logicaltopologies describe how the network messages travel. The choice of network topology will be influenced by some considerations including:

• Centralization

• Cost

• Maintenance and troubleshooting

• Scalability

• Security

• Speed

• Stability

• Distances

• Single point of failure - a physical or logical location (a server, switch, router, etc)where one or more network devices are connected. When this connection fails, oneor more workstations will not be able to transmit data.

The basic network topologies that will be discussed in this courseware are the BusTopology, Ring Topology and Star Topology.

http://en.wikipedia.org/wiki/Logical_link_control

http://en.wikipedia.org/wiki/Ethernet

http://en.wikipedia.org/wiki/Token_Ring

http://en.wikipedia.org/wiki/Wireless_LAN

http://en.wikipedia.org/wiki/Wireless_LAN

http://en.wikipedia.org/wiki/Token_Ring

http://en.wikipedia.org/wiki/Ethernet

http://en.wikipedia.org/wiki/Logical_link_control





Each of these types and their characteristics will be discussed in Chapter 2“Basic Network Topologies”.





Chapter 1 Summary and Review Questions

At a high level, networks are advantageous because they allow computers and people to beconnected together, so they can share resources. Some of the specific benefits of networkinginclude communication, data sharing, Internet access, data security and management,

application performance enhancement, and entertainment.

Networks are classified into two principal groups based on how they share information: peer-to-peer networks and server-based networks. In a peer-to-peer network, all computersare equal. They can either share their resources or use resources on other computers. In aserver-based network, one or more computers act as servers and provide the resources to thenetwork. The other computers are the clients and use the resources provided by the server.

Review Questions

1. Networking hardware includes all computers, peripherals, interface cards and otherequipment needed. These hardware are needed to

a) To perform data-processing and communications within the network

b) To facilitate many types of games and entertainment

c) To provide a framework and technology foundation for designing, building andmanaging a communication network

d) None of the above.

2. This hardware component provides a link to the services or resources necessary to perform any task.

a) Printer

b) Server

c) Client

3. What is the purpose of network architecture?

a) To provide access to many files and printers while maintaining performanceand security for the user

b) To provide a framework and technology foundation for designing, building andmanaging a communication network

c) To enable users to locate, store, and secure information on the network

d) To allow users to share any of their resources in any manner they choose

4. An advantage in networking that allows the administrators to more effectively manage

the company's critical data is advantage on

a) Hardware and Software Management and Administration Costs

b) Network Hardware, Software and Setup Costs

c) Data Security and Management

5. It is a physical or logical location (a server, switch, router, etc) where one or morenetwork devices are connected





a) Single point of failure

b) Peer-to-peer network

c) Server-based environment

d) Network implementation



Chapter 2: Basic Network Topologies



Chapter Objectives


• Understand what network topology is

• Identify the basic network topologies, their characteristics, advantages anddisadvantages

• Identify types of area networks (LAN, WAN, and other types)







Understand what network topology is

Identify the basic network topologies, their

characteristics, advantages and

disadvantages

Identify types of area networks (LAN, WAN,

and other types)

Notes







Understand what network topology is Identify the basic network topologies, their

characteristics, advantages and disadvantages

Identify types of area networks (LAN, WAN, and

other types)

Notes






What is Network Topology?

the specific physical, logical, or virtual,arrangement of t he network components and

devices (nodes). it is determined only by the configuration of

connections between nodes.

Distances between nodes, physicalinterconnections, transmission rates, and/orsignal types affect how data will becommunicated in a network.

Notes






Basic Network Topologies

Notes






Bus Topology

Al l nodes (f ile server, workstati ons, and per ipherals) on the LANare connected by one linear cable, which is called the sharedmedium. It uses a common si ngle cable, which is the backbone

– and it functions as a shared communicat ion med ium thatdevices attach or tap into with an interface connector.

A backbone is a part of a network t hat actsas the primary path for traffic that is m ost

often sourced from, and destined for, other

networks. It is a set of nodes and linksconnected

Notes






Bus Topology

• Every node on thi s cable segment sees

transmissions from every other station

on the same segment.

• At each end of the bus t here i s a

terminator, which absorbs any signal,

removing it from the bus and the

transmitting node cannot send the

packet anymore.

• This medium cable apparently is the

single point of failure.

Notes






Star Topology

It uses a switch

Al l peripheral nodes may

communicate with all others by

transmitting to, and receiving

from, the central node only.

It generally requires more cable

(but a failure in any star network cable willonly take down one computer's networkaccess and not the entire LAN)

If the switch - the entire network

also fails

Notes






Ring Topology

Every network node has two branchesconnected to it and form a ring. If oneof the nodes on the ring fails than thering is broken and cannot work.

The ring topology connects all PCs

in the network in a loop, running

double cables between each node in

order to maintain network integrity.

Notes






Hybrid Topology

a combination of any two or more network

topologies.

where two basic network topologies, when

connected together, can still retain the basic

network character

Notes






Types of Networks - LANs, WANs, and Others

A Local Area Network (LAN)connects network devices over a

relatively short distance.

A Wide Area Network (WAN)

spans a large physical distance.

A WAN spans across the

countries.

Notes






Area Networks

SAN

WLAN

PAN

Metropolitan Area Network(MAN)

Storage Area Network (SAN)

System Area Network (SAN)

Server Area Network (SAN)

Small Area Network (SAN)

Personal Area Network (PAN)

Desk Area Network (DAN)

Control ler Area Network (CAN)

Cluster Area Network (CAN)

Wireless Local Area Network(WLAN)

Notes





Introduction

Network Topology is the specific physical, logical, or virtual, arrangement of the networkcomponents and devices (nodes). It is determined only by the configuration of connections between nodes. Distances between nodes, physical interconnections, transmission rates,and/or signal types affect how data will be communicated in a network.

A node is any device on a network (server, workstation, printer, scanner, or any otherkind of peripheral) that is accessed directly by the network. A node has a uniquename or IP address so the rest of the network can identify it.

This chapter will discuss the forms and different types of topologies and theircharacteristics.

Understanding Physical and Logical Topology

The physical topology of a network refers to the configuration of cables, computers, andother peripherals. Physical topology should not be confused with logical topology which isthe method used to pass information between workstations. In the OSI Model, this isincluded in the Physical Layer.

To know more about the Physical Layer, go to Chapter 6 “TheOSI Reference Model”.

The topology you choose for your network influences and is influenced by several factors:

Office layout

Type of cable used

Cost of installation

Troubleshooting techniques

First, look at how your office is arranged. People who are setting up only a few computersin a single room will have less difficult challenges that than those with many computersdistributed throughout several floors of a building.

Second, to a significant degree, the physical topology you choose for your network

determines what kind of cable you will get for it and vice versa. CAT 5 (Category 5) cableis commonly used in networks. Some people use the Fiber Optic cable.

To know more about network cables, go to Chapter 3





Third, all physical topologies are not equal in terms of cost. Some of the cost will beaffected by the complexity of the topology you choose and more important, how hard it is tomake the topology fit your space. The bus topology, for example, is simple when done in asmall area but could be complicated to cable if you attempt to run it through a multi-floornetwork.

Finally, troubleshooting techniques and requirements are determined to some degree by the physical topology you use. For example, some topologies have built-in physical redundancyto prevent breaks in the cable from interrupting communications. Other topologies isolateeach cable in the network so that a single break will not bring everything down.

Basic Network Topologies

Each physical topology has its own characteristics, as well as the advantages anddisadvantages when used in a network. However, keep in mind that the physical topologydoes not a direct bearing on the logical topology. Logical, or electrical topologies describesthe way in which a network transmits information from one node to the next node, not theway your network looks.

Bus Topology

All nodes (file server, workstations, and peripherals) on the LAN are connected by onelinear cable, which is called the shared medium. It uses a common single cable, which is thebackbone – and it functions as a shared communication medium that devices attach or tapinto with an interface connector. A device wanting to communicate with another device onthe network sends a broadcast message onto the wire that all other devices see, but only theintended recipient actually accepts and processes the message.

Figure 2.1 Bus Topology - all nodes on the LAN are connected by one linearcable.

A backbone is a part of a network that acts as the primary path for traffic that ismost often sourced from, and destined for, other networks. It is a set of nodesand links connected together comprising a network, or the upper layer protocolsused in a network.





Characteristics of Bus Topology

Every node on this cable segment sees transmissions from every other station on the samesegment. At each end of the bus there is a terminator, which absorbs any signal so it doesnot reflect back across the bus. This medium cable apparently is the single point of failure.In a bus topology, signals are broadcasted to all stations. Each computer checks the address

on the signal (data frame) as it passes along the bus. If the signal’s address matches that ofthe computer, the computer processes the signal. If the address doesn’t match, the computertakes no action and the signal travels on down the bus.

Figure 2.2 shows terminator at the end of the bus

Only one computer can ‘talk’ on a network at a time. A media access method calledCSMA/CD Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is used tohandle the collisions that occur when two signals are placed on the wire at the same time.

To know more about Carrier Sense Multiple Access with CollisionDetection (CSMA/CD), go to Chapter 4, “LAN Architecture”

Each time a node on the network has data for another node, the sending node broadcasts thedata to the entire network. The various nodes hear it and look to see if the data is for them.If so, they keep the data.

Every Ethernet card has a unique 48-bit address (its own 24-bit and another 24-bit specified by the company), known as a MAC address. Each piece of data thattravels the network is directed to the address of the card in the node that shouldreceive the data.





A good example to show how this topology works would be the old telephone party lineswhere a number of persons share a telephone number. Each person sharing the telephone isassigned a distinctive ring to determine who was receiving a call. If your code was, saythree rings, and you heard the telephone ring three quick rings, you could pick it up andknow it was for you. On the other hand, if you heard two long and one short, you’d knowthat the call was for your next door neighbor and you’ll ignore it. In all cases, everyone

sharing the telephone heard the rings, but only one person who was supposed to receive itthe call, responded to it.

On a bus network, every workstation can send out information in a package called a packet .It contains the source and the destination address in addition to the data.

Data transmitted on a network of any type, must conform to the strict format, called the Data Logical Link Layer Frame format, which the network type uses for arranging data. Forinstance, Ethernet packets in a 100Mpbs network can be no longer than 1518 bytes, just toensure that a single workstation doesn’t hog the network too long. In a Gigabit network thisnumber has been increased to 9000 bytes. Therefore, the 9000 bytes was large enough tocarry an 8 KB application datagram (e.g. NFS) plus packet header overhead)

Before a workstation broadcasts to the network, it listens to determine if another machine isusing the network. If the coast is clear, then it broadcasts. The bus topology is passive. Inother words, the computers on the bus simply ‘listen’ for a signal; they are not responsiblefor moving the signal along.

The biggest problem with the broadcast method of network transmittal is distance. If thedistance between two computers on the same network (for example, Node A and Node B) istoo great, they may not hear each other on the line. If that happens, then Node A cannot tellwhether Node B is transmitting or not. Thinking that the line is not in use, Node A maythen begin its transmittal when Node B is already transmitting data. If the two nodestransmit at the same time, an event called packet collision occurs, causing a frequency‘ripple’ on the cable. The first node to detect this increased frequency ripple will send out a

high-frequency signal that will cancel out all the other signals. This signal tells all nodesthat a collision has occurred and that all nodes in the network should stop sending packets.At this point, each node waits a random amount of time, and then tries broadcasting again.They will do this up to 16 times before giving up.

Ethernet is probably the best known example of a logical bus network; it’s the most popularLAN type. Early Ethernet systems used the bus topology with coaxial cable, a type ofnetwork that is rarely seen today. Ethernet bus topologies are relatively easy to install anddon't require much cabling compared to the alternatives. 10Base-2 ("ThinNet ") and 10Base-5 ("ThickNet ") both were popular Ethernet cabling options years ago. However, busnetworks work best with a limited number of devices. If more than a few dozen computersare added to a bus, performance problems will likely result. In addition, if the backbonecable fails, the entire network effectively becomes unusable.

Advantages of a Bus Topology

• Easy to implement and extend

• Well suited for temporary networks that must be set up in a hurry





• Typically the least cheapest topology to implement

• Failure of one station does not affect others. (However, if one machine fails, the packet will not pass!)

Disadvantages of a Bus Topology

• Difficult to administer/troubleshoot

• Limited cable length and number of stations

For 10Base2

maximum number of network segments = 5

maximum network segment length = 607 feet (185 meters)

maximum total network cable length = 3035 feet (925 meters)

maximum number of stations on a network segment = 30

minimum distance between T connectors (computers) = 1.5 feet(0.5 meters)

• A cable break can fail the entire network; no redundancy; no backbone function• Maintenance costs may be higher in the long run

• Performance degrades as additional computers are added

Star Topology

While the bus topology has the computers in a network logically connected directly to eachother, the star topology uses a switch (in the past, this was called a “hub”; a switch is alsoknown as a repeater), which rebroadcasts all transmissions received from any peripheralnode to all peripheral nodes on the network, including the originating node. All peripheralnodes may thus communicate with all others by transmitting to, and receiving from, the

central node only. Most LANs installed today use the star topology. The main advantage ofthe star network is that each computer has its own dedicated connection to the hub. If asingle cable or connector should fail, only one computer is affected.

Switches will be discussed in Chapter 5 “Network Connectivity Device”.





Figure 2.3 Star Topology - all nodes on the LAN are connected to a switch (alsocalled a repeater)

Characteristics of Star Topology

In the star topology, each server and workstation plugs into a central hub that providesconnections to all other devices connected to the switch. This means that each connection isindependent of all other connections; a break in workstation A’s cable will not affectworkstation B’s connection. It also means that the network is relatively easy to cable because each workstation and server is no more than the maximum cable length from theswitch. Devices typically connect to the switch with Unshielded Twisted Pair (UTP)

Ethernet.

To know more about the UTP cable, go to Chapter 3 “Basic NetworkCabling”.

Advantages of a Star Topology

• Easy to install and wire.

• No disruptions to the network then connecting or removing devices.

• Easy to isolate problems because the hub can be a bottleneck and single point of failure.

Disadvantages of a Star Topology

• Requires more cable length than a bus linear topology.

• If the hub or concentrator fails, all nodes attached are disabled.

• More expensive than bus topologies because of the cost of the switch.





The Ring Topology

The ring topology, used by Token ring and Fiber Distributed Data Interface (FDDI)networks, every workstation must repeat what it hears from the previous station, making akind of “bucket brigade” of data. The computer that transmits data is also responsible forremoving it from the network after it has traversed the entire ring. When a piece of data gets back to the originators, it stops. An entire file can’t be transmitted in one packet, so its pieces will be transmitted in succession.

Every network node has two branches connected to it and form a ring. If one of the nodeson the ring fails than the ring is broken and cannot work. As far as signal transmissions areconcerned, a ring network is like a bus in that each computer is logically connected to thenext. The difference is that in a ring network the two ends are connected instead of beingterminated. This enables a signal originating on one computer to travel around the ring to allof the other computers and eventually back to its point of origin. The most important thingto understand about the ring topology, however, is that it is strictly a logical construction,

not a physical one. Or, to be more precise, the ring exists in the wiring of the network, butnot in the cabling.

Characteristics of a Ring Topology

The ring topology connects all PCs in the network in a loop, running double cables betweeneach node in order to maintain network integrity. In a ring network, every device hasexactly two neighbors for communication purposes. All messages travel through a ring inthe same direction (effectively either "clockwise" or "counterclockwise"). A failure in anycable or device breaks the loop and can take down the entire network .

This setup has no start and no end. All computers are connected with a cable that loopsaround. Signals travel in one direction on a ring while they are passed from one computer to

another and each computer checks a packet for its destination and passes it on as a repeaterwould.

Figure 2.3 Ring Topology – all nodes are connected in a loop.





The heart of the ring logical topology is the token packet . To avoid packet collisions, thering topologies ensure that only one workstation can send information across the network atany given time. Only the node that has control of the token packet can send informationacross the network.

When a workstation is done with the token packet, it releases it to whatever station is next

in line. If nobody grabs it, the workstation releases it a second time. If nobody responds toit the second time, then the workstation sends out a general query, know as a solicit

successor frame. This frame goes out over the network asking, “Who’s supposed to get thenext token?”. If a workstation responds, the sending workstation addresses the token to thatworkstation and passes the token. Because no single node can transmit for longer than ittakes for a piece of data to make a complete circuit of the network, no PC has to wait morethan once circuit’s worth of information before getting a chance to transmit.

In the ring topology, the data is not broadcasted on the network but passed from node tonode. Thus, timing is very important to make sure that the frames passed on the network arereceiving properly. The token is responsible for maintaining the timing. Given the token’simportance in keeping order on a network using the ring logical topology, one computer isdedicated to token management. This computer, called the token master or active monitor ,detects lost tokens, monitors frame transmissions, and creates new tokens when necessary.The active monitor also maintains a regular clock tick on the network that keeps all othernodes synchronized.

Advantages of a Ring Topology

• No collisions

• Easier to fault find

• No terminators required

Disadvantages of a Ring Topology

• Requires more cable than a bus

• A break in the ring will bring it down

• Not as common as the bus – less devices available

Hybrid Topologies

A hybrid topology is a combination of any two or more network topologies.

Instances can occur where two basic network topologies, when connected together,can still retain the basic network character, and therefore not be a hybrid network.For example, a tree network connected to a tree network is still a tree network.Therefore, a hybrid network accrues only when two basic networks are connectedand the resulting network topology fails to meet one of the basic topologydefinitions. For example, two star networks connected together exhibit hybridnetwork topologies.





A hybrid topology always accrues when two different basic network topologies areconnected.

Types of Networks - LANs, WANs, and OthersLANs and WANs were the original flavors of network design. The concept of describingthe network types as "area" is applicable because a key distinction between a LAN and aWAN involves the physical distance that the network spans. A third category, the MAN,also fit into this scheme as it is also centered on a distance-based concept.

As technology improved, new types of networks appeared on the scene. These types became also known as various types of "area networks" for consistency's sake, althoughdistance no longer proved to be a useful differentiator.

For historical reasons, the industry refers to nearly every type of network as an "Area Network." The most commonly-discussed categories of computer networks also include the

following -

Metropolitan Area Network (MAN)

Storage Area Network (SAN)

System Area Network (SAN)

Server Area Network (SAN)

Small Area Network (SAN)

Personal Area Network (PAN)

Desk Area Network (DAN)

Controller Area Network (CAN)

Cluster Area Network (CAN)

Wireless Local Area Network (WLAN)

LAN Basics

A LAN connects network devices over a relatively short distance. A networked office building, school, or home usually contains a single LAN, though sometimes one building will contain a few small LANs, and occasionally a LAN will span a group ofnearby buildings. Besides operating in a limited space, LANs include several otherdistinctive features. LANs are typically owned, controlled, and managed by a single person or organization. They also use certain specific connectivity technologies,

primarily Ethernet.

WAN Basics

A Wide Area Network (WAN) spans a large physical distance. A WAN spans acrossthe countries. Geographically, it is a dispersed collection of LANs. A network device





called a router connects LANs to a WAN. In an Internet Protocol (IP) networking, therouter maintains both a LAN address (an IP address) and a WAN address.

WANs differ from LANs in that, like the Internet, most WANs are not owned by anyone organization but rather exist under collective or distributed ownership andmanagement. WANs use advance networking technologies for connectivity like ATM

(Asynchronous Transfer Mode), for instance.

LANs and WANs at Home

Network users at home with cable modem (connects a home computer - or network ofhome computers - to residential cable TV service) or DSL ( Digital Subscriber Line,

Digital Subscriber Loop, xDSL) service use the concept of LANs and WANs. Acable/DSL router join the home LAN to the WAN link maintained by one's Internet

Service Provider (ISP) The ISP provides a WAN IP address used by the router, and allof the computers on the home network use private LAN addresses. On a home network,like many LANs, all computers can communicate directly with each other, but theymust go through a central gateway (an internetworking system, a system that joins two

networks together) location to reach devices outside of their local area.

MAN, SAN, PAN, DAN, and CAN

A Metropolitan Area Network (MAN) connects an area larger than a LAN but smallerthan a WAN, such as a city, with dedicated or high-performance hardware.

Figure 2.4 Illustration of MAN

A Storage Area Network connects servers to data storage devices through Fiber

Channel technology, which handles high-performance disk storage for applications onmany corporate networks.

A System Area Network connects high-performance computers with high-speedconnections in a cluster configuration or also known as Network of Workstations (NOW). A cluster integrates the resources of two or more computing devices (thatcould otherwise function separately) together for some common purpose.






In networking, the term topology refers to the layout of the network, especially the locationsof the computers and how the cable is run between them. A topology is can be physical,logical or both. Each topology has its own strength and weaknesses.

Review Questions

1. The specific physical, logical, or virtual, arrangement of the network components anddevices

a) Network Topology

b) Ring Topology

c) Bus Topology

d) Star Topology

2. A backbone is best described as

a) A cable break that can fail the entire network

b) A set of nodes and links connected together comprising a network, or the upperlayer protocols used in a network

c) The most important thing to understand about the bus topology

3. The Data Logical Link Layer Frame format

a) Transmits the data in the network

b) listens to determine if another machine is using the network

c) repeats what it hears from the previous station

d) describes the format on how data is transmitted on any type of network

4. In this type of topology, the data is not broadcasted on the network but passed fromnode to node

a) Network Topology

b) Ring Topology

c) Bus Topology

d) Star Topology

5. In this type of topology, each server and workstation plugs into a central hub that provides connections to all other devices connected to the switch.

a) Network Topology

b) Ring Topology

c) Bus Topology

d) Star Topology



Chapter 3: Basic Network Cabling



Chapter Objectives


• Identify the primary cable types used for Ethernet networking

• Know the characteristics of the Twisted-Pair cable

• Distinguish between shielded (STP) and unshielded (UTP) twisted pair cable

• Know the characteristics of the Fiber Optic cables

• Identify the advantages and disadvantages of each cable type

• Know the RJ-45 connector

• Know the characteristics of a CAT 5

• Know the maximum cable lengths (feet and meters)• Know what a terminator is and the common problems associated with it

• Know what ‘attenuation’ and ‘crosstalk,’ the problems associated with them,and the ways to prevent them

• Apply general cabling installation guides







Twisted-Pair Cable

UTP Cable Grades

Fiber Optic Cable

Understanding Attenuation and Crosstalk

A General Guide on Cable Instal lat ion

Notes







Identify the primary cable types used for Ethernetnetworking

Know the characteristics of the Twisted-Pair cable

Distingui sh between shielded (STP) and unshielded(UTP) twisted pair cable

Know the characteristics of the Fiber Optic cables

Identify the advantages and disadvantages of eachcable type

Know the RJ-45 connector

Know the characteristics of a CAT 5

Know the maximum cable lengths (feet and meters)

Know what a terminator is and the commonproblems associated with it

Know what ‘attenuation’ and ‘crosstalk,’ theproblems associated with them, and the ways to

prevent them Apply general c abl ing ins tal lat ion guides

Notes






Types of Network Cable

Unshielded Twisted-pair cable

(UTP)

Features of UTP cable:

Speed and throughput—10 to1000 Mbp

Average cost per node —Leastexpensive

Media and connector size —Small

Max cable length —100 m(short)

Twisted-pair Ethernet cable

Max of 1,024 attachedworkstations

Max of 4 repeaters betweencommunicating workstations

Max segment length of 328 feet(100 meters)

Notes







Shielded Twisted-pair cable

(STP)

Features of UTP cable:

Speed and throughput—10to 1000 Mbps

Average cost per node—Least expensive

Media and connector size—Small

Max cable length—100 m(short)

Notes






RJ-45 Connector

Notes





Notes







Fiber Optic Cable

Features of fiber optic cables:

Speed and throughput—Morethan 1 Gbps (Gigabit per second)

Average cost per node—Expensive

Media and connector size—Small

Max cable length—More than 10km for single mode; up to 2 kmfor multimode

Notes







Terms in high-performance cabling :

Length

Wire Map

Return Loss

DC Loop Resistance

At tenuat ion

NEXT (Near End Cross Talk)

PSNEXT (Power Sum Near-End Cross Talk)

FEXT, ELFEXT and PSELFEXT

Delay

Delay Skew

Notes






NEXT, PSNEXT, PSEFLEXT

Notes






A General Guide on Cable Instal lation

1. Always use more cable than you need.Leave plenty o f slack.

2. Test every part of a network as youinstall i t. Even if i t is brand new, it mayhave problems that will be difficult toisolate later.

3. Stay at least 3 feet away fromfluorescent light boxes and othersources of electrical interference.

4. If it is necessary to run cable acrossthe floor , cover the cable with cableprotectors.

5. Label both ends of each cable.

6. Use cable ties (not tape) to keep

cables in the same location together.

Notes





Introduction

There are three types of cable that can be used in structured Ethernet cabling design,Unshielded Twisted-Pair (UTP), Shielded Twisted-Pair (STP) – which are both types ofTwisted-Pair cable, and Fiber Optic cable.

UTP is the most widely used cable and is used as the primary media for floor distribution. AUTP backbone is often installed for voice services. STP is used in applications where noiseis deemed to be a problem. When installed correctly it can allow the use of structuredcabling where previously the environment was too harsh. Fiber optic cable is predominantly used as a backbone media for data services, its high speed and bandwidth being ideal for this purpose.

Twisted-Pair Cable

Twisted-pair cable is a type of cabling that is used for telephone communications and mostmodern Ethernet networks. A pair of wires forms a circuit that can transmit data. The pairsare twisted to provide protection against crosstalk, the noise generated by adjacent pairs.When electrical current flows through a wire, it creates a small, circular magnetic fieldaround the wire. When two wires in an electrical circuit are placed close together, theirmagnetic fields are the exact opposite of each other. Thus, the two magnetic fields canceleach other out. They also cancel out any outside magnetic fields. Twisting the wires canenhance this cancellation effect. Using cancellation together with twisting the wires, cabledesigners can effectively provide self-shielding for wire pairs within the network media.

Unshielded Twisted Pair (UTP) Cable

Unshielded twisted pair (UTP) is generally used to connect the computers to theswitches. It is the most popular and is generally the best option for home or smallorganization networks primarily due to its low cost.

Figure 3-1 Anatomy of a UTP cable





The quality of UTP may vary from telephone-grade wire to extremely high-speed cable.UTP contains 8 wires or 4 pair of either 22- or 24-gauge copper wire inside the jacket.100 meter maximum length. 4-100 Mbps speed. Each of the eight individual copperwires in UTP cable is covered by an insulating material. The wires in each pair aretwisted around each other.

UTP cable relies solely on the cancellation effect produced by the twisted wire pairs tolimit signal degradation caused by electromagnetic interference (EMI) and radio

frequency interference (RFI). To further reduce crosstalk between the pairs in UTPcable, the number of twists in the wire pairs varies. The tighter the twisting, the higherthe supported transmission rate and the greater the cost is per foot.

Advantages and Disadvantages of the UTP Cabl ing

UTP cable offers many advantages. Because UTP has an external diameter ofapproximately 0.43 cm (0.17 inches), its small size can be advantageous duringinstallation. Because it has such a small external diameter, UTP does not fill up wiringducts as rapidly as other types of cable. This can be an extremely important factor toconsider, particularly when installing a network in an older building. UTP cable is easy

to install and is less expensive than other types of networking media. In fact, UTP costsless per meter than any other type of LAN cabling. And because UTP can be used withmost of the major networking architectures, it continues to grow in popularity.However, the UTP cable is more prone to electrical noise and interference than othertypes of networking media, and the distance between signal boosts is shorter for UTPthan it is for coaxial and fiber-optic cables, which means that UTP may be susceptibleto radio and electrical frequency interference.

The following summarizes the features of UTP cable:

• Speed and throughput—10 to 1000 Mbp

• Average cost per node —Least expensive

• Media and connector size —Small

• Maximum cable length —100 m (short)

Twisted-pair Ethernet cable has the following specifications:

• a maximum of 1,024 attached workstations;

• a maximum of 4 repeaters between communicating workstations; and

• a maximum segment length of 328 feet (100 meters).

Shielded Twisted Pair (STP) Cable

Shielded twisted-pair (STP) cable combines the techniques of shielding, cancellation,and wire twisting. Each pair of wires is wrapped in a metallic foil (see Figure 3-2). Thefour pairs of wires then are wrapped in an overall metallic braid or foil, usually 150-ohm cable. It is suitable for environments with electrical interference; however, theextra shielding can make the cables quite bulky. The maximum length is 100 meters





and operates on 16-155 Mbps speed. It has a lower electrical interference than UTP andit more expensive.

As specified for use in Ethernet network installations, STP reduces electrical noise bothwithin the cable (pair-to-pair coupling, or crosstalk) and from outside the cable (EMIand RFI). STP usually is installed with STP data connector, which is created especially

for the STP cable.

Figure 3-2 Anatomy of a STP cable

Advantages and Disadvantages of STP Cabling

The STP cabling supports a wide range of systems and protocols. It is easier to relocatedevices. STP can offer a high level of protection with out significant additional cost.The installation of STP cable does minimize the sensitivity to routing (Proximity toEMI sources) but adds complexity in terms of the quality of connections and grounding.

The following summarizes the features of UTP cable:

• Speed and throughput—10 to 1000 Mbps• Average cost per node—Least expensive

• Media and connector size—Small

• Maximum cable length—100 m (short)

RJ-45: The Twisted Pair Connector

The standard connector for twisted pair cabling is an RJ-45 connector. It connects eachcomputer on the network to a central hub, which makes up a star topology. This is a plastic connector that looks like a large telephone-style connector. A slot allows the RJ-45 to be inserted only one way. RJ stands for Registered Jack, implying that the

connector follows a standard borrowed from the telephone industry. This standarddesignates which wire goes with each pin inside the connector.





Figure 3-3 Standard RJ45 wiring

Figure 3-4 Plug and socket wiring details

10/100 Ethernet cables have 8 wires, of witch 4 are used for data. The other wires aretwisted around the data lines for electrical stability and resistance to electricalinterference. The cables end in RJ-45 connectors that resemble large telephone lineconnectors.

Two kinds of wiring schemes are available for Ethernet cables. Patch cables andcrossover cables. Crossover cables are special because with a single cable, twocomputers can be directly connected together without a hub or switch. If a cable doesnot say crossover, it is a standard patch cable. If you are connecting computers to aswitch, you need patch cables.

UTP Cable Grades

UTP cable comes in a variety of different grades, called "categories" by the ElectronicsIndustry Association (EIA) and the Telecommunications Industry Association (TIA) or better known as EIA/TIA.





CategoryMaximum Data

RateUsual Application

CAT 1Less than 1Mbps

Analog voice (POTS)Integrated Services Digital Network BasicRate Interface in ISDNDoorbell wiring

CAT 2 4 MbpsMainly used in the IBM Cabling System fortoken ring networks

CAT 3 16 Mbps Voice and data on 10BASE-T Ethernet

CAT 4 20 MbpsUsed in 16 Mbps Token RingOtherwise not used much

CAT 5100 Mbps

100 Mbps TPDDI (100BASE-T or FastEthernet)

CAT 5E

100 Mbps

1000 Mbps (4pair)

100 Mbps TPDDI (100BASE-T or FastEthernet)155 Mbps ATM (no longer supported)

Gigabit Ethernet

CAT 6 200-250 MHz Super-fast Broadband Applications

Table 3-1 of Cable Grades or Categories1

The two most significant UTP grades for LAN use are Category 3 and Category 5. Category3 cable was designed for voice-grade telephone networks and eventually came to be usedfor Ethernet. Category 3 cable is sufficient for 10 Mbps Ethernet networks (where it is

called 10BaseT), but it is generally not used for Fast Ethernet (except under certainconditions).

There have been many kinds of Ethernet, but the most popular is 10/100Mbps running overcopper twisted pair wires. 100Mbps Ethernet is also called 100baseT and Fast Ethernet. Ifyou have an existing Category 3 cable installation, you can use it to build a standardEthernet network, but virtually all new UTP cable installations today use at least Category 5





cable. The most common are CAT5, CAT5e and CAT6. CAT5 is good for most purposesand can transfer data at 100Mbps. CAT5e is rated for 200Mbps and CAT6 is rated forgigabit Ethernet.

Characteristics of Category 5

CAT5 is an Ethernet cable standard defined by the EIA/TIA. CAT5 is the 5th generation oftwisted pair Ethernet cabling and the most popular of all twisted pair cables in use today.

CAT5 cable contains four pairs of copper wire. CAT5 supports Fast (100 Mbps) Ethernetand comparable alternatives such as ATM. As with all other types of twisted pair EIA/TIAcabling, CAT5 cable runs are limited to a maximum recommended run rate of 100m (328feet).

Although CAT5 cable usually contains four pairs of copper wire, Fast Ethernetcommunications only utilize two pairs. A new specification for CAT5 cable, CAT5enhanced (CAT5e), supports short-run Gigabit Ethernet (1000 Mbps) networking byutilizing all four wire pairs and is backward-compatible with ordinary CAT5.

Twisted pair cable like CAT5 comes in two main varieties, solid and stranded. Solid CAT5cable supports longer runs and works best in fixed wiring configurations like office buildings. Stranded CAT5 cable, on the other hand, is more pliable and better suited forshorter-distance, movable cabling such as on-the-fly patch cabling.

Though newer cable technologies like CAT6 and CAT7 are being developed, CAT5 cableremains the popular choice, because it is both affordable and plenty fast enough for today'sLANs.

Fiber Optic Cable

Fiber optic cable is a completely different type of network medium. Instead of carryingsignals over copper conductors in the form of electrical voltages, fiber optic cables transmit pulses of light over a glass or plastic conductor Fiber optic cabling consists of a center glasscore surrounded by several layers of protective materials. It transmits light rather thanelectronic signals eliminating the problem of electrical interference. Around the cladding isa plastic spacer layer, a protective layer of woven Kevlar fibers, and an outer sheath. Thismakes it ideal for certain environments that contain a large amount of electricalinterference. It has also made it the standard for connecting networks between buildings,due to its immunity to the effects of moisture and lighting.





Figure 3-5 shows an anatomy of a Fiber Optic cable

Fiber optic cable has the ability to transmit signals over much longer distances than coaxialand twisted pair. It also has the capability to carry information at vastly greater speeds. Thiscapacity broadens communication possibilities to include services such as videoconferencing and interactive services. The 10BaseF refers to the specifications for fiberoptic cable carrying Ethernet signals. The maximum segment length is 2000 meters.

Advantages and Disadvantages of Fiber Optic Cabling

Fiber optic cable is completely resistant to the electromagnetic interference that soeasily affects copper-based cables. Fiber optic cables are also much less subject toattenuation than are copper cables. Attenuation is the tendency of a signal to weaken asit travels over a cable. The longer the cable, the weaker the signal gets. When data istransmitted through a cable, the signal weakens and this is due to the size and grade ofthe copper being used, the insulation materials and other design factors. On coppercables, signals weaken to the point of unreadability after 100 to 500 meters (dependingon the type of cable). Some fiber optic cables, by contrast, can span distances up to 120kilometers without excessive signal degradation. This makes fiber optic the medium ofchoice for installations that span long distances or that connect buildings on a campus.Fiber optic cable is also inherently more secure than copper, because it is not possible totap into a fiber optic link without affecting the normal communication over that link.

The characteristics of the different transport media have a significant impact on thespeed of data transfer. Fiber optic cable is a networking medium capable of conductingmodulated light transmissions. It is not susceptible to EMI, and it is capable of higherdata rates than any of the other types of networking media discussed in this chapter.Fiber optic cable does not carry electrical impulses as other forms of networking mediathat use copper wire do. Instead, signals that represent bits are converted into beams oflight.

Compared to other networking media, it is more expensive and it is more difficult toinstall and modify.

The following summarizes the features of fiber optic cables:

• Speed and throughput—More than 1 Gbps (Gigabit per second)

• Average cost per node—Expensive

• Media and connector size—Small





• Maximum cable length—More than 10 km for single mode; up to 2 km formultimode

Fiber Optic Connector

The most common connector used with fiber optic cable is an ST connector. It is barrelshaped, similar to a BNC ( Bayonet Neill Concelman) male and female connector. Anewer connector, the SC, is becoming more popular. It has a squared face and is easierto connect in a confined space.

BNC - is usually used for thinnet coaxial cable. A terminator is a resistorattached to the end of the cable. Its purpose is to prevent signalreflections, effectively making the cable "look" infinitely long to the signalsbeing sent across it.

Fiber-optic connectors come in single-mode and multimode varieties. The greatestdifference between single-mode connectors and multimode connectors is the precision

in the manufacturing process. The hole in the single-mode connector is slightly smallerthan in the multimode connector. This ensures tighter tolerances in the assembly of theconnector. The tighter tolerances make field assembly slightly more difficult.

A number of different types of fiber-optic connectors are used in the communicationsindustry. The following list briefly describes two of the commonly used connectors:

SC fiber optic type connectors feature a push-pull, connect and disconnectmethod. To make a connection, the connector is simply pushed into thereceptacle. To disconnect, the connector is simply pulled out.

Figure 3-6 Multimode SC Connector on 3mm Jacketed Fiber

ST fiber optic connector is a bayonet type of connector. It is fully inserted intothe receptacle and is then twisted in a clockwise direction to lock it into place.





Figure 3-7 Multimode ST Connector on 3mm Jacketed Fiber

CableType

MaximumSegmentLength

Speed Cost Advantages Disadvantages

UTP 100 m 10 Mbps to1000 Mbps Leastexpensive Easy to install;widely available andwidely used

Susceptible tointerference; cancover only alimited distance

STP 100 m 10 Mbps to100 Mbps

Moreexpensivethan UTP

Reduced crosstalk;more resistant toEMI than Thinnet orUTP

Difficult to workwith; can coveronly a limiteddistance

10 km andfarther(single-mode)

100 Mbps to100 Gbps(single mode)

Fiber-Optic

2 km andfarther(multimode)

100 Mbps to9.92 Gbps(multimode)

Expensive Cannot be tapped,so security is better;can be used overgreat distances; is

not susceptible toEMI; has a higherdata rate thancoaxial and twisted-pair cable

Difficult toterminate

Table 3-2 Cable Type Comparison2


So what causes the signal to attenuate, and where does the crosstalk come from? Below are

of some of the terms used in high performance cable testing, and a description of what theymean.

Length

The length of a cable is one of the more obvious causes of attenuation because the longer itis, the more resistance it has, and therefore less of the signal will get through. To measurethe length, a cable tester uses Time Domain Reflectometry (TDR). A pulse is sent down thecable and when it reaches the far end it reflects back, by measuring the time it takes totravel down the cable and back again, the tester can determine how long the cable is. To dothis, the tester also needs to know how fast the pulsed signal is traveling. This is called the Nominal Velocity of Propagation (NVP) and is expressed as a percentage of the speed oflight. The NVP is usually somewhere between 60% and 90% of the speed of light, with

most Cat 5E cables being around 70%. Due to the twists in the cable, the measured lengthwill be greater than the physical length, so if a run looks like it might be over 80m it would be wise to check it before it is tied up and terminated.

Wire Map





This test is to ensure that the two ends have been terminated pin for pin, i.e. that pin 1 at the patch panel goes to pin 1 at the outlet, pin 2 goes to pin 2 etc. etc. The wire map also checksfor continuity, shorts, crossed pairs, reversed pairs and split pairs. A Split pair is probablythe only thing that requires an explanation here, as they are undetectable with a simplecontinuity tester, this is because pin for pin they seem to be correct. A basic in cablingindicates that balanced line operation requires that the signal is transmitted over a pair of

wires that are twisted together. With a 'split pair', the signal would be split between twodifferent pairs.

Figure 3-8 shows a diagram of cable wires

Return Loss

When a cable is manufactured there are slight imperfections in the copper. Theseimperfections all contribute to the Structural Return Loss (SRL) measurement because eachone causes impedance mismatch which adds to the cables attenuation.

http://www.datacottage.com/nch/basics.htm#Balanced

http://www.datacottage.com/nch/basics.htm#Balanced





DC loop resistance

This is simply the resistance between the two conductors of a twisted pair which is looped back at the far end. The primary purpose of this test is to make sure that there are no highresistance connections in the link.

At tenuation

This is the decrease in signal strength (expressed as negative dB) from one end of a cable tothe other. The main causes of attenuation are impedance, temperature, skin effect anddielectric loss. Impedance is the combination of resistance, inductance and capacitance in acable, and it is measured in Ohms and opposes the flow of current. Skin effect is phenomena, which happens at high frequencies where the signal tries to escape from theconfines of the copper and into the air. The signal travels along the outer 'skin' of the copperwhich effectively reduces the cross sectional area of the cable and therefore increases itsresistance.

NEXT (Near End Cross Talk) NEXT occurs because alternating current flow produces an electromagnetic field around thecable, this field then induces a current flow in adjacent cables. The strength of this fieldincreases with the frequency of the signal, and because the speed of data transmissions isever increasing, NEXT is a big problem.

The name 'Cross Talk' comes from the telecommunications industry, you may have heard afaint conversation in the background while on the phone yourself, this is caused by theelectromagnetic effect between adjacent telephone wires. In the transmission of data, crosstalk is at its highest level in the RJ45 connection as it enters the cable, or at the 'Near End'.The term 'Near End' is slightly confusing because data can travel in both directions, and the NEXT test is carried out in both directions automatically by the tester, so the NEXT result

is relative to the end of the cable that it was carried out on.

The twists in a cable help to cancel out the effects of NEXT and the more twists there are,the better the cancellation, however, the twists also increase attenuation, so there is a tradeoff between NEXT cancellation and attenuation. The twist rates in data cables are optimizedfor the best overall performance, the twist rates are also varied for each pair within the cableto help combat crosstalk.





Figure 3-9 shows a diagram of how NEXT occurs

PSNEXT (Power Sum Near-End Cross Talk)

PSNEXT is actually just a calculation. When a tester carries out the NEXT test it measuresthe cross talk on each pair as affected by each of the other three pairs individually, PSNEXTis simply the addition of the three NEXT results for each pair. So this is the combined effectthat a pair would be subject to when used in a network that supports a four pairtransmissions method, e.g. Gigabit Ethernet.

Figure 3-10 shows a diagram of adding the three NEXT results for each pair

FEXT, ELFEXT and PSELFEXT

Basically, Far End Cross Talk (FEXT) is like NEXT but it is measured at the far end (wellthat seems logical!). However, on its own FEXT doesn't mean much because the length ofthe cable determines how much the signal is attenuated before it can affect the pairs at thefar end. To compensate for this, and to provide a more meaningful result, the attenuation issubtracted from the FEXT test and the result is then called Equal Level Far End Cross Talk





(ELFEXT). Moreover, no test parameter these days would be complete without adding theresults together for each pair and calling it a Power Sum measurement, so now we havePower Sum Equal Level Far End Cross Talk or PSELFEXT for short.

Figure 3-11 shows a diagram of FEXT

Figure 3-12 shows a diagram of PSELFEXT

Delay

This is the propagation delay or the time it takes for the signal to travel from one end of thecable to the other, it is not very important on its own because it value is directly proportional to the length of the cable. What is important is the relationship between the

delays on each of the four pairs.

Delay Skew

Delay Skew is the difference between the fastest and slowest pairs. Some networks use afour pair transmission method, this means that the signal is split into four, sent down the





four pairs in the cable and re-combined at the far end. It is essential that the signals reachthe far end at near enough the same time, otherwise the signal will not be re-combinedcorrectly.

A General Guide on Cable InstallationWhen running cable, it is best to follow a few simple rules:

1. Always use more cable than you need. Leave plenty of slack.

2. Test every part of a network as you install it. Even if it is brand new, it may have problems that will be difficult to isolate later.

3. Stay at least 3 feet away from fluorescent light boxes and other sources of electricalinterference.

4. If it is necessary to run cable across the floor, cover the cable with cable protectors.

5. Label both ends of each cable.

6. Use cable ties (not tape) to keep cables in the same location together.

Although the maximum cable length for a Cat 5e/6/7 system is often reported to be 100m,

this length is inclusive of patch and drop leads. Cable testers however, when set to performa 'Basic Link' test, take this into account and you will find that the maximum length is set toeither 90m or 94m depending on the standard you are testing to. Also, because the length ismeasured with a Cable Analyzer it is not the physical length of the run but the copper lengththat is measured. The copper length is longer due to the twists in the cable pairs, so if a runlooks like it might be over 85m it would be wise to check it before it is tied up andterminated.

Each outlet cable should be run directly back to the patch cabinet, that is one cable per

outlet. A transition point or connection box is allowed if necessary, but in practice this can be more trouble than its worth.

Care should be taken when pulling cables in to ensure that they are not kinked or nicked.

Cable routes should be planned to avoid fluorescent light fittings and power cables

(exceptions can be made in the case of optical fiber). They should not be run in the sameconduit as power, or the same channel of a trunk system, and where they are run parallel to power they must be at least 60mm apart (BS7671-92 – IEEE 16th Edition wiring regulationstandard) . Crossing power cables is allowed but it must be at right angles, and some formof bridge should be used.

A means of supporting the cables should be installed such as cable tray, catenary wire or

cable tie fixings, tying cables to ceiling hangers is not permitted. Cables should be tied at aminimum of 500mm intervals on horizontal runs and more frequently on vertical runs, withno more than 48 cables in a loom. Cable ties should only be finger tight to avoid crushingthe cables as this could affect the cables performance characteristics. Do not use cable tieguns or staple guns.





Cable trays should be used under false floors, otherwise, a suitable method of keeping the

cable off the floor slab should be employed. This is because the lime in the concreteapparently reacts with the cables sheathing, and over time could damage the cable. I personally think the cable will have outlived its usefulness long before this could have anyaffect on the cables performance.

Care should be taken when pulling cables into trunking to avoid damage due to snagging.Trunking partitions should be used to separate the data cables from power, and bridgesshould be used where data cables have to cross the mains.

When terminating patch panels, cable looms should not exceed 48 cables. Each cable loomshould then be tied in a tidy manner to a cable tray fitted the full length of the cabinet.

All terminating should be carried out according to the manufacturers’ instructions and

guidelines, and the standards for generic cabling systems. The cable sheath should bestripped back no more than 13mm from the point of termination and the twist rates should be maintained.

Cable ties MUST be fitted to the individual RJ45 modules in the patch panels and outlets to

support each cable.

When terminating outlets, care must be taken to avoid damaging the copper cores whenstripping back the outer sheathing.

Excessive amounts of cable should not be left in the outlet backbox. Care should be takenwhen attaching the outlet faceplate not to kink, trap or strain the cable.

Cable tray should be fitted in cabinets housing structured cabling to keep cable looms

secure and tidy, and to provide room for any additional cabling.

All cabinets must be earthed to the 16th edition IEEE wiring regulations (Britishregulations). Where shielded cable is used the earth should be clean and where two cabinets

are linked with a copper backbone (shielded or unshielded) a minimum of 10mm² earth wireshould also be installed to cross bond the cabinets.3






In Ethernet networks, there are three types of cable that can be used to design a structuredcabling design namely Unshielded Twisted-Pair (UTP), Shielded Twisted-Pair (STP) – whichare both types of Twisted-Pair cable, and Fiber Optic cable.

Review Questions

1. The cable that is easy to install and is less expensive than other types of networkingmedia.

a) UTP

b) STP

c) Fiber Optic

2. This cable combined the techniques of shielding, cancellation, and wire twisting

a) UTP

b) STP

c) Fiber Optic

3. Attenuation is the tendency of a signal to weaken as it travels over a cable. This cable isless subject to experiencing attenuation.

a) UTP

b) STP

c) Fiber Optic





Chapter 4: LAN Architecture

Chapter Objectives


• Understand LAN protocols

• Understand the media access methods

• Know the different transmission methods

• Identify the major LAN devices

• Know what Ethernet Network is

• Know what the 5-4-3 rule is and how it is applied

• Know the characteristics of a 10BaseT

• Know what Ethernet Frame Types mean






Chapter 4: LAN Archi tecture

LAN Media Access Methods LAN Transmission Methods

LAN Devices

Ethernet Network

Notes







Understand LAN protoco ls

Understand the media access methods

Know the different transmission methods

Identify the major LAN devices

Know what Ethernet Network is

Know what the 5-4-3 rule is and how i t is

applied

Know the characteristics of a 10BaseT

Know what Ethernet Frame Types mean

Notes






LAN Architecture

Network archi tecture refers to the struc ture

or layout of the hardware and software and

it includes the cable access method

(transmission), topology, and lower level

protocols.

The Local Area Network (LAN) is by far the

most common type of network.

Notes






LAN Media Access Methods

Carrier Sense Multiple Access wi th Coll ision Detection (CSMA/CD)

used by Ethernet; devices contend for the network media.When a device has data to send, it first listens to see if anyother device is currently using the network. If not, it startssending its data. After finishing its transmission, it listensagain to see if a collision occurred.

Notes






LAN Media Access Method - Collision

A collision occurs when two devices send datasimultaneously. When a collision happens, each device waits

a random length of time before resending its data.

Notes







Carrier Sense Multiple Access with Collisi on Avoidance (CSMA/CA)

This method is cheaper to implement, since collision

detection circuitry is no t required; however, it imposes more

delay and can slow network throughput.

Notes







Token Passing

This is a media that uses a special packet called a token. Atoken is a special control frame on token ring, token bus,and FDDI (Fiber Distributed Data Interface) networks thatdetermines which stations can transmit data on a sharednetwork.

Notes






LAN Transmission Methods

In a unicast transmission, a single

packet is sent from the source to adestination on a network by using

the network address IP address.

A multicast transmission consists of

a single data packet that is copiedand sent to a specific subset of

nodes on the network.

Notes







A broadcast transmission consists of a single data packet that is

copied and sent to all nodes on the network.

A broadcast storm occurs when a host

system responds to a packet that is

continuously circulating on the networkor attempts to respond to a system that

never replies.

Typically, request or response packetsare continuously generated to correctthe situation, often making matters

worse.

As the number of packets on thenetwork increases, congestion occurs

that can reduce network performance or

cripple it.

Notes






LAN Devices

Devices commonly used in LANs include repeaters,

hubs, LAN extenders, bridges, LAN switches.

Notes






Ethernet Network

Describe Ethernet Network Identify Ethernet connection standards

Characteristics of Ethernet 10Base-T

Limitations of Ethernet

Understanding the 5-4-3 Rule

Ethernet Frame Types

Notes





Introduction

Network architecture refers to the structure or layout of the hardware and software and itincludes the cable access method (transmission), topology, and lower level protocols.

The Local Area Network (LAN) is by far the most common type of network. The 3 mostcommon types of LAN architectures are Ethernet, Token Ring and ArcNet (AttachedResource Computing Network), which are sometimes referred to as "lower-level protocols" because they represent the specifications for the IEE802 model which encompasses thePhysical (1st) and Data link (2nd) layers of the OSI model. However, the major LANarchitecture in use today is Ethernet.

This chapter will introduce the LAN protocols, topologies, various media-access methods,transmission methods, and devices used in a local-area network (LAN) and will primarilyfocus on the Ethernet.


Local area networks are typically shared by a number of attached systems, and only onesystem at a time may use the network cable to transmit data. An access method defines howa system gains access to a shared network in a cooperative way so its transmissions do notinterfere with the transmissions of other systems. Simultaneous access to the cable is either prevented by using a token-passing method or controlled with a carrier sensing and collisiondetection method.

The primary access methods are listed below. All Ethernet networks use the first accessmethod, CSMA/CD. The last is used by first Token Ring networks, which is not commonly

used in modern networks.

Carrier Sense Multiple Access with Collision Detection (CSMA/CD)

In networks using CSMA/CD technology such as Ethernet, network devices contend forthe network media. When a device has data to send, it first listens to see if any otherdevice is currently using the network. If not, it starts sending its data. After finishing itstransmission, it listens again to see if a collision occurred. A collision occurs when twodevices send data simultaneously. When a collision happens, each device waits arandom length of time before resending its data. In most cases, a collision will not occuragain between the two devices. Because of this type of network contention, the busier anetwork becomes, the more collisions occur. This is why performance of Ethernet

degrades rapidly as the number of devices on a single network increases.

Contention

Contention is the most popular media access control used on LANs. This controlenables any station to immediately access the media if it is not in use. To accomplishthis, all stations sense or listen to the media using the receive channel. If no data





communication is sensed, the station can transmit a packet. If two stations listen atexactly the same time, both will send packets. This situation results in a packetcollision. A collision renders the data packets unusable.

Contention Characteristics

Contention media access control has the following characteristics.

Software is simple with little overhead.

When a device transmits, the device temporarily has total control of the mediauntil the transmission is complete.

Contention is not probabilistic. Access times cannot be predicted.

Priorities cannot be assigned to give certain devices quicker access to themedia.

More collisions will result from adding more devices to the network.

For CSMA/CD networks, switches segment the network into multiple collisiondomains. This reduces the number of devices per network segment that must contendfor the media. By creating smaller collision domains, the performance of a network can be increased significantly without requiring addressing changes.

Normally CSMA/CD networks are half-duplex, meaning that while a device sendsinformation, it cannot receive at the time. While that device is talking, it is incapable ofalso listening for other traffic. This is much like a walkie-talkie. When one personwants to talk, he presses the transmit button and begins speaking. While he is talking,no one else on the same frequency can talk. When the sending person is finished, hereleases the transmit button and the frequency is available to others.

When switches are introduced, full-duplex operation is possible. Full-duplex works

much like a telephone—you can listen as well as talk at the same time. When a networkdevice is attached directly to the port of a network switch, the two devices may becapable of operating in full-duplex mode. In full-duplex mode, performance can beincreased, but not quite as much as some like to claim. A 100-Mbps Ethernet segment iscapable of transmitting 200 Mbps of data, but only 100 Mbps can travel in one directionat a time. Because most data connections are asymmetric (with more data traveling inone direction than the other), the gain is not as great as many claim. However, full-duplex operation does increase the throughput of most applications because the networkmedia is no longer shared. Two devices on a full-duplex connection can send data assoon as it is ready.

Carrier Sense Multip le Access with Collision Avoidance (CSMA/CA)This access method is a variation on the CSMA/CD method. Nodes estimate when acollision might occur and avoid transmission during that period. This method is cheaperto implement, since collision detection circuitry is not required; however, it imposesmore delay and can slow network throughput.





Token Passing

This is a media that uses a special packet called a token. A token is a special controlframe on token ring, token bus, and FDDI (Fiber Distributed Data Interface) networksthat determines which stations can transmit data on a shared network. The node that hasthe token can transmit. Unlike contention-based networks, such as Ethernet,

workstations on token-based networks do not compete for access to the network. Onlythe station that obtains the token can transmit. Other stations wait for the token ratherthan try to access the network on their own. On Ethernet networks, "collisions" occurwhen two or more workstations attempt to access the network at the same time. Theymust back off and try again later, which reduces performance, especially as the numberof workstations attached to a network segment increases.


How do computers communicate? What are the methods of transmitting data in the

network? LAN data transmissions fall into three classifications: unicast, multicast, and broadcast.

In each type of transmission, a single packet is sent to one or more nodes.

In a unicast transmission, a single packet is sent from the source to a destination on anetwork by using the network address (Internet Protocol or IP address). First, the sourcenode addresses the packet by using the address of the destination node. The package is thensent onto the network, and finally, the network passes the packet to its destination.

Figure 4-1 Unicast Network

A multicast transmission consists of a single data packet that is copied and sent to a specificsubset of nodes on the network. First, the source node addresses the packet by using amulticast address. For example, the TCP/IP suite uses 175.123.167.198 to 239.255.255.255.The packet is then sent into the network, which makes copies of the packet and sends acopy to each node that is part of the multicast address.





Figure 4-2 Multicast Network

Figure 4-3 Broadcast Network

A broadcast transmission consists of a single data packet that is copied and sent to all nodeson the network. In these types of transmissions, the source node addresses the packet byusing the broadcast address. The packet is then sent on to the network, which makes copiesof the packet and sends a copy to every node on the network.

Multimedia broadcast traffic is a much more bandwidth-intensive broadcast traffic type.Unlike a data broadcast, it is typically several megabits in size; therefore, it can quicklyconsume network and bandwidth resources. Broadcast-based protocols are not preferred because every network device on the network must expend CPU cycles to process each dataframe and packet to determine if that device is the intended recipient. Data broadcasts are





necessary in a LAN environment, but they have minimal impact because the data broadcastframes that are traversing the network are typically small.

A broadcast storm occurs when a host system responds to a packet that iscontinuously circulating on the network or attempts to respond to a system that

never replies. Typically, request or response packets are continuously generatedto correct the situation, often making matters worse. As the number of packets onthe network increases, congestion occurs that can reduce network performanceor cripple it.

Generally, multicasting is the act of transmitting a message to a select group of recipients.This is in contrast to the concept of a broadcast, where traffic is sent to every host on thenetwork, or a unicast, where the connection is a one-to-one relationship, and there is onlyone recipient of the data. Think about sending an email message. If you send an emailmessage to your manager, it is an example of a unicast message. If you send an emailmessage to every user on the system, it is a broadcast. Send an email message to a mailinglist, and you have sent a multicast message, which falls between the previous two.Teleconferencing and videoconferencing use the concept of multicasting, as does broadcast

audio, where the connection is one to a selected group. At this time, only a few applicationstake advantage of this feature, but with the growing popularity of multicast applications,you may see more multicast applications in the future. WINS is one that you can keep onthe list, but only for small networks.

LAN Devices

Devices commonly used in LANs include repeaters, hubs, LAN extenders, bridges, LANswitches.

A repeater is a physical layer device used to interconnect the media segments of anextended network. A repeater essentially enables a series of cable segments to be treated asa single cable. Repeaters receive signals from one network segment and amplify, retime,and retransmit those signals to another network segment. These actions prevent signaldeterioration caused by long cable lengths and large numbers of connected devices.Repeaters are incapable of performing complex filtering and other traffic processing. Inaddition, all electrical signals, including electrical disturbances and other errors, arerepeated and amplified. The total number of repeaters and network segments that can beconnected is limited due to timing and other issues. The illustration below shows a repeaterconnecting two network segments.





Figure 4-4 A repeater connecting two network segments

A hub is a physical layer device that connects multiple user stations, each via a dedicatedcable. Electrical interconnections are established inside the hub. Hubs are used to create a physical star network while maintaining the logical bus or ring configuration of the LAN. Insome respects, a hub functions as a multi-port repeater.

A LAN extender is a remote-access multilayer switch that connects to a host router. LANextenders forward traffic from all the standard network layer protocols (such as IP) andfilter traffic based on the MAC address or network layer protocol type. LAN extenders scalewell because the host router filters out unwanted broadcasts and multicasts. However, LANextenders are not capable of segmenting traffic or creating security firewalls.

Figure 4-5 Multiple LAN extenders can connect to the host router through a WAN

Ethernet Network

Ethernet is a shared LAN technology that was developed in the early 1970s by some of thesame pioneers who were working on the development of the Internet. The basic designconsists of a shared transmission medium in the form of a coaxial cable or a multi-port hub.If the medium used is a cable, workstations (nodes) are tapped into the cable along its paththrough a room or building. If a hub is used, workstations connect to the hub via twisted-





pair cables in a star-like configuration. Since the communication medium is shared, nodesmust listen to make sure the cable is not in use before transmitting. This works well forsmall LANs, but the sharing scheme runs into problems as networks grow.

The Ethernet protocol is by far the most widely used in LAN technology because its protocol has the following characteristics:

Is easy to understand, implement, manage, and maintain

Allows low-cost network implementations

Provides extensive topological flexibility for network installation

Guarantees successful interconnection and operation of standards-compliant products,regardless of manufacturer

Ethernet connection standards

A variety of standards define the types of cable and connectors to be used, which in turn

define the distances between computers that can be supported. ESTA's 'RecommendedPractice for Ethernet Cabling Systems in Entertainment Lighting Applications' specifies10Base2, 10Base-T and 10Base-FL (Fiber Optic) cable.

• Ethernet 10Base2 uses thinnet and coaxial cables. A daisy chain can becreated by using a T-connector on each computers. It network interface card (NIC) anda BNC 50-ohm terminator at both ends of the chain. Each segment (from one end to theother of the chain or the point to point connection) can be up to 185 meters (600 feet).Up to 30 connections can be supported, one ground per segment; a minimum of 1.5 feet(.5 meters) between T-connectors; and a maximum of 1,818 feet (555 meters) per trunksegment.

• 10BASE2 uses thin Ethernet cable. Thin coax cable, or Thin Ethernet,

implemented with T-connectors and terminators, such as RG-58 and A/U or C/U, havethe following specifications: a 50-ohm terminator on each end of the cable; a maximumlength of 1,000 feet (185 meters) per segment; a maximum of 30 devices per segment; anetwork board using the internal transceiver; a maximum of 3 segments with attacheddevices (populated segments); one ground per segment; a minimum of 1.5 feet (.5meters) between T-connectors; a maximum of 1,818 feet (555 meters) per trunksegment; and a maximum of 30 connections per segment.

• Ethernet 100Base-T also uses twisted-pair wir ing . The typical bit-rate of thissystem is 100Mbit/s.





Specification Cable Type Maximumlength

10BaseT UnshieldedTwisted Pair 100 meters

10Base2 Thin Coaxial 185 meters

10Base5 Thick Coaxial 500 meters

10BaseF Fiber Optic 2000 meters

100BaseT UnshieldedTwisted Pair

100 meters

Figure 4-6 Ethernet Cable Summary

Fast Ethernet Physical Specifications

100BASE-TX specification uses two pairs of Category 5 UTP or Category 1 STPcabling at a 100 Mbps data transmission speed. Each segment can be up to 100meters long.

100BASE-T4 specification uses four pairs of Category 3, 4, or 5 UTP cabling at a100 Mbps data transmission speed with standard RJ-45 connectors. Each segmentcan be up to 100 meters long.

100BASE-FX specification uses two-strand 62.5/125 micron multi- or single-mode fiber media. Half-duplex, multi-mode fiber media has a maximum segmentlength of 412 meters. Full-duplex, single-mode fiber media has a maximumsegment length of 10,000 meters.

Characteristics of Ethernet 10Base-T

10Base-T's biggest advantage is a star, or distributed, topology, which allows for

clusters of workstations in departments or other areas. It is easy to build a hierarchicalwiring system. Even though cable segment distances are shorter, the hierarchicaltopology provides a cabling scheme that makes up for this deficiency.

In a basic 10Base-T network, workstations are attached to a central hub or switch thatacts as a repeater. When a signal from a workstation arrives, the hub broadcasts it on alloutput lines. You can attach hubs to other hubs in a hierarchical configuration.





Workstations are attached to the hub with a UTP (unshielded twisted-pair) cable thatcannot exceed 100 meters (328 feet).

10Base-T connections use Category 5, which provides for future growth into fastertransmission technologies such as 100Base-T or 1000Base-T.

Below is a basic specifications list of the 10Base-T network.• The maximum number of nodes per segment is 1,024, not counting repeaters.

• Use Category 3, 4, or 5 unshielded twisted-pair cable.

• Use RJ-45 jacks at the end of cables. Pins 1 and 2 are "transmit" and pins 3 and 6are "receive."

• The distance from a station to a hub cannot exceed 100 meters (328 feet).

• Up to 12 repeater hubs can be attached to a central hub to expand the number ofnetwork stations, but the number of repeaters cannot exceed 4 between any twoend nodes.

• A bridge may be used to extend some of these limitations. Divide large networks

with routers as discussed earlier.

Limitations of Ethernet

There are practical limits to the size of our Ethernet network. A primary concern is thelength of the shared cable.

Electrical signals propagate along a cable very quickly, but they weaken as they travel,and electrical interference from neighboring devices (fluorescent lights, for example)can scramble the signal. A network cable must be short enough that devices at oppositeends can receive each other's signals clearly and with minimal delay. This places adistance limitation on the maximum separation between two devices on an Ethernet

network.

Additionally, since in CSMA/CD only a single device can transmit at a given time,there are practical limits to the number of devices that can coexist in a single network.

Ethernet networks face congestion problems as they increased in size. If a large numberof stations connected to the same segment and each generated a sizable amount oftraffic, many stations may attempt to transmit whenever there was an opportunity.Under these circumstances, collisions would become more frequent and could begin tochoke out successful transmissions, which could take inordinately large amounts oftime to complete. One way to reduce congestion would be to split a single segment intomultiple segments, thus creating multiple collision domains. This solution creates adifferent problem, as now these now separate segments are not able to shareinformation with each other.

To alleviate these problems, Ethernet networks implemented bridges. Bridges connecttwo or more network segments, increasing the network diameter as a repeater does, but bridges also help regulate traffic. They can send and receive transmissions just like anyother node, but they do not function similar to a normal node. The bridge does not





originate any traffic of its own; like a repeater, it only echoes what it hears from otherstations.

Understanding the 5-4-3 Rule

When setting up a tree topology using Ethernet protocol, consider the 5-4-3 rule. Oneaspect of the Ethernet protocol requires that a signal sent out on the network cable reachevery part of the network within a specified length of time. Each repeater that a signalgoes through adds a small amount of time. This leads to the rule that between any two

nodes on the network, there can only be a maximum of 5 segments, connected through 4

repeaters. In addition, only 3 of the segments may be populated (trunk) segments if they

are made of coaxial cable. A populated segment means that one or more nodes areattached to it.

However, this rule does not apply to other network protocols or Ethernet networkswhere all fiber optic cabling or a combination of a fiber backbone with UTP cabling isused. If there is a combination of fiber optic backbone and UTP cabling, the rule issimply translated to 7-6-5 rule.

Ethernet Frame Types

In Novell LAN environment, there are a variety of Ethernet Frame Types that may beobserved, depending upon the version of NetWare, and the applications employed.

Figure 4-7 Ethernet Frame Types

Ethernet 802.2 is one of them. This frame includes fields from 802.3 and 802.2 (LogicalLink Control) and can support the Novell IPX/SPX (Internetwork Packet

Exchange/Sequenced Packet Exchange) and FTAM (File Transfer, Access, and

Management ) protocols. The frame parameters are identical to those listed above,except that the first three bytes of the data field are used to indicate 802.2 headerLogical Link Control (LLC) information.

Preambl e : 8 byt esDest i nat i on Addr ess : 6 bytesSource Addr ess : 6 byt esLengt h Fi el d : 2 bytesData Fi el d : Between 46 and 1500 byt es ( i ncl udi ng LLC)Pad Char act er s : Var i abl e, st uf f s dat a f i el d up t o 46 bytesFr ame Check Sequence: 4 byt es





Mi n Fr ame Lengt h : 64 bytesMax Fr ame Length : 1518 byt es ( not i ncl udi ng Preambl e)

The LLC field consists of:

Dest i nat i on Servi ce Access Poi nt ( DSAP) : 1 byt e (NetWare 0xE0)Sour ce Servi ce Access Poi nt ( SSAP) : 1 byt e ( NetWare 0xE0)Cont r ol Fi el d : 1 byte ( Net War e 0x03)

NetWare IPX/SPX packets will assign a hexadecimal value of E0 to the DSAPand SSAP fields and a hexadecimal value of 03 to the Control field. The "03"Control value indicates an unnumbered 802.2 layer.






The Local Area Network (LAN) is by far the most common type of network. CSMA/CDtechnology is an access method used by the Ethernet network to gain access to a sharednetwork. For CSMA/CD networks, switches segment the network into multiple collision

domains. This reduces the number of devices per network segment that must contend for themedia.

LAN data transmissions fall into three classifications: unicast, multicast, and broadcast.In each type of transmission, a single packet is sent to one or more nodes. The devicescommonly used to transmit data in LANs include repeaters, hubs, extenders, bridges, andswitches.

The 5-4-3 rule indicates a rule between any two nodes on the network - there can only be amaximum of 5 segments, connected through 4 repeaters. In addition, only 3 of the segmentsmay be populated (trunk) segments if they are made of coaxial cable.

Review Questions1. The network devices contend for the network media in the CSMA/CD method. This

means that

a) Nodes estimate when a collision might occur and avoid transmission during that period.

b) When a device has data to send, it first listens to see if any other device is currentlyusing the network

c) The source node addresses the packet by using the broadcast address

d) The source node addresses the packet by using a multicast address

2. LAN extenders forward traffic from all the standard network layer protocols (such asIP) and filter traffic based on –

a) Packet

b) MAC address

c) Electrical connections

d) Cabling scheme

3. Why did Ethernet networks implement bridges?

a) To build a hierarchical wiring systems

b) To solve congestion problems due to increase of devices in the network

c) To combine fiber optic backbone and UTP cabling

d) To send a single packet to one or more nodes

4. An Ethernet connection standard that relies on twisted pair wiring (shielded orunshielded) to connect computers.

a) Ethernet 10Base2





b) Ethernet 10Base-T

c) Ethernet100Base-T

5. In the “5-4-3” rule, which statement is true?

a) Between any two nodes on the network, there can only be a maximum of 5

segments, connected through 4 repeaters, 3 of the segments may be populated(trunk) segments if they are made of coaxial cable.

b) Between any two nodes on the network, there can only be a maximum of 5repeaters, connected through 4 segments, 3 of the segments may be populated(trunk) segments if they are made of twisted-pair cable.

c) Between any two nodes on the network, there can only be a maximum of 5segments, connected through 4 repeaters, 3 of the segments may be populated(trunk) segments if they are made of twisted-pair cable.



Chapter 5: Network Connectivity Devices


Chapter 5: Network ConnectivityDevices

Chapter Objectives


• Know what a WAN is

• Know what a hub is and how it functions

• Know what a repeater is and how it functions

• Know the capabilities and limitations of a repeater

• Know the capabilities and limitations of a bridge

• Know the capabilities and limitations of a router

• Know the capabilities and limitations of a brouter

• Know the capabilities and limitations of a gateway

• Know the types of gateways

• Know what a broadcast storm is, how it is caused, and how it can be prevented

• Know how packets are routed across a network

• Know what an Ethernet switch is and how it functions

• Identify the appropriate device to connect two networks

• Know what a routing table is and how it is used

• Distinguish between dynamic and static routing

• Distinguish between RIP, RIP2 and OSPF







Connection Devices in Networking

Hubs

Repeaters

Bridges

Switches

Routers

Brouters

Gateways

Routing Protocol

Overview of Wide Area Network (WAN)

Notes







Know what a WAN is

Know what a hub is and how it functions

Know what a repeater is and how it functions

Know the capabiliti es and limitations o f a repeater

Know the capabilities and limitations of a bridge

Know the capabilities and limitations of a router

Know the capabilities and limitations of a brouter

Know the capabilities and limitations of a gateway

Know the types of gateways

Know what a broadcast storm is, how i t is caused, and how it can

be prevented

Know how packets are routed across a network

Know what an Ethernet switch is and how it functions

Identify the appropriate device to connect two networks

Know what a routing table is and how it is used

Distinguish between dynamic and static routing

Distinguish between RIP, RIP2 and OSPF

Notes






Network Connectivi ty Devices

Hubs

Repeaters

Switches

Bridges

Routers

Brouters

Gateways

Notes






Hubs

Hubs are devices used to link

several computers together. Most often used in 10BaseT

Ethernet networks.

Multi-por t repeaters. They repeat

any signal that comes in on one

port and copy it to all the other

ports (a process also called

broadcasting).

Hubs, like switches, allow

multiple nodes (computers,

servers and printers) to share the

same wired or wireless

connection.

Notes






Repeaters

Electrically amplifies the signal it

receives and rebroadcasts it

Can be separate devices or they

can be incorporated into a switch

therefore allowing connection of

segment of the same network even

if they use di fferent media

Used to extend the network when

the total length of your network

cable exceeds the standards set fo r

the type of cable being used

Notes






Bridges

Al low you to segment a large network into two smaller , more eff ici ent

networks while retaining the same broadcast domain

Extend a single LAN to greater distances by bridging two distant LANs

with br idges joined by fiber-optic cable

Monitor the information traffic on both si des of the network

Can inspect each message and, if necessary, broadcast it on the other

side of the network

Notes






Switches

Provide a central connection

point for cables from

workstations, servers, and

peripherals

Most switches are active - they

electrically amplify the signal as it

moves from one device to another

More expensive than a hub or

bridge and the configuration of

additional functions can be very

complex.

Switch is a faster, simpler device

than a router, but can incorporate

some of the router's functions.

Analyze the network to better

route the data

Notes






Routers

Can connect different network segments, if they are in the

same building or even on the opposite side of the globe.

Capable of translating the data information from one networkto another; it is similar to a superintelligent bridge.

Can also d irect traffic to prevent head-on collisions

Can sense the traffic in entire network to determine which

sections are busiest – and choose the shortest path

Notes






Brouters

A hybr id device that merges bridging and routing technology.

A network br idge and a router combined in a single product. A br idge that can bridge mul tiple protoco ls and provide rout ing for

some of those protocols.

Notes






Gateways

A gateway forwards data between IPnetworks.

A machine that acts as an interface

between a small network and a

much larger one, such as a LAN

connecting to the Internet.

In the early days of the Internet,

routers were called gateways.

It is usually called the default

gateway, meaning that it is the

primary path to other networks.

Notes






Routing Table

A database which keeps t rack of t he routes to networks andthe associated costs is c alled a routing table. It consists of

destinations, rou tes, and next hops. These entries define aroute to a destination network .

Notes






Dynamic Route: Routed versus Routing

Notes






Multiprotocol Routing

Notes






IP Routing Configuration Tasks

Notes







Typical broadband communication systems

Notes






Keys To Remember

Repeaters, br idges, rou ters and gateways all extend andsegment networks. The dif ference between these devices liesin the different degrees of data discrimination and handlingcapability.

Repeater : Regenerates signals to span longer segmentsof network. Does not alter data.

Bridge: Links two subnets (networks) that use the samemedia and protocol. May control data traffic and speed.

Router : Al lows the interconnection of two or morephysically distinct networks and have advancedintelligence enabling it to determine the most efficientmethod of delivering data.

Gateways: Designed to connect radically differentnetworks.

Notes





Introduction

Network cables link computers to computers. Most cable types allow networks to behundreds of feet long. But what if your network needs to be bigger than that? What if yourrequirement is to connect a LAN to other LANs? What if the architecture you’re using foryour network is limiting the growth of your network along with the growth of yourcompany? The answer to this is found in a special class of networking devices known asconnectivity devices. These devices allow communications to break the boundaries of localnetworks and allow your computers to talk to wide area networks such as other computersin the next building, city or country.

Connection Devices in Networking

There are several categories of connectivity devices that will be discussed later in thischapter:

Hubs

Repeaters

Switches

Bridges

Routers

Brouters

Gateways

These connectivity devices have made it possible to lengthen the distance of the network toalmost unlimited distances.

Figure 5-1 Illustration of a networking hardware connected together.





Hubs

Hubs are devices used to link several computers together. They are used most often in10BaseT Ethernet networks. They are also very simple devices. In fact, they are just multi- port repeaters. They repeat any signal that comes in on one port and copy it to all the other ports (a process also called broadcasting).

There are two types of hubs: active and passive. Passive hubs simply connect all portstogether electrically and are usually not powered. Active hubs use electronics to amplifyand clean up the signal before it is broadcast to the other ports. In the category of activehubs, there is also a class called "intelligent" hubs, which are hubs that can be remotelymanaged on the network.

Up until a few years ago, hubs were considered fairly sophisticated devices that could provide an adequate network infrastructure for most small and medium-sized organizations.But bandwidth-hungry electronic business applications, powerful desktop PCs, heightenedsecurity concerns, wireless and converged technologies and 24x7 operations have foreverchanged the demands on the network. Today, organizations of all sizes must build switching

technology into their LAN infrastructures in order to get the performance, capacity andintelligent services that they need. Hubs, like switches, allow multiple nodes (computers,servers and printers) to share the same wired or wireless connection. However, even thesimplest switch is more sophisticated than a hub because it forwards data packets only tothe appropriate port for the intended recipient based on information in each packet. Itextends the collision domain, cannot filter information, therefore passing the packets to allconnected segments.

Figure 5-2 Network computers connected to the Internet through a network hub





Repeaters

Since a signal loses strength as it passes along a cable, it is often necessary to boost thesignal with a device called a repeater . The repeater electrically amplifies the signal itreceives and rebroadcasts it. Repeaters can be separate devices or they can be incorporatedinto a switch, therefore allowing connection of segment of the same network, even if theyuse different media. They are used to extend the network when the total length of yournetwork cable exceeds the standards set for the type of cable being used.

A good example of the use of repeaters would be in a local area network using a startopology with unshielded twisted-pair cabling. The length limit for unshielded twisted-paircable is 100 meters. The most common configuration is for each workstation to beconnected by twisted-pair cable to a multi-port active concentrator. The concentratoramplifies all the signals that pass through it allowing for the total length of cable on thenetwork to exceed the 100 meter limit.

Figure 5-3 Repeaters boost the signal in the network

Bridges

A bridge is a device that allows you to segment a large network into two smaller, moreefficient networks while retaining the same broadcast domain. It also extends a single LANto greater distances by bridging two distant LANs with bridges joined by fiber-optic cable.

A bridge monitors the information traffic on both sides of the network so that it can pass packets of information to the correct location. It can provide a barrier that keeps electricalor other problems on one segment from propagating to the other segment. Most bridges can





"listen" to the network and automatically figure out the address of each computer on bothsides of the bridge. The bridge can inspect each message and, if necessary, broadcast it onthe other side of the network. It isolates each LAN from the collisions that occur on otherLANs. Thus, it creates separate collision domains.

In the past, the bridge was a small box with several LAN connectors or a server with several

network interface cards. Today, bridges are more likely to appear in the form of switchingdevices, which are technically multi-port bridges. Each port provides a separate LANconnection that is bridged to the other ports.

Figure 5-4 Wireless is also used as access point

Switches

A switch is a device that provides a central connection point for cables from workstations,servers, and peripherals. In a star topology, twisted-pair wire is run from each workstationto a central switch. Most switches are active, that is they electrically amplify the signal as itmoves from one device to another. Switches no longer broadcast network packets as hubsdid in the past, they memorize addressing of computers and send the information to thecorrect location directly. However, switches are more expensive than a hub or bridge and

the configuration of additional functions can be very complex.

A switch selects a path or circuit for sending a unit of data to its next destination. In general,a switch is a faster, simpler device than a router, but can incorporate some of the router'sfunctions. The basic switch simply selects the next path the data needs to go withoutanalyzing the entire path. This ability allows switches to disallow some signals fromcontinuing on the network. This can help reduce collisions, and increase network performance. Some switches act at Level 3, sometimes called IP Switches or Layer 3Switches.

These switches perform many of the functions of a router. They can analyze the network to better route the data. These switches can also be used to break up segments. By assigningdifferent ports to different segments, the switch can route data to the correct segment.

The advantages of using a switch includes the capability to limit the collision domain, canextend network distances, it uses MAC address to filter traffic, eases congestion, canconnect different types of media, and some can connect differing architectures.





On the other hand, a switch cannot filter broadcast packets. It is more expensive than arepeater but slower than a repeater. This is primarily due to additional processing of packetswithin the same broadcast domain.

A switch is like an advanced bridge. It separates network lines and helps reduce the numberof collisions. Instead of having two networks connected through a bridge, you can have

multiple networks connected through a switch. Here's one way to think of it: A repeater is toa hub like a bridge is to a switch.

Figure 5-5 Network computers connected to the Internet through router/switch

Routers

Routers are specialized computers that send your messages and those of every other Internetuser speeding to their destinations along thousands of pathways. A router can connectdifferent network segments, if they are in the same building or even on the opposite side ofthe globe. A router transmitting data is capable of translating the data information from onenetwork to another; it is similar to a superintelligent bridge. Routers select the best path toroute a messages between any two protocols using fiber optic, coaxial, and twisted-paircabling, based on the destination address and origin. It changes the packet size and formatto match the requirements of the destination network. The router can also direct traffic to prevent head-on collisions, and is smart enough to know when to direct traffic along backroads and shortcuts.

A router is more complicated than a bridge in that it can make decisions about where andhow to send packets of information.

While bridges know the addresses of all computers on each side of the network, routersknow the addresses of computers, bridges, and other routers on the network. Routers caneven "listen" to the entire network to determine which sections are busiest -- they can thenredirect data around those sections until they clear up.





A network needs a router to connect to the Internet. In this case, the router serves as thetranslator between the information on your LAN and the Internet. It can also work in MANand WAN environments. It also determines the best route to send the data over the Internet.

The advantage of using a router over a bridge is that routers can determine the best path thatdata can take to get to its destination. Like bridges, they can segment large networks and

can filter out noise. However, they are slower than bridges because they are more intelligentdevices; as such, they analyze every packet, causing packet forwarding delays. Because ofthis intelligence, they are also more expensive.

How Does the Router Work?

When you send e-mail to someone on the other side of the country, the message ends upexactly where you directed it, rather than on one of the millions of other computers in theworld. Much of the work to get a message from one computer to another is done by routers, because they're the crucial devices that let messages flow between networks, rather thanwithin networks.

Here is how a simple router works. A small company that makes video commercials forlocal television stations have 10 employees and each with a computer. Four of theemployees are video editors, while the rest are in marketing, accounting and management.The video editors will need to send very large files back and forth to one another as theywork on projects. To do this, they'll use a network.

When editor sends a video file to another, the very large file will use up most of thenetwork's bandwidth, and possibly make the network run very slowly for other users. Oneof the reasons that a single intensive user can affect the entire network performance stemsfrom the way that Ethernet works. Each information packet sent from a computer is seen byall the other computers on the local network. Each computer then examines the packet anddecides whether it was meant for its address. This keeps the basic plan of the networksimple, but has performance consequences as the size of the network or level of networkactivity increases. To keep the editors’ work from interfering with the people in the frontoffice, the company sets up two separate networks, one for the editors and one for the restof the company. A router links the two networks and connects both networks to the Internet.It is the only device that sees every message sent by any computer on either of thecompany's networks. When the editor in the example sends a huge file to another editor, therouter looks at the recipient's address and keeps the traffic on the editor’s network. When aneditor, on the other hand, sends a message to the accountant asking about an expense-account check, then the router sees the recipient's address and forwards the message between the two networks.

One of the tools a router uses to decide where a packet should go is a configuration table. Aconfiguration table is a collection of information, including:

Information on which connections lead to particular groups of addresses

Priorities for connections to be used

Rules for handling both routine and special cases of traffic





A configuration table can be as simple as a half-dozen lines in the smallest routers, but cangrow to massive size and complexity in the very large routers that handle the bulk ofInternet messages.

A router, then, has two separate but related jobs:

It ensures that information doesn't go where it's not needed. This is crucial forkeeping large volumes of data from clogging the connections of "innocent bystanders."

It makes sure that information does make it to the intended destination.

In performing these two jobs, a router is extremely useful in dealing with two separatecomputer networks. It joins the two networks, passing information from one to the otherand, in some cases, performing translations of various protocols between the two networks.It also protects the networks from one another, preventing the traffic on one fromunnecessarily spilling over to the other. As the number of networks attached to one anothergrows, the configuration table for handling traffic among them grows, and the processing power of the router is increased. Regardless of how many networks are attached, though,

the basic operation and function of the router remains the same.

Internet data, whether in the form of a Web page, a downloaded file or an e-mail message,travels over a system known as a packet-switching network . In this system, the data in amessage or file is broken up into packages about 1,500 bytes long. Each of these packagesgets a wrapper that includes information on the sender's address, the receiver's address, the package's place in the entire message, and how the receiving computer can be sure that the package arrived intact. Each data package, called a packet, is then sent off to its destinationvia the best available route - a route that might be taken by all the other packets in themessage or by none of the other packets in the message. If there is a problem with one pieceof equipment in the network while a message is being transferred, packets can be routedaround the problem, ensuring the delivery of the entire message.

Note: To know more information about routing protocols, go toChapter 7 “TCP/IP Protocols”.

What is a Routing Table?

A Routing Table is a database which keeps track of the routes to networks and theassociated costs. It consists of destinations, routes, and next hops. These entries define aroute to a destination network. A router may create or maintain a table of the availableroutes and their conditions and use this information along with distance and cost algorithmsto determine the best route for a given packet. Typically, a packet may travel through anumber of network points with routers before arriving at its destination. Routers must be

constantly updated to changes in the network topology. Routes may be added or removed,or routes may fail due to a break in the physical link. Convergence is part of the routingtable update process. When a link fails or changes, updates are sent across the network thatdescribe changes in the network topology. Each router then runs a routing algorithm to re-compute routes and build new routing tables based on this information. Once all the routersin the network have updated their routing tables, convergence is complete.





Convergence is a dynamic routing process as opposed to static routing. In staticrouting, an operator programs routes into routers. Static routing is appropriate forsmall networks or when dedicated links exist between networks.

The routing table consists of three types of entries: destinations, routes, and next hops.

Figure 5-6 Illustration that shows how the routing table entries are related

A destination in the routing table is a network entry represented by a network IP addressand a network subnet mask. A destination entry in the routing table includes the address,expressed as a network address and network mask, a list of routes to the destination, a list ofopaque pointer slots, the views in which this destination is valid.

The destination contains a structure for each view that contains an identifier for the view, a pointer to the best route to the destination in this view, the owner of the best route in thisview, flags associated with the best route in this view and a handle to any routes that are ina hold-down state in this view.

BroutersA brouter is a hybrid device that merges bridging and routing technology. A brouter is anetwork bridge and a router combined in a single product. If a data unit on one LAN isintended for a destination on an interconnected LAN, the bridge forwards the data unit tothat LAN; otherwise, it passes it along on the same LAN. A bridge usually offers only one path to a given interconnected LAN.





A router connects a network to one or more other networks that are usually part of a widearea network (WAN) and may offer a number of paths out to destinations on thosenetworks. A router therefore needs to have more information than a bridge about theinterconnected networks. It consults a routing table for this information.

Since a given outgoing data unit or packet from a computer may be intended for an address

on the local network, on an interconnected LAN, or the wide area network, it makes senseto have a single unit that examines all data units and forwards them appropriately

Many routers today have bridging functions built into them. When you enable thesefunctions, your router becomes a bridging-router, or brouter. Basically, a brouter is a bridgethat can bridge multiple protocols and provide routing for some of those protocols. It can be programmed only to pass data packets using a specific protocol such as IP to route data packets to the appropriate network. In this case, it is functioning in a similar manner to a bridge, hence the name.

Figure 5-7 Network computers connected to the Internet through brouter

Gateways

A gateway forwards data between Internet Protocol (IP) networks. It is a machine that actsas an interface between a small network and a much larger one, such as a local area networkconnecting to the internet. Gateways are also used in large corporations to connect smalloffice-based LAN’s into the larger corporate mainframe networks. Usually, the gatewayconnects to a high-speed network cable or medium called the backbone.

In the early days of the Internet, routers were called gateways. These devices providedlinks, initially between mainframe computers, and then later between LANs and othernetworks. The term route" is more common now, but gateway is still used when configuringthe IP protocol for host devices. Some networks have multiple routers that lead to othernetworks. A host can be configured so that one of the routers is selected over any of theothers. It is usually called the default gateway, meaning that it is the primary path to othernetworks.





They work at all levels of the OSI model – due to the type of translation service they are providing:

Address Gateway – connects networks using the same protocol, but using differentdirectory spaces such as Message Handling Service

Protocol Gateway – connects network using different protocols. Translates source

protocol so destination can understand it

Application Gateway – translates between applications such as from an Internetemail server to a messaging server

Internet Routing

Internet routing devices traditionally have been called gateways. In today's terminology,however, the term gateway refers specifically to a device that performs application-layer protocol translation between devices. Interior gateways refer to devices that perform these protocol functions between machines or networks under the same administrative control orauthority, such as a corporation's internal network. These are known as autonomous

systems. On the other hand, exterior gateways perform protocol functions betweenindependent networks.

Routers within the Internet are organized hierarchically. Routers used for informationexchange within autonomous systems are called interior routers, which use a variety of Interior Gateway Protocols (IGPs) to accomplish this purpose. The Routing Information

Protocol (RIP) is an example of an IGP.

Routers that move information between autonomous systems are called exterior routers.These routers use an exterior gateway protocol to exchange information betweenautonomous systems. The Border Gateway Protocol (BGP) is an example of an exteriorgateway protocol.

Routing Protocol

A routing protocol is a type of client that registers with the routing table manager. Routersuse routing protocols to route data across a network like RIP ( Routing Information

Protocol) and OSPF (Open Shortest Path First ) to exchange information regarding routes toa destination. Routing protocols are either unicast or multicast . Routing protocols advertiseroutes to a destination. A routing protocol describes how updates are sent, what knowledgeis contained in these updates, when to send this knowledge, and how to locate recipients ofthe updates.

Other types of routing methods include:

Static Routing – routes are manually configured by a network administrator.Manual or static routing requires the network administrator to examine the routesand build the router tables. This is a very complicated task requiring constantattention on a large network with frequent changes.

Dynamic Routing – adjust automatically to changes in network topology, andinformation it receives from other routers.





Dynamic routing is performed by routing protocols. These protocols dynamicallydiscover and maintain routing information. There are several routing protocols usedon networks today, including distance vector and link-state routing protocols. These protocols broadcast information about errors in routing as well as the content of therouting table. The following are examples of routing protocols:

Internet Control Message Protocol (ICMP) Routing Information Protocol (RIP and RIP II)

Open Shortest Path First (OSPF)

Exterior Gateway Protocol (EGP)

Multiprotocol Routing - routers that are capable of supporting multiple independentrouting protocols and maintaining routing tables for several routed protocolsconcurrently. This capability allows a router to deliver packets from several routed protocols such as IP and IPX over the same data links.

A route is a path in the network that goes to a destination that has a certain cost associatedwith it. The cost is represented by its administrative preference and its protocol-specific

metric. Each route has an administrative preference (specified by the routing policy), and aclient-dependent metric. The routing table manager uses this information to determinewhich route is the better route to a destination. Routes with lower preference are betterroutes (one being lowest, and therefore best). If two routes have the same preference, theroute with the lower metric is the better route.

Preference is normally used to indicate priority between clients. For example, anadministrator can assign OSPF a lower (better) preference than RIP. In this case,OSPF routes are preferable to RIP routes.

Routes with lower costs are preferred over all other routes. A route entry in the routing tableincludes a handle to the destination, the owner of this route, the neighbor (peer) that

provided the route information, flags associated with the state of the route, flags associatedwith the route, the preference and metric for the route, the list of views to which the route belongs, information that is private to the owner of the route, and a list of next hops used toreach the destination.

Routes have one or more next hops associated with them. If the destination is not on adirectly connected network, the next hop is the address of the next router (or network) onthe outgoing network that can best route data to the destination. The best route is the routethat has the least cost, based on the routing policy in use. Each next hop can be used toforward data on the path to the destination. All routes owned by a client share a common setof next-hop entries that were added by the client.

Each next hop is uniquely identified by the address of the next hop and the interface indexused to reach the next hop. If the next hop itself is not directly connected, it is marked as a"remote" next hop. In this case, the forwarder must perform another lookup using the nexthop's network address. This lookup is necessary to find the "local" next hop used to reachthe remote next hop and the destination.





A next-hop entry in the routing table includes the network address of the next hop, theowner of the next hop, the identifier of the outgoing interface, the state of the next hop,flags associated with the next hop, information that is private to the owner of the next hopand a handle to the destination corresponding to the remote next hop.

A protocol with the same protocol identifier (that is, the same vendor identifier andprotocol-specific identifier) can register with the routing table manager multiple times. Eachtime, the protocol registers using a different protocol instance identifier. For example, animplementation of OSPF from a particular vendor can register as Vendor-OSPF-1 and

Vendor-OSPF-2. This enables a specific protocol implementation to partition theinformation that it keeps in the routing table.

Autonomous System (AS)

AS consists of routers, run by one or more operators that present a consistent view ofrouting to the external world. (Routers under a common administration). The Internet Network Information Center (InterNIC) assigns a unique autonomous system to enterprises.This autonomous system is a 16-bit number. A routing protocol such as Cisco's Interior

Gateway Routing Protocol (IGRP) requires that you specify this unique, assignedautonomous system number in your configuration.

Exterior routing protocols are used to communicate between autonomous systems.

Interior routing protocols are used within a single autonomous system.

Interior IP Routing Protocols:

RIP - A distance vector routing protocol.

IGRP – Cisco ’s distance vector routing protocol. (supports multipath

routing)

OSPF - A link-state routing protocol.

Enhanced IGRP - A balanced hybrid routing protocol.

IP Routing configuration tasks:

• Global Configuration selects a routing protocol, RIP or IGRP and assign IP networknumbers without specifying subnet values.

• Interface Configuration assigns network/subnet addresses and subnet mask

Unicast Routing

A unicast route to a destination is used by a unicast routing protocol to forward unicast data

to that destination. Examples of unicast routing protocols include: Routing InformationProtocol (RIP), Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP).

The RIP for IP routing communicates RIP learned routes by using the Route Table Manager

(Rt m. dl l ), the central repository for routing information for all routing protocols that

operate under the Routing and Remote Access service and for other components such as theIP Router Manager.





The Windows Server 2003 Routing and Remote Access service supports (forIPv4 only) both RIP version 1 and version 2 (RIP v1 and RIP v2). However, RIPv1 is considered outdated. RIP v1 was the first routing protocol accepted as astandard for TCP/IP. The updated RIP version 2 (RIP v2) supports simplepassword authentication (a form of router identification, not a security option) and,more important, provides improved support for classless networks.

The unicast routing also uses Windows Sockets (Winsock) to send and receive RIP traffic.Winsock is an implementation of the industry-standard Sockets API for the Windowsoperating system. Lastly, it exports management APIs to support SNMP managementinformation bases (MIBs) and other management applications by using the IP RouterManager. A MIB is a set of objects, which represent various types of information about adevice that are used by SNMP to manage the device.

Unicast IP Routing in a Windows-based Internetwork4

A typical IPv4 internetwork might contain a mix of computers running Windows Server2003, Windows XP, Windows 2000 Server, Windows 2000 Professional, or UNIX

operating systems. These computers might be located in multiple subnets connected byhardware routers from Cisco Systems and software routers running the Windows Server2003 Routing and Remote Access service. Such an internetwork can easily communicatewith computers on the global Internet because the Internet is also an IP internetwork.

A medium-size or enterprise-size Windows IP internetwork typically deploys the ActiveDirectory directory service, DNS, and DHCP, and the following routing-related services:

A routing protocol, such as RIP v2 or OSPF, to enable routing informationexchange between routers on an IP internetwork

DHCP relay agents to enable DHCP clients on a subnet with no DHCP server torequest IP addresses from a DHCP server located on a different subnet

IP packet filtering, such as Web traffic filtering or L2TP/IPSec traffic filtering, toallow only specific types of traffic

ICMP router discovery to enable IP hosts to discover the best default gatewayrouter on a subnet

Multicast Route

A multicast route to a destination is used by some multicast routing protocols to create theinformation that is used to forward multicast data from hosts on the destination network ofthe route (known as reverse path forwarding). Examples of multicast routing protocolsinclude: Multicast Open Shortest Path First (MOSPF), Distance Vector Multicast RoutingProtocol (DVMRP), and Protocol Independent Multicast (PIM).

The routing table manager supports multiple instances of the same protocol (such asMicrosoft's implementation of OSPF and a third-party OSPF) running on the router.





The OSPF routing protocol is available only on 32-bit versions of WindowsServer 2003.

This allows routers to use the different capabilities of each version. These protocols havedifferent protocol identifiers.

Protocol identifiers are comprised of a vendor identifier and a protocol-specificidentifier. The protocol-specific identifier is the same for different implementationsof the protocol, such as Microsoft's implementation of OSPF and a third-partyimplementation of OSPF. Only when the vendor and protocol-specific identifiersare combined is there a unique identifier for a routing protocol.

How RIP and OSPF work

Routing Information Protocol (RIP) for IP facilitates the dynamic exchange of routinginformation between RIP routers over IP internetworks. It is the best known and currentlymost widely used of the distance vector dynamic routing protocols for IP internetworks, isan open standard developed by the Internet Engineering Task Force (IETF).

RIP version 1 (RIP v1), which is now outmoded, was the first routing protocol accepted as astandard for TCP/IP. The updated RIP version 2 (RIP v2) supports simple passwordauthentication (a form of router identification, not a security option) and, more important, provides improved support for classless networks. The Windows Server 2003 Routing andRemote Access service supports both RIP v1 and RIP v2 (for IPv4 only).

The Windows Server 2003 Routing and Remote Access service does not supportRIPng, the version of RIP for IPv6, or any other IPv6 routing protocol.

Open Shortest Path First (OSPF) for IP enables OSPF routers to dynamically exchangerouting information with each other over complex IP internetworks. Routers can add orremove routes automatically as networks are added or removed from the internetwork,dynamically building and synchronizing a database of the OSPF network topology. As itsname implies, OSPF is designed to calculate the shortest path to any destination within anOSPF autonomous system (AS). OSPF, the best known and most widely used link staterouting protocol, is an open standard developed by the Internet Engineering Task Force(IETF) as an alternative to RIP. OSPF is defined in RFC 2328. The Windows Server 2003Routing and Remote Access service supports OSPF for IPv4 only.

The OSPF routing protocol is available only on 32-bit versions of Windows Server2003. The Windows Server 2003 Routing and Remote Access service does notsupport OSPF (or any other dynamic routing protocol) for IPv6.

Routing Technologies Supported by Windows Server 2003

Routing technologies manage the flow of data between network segments, also known assubnets. These routing technologies include unicast routing, multicast routing and networkaddress translation (NAT).





Unicast routing forwards packets from one host to another host using the unicast destinationIP address. Multicast IP routing forwards packets from one host to multiple hosts using themulticast destination IP address. Network address translation (NAT) functionality is part ofthe Routing and Remote Access service. A server that has been configured as a NAT-enabled router, with a private IP address and at least one public IP address, translates the private addresses (and TCP or UDP port numbers) in outgoing packets. The outgoing

packets can then be forwarded to a resource on a public network, such as the Internet. The NAT-enabled router also translates incoming traffic and forwards the incoming packets tothe appropriate address on the private network.


A WAN is generally an extension of an internal network into the wide area using privatecircuits such as T1 lines or virtual circuits in cell and packet switched networks such asATM and frame relay. WANs links geographically disperse offices in other cities or aroundthe globe. Because WANs have been built with private leased lines, bandwidth hastraditionally been low and costs have been high, which required careful monitoring and

filtering of traffic between sites. WANs can also be constructed across the Internet byimplementing virtual private network (VPN) technology.

A virtual private network is the creation of private links across public networks such as theInternet. The idea is to create what appears to be a dedicated private link on a sharednetwork using encryption and tunneling techniques. Anybody can create a privateconnection by encrypting the contents of the traffic being sent across a network, but trulysecure VPNs are better built with the cooperation of service providers that can creatededicated paths with guaranteed service levels across their networks.

Dedicated leased lines (circuit-oriented) such as T1 lines are still common, althoughexpensive. The advantage of leased lines is that they are private - no one else shares theline. An alternative is available with packet-switched networks such as Frame Relay, ATM,

and the Internet. Many users share the networks, which helps lower costs.

Dial-up lines can provide an economical WAN connection in a number of scenarios. Forexample, when an existing dedicated leased-line WAN link becomes overburdened, a dial-on-demand line can be used to provide additional bandwidth.

Broadband communications is usually considered to be any link with transmission ratesabove dial-up lines. Broadband transmission systems typically provide channels for datatransmissions in different directions and by many different users. The following items below discuss the typical broadband communication systems

ISDN (Integrated Services Digital Network) A circuit oriented serviceoperating at 64-Kbit/sec or 128-Kbit/sec data channel. Primary rate ISDN provides

additional bandwidth in increments of 64 Kbits/sec.

X.25 An early packet-switching protocol still used for many low-bandwidthrequirements (credit card authorization).

ATM (Asynchronous Transfer Mode) A cell-switched any-to-any virtual circuitservice.





Frame relay A frame-based any-to-any virtual circuit service.

Leased lines T1, T3 A dedicated leased line time division multiplexing (TDM)service.

TDM is a multiplexing technique that divides a circuit into multiple channels based on

time. The technique is associated with telephone company voice services. T1 and T3circuits are divided into multiple channels using time division multiplexing. The mostcommon TDM circuit for business users is the T1 line (1.544 Mbits/sec). It consists of24 multiplexed 64-Kbit/sec voice channels. Each channel may carry a single phone

call, or the entire circuit may be dedicated to data.5

DSL (Digital Subscriber Line) A high-speed circuit-oriented service that runsover the local loop.

Broadband wireless A high-speed Internet access and LAN/WAN extensions

Comparing T1 and T3

T1 or Trunk Level 1 is a digital transmission link with a total signaling speed of 1.544Mbps. Since the development of T1 in 1957 by AT&T's Bell Labs, it has become the building block of dedicated voice and data service in North America. T1, also know as DS1,is part of a progression of digital transmission pipes - a hierarchy known generically as DS,or Digital Signal Level.

Frame Relay, VPN and Dedicated Internet Access all use T1 connections to make therespective service possible, but they are not the same. By itself, Trunk Level 1 service isnearly useless. It takes a standard or protocol like Frame Relay or VPN to provide datatransport over a Wide Area Network.

The four most common uses of a T1 line include the following:

• From one point to another, this often refers to a Private Line;

• From one point into a secure carrier network as with Frame Relay;

• From one point into the public Internet;

• From one point into a carrier's voice network.

A T3 line (also know as a DS-3) is an ultra high-speed connection capable of transmittingdata at rates up to 45 Mbps. A T3 line is equal to approximately 672 regular voice-gradetelephone lines, which is fast enough to transmit full-motion, real-time video, and very largedatabases over a busy network. A T3 line is typically installed as a major networking arteryfor large corporations and universities with high-volume network traffic. A T3 is the secondfastest, non optical connection offered in North America. A T3 line is comprised of 28 T1lines, each operating at total signaling rate of 1.544 Mbps.

The most significant differences between T1 lines and T3 lines are cost and speed. Thetypical T1 connection costs approximately $800 per month while a T3 connection can costas much as $15,000 per month. T3 lines are extremely high bandwidth connections into a





carrier's backbone. They typically include SLAs (Service Level Agreements) that guaranteeuptime and performance.6






The network connectivity devices allow you to extend communications beyond your localnetworks and allow your computers to talk to wide area networks such as other computersin the next building, city or country. These devices include hubs, repeaters, switches,

bridges, routers, brouters and gateways.

A routing protocol like RIP and OSPF is used by routers to route data across a network toexchange information regarding routes to a destination. Routing protocols are either unicast or multicast .

Repeaters, bridges, routers and gateways all extend and segment networks. The difference between these devices lies in the different degrees of data discrimination and handlingcapability. A repeater regenerates signals to span longer segments of network; it does notalter data. A bridge links two subnets (networks) that use the same media and protocol; maycontrol data traffic and speed. A router allows the interconnection of two or more physicallydistinct networks; have advanced intelligence enabling it to determine the most efficientmethod of delivering data. Gateways are designed to connect radically different networks.

Review Questions

1. This process of transmitting data repeats any signal that comes in on one port and copyit to all the other ports

a) Routing

b) Broadcasting

c) Multiplexing

d) Repeating

2. This device is used to extend the network when the total length of your network cableexceeds the standards set for the type of cable being used.

a) Router

b) Hub

c) Repeater

d) Brouter

3. This device connects a network to one or more other networks that are usually part of awide area network (WAN) and may offer a number of paths out to destinations on thosenetworks.

a) Router

b) Hub

c) Repeater

d) Brouter





4. Which of these examples do not belong to protocols used for unicast routing?

a) RIP

b) OSPF

c) TDP

d) BGP

5. Which among these statements is true?

a) Unicast routing removes packets from one host to another host using the unicastdestination IP address.

b) Unicast routing forwards packets from one host to another host using the multicastdestination IP address.

c) Multicast IP routing forwards packets from one host to multiple hosts using themulticast destination IP address.

d) Multicast IP routing forwards packets from one host to multiple hosts using theunicast destination IP address.



Chapter 6: The OSI Model



Chapter Objectives


• Know the seven layers of the OSI model

• Know what happens at the Application layer

• Know what happens at the Presentation layer

• Know what happens at the Session layer

• Know what happens at the Transport layer

• Know what happens at the Network layer

• Know what happens at the Data Link layer

• Know what happens at the Physical layer• Know how the Data Link Layer is divided up into the LLC and MAC layers in

the IEEE 802 model

• Identify where a particular hardware device operates the layer in the OSI model







The OSI Networking Model

Communication Protocols

The Application Layer

The Presentation Layer

The Session Layer

The Transport Layer

The Network Layer

The Data Link Layer

The Physical Layer

Notes







Know the seven layers of the OSI model

Know what happens at the Application layer

Know what happens at the Presentation layer

Know what happens at the Session layer

Know what happens at the Transport layer

Know what happens at the Network layer

Know what happens at the Data Link layer

Know what happens at the Physical layer

Know how the Data Link Layer is divided up into the

LLC and MAC layers in the IEEE 802 model

Identify where a particular hardware device operates

the layer in t he OSI model

Notes






The OSI Reference Model

Notes







Notes





Introduction

The Open System Interconnection (OSI) model, developed by the InternationalOrganization for Standardization, defines how the various hardware and softwarecomponents involved in data communication should interact with each other.

A good analogy to describe this would be a traveler who prepares herself to return homethrough many dangerous territories by obtaining permits to enter each country at the very beginning of the trip. At each boundary, she has to hand over a permit to enter the country.Once inside, she asks the border guards for directions to reach the next destination and thenshows the permit to the new territory as proof that she has a legitimate reason for wanting togo there.

In reference to the OSI model, each component along the data communications path isassigned a layer of responsibility, in other words, a ‘territory’ over which it rules. Eachlayer extracts the permit, or header information it needs from the data and then uses this

information to correctly forward what's left to the next layer. This layer also takes away its permit and forwards the data to the next layer, and so the cycle continues until it reaches tothe seventh layer.

This chapter describes OSI Reference Model in detail. It discusses some general conceptsrelated to the OSI model and networking models overall. Some useful analogy will help youunderstand how the reference model works to explain the interaction of networks onmultiple levels. This chapter also aims to familiarize you of the seven layers of the OSIModel and then conclude with a summary of the layers and their respective functions.


An architectural model developed by the International Standards Organization (ISO) isfrequently used to describe the structure and function of data communication protocols.This architectural model, called the Open Systems Interconnect (OSI) Reference Model,contains seven layers that define the functions of data communications protocols. Eachlayer represents a function performed when data is transferred between co-operatingapplications across an intervening network. A layer does not define a single protocol but itdefines a data communications function that may be performed by any number of protocols.Therefore, each layer may contain multiple protocols, each providing a service suitable tothe function of that layer. Every protocol communicates with its peer. A peer-to-peernetwork is an implementation of the same protocol in the equivalent layer on a remotesystem. Each protocol is only concerned with communicating to its peer, it does not care

about the layer above or below it. However, there must also be agreement on how to passdata between the layers on a single computer, because every layer is involved in sendingdata from a local application to an equivalent remote application. The individual layers donot need to know how the layers above and below them function, they only need to knowhow to pass data to them. Isolating network communications functions in different layersminimizes the impact of technological change on the entire protocol suite. New applications





can be added without changing the physical network, and new network hardware can beinstalled without rewriting the application software.

Figure 6-1 Protocol Layers in the OSI Model

Each layer provides a specific type of network service. It illustrates why groups of related protocols are frequently called protocol stacks.





• The connections between the different applications that are running on these processors are carried by the higher layers (5-7).

• The connections between the different processors are carried by the lower layers (1-4).

• The physical and the data link layers, the lower layers 1 & 2, of the network

protocol stack together define a machine's network interface.

Communication Protocols

The approach used to designing a communication system is known as a layeredarchitecture. Each layer has specific responsibilities and specific rules for carrying out thoseresponsibilities, and knows nothing about the procedures the other layers follow. The layercarries out its task and delivers the message to the next layer in the process, and that isenough.

Characteristics of Layered Archi tectures:• They break the communication process into manageable chunks. Designing a small part

of a process is much easier than designing the entire process, and simplifies engineering.

• A change at one layer does not affect the other layers. New delivery technology's can beintroduced without affecting other layers.

• When a layer receives a message from an upper layer, the lower layer frequently enclosesthe message in a distinct package.

• The protocols at the various layers have the appearance of a stack, and a complete modelof data communication architecture is often called a protocol stack .

• Layers can be mixed and matched to achieve different requirements.

• Layers follow specific procedures for communicating with adjacent layers. The interfaces between layers must be clearly defined.

• An address mechanism is the common element that allows packets to be routed throughthe various layers until it reaches its destination. Sometimes, layers add their own addressinformation.

• Essentially, each layer at the sender's end communicates with the corresponding layer atthe receiver's end.

• Errors can occur at any of the layers. For critical messages, error-detecting mechanismsshould be in place to either correct errors or notify the sender when they occur.

Network protocols are typically described with a layered model, in which the protocols are

stacked on top of each other. Data coming into a machine is passed from the lowest-level protocol up to the highest, and data sent to other hosts moves down the protocol stack. Thelayered model is a useful description because it allows network services to be defined withtheir functions, rather than their specific implementation. New protocols can be substitutedat lower levels without affecting the higher-level protocols, as long as these new protocols behave in the same manner as those that were replaced. Each layer has certain functions.





Communication in a heterogeneous network can take place if the functions in each layer aresuccessfully executed to conform to the standards.

The following section will discuss the different layers of the OSI Model and their functionsat each layer.

The Application Layer

Layer 7, the Application layer is the level of the protocol hierarchy where user-accessednetwork processes reside. These are the actual programs that you use to create the data to betransferred over the network. These includes email programs, newsgroups, web browserssuch as Netscape or Internet Explorer, Internet File Transfer programs, Host Sessionsthrough Telnet programs (such as the terminal machines in the UNSW Library used toaccess the catalogue), Directory Services for Domain Name Resolution, NetworkManagement of the hardware on the network such as hubs and switches, File Services suchas network directories on your PC when you connect to the server.

A TCP/IP application is any network process that occurs above the transport layer. TheApplication Layer provides the services user applications needed to communicate throughthe network.

Here are several examples of user application layer services:

Electronic mail transport

Remote file access

Remote job execution

Directories

Network management

The Application layer is responsible for defining how interactions occur between networkservices or applications and the network. These services include (but are not limited to) file, print and messaging services.

The Application layer supplies network services to end-user applications. Network servicesare typically protocols that work with user's data. For example, in a Web browserapplication, the Application layer protocol HyperText Transfer Protocol (HTTP) packagesthe data needed to send and receive Web page content as illustrated above. The Applicationlayer provides data to (and obtains data from) the Presentation layer.

The Application Protocols

The Internet Protocol suite includes many application-layer protocols that represent a widevariety of applications. The following protocols are the more common application-layer protocols in use:





Appl ication Protocols

File transfer FTP, TFTP

Terminal emulation Telnet

Electronic mail SMTP

Network management SNMP

Distributed file services NFS, XDR, RPC, X Windows

Table 6-1 Higher-Layer Protocols and Their Applications

File Transfer Protocol (FTP)

FTP enables a file on one system to be copied to another system. Users don't actuallylog in as full users to the machine they want to access but instead use the FTP service to provide access. The remote machine must be set up with the permissions necessary to provide the user access to the files.

FTP uses TCP to create and maintain a connection between source and destinationmachines. Once the connection to a remote machine has been established, FTP enablesyou to copy one or more files to your machine. The term transfer implies that the file ismoved from one system to another, but the original is not affected, files are copied fromone system to another.

Trivial File Transfer Protocol (TFTP)

TFTP is a very simple, unsophisticated file transfer protocol that lacks ant security. Ituses UDP as a transport. Although not as sophisticated or as fast as FTP, TFTP can beused on many systems that do not enable FTP access. In some ways, TFTP can beanalogous to an e-mail message requesting and receiving a file instead of a text body.

Telnet

The Telnet service provides a remote login capability. This lets a user on one machinelog into another machine and act as if they are directly in front of the second machine.The connection can be anywhere on the local network, or on another network anywherein the world, as long as the user has permission to log into the remote system. Telnetuses TCP to maintain a connection between two machines.

Simple Mail Transfer Protocol (SMTP)

SMTP is one protocol used for transferring electronic mail. This protocol is transparentto the user. SMTP connects to different machines and transfers mail messages, muchlike FTP transfers files. The two most commonly used email client protocols are POP3(Post Office Protocol) and IMAP (Interactive Mail Access Protocol).





Simple Network Management Protocol (SNMP)

SNMP is a network management protocol. SNMP uses UDP as a transport mechanism.SNMP relies on several terms from TCP/IP standard specifications, working withmanagers and agents instead of clients and servers. An agent provides informationabout a device, whereas a manager communicates across the network.

Domain Name System (DNS)

DNS enables a device with a common name to be converted to a special networkaddress. DNS provides the conversion from a common local name to the unique physical address of the device's network connection.

Network File Server (NFS)

NFS is used to transparently enable multiple machines to access each other's directories. NFS accomplishes this by using a distributed filesystem scheme. NFS systems arecommon in large corporate environments.

Remote Procedure Calls (RPC)

RPC are programming functions that enable an application to communicate withanother machine, the server. They provide the programming functions, return codes,and predefined variables to support distributed computing.

X Windows

This serves as a distributed windowing and graphics system used for communication between X terminals and UNIX workstations

The Presentation LayerLayer 6, the Presentation layer is responsible for formatting data exchange. This is wherethe set of character are converted and the data is encrypted. Data may also be compressed inthis layer as this layer usually handles the redirection of data streams. It ensures that thedata can hop from link to link on the way to the final destination described in its header.

The presentation layer provides a variety of coding and conversion functions that areapplied to application layer data. These functions ensure that information sent from theapplication layer of one system would be readable by the application layer of anothersystem. Some examples of presentation layer coding and conversion schemes includecommon data representation formats, conversion of character representation formats,common data compression schemes, and common data encryption schemes.

Common data representation formats, or the use of standard image, sound, and videoformats, enable the interchange of application data between different types of computersystems. Conversion schemes are used to exchange information with systems by usingdifferent text and data representations, such as Extended Binary-Coded Decimal

Interchange Code (EBCDIC) and American Standard Code for Information Interchange (ASCII). Standard data compression schemes enable data that is compressed at the source





device to be properly decompressed at the destination. Standard data encryption schemesenable data encrypted at the source device to be properly deciphered at the destination.

Presentation layer implementations are not typically associated with a particular protocolstack. Some well-known standards for video include QuickTime and Motion Picture Experts

Group (MPEG). QuickTime is an Apple Computer specification for video and audio, and

MPEG is a standard for video compression and coding. Among the well-known graphicimage formats are Graphics Interchange Format (GIF), Joint Photographic Experts Group (JPEG), and Tagged Image File Format (TIFF). GIF is a standard for compressing andcoding graphic images. JPEG is another compression and coding standard for graphicimages, and TIFF is a standard coding format for graphic images.

This is where the data created by the programs above is "encoded", ready to be sent over thenetwork. The following are used to "present" the data to the next layer:

POP/SMTP

The Post Office Protocol and Simple Mail Transfer Protocol used by the server toreceive, store and send your e-mail. When setting up your e-mail program, you include

this information so the program knows where to get your e-mail from.

Usenet Newsgroups

This is one of the programs/protocols that run on the server to give you access to Newsgroups.

HTTP

The Hyper Text Transfer Protocol is used to translate web pages to and from your Web

Browser. This is why web addresses start with ht t p: / / . . .

FTP

The File Transfer Protocol is used by programs such as CuteFTP and WS-FTP tointerpret and transfer data to the next layer of the network.

DNS Domains

These are domain names such as unsw. edu. au, and the next level of the network.

SNMP Hardware

The Simple Network Management Protocol controls the physical devices that make upthe network, such as hubs, switches, etc.

NFS

The Network File System is the client/server application that allows your computer tostore and update files in your directory on the server.





The Session Layer

Layer 5, the Session Layer manages the sessions (connection) between cooperatingapplications. In TCP/IP, this function largely occurs in the transport layer, and the termsession is not used. For TCP/IP, the term socket and port are used to describe the path overwhich cooperating applications communicate. This layer is not identifiable as a separatelayer in the TCP/IP protocol hierarchy.

The Session Layer is responsible for dialogue control between nodes. A dialogue is a formalconversation in which two nodes agree to exchange data.

Communication can take place in three dialogue modes:

Simplex: One node transmit exclusively, while another exclusively receives.

Half-duplex: Only one node may send at a given time, and nodes take turnstransmitting.

Full-duplex: Nodes may transmit and receive simultaneously.

Sessions enable nodes to communicate in an organized manner.

Each session has three phases:

Connection establishment: The nodes establish contact. They negotiate the rules ofcommunication, including the protocol to be used and communication parameters.

Data transfer: The nodes engage in a dialogue to exchange data.

Connection release: When the nodes no longer need to communicate, they engagein an orderly release of the session.

Connection establishment and Connection release represent extra overhead for the

communication process. When devices are managed on a network, they send out periodicstatus reports that generally consist of single frame messages. If all such messages were sentas part of a formal session, the connection establishment and release phases would transferfar more data than the message itself. In such situation, communicating using aconnectionless approach is common. The sending node simply transmits its data andassumes availability of the desired receiver. A connection-oriented session approach is better for complex communication. Consider transmitting a large amount of data to anothernode. Without formal controls, a single error anytime during the transfer would requireresending of the entire file. After establishing a session, the sending and receiving nodescan agree on a checkpoint procedure. If an error occurs, the sending node must retransmitonly the data sent since the previous checkpoint. The process of managing a complexactivity is called activity management.

A session is created over a virtual "port", which is the "location" where the Layer 6 protocoltalks to the Layer 4 protocol.

E-mail over port 25 (SMTP email)

Newsgroups over port 532





HTTP over port 80

FTP over ports 20/21

Telnet over port 23

DNS over port 53

SNMP over 161/162

NFS using a portmapper that allocates a port automatically.

The Transport Layer

Layer 4, the Transport Layer guarantees that the receiver gets the data exactly as it was sent.In TCP/IP this function is performed by the Transmission Control Protocol (TCP),However, TCP/IP offers a second Transport Layer service, User Datagram Protocol (UDP)that does not perform the end-to-end reliability checks.

All network technologies set a maximum size for frames that can be sent on the network.Ethernet limits the size of the data field to 1500 bytes.

This limit is necessary for two reasons:

Small frames improve network efficiency when many devices must share thenetwork. If devices could transmit frames of unlimited size, the might monopolizethe network for an excessive period of time. With small frames, devices take turnsat shorter intervals, and devices are more likely to have ready access to the network.

With small frames, less data must be retranslated to correct an error.

One responsibility of the transport layer is to divide messages into fragments that fit withinthe size limitations established by the network. At the receiving end, the transport layerreassembles the fragments to recover the original message.

When messages are divided into multiple fragments, the possibility increases that segmentsmight not be received in the order sent. When the packets are received, the transport layermust reassemble the message fragments in the correct order. To enable packets to bereassembled in their original order, the transport layer includes a message sequence numberin its header.

The transport layer is responsible for delivering messages from a specific process on onecomputer to the corresponding process on the destination computer. The transport layerassigns a Service Access Point (SAP) ID to each packet.

The SAP ID is an address that identifies the process that originated the message. TheSAP ID enables the transport layer of the receiving node to route the message to theappropriate process.





Identifying messages from several processes so that the message can be transmitted throughthe same network medium is called multiplexing. The procedure of recovering messagesand directing them to the correct process is called demultiplexing. Multiplexing is acommon occurrence on networks, which are designed to enable many dialogues to share thesame network medium. Because multiple protocols may be supported for any given layer,multiplexing and demultiplexing can occur at many layers.

Although the data link and network layers can be assigned responsibility for detecting errorsin transmitting data, that responsibility generally is dedicated to the transport layer.

Two general categories of error detection can be performed by the transport layer:

Reliable delivery: Does not mean that errors cannot occur, only that, errors aredetected if the do occur. Recovery from a detected error can take the form of simplynotifying upper layer processes that the error occurred. Often, however, the transportlayer can request the retransmission of a packet for which an error was detected.

Unreliable delivery: Does not mean that errors are likely to occur, but rather,indicates that the transport layer does not check for errors. Because error checking

takes time and reduces network performance, unreliable delivery often is preferredwhen a network is known to be highly reliable, which is the case with majority oflocal area networks. Unreliable delivery generally is used when each packet containsa complete message, whereas reliable delivery is preferred when messages consist oflarge number of packets. Unreliable delivery is often called datagram delivery, andindependent packets transmitted in this way frequently are called datagrams.

Assuming that reliable delivery is always preferable is a common mistake. Unreliabledelivery actually is preferable in at least two cases: When the network is fairly reliable and performance must be optimized, and when entire messages are contained in individual packets and loss of a packet is not a critical problem.

The Network Layer

Layer 3, the Network Layer transmits the data and decides which route the data must followthrough the Internetwork, a network that consists of several network segments. The networklayer receives data packets from the upper layer from the transmitter, and then transmitsthese by so many connections and subsystems as needed to reach it destination. This layeralso defines the network packets and controls the routing and the switching from the datathrough the network. This layer controls the transmitting from packets between stations.This layer permits that data units can be transmit to other networks if the are using routers.Routers are defined in this layer.

The Network Layer manages connections across the network and isolates the upper layer protocols from the details of the underlying network. The Internet Protocol (IP), whichisolates the upper layers from the underlying network and handles the addressing anddelivery of data, is usually described as TCP/IP's Network layer.

The most known protocol in this layer is IP. The network-layer is the limit from thecommunication subnet: Above this layer increases the level off abstraction dramatically.





For layer 3 and lower is there mostly an upper-limit for the size of these packets. In broadcast-networks is the routing very simply, so that the network-layer is thin or eventexisting. This is the reason why the transport layer-protocol TCP so many times iscombined with IP, called TCP/IP.

Network Interface Layer Protocols: SLIP and PPPTo “fill the gap” between IP at layer three and the physical connection at layer one, a pair ofspecial protocols have been defined that operate at layer two and provide the services thatIP requires to function. These are:

Serial Line Internet Protocol (SLIP): A very simple layer two protocol that providesonly basic framing for IP.

Point-to-Point Protocol (PPP): A more complex, full-featured data link layer protocolthat provides framing as well as many additional features that improve security and performance.

Quality of Service (QoS)

Only the smallest networks consist of a single, local network. The majority of networksmust be subdivided. These subdivisions may be planned to reduce traffic on networksegments or to isolate remote networks connected by slower communication media. Whennetworks are subdivided, it can no longer be assumed that messages will be delivered on thelocal network. A mechanism must be put in place to route messages from one network toanother.

The Network layer is responsible for logical addressing and translating logical names into physical addresses. The Network layer also prioritizes data to be transmitted, since not alldata has equal importance such as email message delay or audio or video data delay. This

prioritization is known as Quality of Service (QoS).

Routing

The Network layer adds the concept of routing above the Data Link layer. As illustratedabove, when data arrives at the Network layer, the source and destination addressescontained inside each frame are examined to determine if the data has reached its finaldestination. If the data has reached the final destination, the Network layer formats the datainto packets delivered to the Transport layer. Otherwise, the Network layer updates thedestination address and pushes the frame back down to the lower layers.

This is the layer that knows where to send the packets produced in the Transport Layer. Itaddresses information packets by their Internet Protocol address and also controls suchthings as the route of the message, which is the best and quickest way to go, and which wayto go if one of the routes is broken.

IP version 4

IP version 6





IPX/SPX used with Novell servers such as the UNSW Chancellery Server.

To support routing, the Network layer maintains logical addresses such as IP addresses fordevices on the network. The Network layer also manages the mapping between theselogical addresses and physical addresses. In IP networking, this mapping is accomplishedthrough the Address Resolution Protocol (ARP).

ARP is one of several protocols that helps determine addresses on a network. ARP workswith IP to set routes to a destination. ARP converts an IP address to a network interfacehardware address.

Three devices operate at the Network layer : routers, brouters and Layer 3 switches. TheLayer 3 switches perform the multiport, virtual LAN, data-pipelining functions of astandard Layer 2 switch, but it can also perform basic routing functions between virtualLANs. In some workgroups, a Layer 3 switch can replace a router.

The Data Link LayerLayer 2, the Data Link Layer , is the reliable delivery of data across the underlying physicalnetwork. TCP/IP rarely creates protocols in this layer. This layer defines how these streamsof bits are put together into manageable chunks of data.

Data Frame Format

As data is exchanged between computers, communication processes need to make decisionsabout the various aspects of the exchange process:

As the receiving computer listens to the wire to recover messages send to it, adetection mechanism is required to tell whether to treat signals it detects as data-

carrying signals or to discard them as mere noise.

If the detection mechanism detects that it is indeed data-carrying signals, the seconddecision the receiving end must be able to make is to determine whether the datawas intended for itself, some other computer on the network, or a broadcast.

If the receiving end engages in the process of recovering data from the wire, itneeds to be able to tell where the data train intended for the receiver ends. After itdetermines this, the receiver should discard subsequent signals unless it candetermine that they belong to a new, impeding transmission.

When data reception is complete, another concern is to determine if the recovereddata withstood corruption from noise and electromagnetic interference. In the event

of detecting corruption, the receiver must have the capability of dealing with thecorruption.

As a conclusion to these points, the computers must be able to exchange additionalinformation about the progress of the physical communication process. To accommodatethese decision-making requirements, network designers decided to deliver data on the wireas well-defined packages called data frames.





It is important to realize that the primary concern of the receiving station is to make surethat the information embedded in the package is recovered error-free. It is not concernedabout the actual contents of that field. Instead, processing the data in the information field isdelegated to another process as the receive process reverse to listening mode to take care offuture transmissions.

Devices that can communicate on a network frequently are called nodes, station or device.The data link layer is responsible for providing node-to-node communication on a single,local network. To provide this service, the data link layer must perform two functions. Itmust provide an address mechanism that enable messages to be delivered to the correctnodes. Also, it must translate messages from upper layers into bits that the physical layercan transmit. When the data link layer receives a message to transmit, it formats themessage into a data frame (packets). The sections of a frame are called fields.

The Data Link Layer is made up of two sublayers namely the Media Access Control (MAC)sublayer and the Logical Link Control (LLC) sublayer.

The LLC sublayer provides error-free transfer of data frames from one node toanother. It establishes and terminates logical links, controls frame flow, sequences

frames, acknowledges frames, and retransmits unacknowledged frames. It usesframe acknowledgement and retransmission to provide virtually error-freetransmission over the link to the layers above.

The MAC sublayer manages access to the physical layer, checks frame errors, andmanages address recognition of received frames.

This is the layer where the protocols control the transfer of the data across the physicalnetwork (the cables).

PPP is the Point to Point Protocol used when you connect to the Internet via a modem.PPP is the protocol that controls the transfer of data to your modem, the physical device.SLIP has been superseded by PPP.

When obtaining data from the Physical layer, the Data Link layer also manages physicaladdressing schemes such as MAC address, which is also called Ethernet address or physical

address. The MAC address has a 12-digit hexadecimal number (i.e.

07: 57: AC: 1F: B2: 76). Normally, the MAC address of a network interface card is set at

the factory and cannot be changed. The switch is also another device that manipulates dataat this layer.

At this layer, data coming from the upper-layer protocols are divided into logical bits called packets. A packet is a unit of transmission. The size and format of these packets depend onthe transmission technology. The Data Link layer checks for physical transmission errorsand packages bits into frames.

This logic includes information about where the data should go, which computersent the data, and the overall validity of the bytes sent. It can describe themethod of media access such as CSMA/CD, token passing, and CSMA/CA.





In most situations, the Data Link layer then waits for a positive ACK. If it does not receiveany, or if the frame is damaged, then another frame is sent.

One of the major components of the Data Link Layer is the result of IEEE 802 networkingstandards.

The Physical Layer

Layer 1, the Physical Layer defines the characteristics of the hardware necessary to carrythe data transmission signal. Things such as voltage levels, and the number and locations ofinterface pins, are defined in this layer. TCP/IP does not define physical standards butmakes use of existing standards. This layer describes the way data is actually transmitted onthe network medium.

The Physical Layer communicates directly with the communication medium, and has tworesponsibilities: Sending bits and receiving bits. A binary digit, or bit, is the basic unit ofinformation in data communication.

A bit can have only two values, 0 or 1, represented by different states on the communicationmedium. Other communication layers are responsible for collecting these bits into groupsthat represent message data. Bits are represented by changes in signals on the networkmedium. Some wire media represent 0’s and 1’s with different voltages, some use distinctaudio tones, and yet others use more sophisticated methods, such as state transitions.

The physical layer carries the signals for all of the higher layers. It is responsible for theultimate transmission of data over network communications media. For networkcomponents that use serial ports, the physical layer can also include low-level networksoftware that defines how the serial stream of bits is divided into packets of data. It operateswith data in the form of bits that are sent from the Physical layer of the sending (source)

device and received at the Physical layer of the destination device. In Windows 2000 andlater versions, the physical layer is implemented by the network interface card (NIC), itstransceiver, and the medium to which the NIC is attached.

The physical layer describes the bit patters to be used, but does not define the medium, itdescribes how data are encoded into media signals and the characteristics of the mediaattachment interface.

Any protocol or device that operates on this layer deals with the physical concepts of thenetwork.

A wide variety of media are used for data communication, including electric cable, fiberoptics, light waves, radio, and microwaves. The medium used can vary since different

medium simply necessitates a different set of physical layer protocols. Thus, the upperlayers are completely independent from the particular process used to deliver bits throughthe network medium.

This layer is the combination of software and hardware programming that transfers theactual data stream from one point to another, it doesn't actually include the cables





themselves. However the technologies used are often called the same name as the type ofcables (confusing). The physical layer technologies include:

CAT 1 used in analogue telephone services

ISDN ( Intergrated Digital Services Network ) lines which run over you telephone

cable but much faster than a modem. ADSL ( Asymmetric Digital Subscriber Line) which runs over your normal

telephone line but on different wires, so you can be connected and use the phone atthe same time.

ATM ( A-synchronous Transfer Method ) which is used to switch data betweenhardware devices very quickly.

FDDI (Fiber Distributed Data Interface) for fiber optic cables.

Cat 1-5

Coaxial Cables

Figure 6-1 Overview of the OSI Model






The OSI Model defines how the various hardware and software components involved indata communication should interact with each other. It is composed of seven layers, andeach layer has a special function in the network. It is used to describe what tasks a protocol

suite performs as you explore how data moves across a network.

Layers Name Description Appli cation

7 Application

The user interface to the application

Collection of miscellaneous protocols for high levelapplications

Email, file transfer, connecting remote terminals, etc.

E.g. SMTP, FTP, Telnet, HTTP, etc

telnet

FTP

SMTP

6 Presentation

Converts data from one presentation format toanother. For example, e-mail text entered into OutlookExpress being converted into SMTP mail formatteddata.

Very few applications use this

Concerned with the semantics of the bits.

Define records and fields in them.

Sender can tell the receiver of the format.

Makes machines with different internalrepresentations to communicate.

If implemented, the best layer for cryptography.

telnet

FTP

sendmail

5 Session

Manages continuing requests and responses betweenthe applications at both ends over the variousestablished connections.

Very few applications use this

Enhanced version of transport layer.

Dialog control, synchronization facilities.

Rarely supported (Internet suite does not).

telnet

FTP

sendmail

4 Transport

Transport layer ensures reliable service.

Breaks the message (from sessions layer) into smallerpackets, assigns sequence number and sends them.

Reliable transport connections are built on top of X.25

TCP

UDP





or IP.

In case IP, lost packets arriving out of order must bereordered.

TCP (Transport Control Protocol) - Internet transportprotocol.

TCP/IP Widely used for network/transport layer(UNIX).

UDP (Universal Datagram Protocol) - Internetconnectionless transport layer protocol.

Application programs that do not need connection-oriented protocol generally use UDP.

3 Network

Network layer does not deal with lost messages.

Handles the routing of data between links that are notphysically connected together.

Concerned with the transmission of packets. Choose the best path to send a packet (routing).

It may be complex in a large network (e.g. Internet).

Shortest (distance) route vs. route with least delay.

Static (long term average) vs. dynamic (current load)routing.

Two protocols are most widely used: X.25 and IP

IP

ARP

2 Link

Handles errors in the physical layer.

Groups bits into frames and ensures their correct

delivery.

Adds some bits at the beginning and end of eachframe plus the checksum.

Receiver verifies the checksum.

If the checksum is not correct, it asks forretransmission (send a control message).

Consists of two sublayers: LLC and MAC

Ethernet

ARP





1 Physical

Concerned with the transmission of bits.

How many volts for 0, how many for 1?

Number of bits of second to be transmitted.

Two way or one-way transmission

Standardized protocol dealing with electrical,mechanical and signaling interfaces.

Ethernet

Review Questions

1. This layer in the OSI model is responsible for formatting data exchange. This is

where the set of character are converted and the data is encrypted.

a) Application Layer

b) Transport Layer

c) Presentation Layer

d) Session Layer

2. This layer is responsible for providing node-to-node communication on a single,local network.

a) Physical Layer

b) Data Link Layer

c) Session Layer

d) Application Layer

3. Which of the following statements is true?

a) FTP uses UDP to create and maintain a connection between source anddestination machines and TFTP also uses UDP as a transport.

b) FTP uses TCP to create and maintain a connection between source anddestination machines and TFTP uses TCP as a transport.

c) TFTP uses TCP to create and maintain a connection between source anddestination machines while FTP uses UDP as a transport.

d) FTP uses TCP to create and maintain a connection between source anddestination machines while TFTP uses UDP as a transport.





4. The most known protocol in the Network Layer is –

a) PPP

b) SLP

c) IP

d) TIP

5. Any protocol or device that operates on the physical layer deals with which conceptof the network?

a) The biological concepts of the network

b) The logical concepts of the network

c) The physical concepts of the network

d) The contextual concepts of the network



Chapter 7: TCP/IP Protoco l Suite


Chapter 7: TCP/IP Protocol Suite

Chapter Objectives


• Describe the characteristics of the TCP/IP protocol

• Understand how MAC addresses are resolved in TCP/IP

• Know the components of the TCP/IP protocol

• Know what a DHCP is and how it is employed

• Know what a WINS is and how it is employed

• Know what a DNS is and how it is employed

• Distinguish between a LMHOSTS file and an HOSTS file

• Understand the name resolution methods for NetBIOS and Host names






Chapter 7: TCP/IP Protocol Suite

The Characteristics of the TCP/IP Protocol Suite

Resolving MAC Address in TCP/IP Protocol Components of the TCP/IP Protocol Suite

The Internet Protocol (IP)

Transmission Contro l Protoco l (TCP)

User Datagram Protocol (UDP)

Function of Dynamic Host Configuration Protocol(DHCP)

Implementing NetBIOS Name Resolution

Function of Windows Internet Name Service (WINS)

Function of Domain Name System (DNS)

WINS and DNS Integration in Name Resolution

TCP/IP Utilities and Services The TCP/IP Request for Comments (RFCs)

Notes







Describe the characteristics of the TCP/IP

protocol Understand how MAC addresses are resolved

in TCP/IP

Know the components of the TCP/IP protocol

Know what a DHCP is and how i t is employed

Know what a WINS is and how i t is employed

Know what a DNS is and how it is employed

Distinguish between a LMHOSTS file and anHOSTS file

Understand the name resolut ion methods forNetBIOS and Host names

Notes






TCP/IP Protocol

The system, or protocol, for this transmission is defined

as the Internet Protoco l, or IP. The Internet addressing

scheme is defined within that protocol.

The Terminal Control Protocol, or TCP. It makes sure

packets get where they are going and are reassembled in

the right order.

The main protoco ls at the Internet and Transport l ayers are

the Internet Protoco l (IP), Transmission Control Protocol

(TCP) and User Datagram Protocol (UDP).

Notes






The Characterist ics of the TCP/IP Protocol

Suite

Open pro tocol and universal interconnectivity

Conformity (modularity)

Internet addressing

Notes






Resolving MAC Address in TCP/IP Protocol

Frame Addressing and Delivery At the lowest levels of the netw ork, a frame is transmitted

across media based on its destination media access control

(MAC) address.

For Ethernet and Token Ring networks, the MAC address is a

48-bit field that uniquely identifies the destination network

interface for each frame.

Processing Received Frames

The NIC can discard any frames that do no t meet the filter

criteria without incurring any CPU processing.

Al l f rames, including broadcasts, that pass the hardware fi lter

and frame check sequence validation

Notes






Configuring a Default Gateway

The default gateway is configured if the network contains a router.

This address is configured by the network administrators and it

inform s each personal computer or other network device where to senddata if the target station does not reside on the same subnet as the

source.

If your machine can reach all stations on the same subnet (usually a

building or a sector within a building), but cannot communicate outside

of this area, it is usually because of an incorrectly configu red default

gateway.

Notes






Internet Protocol

IP has two primary responsibilities:

providing connectionless delivery of datagrams

between internetworked devices; and providing fragmentation and reassembly of

datagrams to support data links with different

maximum-transmission unit (MTU) sizes.

Notes






IP Routing Protocol

Static Routing

Dynamic Routing

Notes






Transmission Control Protocol (TCP)

TCP is the primarytransport protocol of

the TCP/IP protocol

suite.

TCP offers efficient

flow control

TCP is a connection-

based protocol

Notes







UDP is a connectionless transpor t-layer

protocol UDP is basically an interface between IP and

upper-layer processes.

Unlike the TCP, UDP adds no reliabili ty,

flow-control, or error-recovery functions to

IP.

UDP headers contain fewer bytes and

consume less network overhead than TCP.

Notes






Dynamic Host Configuration Protocol (DHCP)

The DHCP lease generation pro cess

Notes






NetBIOS Name Resolution

Microsoft s tarted with a different protocol as its LAN

Manager operating system's native protocol , known asNetBIOS Extended User Interface (NetBEUI).

NetBIOS has a design limitation that shows up in routed

networks because NetBIOS relies heavily on broadcast

messages (as way of transmitt ing data in the network)

to advertise servers and their shared resources.

Microsoft's first solution, introduced in its older LAN

Manager server, was to use a LAN Manager HOSTS

(LMHOSTS) file on each computer on the network.

LMHOSTS file is used when p lanning a NetBIOS name

resolution.






Understanding Naming Convention

Fully Qualifi ed Domain Name (FQDN) is a name that uniquely identi fies a host

in the DNS hierarchy, such that a host called server1 in the products

hierarchy at Microsoft may have an FQDN of server1.products.Microsoft.com.

Relative Distin guished Name is a name that uniquely identifies a host within

its own domain, but not throughout the entire DNS hierarchy. For example,

server1 is a relative distingui shed name, whil e

server1.products .Microsoft.com is a fully qualified domain name (FQDN).

Notes






Windows Internet Name Service (WINS)

WINS is to allow a NetBIOS name to be

converted to an IP address.

a network typically has one or more WINS

servers that a WINS client may contact for name

resolution.

Four elements in WINS network

• WINS server

• WINS client computers

• Non-WINS in network

• WINS proxies

Notes






Domain Name System (DNS)

Helps users to find their

way around the Internet.Translating the name into

the IP address is called

"resolving the domain

name."

Provides the protocol

which allows clients and

servers to communicate

with each other.

Network Solutions is in charge of maintaining the COM domain list

Notes







You can configure a DNS server to query a WINS server

by conf iguring a DNS zone setting. This is accompl ished by adding a WINS lookup record

to the author itative zone.

Af ter it is conf igured, the DNS server w il l query a WINS

server for every request made to it for which it does not

have a valid record.

If the requested name is located on the WINS server,

the information is returned to the requesting cl ient via

the DNS server.

The process is invisible to all clients.

Notes






TCP/IP Utilities and Services

Start or stop t he TCP/IP services from the comm and prompt

Notes







Arp

• Displays and modifies entries in the Address Resolution Protocol (ARP)

cacheNslookup

• Displays information that you can use to diagnose Domain Name System(DNS) infrastructure.

Finger

• Displays information about a user or users on a specified remote computer(typically a computer running UNIX) that is running the Finger service ordaemon

Ping

• Verifies IP-level connectivity to another TCP/IP computer by sendingInternet Control Message Protocol (ICMP) Echo Request messages.

Ftp

• Transfers files to and from a computer running a File Transfer Protocol(FTP) server service such as Internet Information Services.

Rcp• Copies files between a Windows XP computer and a system running r shd,

the remote shell service (daemon).

Notes







Hostname

• Displays the host name portion of the full computer name of the computer.

Rexec• Runs commands on remote computers running the Rexec service (daemon)

Ipconfig

• Displays all current TCP/IP network configuration values and refreshesDynamic Host Configuration Protocol (DHCP) and Domain Name System(DNS) settings.

Route

• Displays and modifies the entries in the local IP routing table.

Lpq

• Displays the status of a print queue on a computer running Line PrinterDaemon (LPD).

Rsh

• Runs commands on remote computers running the RSH service or daemon.Windows XP and Windows 2000 do not provide an RSH service.

Lpr

• Sends a file to a computer running Line Printer Daemon (LPD) in preparationfor printing.

Notes







Tftp

• Transfers files to and from a remote computer, typically a computer running

UNIX, that is running the Trivial File Transfer Protocol (TFTP) service or

daemon.

Nbtstat

• Displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name

tables for both the local computer and remote computers, and the NetBIOS

name cache.

Tracert

• Determines the path taken to a destination by sending Internet Control

Message Protocol (ICMP) Echo Request messages to the destination with

incrementally increasing Time to Live (TTL) field values.

Netstat

• Displays active TCP connections, ports on which the computer is listening,

Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP,

TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP

over IPv6, and UDP over IPv6 protocols).

Notes





Introduction

If you are in a meeting, you have certain rules of order that are used so that everyone isn't

talking at once. If you wish to speak you raise your hand and avoid speaking until themoderator recognizes you. It is the same with an Ethernet network and with the Internet.The Internet transmits data in something called packets, each 1500 bytes. Each packet hassome overhead information about the address to which it is to go, where it fits relative toother packets in your total transmission, and some error-checking information. This systemwas birthed during the cold war with concerns about a city being destroyed. The packetscould be routed through the network in multiple ways and then reassembled at thedestination. If one path was down, a packet would automatically be sent another way. Thismeans the packets of a particular message you get (email, web page, or file) could arrive atyour system using multiple routes. It is then reassembled just before it reaches you. Thesystem, or protocol, for this transmission is defined as the Internet Protocol, or IP. TheInternet addressing scheme is defined within that protocol.

There is a second protocol that is closely related to the Internet Protocol, and this one iscalled the Terminal Control Protocol, or TCP. It makes sure packets get where they aregoing and are reassembled in the right order. The TCP and IP protocols are so closelyrelated that they are often referred to as the TCP/IP protocol. For most people doingnetworking and broadband Internet, this is the only networking protocol you need to installon your computer.

Since TCP/IP is a protocol suite, it is most often discussed in terms of the protocols thatcomprise it. Each protocol “resides” in a particular layer of the OSI model discussed in the previous chapter. Every TCP/IP protocol is charged with performing a certain subset of thetotal functionality required to implement a TCP/IP network or application. TCP/IP isactually a suite of protocols that work together to provide for reliable and efficient data

communications across an internetwork, which is a network of networks, local and widearea.

There are there are many hundreds of TCP/IP protocols and applications, however, there areonly a few TCP/IP protocols that are usually called the “core” of the suite, because they areresponsible for its basic operation. The main protocols at the Internet and Transport layersare the Internet Protocol (IP), Transmission Control Protocol (TCP) and User DatagramProtocol (UDP). These core protocols support many other protocols, to perform a variety offunctions at each of the TCP/IP model layers. Still others enable user applications tofunction.





The Characteristics of the TCP/IP Protocol Suite

TCP/IP carefully defines how information moves from sender to receiver. First, application programs send messages or streams of data to one of the Internet Transport Layer Protocols,

either the User Datagram Protocol (UDP) or the Transmission Control Protocol (TCP).These protocols receive the data from the application, divide it into smaller pieces called packets, add a destination address, and then pass the packets along to the next protocollayer, the Internet Network layer.

The Internet Network layer encloses the packet in an Internet Protocol (IP) datagram, putsin the datagram header and trailer, decides where to send the datagram (either directly to adestination or else to a gateway), and passes the datagram on to the Network Interface layer.

The Network Interface layer accepts IP datagrams and transmits them as frames overspecific network hardware, such as Ethernet or Token-Ring networks.

The TCP/IP Protocol has the following characteristics:

• Open protocol and universal interconnectivity

TCP/IP isn't based on or tied to any particular operating system; it's an openstandard that developers can base new systems on without having to worry aboutinteroperability issues. For example, two different operating systems or processesrunning on separate computers can directly communicate using TCP/IP.

• Conformity (modularity)

Even though it preceded the emergence of the OSI model by nearly a decade,TCP/IP conforms to the OSI model. TCP/IP protocols communicate only with thelayers immediately below and above the layers on which they operate. This layering

creates a modularity that can easily be adapted by any system.

• Internet addressing

TCP/IP supports a 32-bit (4-octet) addressing scheme that enables it to address overfour billion Internet hosts. This address system is used to identify both the networkand the host.

In addition to the preceding characteristics, the protocols that make up the TCP/IP protocolsuite also provide a wide range of functionality, versatility, and interoperability options tonetworked users. It is scalable for use in small and large networks. In large networks, it provides routing services. It is designed to be fault tolerant, able to dynamically reroute packets if network links become unavailable by using alternate paths. Protocol companions

such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS)offer advanced functionality.

Documentation of the Internet protocols (including new or revised protocols) and policiesare specified in technical reports called Request For Comments (RFCs), which are published and then reviewed and analyzed by the Internet community. Protocol refinements





are published in the new RFCs. To illustrate the scope of the Internet protocols, maps manyof the protocols of the Internet protocol suite and their corresponding OSI layers.

Figure 7-1 Internet protocols span the complete range of OSI model layers.7

Resolving MAC Address in TCP/IP Protocol

The TCP/IP network interface layer provides network functions such as framesynchronization, media access, and error control. It is sometimes referred to as the networkaccess layer, and is roughly equivalent to the OSI model's data link layer. Its functionality isdivided between the network interface card–driver combination and the low-level protocolstack driver.

Frame Addressing and Delivery

At the lowest levels of the network, a frame is transmitted across media based on itsdestination media access control (MAC) address. For Ethernet and Token Ring networks,the MAC address is a 48-bit field that uniquely identifies the destination network interfacefor each frame. The MAC address is usually written and displayed in network packet

capture logs as a series of 12 hexadecimal digits in the format 0xAB- CD- EF- 12- 34- 56.

Normally, a network adapter filters out all incoming frames except those that contain one ofthe following destination addresses:

The adapter address, used in unicast (one-to-one) transmissions.





The all-ones broadcast address (0xFF- FF- FF- FF- FF- FF), which indicates that

all network interfaces on the local area network (LAN) should receive the frame.

As a packet traverses a network or series of networks, the source MAC address is alwaysthat of the network interface card (NIC) that placed it on the media, and the destinationMAC address is that of the NIC that is intended to pull it off the media. In a routed network,

this means that the source and destination MAC address changes with each hop through anetwork-layer device (a router or a layer-3 switch). Therefore, two packets with the samesource or destination address at the IP level can contain different MAC addresses,depending on the path the packet takes through the network.

Processing Received Frames

Because the hardware makes the first filtering decision, the NIC can discard any frames thatdo not meet the filter criteria without incurring any CPU processing. All frames, including broadcasts, that pass the hardware filter and frame check sequence validation (a check fordata corruption in the frame) are passed up to the NIC driver through a hardware interrupt.Because the NIC driver software runs on the computer, any frame that makes it this farrequires some CPU time to process. The NIC driver brings the frame into system memoryfrom the interface card. The frame is then passed up to the appropriate bound transportdriver or drivers. Frames are passed up to all bound transport drivers in the order that theyare bound.

Address Resolution Protocol (ARP) Overview

For two machines on a given network to communicate, they must know the other machine's physical (or MAC) addresses. By broadcasting Address Resolution Protocols (ARPs), a hostcan dynamically discover the MAC-layer address corresponding to a particular IP network-layer address.

After receiving a MAC-layer address, IP devices create an ARP cache to store the recently

acquired IP-to-MAC address mapping, thus avoiding having to broadcast ARPS when theywant to recontact a device. If the device does not respond within a specified time frame, thecache entry is flushed.

In addition to the Reverse Address Resolution Protocol (RARP) is used to map MAC-layeraddresses to IP addresses. RARP, which is the logical inverse of ARP, might be used bydiskless workstations that do not know their IP addresses when they boot. RARP relies onthe presence of a RARP server with table entries of MAC-layer-to-IP address mappings.

Components of the TCP/IP Protocol Suite

The network layer (layer three) protocol provides addressing, datagram routing and otherfunctions in an internetwork. The Transmission Control Protocol (TCP) is the primarytransport layer (layer four) protocol, and is responsible for connection establishment andmanagement and reliable data transmission. Due to the importance of these two protocols,their abbreviations have come to represent the entire suite: “TCP/IP”. IP and TCP areimportant because many of TCP/IP's most critical functions are implemented at layers three





and four. However, there is much more to TCP/IP than just TCP and IP. The protocol suiteas a whole requires the work of many different protocols and technologies to make afunctional network that can properly provide users with the applications they need.

TCP/IP uses its own four-layer architecture that corresponds roughly to the OSI ReferenceModel and provides a framework for the various protocols that comprise the suite. It also

includes numerous high-level applications, some of which are well-known by Internet userswho may not realize they are part of TCP/IP, such as HTTP (which runs the World WideWeb) and FTP.

Since TCP/IP is a protocol suite, it is most often discussed in terms of the protocols thatcomprise it. Every TCP/IP protocol is charged with performing a certain subset of the totalfunctionality required to implement to implement a TCP/IP network or application. Theywork together to allow TCP/IP as a whole to operate.

There are a few TCP/IP protocols that are usually called the “core” of the suite, becausethey are responsible for its basic operation. However, the main protocols at the internet andtransport layers are the Internet Protocol (IP), Transmission Control Protocol (TCP) andUser Datagram Protocol (UDP). These core protocols support many other protocols, to

perform a variety of functions at each of the TCP/IP model layers. Still others enable userapplications to function.

The Internet Protocol (IP)

The Internet Protocol (IP) is the primary network layer protocol in the protocol suite thatcontains addressing information and some control information that enables packets to berouted. IP has two primary responsibilities: providing connectionless delivery of datagrams between internetworked devices; and providing fragmentation and reassembly of datagrams tosupport data links with different maximum-transmission unit (MTU) sizes.

These datagrams are then passed down to the data link layer where they are sent over physicalnetwork links. In order for this to work properly, each datagram must be small enough to fitwithin the frame format of the underlying technology. If the message is bigger than themaximum frame size of the underlying network, it may be necessary to break up an IPmessage into several datagrams, a process called fragmentation. The datagrams are then sentindividually and reassembled into the original message.

Data transmitted over an internet using IP is carried in messages called IPdatagrams. Like all network protocol messages, IP uses a specific format for itsdatagrams such as IP v4. The IPv4 datagram is conceptually divided into twopieces: the header and the payload. The header contains addressing and control

fields, while the payload carries the actual data to be sent over the internetwork.Unlike some message formats, IP datagrams do not have a footer following thepayload.

Even though IP is a relatively simple, connectionless, “unreliable” protocol, theIPv4 header carries a fair bit of information, which makes it rather large. At aminimum, it is 20 bytes long, and with options can be significantly longer.





IP Address

The IP address uniquely identifies your computer on the network. It is a four-field, 32 bitaddress, separated by periods, normally expressed as four "octets" in a "dotted decimalnumber (notation)."

The four numbers in an IP address are called octets because they can havevalues between 0 and 255 (2

8 possibilities per octet).

For instance, the IP address 172. 16. 122. 204 is analogous to your telephone number in

that the telephone number is used by the telephone network to direct calls to you. The IPaddress is used by the Internet to direct data to your computer, e.g. the data your web browser retrieves and displays when you surf the net. One task of DHCP is to assist ingetting a functional and unique IP number for the computers that connect to the Internet.

Every machine on the Internet has its own IP address. A server has a static IP address thatdoes not change very often. A computer at home that is dialing up through a modem oftenhas an IP address that is assigned by the Internet Service Provider (ISP) when you dial in.That IP address is unique for your session and may be different the next time you dial in. Inthis way, an ISP only needs one IP address for each modem it supports, rather than for

every customer.

There are two parts in the address format: the network address and the host (or local)computer’s address. IP addressing supports five different address classes: A, B, C, D, andE. Only classes A, B, and C are available for commercial use.

The left-most (high-order) bits indicate the network class provides reference informationabout the five IP address classes. The IP address has three main classes: Class A, B and C.





Figure 7-2 IP Class Assignments

Depending on the class you use, different parts of the address show the network portion andthe host address as shown below.

Figure 7-2 IP Class Network and Host Addresses

The class of address can be determined easily by examining the first octet of the addressand mapping that value to a class range in the following table. In an IP address of

172. 31. 1. 2, for example, the first octet is 172. Because 172 falls between 128 and

191, 172. 31. 1. 2 is a Class B address.

The PING (Packet Internet Groper) TCP/IP utility is used to check the validity of a remoteIP address.

IP Subnet Addressing

IP networks can be divided into smaller networks called subnetworks (or subnets).Subnetting provides the network administrator with several benefits, including extraflexibility, more efficient use of network addresses, and the capability to contain broadcasttraffic (a broadcast will not cross a router).

Subnets are under local administration. As such, the outside world sees an organization as asingle network and has no detailed knowledge of the organization's internal structure.

A given network address can be broken up into many subnetworks. For example,

172. 16. 1. 0, 172. 16. 2. 0, 172. 16. 3. 0, and 172. 16. 4. 0 are all subnets

within network 171. 16. 0. 0. (All 0s in the host portion of an address specifies the entire

network.)

Subnet Mask

The subnet mask is used to specify which part of the IP address is the network address andwhich part of the address is the host.





By using 255, you are selecting the octets used to identify the network address. For

example, in the Class B network address 192. 200. 2. 1, if the subnet mask is

255. 255. 0. 0, then 192. 200 is the network address, and 2. 1 is the host address.

The default gateway is configured if the network contains a router. This address isconfigured by the network administrators and it informs each personal computer or othernetwork device where to send data if the target station does not reside on the same subnet asthe source. If your machine can reach all stations on the same subnet (usually a building ora sector within a building), but cannot communicate outside of this area, it is usually because of an incorrectly configured default gateway.

As an example below, Network A uses the IP address 131. 1. 0. 0. Network B uses the IP

address 131. 2. 0. 0. In this case, each network card in the router should be configured

with an IP address of the network card on the router that is attached to the network segment.

In this example, the computer Win2K1 is attached to Network A. the default gateway thatwould be configured for this computer is 131. 1. 0. 0. The computer Win2K2 is attached

to Network B. The default gateway that would be configured for this computer is

131. 2. 0. 10.

Figure 7-3 Configuring default gateways

How Subnet Masks are Used to Determine the Network Number

The router performs a set process to determine the network (or more specifically, thesubnetwork) address. First, the router extracts the IP destination address from the

incoming packet and retrieves the internal subnet mask. It then performs a logical AND operation to obtain the network number. This causes the host portion of the IPdestination address to be removed, while the destination network number remains. Therouter then looks up the destination network number and matches it with an outgoinginterface. Finally, it forwards the frame to the destination IP address.





Finding Your Internet IP and Subnet

If you are NOT using a router, go to the command mode on your computer and enter IPCONFIG -all. The screen will display the IP, subnet, DNS server, physical address,and more. The DNS server is the system on the Internet that converts a domain name toits IP address.

If you are using a router, this is more complicated as the router shields your systemfrom the actual Internet addressing. Try the above on your system and you will get theIP and subnet assigned by the DHCP in the router to your computer. To find the actualaddress you are using on the Internet, you will need to access the configuration screenof the router (or wireless access point if you are using that - which as a router in it.) Forinstance, if you are using a Linksys wireless access point, type this is http://192.168.1.1/on your browser. For a Linksys WAP on the configuration screen you would then selectthe Status option. You will then see the IP, subnet, DNS, physical address and more youare using with the Internet at that time.

One quick troubleshooting trick when your system locks up on the Internet is to closethe browser or email program and then disconnect the power cord from the modem for

30 seconds. Then restore the modem's power again. This forces the router to request anew IP from the Internet. This takes the system a few seconds to complete. Then yoursystem is up again. This also forces the router to reassign the local IPs again as well.You could use the router's reset button to do this, but I like the strategy of dropping themodem's power.

Internet Protocol Routing

Internet Protocol (IP) routing protocols are dynamic. Dynamic routing calls for routes to becalculated automatically at regular intervals by software in routing devices. This contrastswith static routing, where routers are established by the network administrator and do notchange until the network administrator changes them.

Figure 7-4 shows an example of dynamic routing





Figure 7-5 shows an example of static routing

An IP routing table, which consists of destination address/next hop pairs, is used to enabledynamic routing. An entry in this table, for example, would be interpreted as follows: to get to

network 172. 31. 0. 0, send the packet out Ethernet interface 0 (E0).

IP routing specifies that IP datagrams travel through internetworks one hop at a time. Theentire route is not known at the onset of the journey, however. Instead, at each stop, the nextdestination is calculated by matching the destination address within the datagram with anentry in the current node's routing table.

Each node's involvement in the routing process is limited to forwarding packets based oninternal information. The nodes do not monitor whether the packets get to their finaldestination, nor does IP provide for error reporting back to the source when routing anomalies

occur. This task is left to another Internet protocol, the Internet Control-Message Protocol(ICMP).

Internet Control -Message Protocol (ICMP)

The Internet Control Message Protocol (ICMP) is a special form of IP used to handle errorand status messages between IP layers on different machines. It is a network-layer Internet protocol that provides message packets to report errors and other information regarding IP packet processing back to the source. Whenever one IP layer has to send information toanother, it uses ICMP. Also, whenever IP software detects an error of some sort, it usesICMP to send reports to the other machine. Probably the most common use of ICMP is forthe ping command, which checks whether a machine is responsive by sending a smallICMP message to the machine and waiting for a reply.

ICMP Messages

ICMPs generate several kinds of useful messages, including:

• Dest i nat i on Unr eachabl e





• Echo Request and Repl y

• Redi r ect

• Ti me Exceeded

• Rout er Adver t i sement

• Rout er Sol i c i t at i on

If an ICMP message cannot be delivered, no second one is generated. This is to avoidan endless flood of ICMP messages.

When an ICMP destination-unreachable message is sent by a router, it means that therouter is unable to send the package to its final destination. The router then discards theoriginal packet. Two reasons exist for why a destination might be unreachable. Mostcommonly, the source host has specified a nonexistent address. Less frequently, therouter does not have a route to the destination.

Destination-unreachable messages include four basic types: network unreachable, hostunreachable, protocol unreachable, and port unreachable.

Network-unreachable messages usually mean that a failure has occurred in therouting or addressing of a packet.

Host-unreachable messages usually indicates delivery failure, such as a wrongsubnet mask.

Protocol-unreachable messages generally mean that the destination does notsupport the upper-layer protocol specified in the packet.

Port-unreachable messages imply that the TCP socket or port is not available.

An ICMP echo-request message, which is generated by the pi ng command, is sent by

any host to test node reachability across an internetwork. The ICMP echo-replymessage indicates that the node can be successfully reached.

An ICMP Redirect message is sent by the router to the source host to stimulate moreefficient routing. The router still forwards the original packet to the destination. ICMPredirects allow host routing tables to remain small because it is necessary to know theaddress of only one router, even if that router does not provide the best path. Even afterreceiving an ICMP Redirect message, some devices might continue using the less-efficient route.

An ICMP Time-exceeded message is sent by the router if an IP packet's Time-to-Live(TTL) field (expressed in hops or seconds) reaches zero. The TTL field prevents packets from continuously circulating the internetwork if the internetwork contains a

routing loop. The router then discards the original packet.

ICMP Router-Discovery Protocol (IDRP)

IDRP uses Router-Advertisement and Router-Solicitation messages to discover theaddresses of routers on directly attached subnets. Each router periodically multicasts





Router-Advertisement messages from each of its interfaces. Hosts then discover addressesof routers on directly attached subnets by listening for these messages. Hosts can useRouter-Solicitation messages to request immediate advertisements rather than waiting forunsolicited messages.

IRDP offers several advantages over other methods of discovering addresses of neighboring

routers. Primarily, it does not require hosts to recognize routing protocols, nor does itrequire manual configuration by an administrator.

Router-Advertisement messages enable hosts to discover the existence of neighboringrouters, but not which router is best to reach a particular destination. If a host uses a poorfirst-hop router to reach a particular destination, it receives a Redirect message identifying a better choice.

Transmission Control Protocol (TCP)

Transmission Control Protocol (TCP) is the primary transport protocol of the TCP/IP

protocol suite. It provides reliable transmission of data in an IP environment. TCPcorresponds to the transport layer (Layer 4) of the OSI reference model. Among the servicesTCP provides are stream data transfer, reliability, efficient flow control, full-duplexoperation, and multiplexing.

With stream data transfer, TCP delivers an unstructured stream of bytes identified bysequence numbers. This service benefits applications because they do not have to chop datainto blocks before handing it off to TCP. Instead, TCP groups bytes into segments and passes them to IP for delivery.

TCP offers reliability by providing connection-oriented, end-to-end reliable packet deliverythrough an internetwork. It does this by sequencing bytes with a forwarding

acknowledgment number that indicates to the destination the next byte the source expects toreceive. Bytes not acknowledged within a specified time period are retransmitted. Thereliability mechanism of TCP allows devices to deal with lost, delayed, duplicate, ormisread packets. A time-out mechanism allows devices to detect lost packets and requestretransmission.

TCP offers efficient flow control, which means that, when sending acknowledgments backto the source, the receiving TCP process indicates the highest sequence number it canreceive without overflowing its internal buffers.





Figure 7-6 shows an example diagram of network flow control

Full-duplex operation means that TCP processes can both send and receive at the same

time. TCP is a connection-based protocol, meaning that the sending and the destinationmachines communicate with each other by sending status messages back and forth. If theconnection is lost because of routing problems or machine failures, errors are sent to theapplications that use TCP. Some service use TCP to maintain a connection between twomachines, notably FTP or Telnet, both of which enable you to move files and commands back and forth between two machines as if you were logged into both at the same time.


The User Datagram Protocol (UDP) is a connectionless transport-layer protocol (Layer 4)that belongs to the Internet protocol family. UDP is basically an interface between IP and

upper-layer processes. UDP protocol ports distinguish multiple applications running on asingle device from one another.

Unlike the TCP, UDP adds no reliability, flow-control, or error-recovery functions to IP.Because of UDP's simplicity, UDP headers contain fewer bytes and consume less networkoverhead than TCP.

UDP is useful in situations where the reliability mechanisms of TCP are not necessary, suchas in cases where a higher-layer protocol might provide error and flow control.

UDP is the transport protocol for several well-known application-layer protocols, including Network File System (NFS), Simple Network Management Protocol (SNMP), Domain Name System (DNS), and Trivial File Transfer Protocol (TFTP).

The UDP packet format contains four fields, which include source and destination ports,length, and checksum fields.

Source and destination ports contain the 16-bit UDP protocol port numbers used todemultiplex datagrams for receiving application-layer processes. A length field specifies the





length of the UDP header and data. Checksum provides an (optional) integrity check on theUDP header and data.

Figure 7-7 shows the UDP packet format

Function of Dynamic Host Configuration Protocol

(DHCP)Each device that will use TCP/IP on your network must have a valid, unique IP address.This address can be manually configured or can be automated through DHCP. DHCP isimplemented as a server and a client. The DHCP server is configured with a pool of IPaddresses and their associated IP configurations while the DHCP client is configured toautomatically access the DHCP server to obtain its IP configuration.

Figure 7-8 shows how the DHCP in a router works

The router separates the Internet network from the local network. The DHCP in the router product acts as a small server system. When a computer in a local network needs an addressfrom the Internet, it asks the DHCP for and address and the DHCP assigns a local IP. The NAT in the router then requests and obtains an IP from the Internet DHCP. The Internetsees a completely different address for this system than any address you see here. Therouter then converts between that address and any local computer address.





Notice that all local addresses begin with 192. 168. 1. This is the "Part 1" of any local

address and defines the network. Any local network using Linksys equipment will have thissame "Part 1". It is never seen by the larger Internet network, as the router convertseverything. When an Internet network is defined by the first three octet groups it is called aClass C network. A Class C network can have as many as 2,097,152 possible addresses, butsupports only 254 possible hosts (the other two addresses are reserved). A Class A network,

in comparison, is defined by the single first octet. There can be only 126 Class A networks; but each can support over 12 million hosts. A class B network would be defined by the firsttwo octets.

The router product also blocks any attempt from outside the local network to access the

local computers using their 192. 168. 1. XXX address. The router knows this is a local

number only, and protects the network from any outside intrusion using this number. Inother words, you have a firewall here as well.

How does DHCP work? When the client starts up, it sends a broadcast DHCPDI SCOVER

message, requesting a DHCP server. The request included the hardware address of theclient computer. Any DHCP server receiving the broadcast that has available IP services

will send a DHCPOFFER message to the client. This message offers an IP address for a set period of time, a subnet mask, and a server identifier (the IP address of the DHCP server).The address offered by the server is marked unavailable and will not be offered to otherclients during the DHCP negotiation period.

A DHCP lease is the amount of time that the DHCP server grants to the DHCP clientpermission to use a particular IP address. A typical server allows its administrator to setthe lease time.

The client selects one of the offers and broadcasts a DHCPREQUEST message, indicating

its selection. This allows any DHCP offers that were not accepted, to be returned to the

pool of IP addresses. The selected DHCP server then sends back a DHCPACK message as

an acknowledgment, indicating the IP address, the subnet mask, and the duration of thelease that the client will use. It may also send additional configuration information such asthe default gateway address or the DNS server address.

Figure 7-9 The DHCP lease generation process





Implementing NetBIOS Name Resolution

Microsoft started with a different protocol as its LAN Manager operating system's native protocol, known as NetBIOS Extended User Interface (NetBEUI). NetBEUI was useful forsmall networks since it did not require configuration and complex addressing like TCP/IPdoes. However, NetBEUI cannot handle routing and does not perform well in largeenvironments. Thus, Microsoft needed to add TCP/IP support.

When Microsoft began to add TCP/IP support to its LAN server products, the namingsystem used on Microsoft networks at that time would not function on routed TCP/IPnetworks. Microsoft LAN Manager computers use the computer's NetBIOS names foridentification. Although this makes maintaining the network very simple for anadministrator - because servers are automatically advertised on the network by name - thisnaming system was a problem with TCP/IP.

NetBIOS has a design limitation that shows up in routed networks because NetBIOS reliesheavily on broadcast messages (as way of transmitting data in the network) to advertiseservers and their shared resources. Broadcast messages are messages that are received by

every computer on a network segment, rather than by a specific computer. This setupusually works on smaller networks but can add overwhelming amounts of broadcast trafficon an enterprise network. When this happens, your network will suffer a broadcast storm.

To confine the impact of broadcast messages on a TCP/IP network, IP routers do notforward broadcast messages. Unlike the Microsoft NWLink protocol for IPX compatibility,which was written by Microsoft to support broadcasts, TCP/IP conforms to very strictstandards. To function in a TCP/IP environment, Microsoft's TCP/IP implementation had toconform to the standard. Therefore, Microsoft had to find a way to make NetBIOS namingwork in a standard TCP/IP network.

Microsoft's first solution, introduced in its older LAN Manager server, was to use a LAN

Manager HOSTS (LMHOSTS) file on each computer on the network. Similar to the

HOSTS file used before DNS was available, LMHOSTS consists of records matching NetBIOS names to IP addresses. An LMHOSTS file is a text file that must be editedmanually. After creating a master LMHOSTS file, an administrator must copy the file toevery computer on the network. Every time a computer was installed or removed, themaster LMHOSTS file had to be updated and redistributed. When a computer couldn't finda particular NetBIOS computer on the local network, it would consult its LMHOSTS file tosee whether the computer could be found elsewhere.

LMHOSTS file is used when planning a NetBIOS name resolution. Since computerscommunicate on a network through broadcast messages, every computer receives andthrough directed messages, which are sent to a specific computer. Whenever possible,communicating through directed messages is preferable. This approach cuts down on the

amount of network traffic and ensures that only the affected hosts receive the message. Italso ensures that the messages propagate across routers. TCP/IP makes sure that WINScommunicated primarily with directed messages.





NetBIOS Naming Methods

There are several types of NetBIOS naming methods. These naming methods are commonlycalled node types. A node is simply a device on a network and every Windows-basedcomputer is configured as one of four node types. The node type determines whether thecomputer will learn names through broadcast messages, directed messages, or some

combination of broadcast and directed messages.

B-node (broadcast node)

This node relies exclusively on broadcast messages and is the oldest NetBIOS nameresolution mode. A host needing to resolve a name request sends a message toevery host within earshot, requesting the address associated with a hostname. B-node has two shortcomings: Broadcast traffic is undesirable and becomes asignificant user of network bandwidths, and TCP/IP routers don't forward broadcastmessages, which restricts B-node operation to a single network segment.

P-node (point-to-point node)

This node relies on WINS servers for NetBIOS name resolution. Client computersregister themselves with a WINS server when they come on the network. They thencontact the WINS server with NetBIOS name resolution requests. WINS serverscommunicate using directed messages, which can cross routers, so P-node canoperate on large networks. Unfortunately, if the WINS server is unavailable, or if anode isn't configured to contact a WINS server, P-node name resolution fails.

M-node (modified node)

This hybrid mode first attempts to resolve NetBIOS names using the B-nodemechanism. If that fails, an attempt is made to use P-node name resolution. M-nodewas the first hybrid mode put into operation, but it has the disadvantage of favoringB-node operation, which is associated with high levels of broadcast traffic.

H-node (hybrid node)

This hybrid mode favors the use of WINS for NetBIOS name resolution. When acomputer needs to resolve a NetBIOS name, it first attempts to use P-node resolution to resolve a name via WINS. Only if WINS resolution fails does the hostresort to B-node to resolve the name via broadcasts. Because it typically results inthe best network utilization, H-node is the default mode of operation for MicrosoftTCP/IP client computers configured to use WINS for name resolution. Microsoftrecommends leaving TCP/IP client computers in the default H-node configuration.

Understanding Naming Convention

Naming conventions resolve a name to a network address, generally an IP address. Thedifference between naming conventions lies in each convention's distinct approach toresolving names.

The following naming conventions are used to identify computers in various Windowsname-resolution methods, including the Windows 2000 method:





Computer Name

In the flat NetBIOS name space, a single name clearly resolves a computer name to anetwork address. This is the name that previous Windows versions stored in browser andmaster browser lists, enabling peer Windows networks to browse resources on networkedWindows computers. In this scenario, the term associated with the computer was computer

name. Registration of the computer name depended on network broadcasts (and a master browser, determined by elections won by later Windows version numbers or Windows NTusage, or a combination). This was useful for small, peer-based Windows networks, butnetworks soon grew beyond what the use of broadcasts and simple flat-file master browserlists could service.

Host Name

The Windows Internet Naming Service (WINS) came in, which enabled a dynamic andcentralized repository of NetBIOS-based computer names stored on WINS servers. Theserepositories could service a larger network. This was a step in the right direction becausename-resolution queries could be directed to a WINS server (rather than being broadcast)and conflicts could be centrally arbitrated. With WINS, the term computer name was

retained, but the term host name also appeared and was used interchangeably with computername. At the time, WINS was used to solve the default names for Windows platforms, butDNS was gaining with the popularity and proliferation of larger and larger networks.

Networks grew, and WINS became less capable of handling the growing volume of names.The decreasing capability of WINS to handle the name-resolution load was not due to the processing power required for resolution, but instead, to the fact that generating uniquenames for lots of computers became an ever-increasing management burden.

Fully Qualified Domain Name

DNS is a better solution; with its hierarchical name space, the need for unique computernames is isolated to a given domain, enabling a computer name such as server1 to exist indifferent domain locations in the same hierarchy. With the capability to have the same hostname in different domains, there was a need for a name that properly addressed the DNShierarchy. The name had to include not only the computer name or host name, but also aname that could clearly identify, or fully qualify, that computer within the entire DNShierarchy. That name is the fully qualified domain name (FQDN) - for example,server1.widgets.microsoft.com.

Fully Qualified Domain Name (FQDN) is a name that uniquely identifies a host in theDNS hierarchy, such that a host called server1 in the products hierarchy at Microsoftmay have an FQDN of server1.products.Microsoft.com.

Relative Distinguished Name

However, in certain situations, the domain-hierarchy part of the FQDN is cumbersome anda local name for a given computer (or any other DNS host) that is relative to the DNSdomain in which the host resides is needed. That name is the relative distinguished name.The relative distinguished name is simply the single host name to the left of the leftmost dot





in the FQDN, such that an FQDN of server1.widgets.microsoft.com has server1 as itsrelative distinguished name.

Relative Distinguished Name is a name that uniquely identifies a host within its owndomain, but not throughout the entire DNS hierarchy. For example, server1 is a

relative distinguished name, while server1.products.Microsoft.com is a fully qualifieddomain name (FQDN).

Rather than imposing new names or new naming conventions on users of NetBIOS names,DNS simply uses the computer name (host name) as the relative distinguished name andappends the DNS domain hierarchy to that name to create the FQDN. The following figureillustrates how to identify the computer-name (or host-name, or relative distinguishedname) part of the FQDN:

Figure 7-10 shows how to identify the computer-name (or host-name, or relativedistinguished name) part of the FQDN

Microsoft NetBIOS Computer Naming Conventions

A computer name can be up to 15 alphanumeric characters with no blank spaces. The namemust be unique on the network and can contain the following special characters:

! @ # $ % ^ & ( ) - _ ' { } . ~

The following characters are not allowed:

\ * + = | : ; " ? < > ,





Function of Windows Internet Name Service (WINS)

The WINS infrastructure was used in the earlier versions of Windows NT networks, evenup to the current version, Windows Server 2003.

In Windows Server 2003, WINS is used for backward compatibility only. WindowsServer 2003 Active Directory networks do not need WINS at all.

The purpose of WINS is to allow a NetBIOS name to be converted to an IP address.Therefore computers using WINS must be using NBT (NetBIOS over TCP/IP). WINS wasoriginally put in place to compensate for a shortcoming of NetBEUI because it is notroutable. On large networks, the IP is used to transport NetBIOS and rather than using broadcasts, information is sent to the WINS server.

At the enterprise level, a network typically has one or more WINS servers that a WINSclient may contact for name resolution. In fact, WINS servers may be configured on a givennetwork so that they replicate all computer names to IP address mappings to each other’s

respective databases.There are four elements can be found in a WINS network:

WINS servers - When WINS client computers enter the network, they contact aWINS server using a directed message. The client computer registers its name withthe WINS server and uses the WINS server to resolve NetBIOS names to IPaddresses.

WINS client computers - WINS client computers use directed (P-node) messagesto communicate with WINS servers and are typically configured to use H-nodecommunication. Windows 2000, Windows NT, Windows 95 and 98, and Windowsfor Workgroups computers can be WINS client computers.

Non-WINS client computers - Older Microsoft network client computers that can'tuse P-node can still benefit from WINS. Their broadcast messages are intercepted by WINS proxy computers that act as intermediaries between the B-node clientcomputers and WINS servers. MS-DOS and Windows 3.1 client computersfunction as non-WINS clients.

WINS proxies -Windows NT, Windows 95 and 98, and Windows for Workgroupsclient computers can function as WINS proxies. They intercept B-node broadcastson their local subnet and communicate with a WINS server on behalf of the B-nodeclient computer.

Out of the box, when you configure a Windows NT Server–based network to use WINS for

its name registration, it adheres to the h-node broadcasting methodology. The h-node refersto one of the NetBIOS over TCP/IP modes that defines how NBT identifies and accessesresources on a network.

In a nutshell, the WINS client checks to see if it is the local machine name during nameresolution. Then it looks at its cache of remote names. Any name that is resolved is placedin a cache, where it remains for 10-minutes. After that, it attempts to contact the WINS





server, and then attempts to broadcast. It also checks the LMHOSTS file (if it is configuredto use and check the LMHOSTS file). Lastly, it tries the HOSTS file and then DNS (ifappropriately configured).

When a WINS client boots on the network, a Name Registration Request packet is sent tothe WINS server via TCP/IP to register the client computer name. As many Name

Registration Request packets are sent as necessary to register names. Not surprisingly, these packets contain the WINS client’s IP address and name. When a client uses WINS itannounces to the WINS server over TCP/IP rather than broadcasting to all computers.

Function of Domain Name System (DNS)

The Domain Name System (DNS) helps users to find their way around the Internet. Everycomputer on the Internet has a unique address – just like a telephone number – which is arather complicated string of numbers called the IP address. Translating the name into the IPaddress is called "resolving the domain name." The goal of the DNS is for any Internet userany place in the world to reach a specific website IP address by entering its domain name.Domain names are also used for reaching e-mail addresses and for other Internetapplications. These logical names also allow independence from knowing the physicallocation of a host. A host may be moved to a different network, while the users continue touse the same logical name.

The DNS provides the protocol which allows clients and servers to communicate with eachother.

DNS servers are used to resolve host names to IP addresses. This makes it easier for peopleto access domain hosts. When you use the Web or send an e-mail message, you use adomain name to do it. For example, the URL "http://www.trendmicro.com" contains thedomain name trendmicro.com. So does the e-mail address "[email protected]."

Human-readable names like "trendmicro.com" are easy for people to remember, but theyare not useful to data communication. All of the computers use names called IP addresses torefer to one another. Every time you use a domain name, you use the Internet's domainname servers (DNS) to translate the human-readable domain name into the machine-readable IP address. During a day of browsing and e-mailing, you might access the domainname servers hundreds of times!

Domain name servers translate domain names to IP addresses. The following are things youneed to know about how DNS servers work:

• There are billions of IP addresses currently in use, and most machines have ahuman-readable name as well.

• There are many billions of DNS requests made every day. A single person caneasily make a hundred or more DNS requests a day, and there are hundreds ofmillions of people and machines using the Internet daily.

• Domain names and IP addresses change daily.





• New domain names are created daily.

• Millions of people manually change and add domain names and IP addresses everyday.

It is impossible to remember IP addresses of all of the Web sites we visit every day! Human

beings just are not that good at remembering strings of numbers. We are good atremembering words, however, and that is where domain names come in. Just a fewexamples of the hundreds of popular domain names stored below. For example:

www.google.com - a typical name

www.yahoo.com - the world's best-known name

www.mit.edu - a popular EDU name

encarta.msn.com - a Web server that does not start with www

www.bbc.co.uk - a name using four parts rather than three

ftp.trendmicro.com - an File Transfer Protocol (FTP) server rather than a Web

server

Top-Level Domains

The root of system is unnamed. There is a set of what are called "top-level domain names"

(TLDs). The COM, EDU and UK portions of these domain names are called the top-level

domain or first-level domain. There are several hundred top-level domain names, including

COM, EDU, GOV, MI L, NET, ORG and I NT, as well as unique two-letter

combinations for every country.

• domains on first level of hierarchy are top-level domains:

either country-code top-level domain (ccTLD) or generic top-level domain (gTLD)

• ccTLD represented by two-letter country-codes from ISO 3166, e.g., uk, f r , de, ch

• gTLD given in Internet informational RFC 1591 “Domain Name System Structure andDelegation”:

edu: educational institutions

com: commercial entities, i.e., companies

net : network providers

or g: organisations, e.g. NGOs

gov: government agencies

mi l : US military

i nt : organisations established by international treaties

Within every top-level domain there is huge list of second-level domains. In the COM first-level domain, some of these examples include google, yahoo, msn, trendmicro, plusmillions of others.





Every name in the COM top-level domain must be unique, but there can be duplicationacross domains. For example, howstuffworks.com and howstuffworks.org are completelydifferent machines. In the case of bbc.co.uk , it is a third-level domain. Up to 127 levels are possible, although more than four is rare.

The left-most word, such as www or encarta, is the host name. It specifies the name of a

specific machine (with a specific IP address) in a domain. A given domain can potentiallycontain millions of host names as long as they are all unique within that domain.

How are Domain Names distributed?

Because all of the names in a given domain need to be unique, there has to be a single entitythat controls the list and makes sure that there are no duplicates. For example, the COMdomain cannot contain any duplicate names, and a company called Network Solutions is incharge of maintaining this list. When you register a domain name, it goes through one ofseveral dozen registrars who work with Network Solutions to add names to the list. Network Solutions, in turn, keeps a central database known as the whois database thatcontains information about the owner and name servers for each domain. If you go to thewhois form, you can find information about any domain currently in existence.

While it is important to have a central authority keeping track of the database of names inthe COM (and other) top-level domain, you would not want to centralize the database of allof the information in the COM domain. For example, Microsoft has hundreds of thousandsof IP addresses and host names. Microsoft wants to maintain its own domain name serverfor the microsoft.com domain. Similarly, Great Britain probably wants to administrate theuk top-level domain, and Australia probably wants to administrate the au domain, and soon. For this reason, the DNS system is a distributed database. Microsoft is completelyresponsible for dealing with the name server for microsoft.com - it maintains the machinesthat implement its part of the DNS system, and Microsoft can change the database for itsdomain whenever it wants to because it owns its domain name servers.

Every domain has a domain name server somewhere that handles its requests, and there is a person maintaining the records in that DNS. This is one of the most amazing parts of theDNS system - it is completely distributed throughout the world on millions of machinesadministered by millions of people, yet it behaves like a single, integrated database.





Figure 7-11 Network Solutions site at http://www.networksolutions.com

Figure 7-12 Sample screenshot of a whois database extractor

The “Whois Extractor” software extracts domain information from global whoisdatabase source. It extracts Domain, TLD, Registrant, Admin Name, Address,City, State, Zip, Country, Phone, Fax, NameServer, Domain Created Date,Updated Date, Domain Expired Date. The program auto saves all extracted datain csv/text file with success, error, log text.






DNS and WINS can be integrated to provide a more complete name resolution solution forall clients on your network.

You can configure a DNS server to query a WINS server by configuring a DNS zone

setting. This is helpful when some of the clients you support require NetBIOS nameresolution, such as legacy Windows 9x clients, or cannot register themselves with DNS. Ineffect, you are providing a means for DNS clients to look up WINS client names and IPaddresses without needing to contact the WINS server directly. After it is configured, theDNS server will query a WINS server for every request made to it for which it does nothave a valid record. If the requested name is located on the WINS server, the information isreturned to the requesting client via the DNS server. The process is invisible to all clients.

This can be configured for both forward and reverse lookup zones.

If you have a mixture of Windows and third-party DNS servers in your organization, you

will run into problems if you attempt to replicate WINS lookup records to these third-partyDNS servers. Only Microsoft DNS servers support WINS lookup records; thus, zonetransfers to third-party DNS servers will fail. In this situation, you should use WINS referralto create and delegate a special "WINS zone" that refers queries to WINS when needed.This zone does not perform any registrations or updates. Clients need to be configured toappend this additional WINS referral zone to their queries for unqualified names, thusallowing clients to query both WINS and DNS as required. You also need to ensure that thisWINS referral zone is not configured to transfer to any third-party DNS servers.


This section will enumerate the TCP/IP utilities offer network connections to othercomputers, such as UNIX workstations. You must have the TCP/IP network protocolinstalled to use the TCP/IP utilities. To start TCP/IP services from the command prompt justtype net start. This displays a list of services that are currently operating. To stop TCP/IPservices from the command prompt, type net stop.





Figure7-13 Start or stop the TCP/IP services from the command prompt

To get a complete guide on how to use these utilities and services, go toMicrosoft web site at thus URL:http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-

us/tcpip_utils.mspx

Arp

Displays and modifies entries in the Address Resolution Protocol (ARP) cache, whichcontains one or more tables that are used to store IP addresses and their resolvedEthernet or Token Ring physical addresses. There is a separate table for each Ethernetor Token Ring network adapter installed on your computer. Used without parameters,

the command ar p displays help.

Nslookup

Displays information that you can use to diagnose Domain Name System (DNS)infrastructure. Before using this tool, you should be familiar with how DNS works. The

Nsl ookup command-line tool is available only if you have installed the TCP/IP

protocol.

Finger

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/tcpip_utils.mspx








Displays information about a user or users on a specified remote computer (typically acomputer running UNIX) that is running the Finger service or daemon. The remotecomputer specifies the format and output of the user information display. Used without

parameters, f i nger displays help.

Ping

Verifies IP-level connectivity to another TCP/IP computer by sending Internet ControlMessage Protocol (ICMP) Echo Request messages. The receipt of corresponding EchoReply messages are displayed, along with round-trip times. Ping is the primary TCP/IPcommand used to troubleshoot connectivity, reachability, and name resolution. Used

without parameters, pi ng displays help.

Ftp

Transfers files to and from a computer running a File Transfer Protocol (FTP) serverservice such as Internet Information Services. Ftp can be used interactively or in batchmode by processing ASCII text files.

Rcp

Copies files between a Windows XP computer and a system running rshd, the remote

shell service (daemon). Windows XP and Windows 2000 do not provide rshd

service. Used without parameters, r cp displays help.

Hostname

Displays the host name portion of the full computer name of the computer.

Rexec

Runs commands on remote computers running the Rexec service (daemon). The

r exec command authenticates the user name on the remote computer before

executing the specified command. Windows XP and Windows 2000 do not provide the

Rexec service. Used without parameters, r exec displays help.

Ipconfig

Displays all current TCP/IP network configuration values and refreshes Dynamic HostConfiguration Protocol (DHCP) and Domain Name System (DNS) settings. Used

without parameters, i pconf i g displays the IP address, subnet mask, and default

gateway for all adapters.

Route

Displays and modifies the entries in the local IP routing table. Used without parameters,

route displays help.

Lpq

Displays the status of a print queue on a computer running Line Printer Daemon (LPD).

Used without parameters, l pq displays command-line help for the l pq command.





Rsh

Runs commands on remote computers running the RSH service or daemon.Windows XP and Windows 2000 do not provide an RSH service. An RSH service

called Rshsvc. exe is provided with the Windows 2000 Server Resource Kit. Used

without parameters, rsh displays help.

Lpr

Sends a file to a computer running Line Printer Daemon (LPD) in preparation for

printing. Used without parameters, l pr displays command-line help for the l prcommand.

Tftp

Transfers files to and from a remote computer, typically a computer running UNIX, thatis running the Trivial File Transfer Protocol (TFTP) service or daemon. Used without

parameters, t f t p displays help.

Nbtstat

Displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables for both the local computer and remote computers, and the NetBIOS name cache.

Nbt st at allows a refresh of the NetBIOS name cache and the names registered with

Windows Internet Name Service (WINS). Used without parameters, nbt st at displays

help.

Tracert

Determines the path taken to a destination by sending Internet Control MessageProtocol (ICMP) Echo Request messages to the destination with incrementallyincreasing Time to Live (TTL) field values. The path displayed is the list of near-side

router interfaces of the routers in the path between a source host and a destination. Thenear-side interface is the interface of the router that is closest to the sending host in the

path. Used without parameters, tracert displays help.

Netstat

Displays active TCP connections, ports on which the computer is listening, Ethernetstatistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over

IPv6 protocols). Used without parameters, netstat displays active TCP connections.

The TCP/IP Request for Comments (RFCs)The standards for TCP/IP are published in a series of documents called Requests for

Comments (RFCs). RFCs are an evolving series of reports, proposals for protocols, and protocol standards that describe the internal workings of TCP/IP and the Internet.





Although TCP/IP standards are always published as RFCs, not all RFCs specify standards.RFCs are authored by individuals who voluntarily write and submit a draft proposal for anew protocol or specification to the Internet Engineering Task Force (IETF) and otherworking groups. Submitted drafts are first reviewed by a technical expert, a task force, or anRFC editor, and then assigned a status.

If a draft passes this initial review stage, it is circulated to the larger Internet community fora period of further comment and review and assigned an RFC number. This RFC numberremains constant. If changes are made to the proposed specification, drafts that are revisedor updated are circulated by using a new RFC (a number higher than the original RFCnumber) to identify more recent documents.8

Related RFCs for TCP/IP

The following table shows the RFCs supported by the TCP/IP protocol and supportingservices.

RFCnumber

TitleRFCnumber

Title

768User Datagram Protocol(UDP)

1256ICMP Router DiscoveryMessages

783Trivial File TransferProtocol (TFTP)

1323TCP Extensions for HighPerformance

791 Internet Protocol (IP) 1332PPP Internet ProtocolControl Protocol (IPCP)

792Internet ControlMessage Protocol(ICMP)

1518 An Architecture for IP Address Allocation withCIDR

793Transmission ControlProtocol (TCP)

1519

Classless Inter-DomainRouting (CIDR): An Address

Assignment and AggregationStrategy

816

Fault Isolation and

Recovery 1534

Interoperation Between

DHCP and BOOTP

826 Address ResolutionProtocol (ARP)

1542Clarifications and Extensionsfor the Bootstrap Protocol

854Telnet Protocol(TELNET)

1552PPP Internetwork PacketExchange Control Protocol(IPXCP)

862 Echo Protocol (ECHO) 1661The Point-to-Point Protocol(PPP)

863Discard Protocol(DISCARD)

1662 PPP in HDLC-like Framing

864Character GeneratorProtocol (CHARGEN)

1748 IEEE 802.5 MIB using SMIv2

865Quote of the Day

Protocol (QUOTE)

1749IEEE 802.5 Station Source

Routing MIB using SMIv2867

Daytime Protocol(DAYTIME)

1812Requirements for IPVersion 4 Routers

894 IP over Ethernet 1828IP Authentication usingKeyed MD5

919Broadcasting InternetDatagrams

1829 ESP DES-CBC Transform





922Broadcasting InternetDatagrams in thePresence of Subnets

1851ESP Triple DES-CBCTransform

950Internet StandardSubnetting Procedure

1852IP Authentication usingKeyed SHA

959File Transfer Protocol(FTP)

1878Variable Length SubnetTable For IPv4

1001Protocol Standard for aNetBIOS Service on aTCP/UDP Transport:Concepts and Methods

1886DNS Extensions to SupportIP Version 6

1002

Protocol Standard for aNetBIOS Service on aTCP/UDP Transport:Detailed Specifications

1994PPP Challenge Handshake

Authentication Protocol(CHAP)

1009Requirements forInternet Gateways

1995Incremental Zone Transfer inDNS

1034Domain Names -Concepts and Facilities

1996 A Mechanism for PromptDNS Notification of ZoneChanges

1035Domain Names -Implementation and

Specification

2018TCP Selective

Acknowledgment Options

1042 IP over Token Ring 2085HMAC-MD5 IP

Authentication with ReplayPrevention

1055

A Nonstandard forTransmission of IPDatagrams Over SerialLines: SLIP

2104HMAC: Keyed Hashing forMessage Authentication

1065

Structure andIdentification ofManagement Informationfor TCP/IP-basedInternets

2131Dynamic Host ConfigurationProtocol (DHCP)

1112

Internet Group

Management Protocol(IGMP) 2136

Dynamic Updates in the

Domain Name System (DNSUPDATE)

1122Requirements forInternet Hosts -Communication Layers

2181Clarifications to the DNSSpecification

1123Requirements forInternet Hosts -

Application and Support2236

Internet Group ManagementProtocol, Version 2

1144Compressing TCP/IPHeaders for Low-SpeedSerial Links

2308Negative Caching of DNSQueries (DNS NCACHE)

1157Simple NetworkManagement Protocol(SNMP)

2401Security Architecture for theInternet Protocol

1179

Line Printer Daemon

Protocol 2402 IP Authentication Header

1188 IP over FDDI 2406IP Encapsulating SecurityPayload (ESP)

1191 Path MTU Discovery 2581 TCP Congestion Control

1201 IP over ARCNET

Table 7-2 RFCs supported by the TCP/IP protocol and supporting services






The TCP/IP is a protocol suite comprise of protocols which “reside” in each of the sevenlayer of the OSI model. Every TCP/IP protocol is charged with performing a certain subsetof the total functionality required to implement a TCP/IP network or application. The main

protocols at the Internet and Transport layers are the Internet Protocol (IP), TransmissionControl Protocol (TCP) and User Datagram Protocol (UDP). These core protocols supportmany other protocols, to perform a variety of functions at each of the TCP/IP model layers.Each device that will use TCP/IP on your network uses a valid, unique IP address.

Review Questions

1. This is the primary transport protocol of the TCP/IP protocol suite

a) TCP

b) UDP

c) IP

d) STP

2. The TCP/IP protocol that provides for source and destination addressing is -

a) IP

b) TCP

c) UDP

d) All of the above

3. This TCP/IP utility is used to check the validity of a remote IP address.

a) PING

b) FTP

c) ARP

d) IPCONFIG

4. The dynamic Windows-based service used to resolve NetBIOS names into their IPaddresses is –

a) ICMP

b) DNS

c) WINS

d) DHCP





5. Which of the following does a router normally use when making a decision aboutrouting TCP/IP?

a) Destination MAC address

b) Source MAC address

c) Destination IP address

d) Source IP address

e) Destination MAC and IP address





Chapter 8: Network Troubleshootingand Monitoring

Chapter Objectives


• Identify the basic network problems

• Know what a network troubleshooting strategy means

• Know how to perform basic troubleshooting techniques

• Know some helpful prevention tips

• Know the commonly used tools to troubleshoot network problems



Chapter 8: Network Troubleshooting and Monitoring



Chapter 8: Network Troubleshooting and

Monitoring

Network Connectivity Problems

Network Troubleshooting Framework Network Troubleshooting Strategy

Commonly Used Troubleshoot ing Tools

Effective Network Management

Recommendation for Effective NetworkTroubleshooting

Prevention Tips

Tips for Solving Problems

Notes







Identify the basic network problems

Know what a network troubleshooting strategy

means

Know how to perform basic troubleshooting

techniques

Know some helpful prevention tips

Know the commonly used tools to troubleshoot

network problems

Notes






About Connectivi ty Problems

Loss of connectivity

Intermittent connectivity Timeout problems

Traffic counts and other packet breakdownsData Link

Routing informationNetwork

Protocol information and other RemoteMonitoring (RMON) and RMON2 data

App licati on

Presentation

Session

Transport

Data CollectedLayer

Network Data and the OSI Model Layers

Notes






Network Troubleshooting Strategy

If you notice changes on your network,

ask the following questions:

Is the change expected or unusual?

Has this event ever occurred before?

Does the change involve a device ornetwork path for which you alreadyhave a backup solut ion in place?

Does the change interfere with vi talnetwork operations?

Does the change affect one or manydevices or network paths?

RecognizingSymptoms

Understanding theProblem

Identifying andTesting the Causeof the Problem

Solving theProblem

Notes






Commonly Used Troubleshooting Tools

These common ly used tools can also help you

troubleshoot your network:

• Network softw are, such as Ping, Telnet, and FTP and

TFTP. You can use these applications to t roubleshoo t,

configure, and upgrade your system.

• Network monito ring devices, such as Analyzers and

Probes.

• Tools, such as Cable Testers, for working on physical

problems.

Notes






Recommendation for Effective Network

Troubleshooting

These sections describe the steps that you can take to

effectively troubleshoot your network when the need

arises:

Designing Your Network for Troubleshooting

Preparing Devices for Management

Configur ing Transcend NCS

Knowing Your Network

Notes





Introduction

When you encounter a problem in your network, the first question you need to ask is, “What

changed?” Computer hardware has gotten so reliable that it is difficult to determine wherethe problem lies. So you do a process of elimination. Depending on how well you knowyour network – the components, its behavior and the overall function of each deviceattached to it, it may take a few minutes to long hours just trying to figure out what haschanged.

More often than not, network administrators do not manage the network, they manage the“changes” that occur in the network. That’s when an administrator needs to design anetwork troubleshooting strategy.

Network troubleshooting means recognizing and diagnosing networking problems with thegoal of keeping your network running optimally. As a network administrator, your primaryconcern is maintaining connectivity of all devices (a process often called fault

management ). You also continually evaluate and improve your network's performance.Because serious networking problems can sometimes begin as performance problems, paying attention to performance can help you address issues before they become serious.

This chapter will discuss the basic network issues that require network troubleshootingstrategy. It also provides general prevention tips and solving problem tips toward the end ofthe chapter.

Network Connectivity Problems

Connectivity problems occur when clients cannot communicate with other areas of your

local area network (LAN) or wide area network (WAN). Using management tools, you canoften fix a connectivity problem before users even notice it. Connectivity problems include:

Loss of connectivity - When users cannot access areas of your network, yourorganization's effectiveness and productivity are impaired. Immediately correct anyconnectivity breaks.

Intermittent connectivity - Although users have access to network resources someof the time, they are still facing periods of downtime. Intermittent connectivity problems can indicate that your network is on the verge of a major breakdown. Ifconnectivity is erratic, investigate the problem immediately.

Timeout problems - Timeouts cause loss of connectivity, but are often associated

with poor network performance.

About Performance Problems

Your network has performance problems when it is not operating as effectively as it should.For example, response times may be slow, the network may not be as reliable as usual, and





users may be complaining that it takes them longer to do their work. Some performance problems are intermittent, such as instances of duplicate addresses. Other problems canindicate a growing strain on your network, such as consistently high utilization rates or highCPU usage.

If you regularly examine your network for performance problems, you can extend the

usefulness of your existing network configuration and plan network enhancements, insteadof waiting for a performance problem to adversely affect the users' productivity.

Solving Connectivi ty and Performance Problems

When you troubleshoot your network, you employ tools and knowledge already at yourdisposal. With an in-depth understanding of your network, you can use network softwaretools, such as Ping, and network devices, such as Analyzers, to locate problems, and thenmake corrections, such as swapping equipment or reconfiguring segments, based on youranalysis.

Network Troubleshooting FrameworkThe International Standards Organization (ISO) Open Systems Interconnect (OSI) referencemodel is the foundation of all network communications. This seven-layer structure providesa clear picture of how network communications work. As you have learned, protocolsgovern communications between the layers of a single system and among several systems.In this way, devices made by different manufacturers or using different designs can usedifferent protocols and still communicate.

By understanding how network troubleshooting fits into the framework of the OSI model,you can identify at what layer problems are located and which type of troubleshooting toolsto use. For example, unreliable packet delivery can be caused by a problem with thetransmission media or with a router configuration.

Table 8-1 describes the data that the network management tools can collect as it relates tothe OSI model layers.

Network Data and the OSI Model Layers

Layer Data Collected

Appl ication

Presentation

Session

Transport

Protocol information and other Remote Monitoring (RMON) andRMON2 data

Network Routing information

Data Link Traffic counts and other packet breakdowns





Physical Error counts

Table 8-1 OSI Reference Model and Network Troubleshooting

Network Troubleshooting Strategy

You can create a strategy to troubleshoot your network if you are familiar with your site'snetwork configuration and on your network's normal behavior.

Know your network - Understand overall flow patterns and interactions betweensystems, and determine how your network is really being used at the applicationlevel.

Optimize your network - Gain an insight into traffic and application usage trendsto help you optimize the use and placement of current network resources and make

wise decisions about capacity planning and network growth.If you notice changes on your network, ask the following questions:

• Is the change expected or unusual?

• Has this event ever occurred before?

• Does the change involve a device or network path for which you already have a backup solution in place?

• Does the change interfere with vital network operations?

• Does the change affect one or many devices or network paths?

After you have an idea of how the change is affecting your network, you can categorize it aseither critical or non-critical. Both of these categories need resolution (except for changesthat are one-time occurrences); the difference between the categories is the amount of timethat you have to fix the problem.

By using a strategy for network troubleshooting, you can approach a problem methodicallyand resolve it with minimal disruption to network users. As a best practice, have an accurateand detailed map of your current network environment. Beyond that, a good approach to problem resolution is:

Recognizing Symptoms

Understanding the Problem

Identifying and Testing the Cause of the Problem

Solving the Problem





Recognizing Symptoms

When resolving any problem, the first step is to identify and interpret the symptoms. Youmay discover network problems in several ways. Users may complain that the networkseems slow or that they cannot connect to a server. Your management console is showingan alert sign indicating that something is not properly functioning in your network.

User Comments

Although you can often solve networking problems before users notice a change in theirenvironment, you invariably get feedback from your users about how the network isrunning, such as:

• The printer is not working or they cannot print.

• They cannot access the application server.

• It takes them much longer to copy files across the network than it usually does.

• They cannot log on to a remote server.

• When they send e-mail to another site, they get a routing error message.• Their system freezes whenever they try to Telnet.

Network Management Software Alerts

Network management software usually has a feature that can alert you to areas of yournetwork that need attention. For example:

• The application displays “Warning” icons, beeping tones or flashing signals.

• Your weekly utilization report (which indicates the 10 ports with the highestutilization rates) shows that one port is experiencing much higher utilization levelsthan normal.

• You receive an email message from your network management station that thethreshold for broadcast and multicast packets has been exceeded.

These signs usually provide additional information about the problem, allowing you tofocus on the right area.

Analyzing Symptoms

When a symptom occurs, ask yourself these types of questions to narrow the location of the problem and to get more data for analysis:

• To what degree is the network not acting normally (for example, does it now takeone minute to perform a task that normally takes five seconds)?

• On what subnetwork is the user located?

• Is the user trying to reach a server, end station, or printer on the same subnetworkor on a different subnetwork?

• Are many users complaining that the network is operating slowly or that a specificnetwork application is operating slowly?





• Are many users reporting network logon failures?

• Are the problems intermittent? For example, some files may print with no problems, while other printing attempts generate error messages, make users losetheir connections, and cause systems to freeze.

Understanding the Problem

Networks are designed to move data from a transmitting device to a receiving device. Whencommunication becomes problematic, you must determine why data are not traveling asexpected and then find a solution. The two most common causes for data not movingreliably from source to destination are:

• The physical connection breaks (that is, a cable is unplugged or broken).

• A network device is not working properly and cannot send or receive some or alldata.

Network management software can easily locate and report a physical connection break

(layer 1 problem). It is more difficult to determine why a network device is not working asexpected, which is often related to a layer 2 or a layer 3 problem.

To determine why a network device is not working properly, look first for:

Valid service - Is the device configured properly for the type of service it issupposed to provide? For example, has Quality of Service (QoS), which is thedefinition of the transmission parameters, been established?

Restricted access - Is an end station supposed to be able to connect with a specificdevice or is that connection restricted? For example, is a firewall set up that prevents that device from accessing certain network resources?

Correct configuration - Is there a misconfiguration of IP address, subnet mask,

gateway, or broadcast address? Network problems are commonly caused byimproper configuration of newly connected or configured devices.

Identify ing and Testing the Cause of the Problem

After you develop a theory about the cause of the problem, test your theory. The test mustconclusively prove or disprove your theory.

Two general rules of troubleshooting are:

• If you cannot reproduce a problem, then no problem exists unless it happens againon its own.

• If the problem is intermittent and you cannot replicate it, you can configure yournetwork management software to catch the event in progress.

Although network management tools can provide a great deal of information about problems and their general location, you may still need to swap equipment or replacecomponents of your network until you locate the exact trouble spot.





After you test your theory, either fix the problem as described in "Solving the Problem" ordevelop another theory.

Sample Problem Analysis

This section illustrates the analysis phase of a typical troubleshooting incident.

On your network, a user cannot access the mail server. You need to establish two areas ofinformation:

• What you know - In this case, the user's workstation cannot communicate with themail server.

• What you do not know and need to test –

Can the workstation communicate with the network at all, or is the problemlimited to communication with the server? Test by sending a "Ping" or byconnecting to other devices.

Is the workstation the only device that is unable to communicate with theserver, or do other workstations have the same problem? Test connectivity at

other workstations.

If other workstations cannot communicate with the server, can theycommunicate with other network devices? Again, test the connectivity.

The analysis process follows these steps:

1 Can the workstation communicate with any other device on the subnetwork?

1.1 If no, then go to step 2.

1.2 If yes, determine if only the server is unreachable.

1.2.1 If only the server cannot be reached, this suggests a server problem. Confirm by

doing step 2.

1.2.2 If other devices cannot be reached, this suggests a connectivity problem in thenetwork. Confirm by doing step 3.

2 Can other workstations communicate with the server?

2.1 If no, then most likely it is a server problem. Go to step 3.

2.2 If yes, then the problem is that the workstation is not communicating with thesubnetwork. (This situation can be caused by workstation issues or a network issue withthat specific station.)

3 Can other workstations communicate with other network devices?

3.1 If no, then the problem is likely a network problem.

3.2 If yes, the problem is likely a server problem.

When you determine whether the problem is with the server , subnetwork , or workstation,you can further analyze the problem, as follows:





For a problem with the server - Examine whether the server is running, if it is properly connected to the network, and if it is configured appropriately.

For a problem with the subnetwork - Examine any device on the path betweenthe users and the server.

For a problem with the workstation - Examine whether the workstation can

access other network resources and if it is configured to communicate with that particular server.

Equipment for Testing

To help identify and test the cause of problems, have available:

• A laptop computer that is loaded with a terminal emulator, TCP/IP stack, TFTPserver, CD-ROM drive (to read the online documentation), and some key networkmanagement applications. With the laptop computer, you can plug into anysubnetwork to gather and analyze data about the segment.

• A spare managed hub to swap for any hub that does not have management.Swapping in a managed hub allows you to quickly spot which port is generating theerrors.

• A single port probe to insert in the network if you are having a problem where youdo not have management capability.

• Console cables for each type of connector, labeled and stored in a secure place.

Solving the Problem

Many device or network problems are straightforward to resolve, but others result tomisleading symptoms. If one solution does not work, continue with another.

A solution often involves:

• Upgrading software or hardware (for example, upgrading to a new version of agentsoftware or installing Gigabit Ethernet devices)

• Balancing your network load by analyzing:

What users communicate with which servers

What the user traffic levels are in different segments

Based on these findings, you can decide how to redistribute network traffic.

• Adding segments to your LAN (for example, adding a new switch where utilizationis continually high)

• Replacing faulty equipment (for example, replacing a module that has port problems or replacing a network card that has a faulty jabber protection

mechanism)

To help solve problems, make sure you have the following items below available for youruse:





• Spare hardware equipment (such as modules and power supplies), especially foryour critical devices

• A recent backup of your device configurations to reload if flash memory getscorrupted (which can sometimes happen due to a power outage)

Commonly Used Troubleshooting Tools

These commonly used tools can also help you troubleshoot your network:

• Network software, such as Ping, Telnet, and FTP and TFTP. You can use theseapplications to troubleshoot, configure, and upgrade your system.

• Network monitoring devices, such as Analyzers and Probes.

• Tools, such as Cable Testers, for working on physical problems.

Ping

Packet Internet Groper (Ping) allows you to quickly verify the connectivity of your networkdevices. Ping attempts to transmit a packet from one device to a station on the network, andlistens for the response to ensure that it was correctly received. You can validateconnections on the parts of your network by pinging different devices:

• A successful response indicates that a valid network path exists between yourstation and the remote host and that the remote host is active.

• Slower response times than normal can indicate that the path is congested orobstructed.

• A failed response indicates that a connection is broken somewhere; use the message

to help locate the problem.





Figure 8-1 shows an example of a “ping”

Strategies for Using Ping

Follow these strategies for using Ping:

• Ping devices when your network is operating normally so that you have a performance baseline for comparison.

• Ping by IP address when:

You want to test devices on different subnetworks. This method allows you toPing your network segments in an organized way, rather than having toremember all the hostnames and locations.

Your Domain Name System (DNS) server is down and your system cannotlook up host names properly. You can Ping with IP addresses even if youcannot access hostname information.

• Ping by hostname when you want to identify DNS server problems.

• To troubleshoot problems that involve large packet sizes, Ping the remote hostrepeatedly, increasing the packet size each time.

• To determine if a link is erratic, perform a continuous Ping (using ping -s on

UNIX), which indicates the time that it takes the device to respond to each Ping.

• To determine a route taken to a destination, use the trace route function

(tracert).

• Consider creating a Ping script that periodically sends a Ping to all necessarynetworking devices. If a Ping failure message is received, the script can perform some action to notify you of the problem, such as paging you.





• Use the Ping functions of your network management platform. For example,in your HP OpenView map, select a device and click the right mouse buttonto gain access to ping functions.

Tips on Interpreting Ping Messages

Use the following ping failure messages to troubleshoot problems:

No reply from <destination>

This indicates that the destination routes are available but that there is a problemwith the destination itself.

<destination> is unreachable

This indicates that your system does not know how to get to the destination. Thismessage means either that routing information to a different subnetwork isunavailable or that a device on the same subnetwork is down.

ICMP host unreachable from gateway

Indicates that your system can transmit to the target address using a gateway, butthat the gateway cannot forward the packet properly because either a device ismisconfigured or the gateway is not operating.

Telnet

Telnet, which is a login and terminal emulation program for Transmission ControlProtocol/Internet Protocol (TCP/IP) networks, is a common way to communicate with anindividual device. You log in to the device (a remote host) and use that remote device as ifit were a local terminal.





Figure 8-2 shows a sample “telnet” session

If you have established an out-of-band Telnet connection with a device, you can use Telnetto communicate with that device even if the network is unavailable. This feature makesTelnet one of the most frequently used network troubleshooting tools. Usually, all devicestatistics and configuration capabilities are accessible by using Telnet to connect to thedevice's console.

You can invoke the Telnet application on your local system and set up a link to a Telnet

process that is running on a remote host. You can then run a program that is located on aremote host as if you were working at the remote system.

FTP and TFTP

Most network devices support either the File Transfer Protocol (FTP) or the Trivial FileTransfer Protocol (TFTP) for downloading updates of system software. Updating systemsoftware is often the solution to networking problems that are related to agent problems.Also, new software features may help correct a networking problem.

FTP provides flexibility and security for file transfer by:

•

Accepting many file formats, such as ASCII and binary• Using data compression

• Providing Read and Write access so that you can display, create, and delete filesand directories

• Providing password protection





TFTP is a simple version of FTP that does not list directories or require passwords. TFTPonly transfers files to and from a remote server.

Analyzers

An analyzer, which is often called a Sniffer , is a network device that collects network dataon the segment to which it is attached, a process called packet capturing. Software on thedevice analyzes this data, which is a process referred to as protocol analysis. Mostanalyzers can interpret different types of protocol traffic, such as TCP/IP, AppleTalk, andBanyan VINES traffic.

You usually use analyzers for reactive troubleshooting - when you see a problemsomewhere on your network, you attach an analyzer to capture and interpret the data fromthat area. Analyzers are particularly helpful for identifying intermittent problems. Forexample, if your network backbone has experienced moments of instability that preventusers from logging on to the network, you can attach an analyzer to the backbone to capturethe intermittent problems when they happen again.

Figure 8-3 shows a diagram of how packets are analyzed

Note: Most software-based network protocol analyzers work inabout the same way as shown above, and display, at least initially,





the same basic information. The analyzer runs on a host system.When you start the analyzer (in promiscuous mode), the host NIC'ssoftware driver intercepts all traffic that passes through the NIC.The protocol analyzer passes the intercepted traffic to theanalyzer's packet-decoder engine, which identifies and splitspackets into their respective layers. The protocol analyzer softwareanalyzes the packets and displays packet information on theanalyzer host's screen. Depending on the product's capabilities,you can then analyze and filter the traffic further.9

Probes

Like Analyzers, a probe is a network device that collects network data. Depending on itstype, a probe can collect data from multiple segments simultaneously. It stores the collecteddata and transfers the data to an analysis site when requested. Unlike an analyzer, probes donot interpret data.

A probe can be either a stand-alone device or an agent in a network device. You can use a probe daily to determine the health of your network. Use this data to make decisions about

reconfiguring devices and end stations as needed.

Figure 8-4 shows NIAS’ Centralized Probe Management for Enterprise Networks

Note: For enterprise organizations, Network Instruments hasreleased the Network Instruments Authentication Server (NIAS) forassistance in managing the security and authentication parametersfor multiple console/probe connections. The NIAS is ideal forenterprise organizations required to frequently change user namesand passwords to comply with network security policies. This easy-to-install software solution makes authenticating users safe, secure





and simple by providing centralized management of all Probe usersand all Probe passwords.10

Cable Testers

Cable testers examine the electrical characteristics of the wiring. They are most commonlyused to ensure that building wiring and cables meet Category 5, 4, and 3 standards. Forexample, network technologies such as Fast Ethernet require the cabling to meet Category 5requirements. Testers are also used to find defective and broken wiring in a building.

The first thing to understand about testing data cables is the Attenuation to Crosstalk Ratio (ACR). Attenuation is the reduction in signal strength over the length of the cable andfrequency range, the crosstalk is the external noise that is introduced into the cable. So, ifthese two areas meet, the data signal will be lost because the crosstalk noise will be at thesame level as the attenuated signal.

Figure 8-5 shows the pink area in the graph is the attenuation and the blue area is thecrosstalk.

ACR is the most important result when testing a link because it represents the overall performance of the cable.

Effective Network Management

Much like buildings, networks must be designed before they can be built. The networkdesign specifies the network infrastructure, including the layout that dictates how thecomputers will be connected, the format the data takes as it passes over the networkconnection, and the network architecture.

The network architect must utilize the right mix of technology to provide adequate network bandwidth for the network users' needs. Network bandwidth is the amount of data that can

http://www.bitpipe.com/rlist/term/Network-Design.html


http://www.bitpipe.com/rlist/term/Network-Infrastructure.html

http://www.bitpipe.com/rlist/term/Network-Infrastructure.html







be transmitted on a network in a particular amount of time. Video- and graphic-intensiveapplications require higher bandwidth than simple text-based programs. Bandwidthmanagement software helps identify and alleviate network bottlenecks. Networkadministrators also use load balancing to allocate network bandwidth to compute-intensiveapplications so they won't bring down overall network performance.

Many companies are choosing to install fiber-optic cables to transmit data on theirnetwork as fiber optic technology is capable of much higher data throughput thanconventional metal cables.

Another critical network feature is fault tolerance, which is the network's ability to recoverfrom an unexpected failure. Since a company's revenue and reputation often ride on itsnetwork, many companies employ multiple layers of fault tolerance that ranges from a backup power source in case of an electrical power outage to mirroring the data from oneserver onto another server that will automatically take over ("fail over") in case of failure. Network clusters are also used to prevent unexpected data loss.

With the network design and installation complete, the focus shifts to network management and maintenance. Network administrators must ensure the network operates reliably, that its performance or speed is adequate, and that it is secure from unwanted intrusion. With theadvice of internal or external security professionals, network administrators use techniquesand technology, including firewalls and user authentication, to ensure data stored on acomputer on the network cannot be read without proper authorization.

Recommendation for Effective NetworkTroubleshooting

These sections describe the steps that you can take to effectively troubleshoot your networkwhen the need arises:

Designing Your Network for Troubleshooting

Preparing Devices for Management

Configuring Transcend NCS

Knowing Your Network

By designing your network for troubleshooting, you can access key devices on yournetwork when your network is experiencing connectivity or performance problems. Havingadequate management access depends on these design criteria:

Position of the management station so that it can gather the greatest amount ofnetwork data through Simple Network Management Protocol (SNMP) polling

Position of probes for distributed management of critical networks

Ability to communicate with each device even when your management stationcannot access the network

http://www.bitpipe.com/rlist/term/Bandwidth-Management.html


http://www.bitpipe.com/rlist/term/Load-Balancing.html

http://www.bitpipe.com/rlist/term/Data-Mirroring.html

http://www.bitpipe.com/rlist/term/Network-Management.html

http://www.bitpipe.com/rlist/term/Network-Management.html

http://www.bitpipe.com/rlist/term/Data-Mirroring.html

http://www.bitpipe.com/rlist/term/Load-Balancing.html







The following sections discuss how to design your network with the preceding criteria inmind:

Positioning Your SNMP Management Station

Using Probes

Monitoring Business-critical Networks

Using Telnet, Serial Line, and Modem Connections

Using Communications Servers

Setting Up Redundant Management

Other Tips on Network Design

Figure 8-6 shows an example of network management

Positioning Your SNMP Management Station

In a typical LAN, locate your management station directly off the backbone where it canconduct SNMP polling and manage network devices. The backbone is usually the optimumlocation for the management station because:

• The backbone is not subject to the failures of individual subnetworked routers orswitches.

• In a partial network outage, the information collected by a backbone managementstation is probably more accurate than from a station in a routed subnetwork.





• The backbone is usually protected with redundant power and technologies, likeFiber Distributed Data Interface (FDDI), that correct their own problems. Thisredundancy ensures that the backbone remains operational, even when other areasof the network are having problems.

• The backbone is typically faster and has a higher bandwidth than other areas of

your network, making it a more efficient location for a management station.

Make sure that the capacity of your backbone can accommodate the SNMP traffic that themanagement applications generate.

Figure 8-7 shows a management station that is set up at the network backbone andpolling network devices.

Although SNMP management from the backbone is a good way to keep track ofwhat is happening on your network, do not rely on it exclusively because SNMPmanagement occurs in-band (that is, SNMP traffic shares network bandwidth withdata traffic).

Network troubleshooting using SNMP can become a problem in these ways:

• Very heavy data traffic or a break in the network can make it difficult or impossiblefor the management station to poll a device.

• Traffic that SNMP polling adds to the network may contribute to networking problems.

Using Probes

To minimize the frequency of SNMP traffic on your network, set up one or more probes tocollect Remote Monitoring (RMON) data from the network devices. In the distributedmodel illustrated below, the management station uses SNMP polling to collect data from





the probes rather than from all the network devices. Distributing the management over thenetwork ensures you of some continued data collection even if you have network problems.

Note: Many management applications support data from MIBsother than the RMON MIBs. For this reason, even if you are usingRMON probes, some SNMP polling to individual devices from akey management station is always useful for a complete picture ofyour network.

Figure 8-2 shows management at the backbone with an attached probe

To extend your remote monitoring capabilities, use embedded RMON probes or rovinganalysis (monitoring one port for a period of time, moving on to another port for a while,and so on). However, with roving analysis, you cannot see a historical analysis of the ports because the probe is moving from one port to another.

Some probes, like 3Com's Enterprise Monitor, are designed to support the large number ofinterfaces that are found in switched environments. The probe's high port density supportsthis multi-segmented switched environment. You can also use the probe's interfaces tomonitor mirror (or copy) ports on the switch, which means that all data received andtransmitted on a port is also sent to the probe.

Probes do not indicate which port has caused an error. Only a managed hub (a hub or switchwith an onboard management module) can provide that level of detail. Probes and a hub'sown management module complement each other.





Monitoring Business-Critical Networks

On business-critical networks, you need to increase your level of management by dedicating probes to the essential areas of your network. For detailed network management, it is notenough to gather raw performance figures - you need to know, at the network andconversation level, what is generating the traffic and when it is being generated.

The three critical areas to monitor on this type of network are discussed in these sectionsand shown in the illustration below.

FDDI Backbone Monitoring

Internet WAN Link Monitoring

Switch Management Monitoring

Figure 8-8 shows probes monitoring a business-critical network

FDDI Backbone Monitoring

On the FDDI backbone, you need to continually monitor whether it is being overutilized,and, if so, by what type of traffic. By placing monitoring software with an FDDI media

module directly at the backbone, you can gather utilization and host matrix information. Inaddition, the probe provides a full range of FDDI performance statistics that a LANmonitoring program can record or that SNMP traps can report to the management station.

To ensure management access to the probe, provide a direct connection to the probe fromyour management station. You can use this connection to access probe data even if the ringis unusable and keeps management traffic off the main ring.





Internet WAN Link Monitor ing

The Internet link is a concern for dedicated network management because it:

• Represents an external cost to the company

• Requires budgeting

• Primary cause of network security problems

In a way that is similar to monitoring the FDDI backbone, some LAN monitoring programreports can indicate whether you are paying for too much bandwidth or whether you need to purchase more. Some can also indicate the level of use on a workgroup basis for internal billing and highlight the top sites that users visit. Similarly, you can monitor for unexpectedconversations and protocols.

You also need to know the error rates on this link and whether you are experiencingcongestion because of circumstances on the Internet provider's network.

Switch Management Monitoring

The third area of interest in this network is the large number of switch-to-end station links.When detailed analysis of these devices is required (for example, if one of the ports on thenetwork suddenly reports much higher traffic than normal), you need to track the source ofthe problem and decide whether you can optimize the traffic path. In this case, you need away to view the traffic on the switch port at a conversation level.

By placing a monitoring program in a central location, you can easily attach it to theswitches that have the most Ethernet ports as the need arises. By using the roving analysisfeature of many 3Com devices, you can copy data from a monitored port to the port on theswitch that is connected to this program. When a problem arises, roving analysis isactivated for a particular switch and these data are collected from the monitoring programs.These applications can then monitor the network data for the devices that are connected to

that switch.

Using Telnet, Serial Line, and Modem Connections

To minimize your dependency on SNMP management, set up a way to reach the console ofyour key networking devices. Through the console, you can often view Ethernet, FDDI, andATM statistics, view routing and bridging tables, and determine and modify deviceconfigurations.

Out-of-band (that is, management using a dedicated line to a device) console connectionsare also keys to network troubleshooting. If the network goes down, your consoleconnections are still available.

The types of console connections include:

Telnet - Out-of-band and in-band access using a network connection. For example,on 3Com's CoreBuilder 6000 switch, using Telnet you can access the managementconsole by using a dedicated Ethernet connection to the management module (out-of-band) and from any network attached to the device (in-band).





Serial line - Direct, out-of-band access using a terminal connection. This type ofconnection allows you to maintain your connections to a device if it reboots.

Modem - Remote, out-of-band access using a modem connection.

Figure 8-9 shows management of a device through the serial line and modem ports.

Sometimes, direct access to network devices through out-of-band management is the onlyway to examine a network problem. For example, if your network connections are down,you can Telnet to one of your key routers and examine its routing table. The routing table

lists the devices that the router can reach, allowing you to narrow the area of the problem.You can also Ping from this device to further investigate which areas of the network aredown.

Using Communications Servers

Although out-of-band management keeps you in contact with a particular device during anetwork problem, it does not inform you about all the areas of your network from a central point. You must access each device separately. To manage devices more centrally, you canset up a communications server (often called a comm server).





Figure 8-10 Out-of-band Management with a Communications Server

For optimal benefit, provide two management connections to the communication server:• Connect the comm server to the network (an in-band connection) so that you can

access the devices from anywhere on the network using reverse Telnet.

• Connect your management workstation directly to one of the serial ports of thecomm server (an out-of-band connection) so that you can access the devices whenthe network is down.

Setting a Redundant Management

To ensure that a management station can always access the backbone, set up a redundancysystem of management. In this setup, management applications (often different ones) run on

separate management workstations, which are connected to the backbone through separatenetwork devices or by using a network card.

This setup allows the management workstations to monitor each other and report any problems with their attached network devices. The redundancy system also provides a backup management connection to your network if one management station losesconnectivity.

Other Tips for Network Troubleshooting

• Configure the management station to run without any network connection - including NIS, NFS, and DNS lookups.

• Have more than one interface available on the management station, an arrangementcalled dual hosting. Connect vital probes to the second interface to create a privatemonitoring LAN (one without regular network traffic) on which network problems donot impair communication.

• Do not give the management station privileges on the network, such as the ability to login with no passwords. Hackers can easily spot management stations.





• Connect the management station to an uninterruptible power supply (UPS) to protectthe station from events that interrupt power, such as blackouts, power surges, and brownouts.

• Regularly back up the management station.

• Provide remote access through a modem to the management station so that you can

keep track of your network's activity remotely.

Identifying Your Network's Normal Behavior

By monitoring your network over a long period, you begin to understand its normal behavior. You begin to see a pattern in the traffic flow, such as which servers are typicallyaccessed, when peak usage times occur, and so on. If you are familiar with your networkwhen it is fully operational, you can be more effective at troubleshooting problems thatarise.

Baselining Your Network

You can use a baseline analysis, which is an important indicator of overall network health,to identify problems. A baseline can serve as a useful reference of network traffic duringnormal operation, which you can then compare to captured network traffic while youtroubleshoot network problems. A baseline analysis speeds the process of isolating network problems.

By running tests on a healthy network, you compile "normal" data to compare against theresults that you get when your network is in trouble. For example, Ping each node todiscover how long it typically takes you to receive a response from devices on yournetwork.

Identifying Background Noise

Know your network's background noise so that you can recognize "real" data flow. Forexample, one evening after everyone is gone, no backups are running, and most nodes areon, analyze the traffic on your network using a traffic monitoring application. The trafficthat you see is mostly broadcast and multicast packets. Any errors that you see are the result

of faulty devices (trace). This traffic is the background noise of your network - traffic

that occurs for little value. If background noise is high, redesign your network.

Verify ing Management Configurations

Verify that the following management configurations are correct:

IP Address

Gateway Address

Subnet Mask

SNMP Community Strings

SNMP Traps





How these parameters are configured can vary by device. For more information,see the manufacturer’s User Guide for each device.

Follow these steps:

1. Ping the device.

• If the device is accessible by Ping, then its IP address is valid and you may have a problem with the SNMP setup. Go to step 5.

• If the device is not accessible by Ping, then there is a problem with either the pathor the IP address.

2. To test the IP address, Telnet into the device using an out-of-band connection. If Telnetworks, then your IP address is working.

3. If Telnet does not work, connect to the device's console using a serial line connectionand ensure that your device's IP address setting is correct. If your management station ison a separate subnetwork, make sure that the gateway address and subnet mask are set

correctly.

4. Using a management application, perform an SNMP Get and an SNMP Set (try to

poll the device or change a configuration using management software).

5. If you cannot reach the device using SNMP, access the device's console and make surethat your SNMP community strings and traps are set correctly.

You can access the console using Telnet, a serial connection, or a Web managementinterface.

Prevention TipsThis section provides some prevention strategies you can apply:

Ask you management to decide on a downtime “comfort level”. The faster you want toget the network back up and running, the more money you need to spend in preparation.Downtime will stretch to several hours if you have some, but not all, available equipmentfor replacement.

Have your management decide which users must get back online first. In case of aserious network problem, you may be able to support only a few users.

Know your stock equipment. Make an inventory of all your network hardware and

software so you’ll know what to buy spare parts for and get updated drivers.

Expect everything and everyone to let you down. If you expect the worst, you’re prepared for anything. You’re also pleasantly surprised almost all the time, since the worstrarely happens.





Anything that can fail, will fail. Be prepared for any LAN component to fail, be stolen or be tampered with.

Know your LAN component profiles. On a server, failures are likely to occur (in order):disks, RAM, the power supply, or network adapters (NICs). The same applies to a client orworkstation, but only one user is unconvenienced.

Balance your network to eliminate as many single points of failure as possible. Manynetwork administrators spread every workgroup across two wiring concentrators, so onefailure won’t disable an entire department. You can also spread a group’s applicationsacross multiple servers.

Test your backup and restore software and hardware. Determine how long it takes tocompletely restore a volume with your backup hardware and software. You can’t easily bring a replacement hard disk online until the restored files are in place.

Duplicate system knowledge among the IT staff. If a person, even you, is the single pointof failure, take precautions. You do not want to come back from your honeymoon just toreplace a hard disk drive!

Your suppliers will let you down sometime, somehow. Support organizations have problems, too. Don’t assume that your suppliers can provide a replacement drive that theysupposedly “always” have. If you must have one without fail, have it on your shelf.

Find sources of information before you need them. Always check out your sources forupdates and participate in network-oriented bulletin board service and Internet newsgroups.The more you know, and the more places you can go for quick information, the better offyou are.

Document everything far more than you think necessary. Write down everything aboutyour network then fill in the blanks. Assume that someone else, your manager, for instance,needs to fill in your place when you’re away. Will your documentation provide your

manager with enough information? If some or all your information is stored electronically,reprint the information after every substantial change, and store the paper in a safe location.It’s hard to read electronic documentation from a dead server disk!

Keep valuable network information in a safe. Your password, some backup tapes, bootdisks, software licenses, proof of purchase forms, and copy of your network documentationshould be stored in a safe. Only network administrator and your manager should haveaccess to it.

Make your network as standardized as possible. Hardware and software consistency isnot the hobgoblin of small minds; it’s the savior of the harried administrator. Standardizedconfiguration and policy files make life easier. It may be impossible to keep themconsistent, but try. Find a good network interface card and stick with it. Make as few

Windows desktop arrangements as you can.

Make a detailed disaster recovery plan in case of a partial or a complete network

disaster and test your recovery plan. Companies with workable recovery plans stay in business after s disaster. Those without barely survive after a couple of years after thedisaster.





Put step-by-step instructions on the wall above every piece of configuration

equipment. Every server, gateway, or communications server should have a completeoperational outline above it. It should cover all the necessary steps for a computer novice totake the system down and/or bring the system back up.

Tips for Solving Problems Network problems can be both physical (cable) and virtual (protocols). When somethinggoes wrong, follow the hints:

What changed? When there’s a problem, 99 percent on the time, somebody changedsomething, somewhere. It’s common for workstation software to be pushed beyond itscapabilities or to be modified by new applications – even by network threats.

“When you hear hoofbeats, look for horses before you look for zebras.” Check thesimple things first. Is it (the device) plugged in the wall? Is the power on? Is the monitor brightness turned up? Is this the right cable? Is the cable plugged in on both ends? Is theconnection loose?

Isolate the problem. Does this problem happen with other machines? Does it happen withthe same username? Will this system work on a another network segment? Will the servertalk to another workstation? Can you ping the system having trouble?

Don’t change something that works. If you change a configuration parameter and thatdoesn’t fix the problem, change the parameter back to what it was. Perform a rollback,revert back to the original settings and so on. The same goes for a hardware. Use a knowngood device.

Check your typing. Typos in the configuration files will cause as much of a problem as thewrong command. Your software won’t function as it should if it includes \WINCOWSinstead of \WINDOWS.

Read the documentation. Equipment documentation may not be good enough, but it’s better than nothing. Print out the readme files from the installation disks and keep the printout with the manuals. It’s much easier for manufacturers to put critical manualmodifications in the readme file rather than in the manual.

Look for patches. Check your system applications’ website for files to update yourtroublesome hardware. Call the vendor of the third-party products for new drivers for yournetwork and system components.

Refer to previous issues log files. Keep a log of problems and solutions for your network.Even a new problem may be related to an old problem you’ve solved before.

Trust, but verify, everything a user tells you. People interpret the same events differentways. What is unnoticed by a user may be a crucial bit of information for you. If a user tellsyou a screen looks a certain way, take a look for yourself or ask for a screenshot.

Do things methodically, one by one. Don’t make a “brilliant” leap of deductive reasoning;that’s a high risk / high reward procedure.






Network troubleshooting means recognizing and diagnosing networking problems with the goalof keeping your network running optimally. As a network administrator, your primary concernis to maintain connectivity of all devices. You also continually evaluate and improve your

network's performance. These commonly used tools can also help you troubleshoot yournetwork: network software, such as Ping, Telnet, and FTP and TFTP; network monitoringdevices, such as Analyzers and Probes; and tools, such as Cable Testers, for working on physical problems.

Review Questions

1. A problem with unreliable packet delivery can be caused by a problem with the -

a) high utilization rates or high CPU usage

b) swapping equipment or reconfiguring segments

c) transmission media or with a router configuration

d) background noise of your network

2. If you have established an out-of-band Telnet connection with a device, what wouldhappen?

a) You cannot use Telnet to communicate with that device even if the network isavailable.

b) You can use Telnet to communicate with that device even if the network isunavailable.

c) You can use PING to communicate with that device even if the network isunavailable.

d) You can use PING to communicate with that device even if the network isavailable.





Appendix A: Answers to ReviewQuestions

Chapter 1 Review Answers

1) Networking hardware includes all computers, peripherals, interface cards and otherequipment needed. These hardware are needed to

a) To perform data-processing and communications within the network

b) To facilitate many types of games and entertainment

c) To provide a framework and technology foundation for designing, building andmanaging a communication network

d) None of the above.

2) This hardware component provides a link to the services or resources necessary to perform any task.

a) Printer

b) Server

c) Client

3) What is the purpose of network architecture?

a) To provide access to many files and printers while maintaining performance andsecurity for the user

b) To provide a framework and technology foundation for designing, building and

managing a communication networkc) To enable users to locate, store, and secure information on the network

d) To allow users to share any of their resources in any manner they choose

6. An advantage in networking that allows the administrators to more effectively managethe company's critical data is advantage on

a) Hardware and Software Management and Administration Costs

b) Network Hardware, Software and Setup Costs

c) Data Security and Management

5. It is a physical or logical location (a server, switch, router, etc) where one or more network

devices are connected

a) Single point of failure

b) Peer-to-peer network

c) Server-based environment



Appendix A: Answers to Review Questions



1. The specific physical, logical, or virtual, arrangement of the network components anddevices

a) Network Topology

b) Ring Topologyc) Bus Topology

d) Star Topology

2. A backbone is best described as

a) A cable break that can fail the entire network

b) A set of nodes and links connected together comprising a network, or the upperlayer protocols used in a network

c) The most important thing to understand about the bus topology

3. The Data Logical Link Layer Frame format

a) Transmits the data in the network

b) Listens to determine if another machine is using the network

c) Repeats what it hears from the previous station

d) Describes the format on how data is transmitted on any type of network

4. In this type of topology, the data is not broadcasted on the network but passed fromnode to node

a) Network Topology

b) Ring Topology

c) Bus Topologyd) Star Topology

5. In this type of topology, each server and workstation plugs into a central hub that provides connections to all other devices connected to the switch.

a) Network Topology

b) Ring Topology

c) Bus Topology

d) Star Topology


1. The cable that is easy to install and is less expensive than other types of networkingmedia.

a) UTP





b) STP

c) Fiber Optic

2. This cable combined the techniques of shielding, cancellation, and wire twisting

a) UTP

b) STP

c) Fiber Optic

3. Attenuation is the tendency of a signal to weaken as it travels over a cable. This cable isless subject to experiencing attenuation.

a) UTP

b) STP

c) Fiber Optic


1. The network devices contend for the network media in the CSMA/CD method. Thismeans that

a) Nodes estimate when a collision might occur and avoid transmission during that period.

b) When a device has data to send, it first listens to see if any other device is currentlyusing the network

c) The source node addresses the packet by using the broadcast address

d) The source node addresses the packet by using a multicast address

2. LAN extenders forward traffic from all the standard network layer protocols (such as

IP) and filter traffic based on –a) Packet

b) MAC address

c) Electrical connections

d) Cabling scheme

3. Why did Ethernet networks implement bridges?

a) To build a hierarchical wiring systems

b) To solve congestion problems due to increase of devices in the network

c) To combine fiber optic backbone and UTP cabling

d) To send a single packet to one or more nodes

4. An Ethernet connection standard that relies on twisted pair wiring (shielded orunshielded) to connect computers.

a) Ethernet 10Base2





b) Ethernet 10Base-T

c) Ethernet100Base-T

5. In the “5-4-3” rule, which statement is true?

a) Between any two nodes on the network, there can only be a maximum of 5

segments, connected through 4 repeaters, 3 of the segments may be populated(trunk) segments if they are made of coaxial cable.

b) Between any two nodes on the network, there can only be a maximum of 5repeaters, connected through 4 segments, 3 of the segments may be populated(trunk) segments if they are made of twisted-pair cable.

c) Between any two nodes on the network, there can only be a maximum of 5segments, connected through 4 repeaters, 3 of the segments may be populated(trunk) segments if they are made of twisted-pair cable.


1. This process of transmitting data repeats any signal that comes in on one port and copyit to all the other ports

a) Routing

b) Broadcasting

c) Multiplexing

d) Repeating

2. This device is used to extend the network when the total length of your network cableexceeds the standards set for the type of cable being used.

a) Router

b) Hub

c) Repeater

d) Brouter

3. This device connects a network to one or more other networks that are usually part of awide area network (WAN) and may offer a number of paths out to destinations on thosenetworks.

a) Router

b) Hub

c) Repeater

d) Brouter

4. Which of these examples do not belong to protocols used for unicast routing?

a) RIP





b) OSPF

c) TDP

d) BGP

5. Which among these statements is true?

a) Unicast routing removes packets from one host to another host using the unicastdestination IP address.

b) Unicast routing forwards packets from one host to another host using the multicastdestination IP address.

c) Multicast IP routing forwards packets from one host to multiple hosts using themulticast destination IP address.

d) Multicast IP routing forwards packets from one host to multiple hosts using theunicast destination IP address.


1. This layer in the OSI model is responsible for formatting data exchange. This is wherethe set of character are converted and the data is encrypted.

a) Application Layer

b) Transport Layer

c) Presentation Layer

d) Session Layer

2. This layer is responsible for providing node-to-node communication on a single, localnetwork.

a) Physical Layer

b) Data Link Layer

c) Session Layer

d) Application Layer

3. Which of the following statements is true?

a) FTP uses UDP to create and maintain a connection between source and destinationmachines and TFTP also uses UDP as a transport.

b) FTP uses TCP to create and maintain a connection between source and destinationmachines and TFTP uses TCP as a transport.

c) TFTP uses TCP to create and maintain a connection between source and destinationmachines while FTP uses UDP as a transport.





d) FTP uses TCP to create and maintain a connection between source and destinationmachines while TFTP uses UDP as a transport.

4. The most known protocol in the Network Layer is –

a) PPP

b) SLP

c) IP

d) TIP

5. Any protocol or device that operates on the physical layer deals with which concept ofthe network?

a) The biological concepts of the network

b) The logical concepts of the network

c) The physical concepts of the network

d) The contextual concepts of the network

Chapter 7 Review Questions

1. This is the primary transport protocol of the TCP/IP protocol suite

a) TCP

b) UDP

c) IP

d) STP

2. The TCP/IP protocol that provides for source and destination addressing is -

a) IP

b) TCP

c) UDP

d) All of the above

3. This TCP/IP utility is used to check the validity of a remote IP address.

a) PING

b) FTP

c) ARP

d) IPCONFIG





4. The dynamic Windows-based service used to resolve NetBIOS names into their IPaddresses is –

a) ICMP

b) DNS

c) WINS

d) DHCP

5. Which of the following does a router normally use when making a decision aboutrouting TCP/IP?

a) Destination MAC address

b) Source MAC address

c) Destination IP address

d) Source IP address

e) Destination MAC and IP address



Endnotes

Endnotes

basic networking trendmicro

Documents