4 - Network Fundamentals Flashcards
Benefits of layered network model approach
Easier troubleshooting
Standardizes networking architecture
Allows vendor interoperability
Each layer only communicates with peer layer
TCP/IP
Network model developed by DARPA and university volunteers
Became standard by late 90s
RFC
Request for Comment
Used to define standardized protocols
Network Model Layers
– OSI
– TCP/IP (old and new)
- OSI
1. Physical
2. Data Link
3. Network
4. Transport
5. Session
6. Presentation
7. Application - TCP/IP (Old)
1. Link
2. Internet
3. Transport
4. Application - TCP/IP (New)
1. Physical
2. Data Link
3. Network
4. Transport
5. Application
PDU
Generic term for unit of info transmitted within network model
Physical - Bits
Data Link - Frame
Network - Packet
Transport - Segment (TCP), Datagram (UDP)
Application - Data
Application Layer (TCP/IP)
- Purpose/Functions
- Example protocols
- Provide services to app software
- Defines how programs interface w/ transport layer
- Functions:
– ID’ing communication partners
– Determining resource availability
– Synchronizing communication
Examples: HTTP, DNS, DHCP, HTTPS, FTP, TFTP, Telnet, SSH, NTP, SNMP
DHCP
- Port
- Description
- Layer
- Min info obtained
- UDP Port 67 (client to server, broadcast) and 68 (server to client, unicast)
- Dynamically assign IP address, lease length, subnet mask, and default gateway (minimum) and DNS IP (optional)
- Uses “DORA” process
- Application Layer
DORA
- Discover, Offer, Request, Acknowledgement
- DHCP Client broadcasts to find DHCP server
- Server offers IP address/parameters
- Client accepts
- Server acknowledges acceptance and delivers lease info
DNS
– port
– layer
TCP/UDP Port 53
Application Layer
HTTP
TCP 80, 8008, 8080
Identified using URIs or URLs, used since 1990
Application Layer
HTTPS
– Port
– Info
– Layer
TCP 443
If NTP is not synchronized, cert signing can fail
Self-signed certificates provide confidentiality but do not confirm identity
Application Layer
FTP
– port
– layer
TCP 20 (Data) and 21 (Control)
Application Layer
TFTP
– Port
– Description
– Layer
- UDP 69
- Very basic FTP functionality
– Requires small amount of memory
– Can only read and write files from/to a remote server
– Cannot list directories
– No user authentication
– Typically used for storage/retrieval of Cisco switch config files - Application Layer
Telnet
– port
– layer
TCP 23
Sends username/PW in plaintext
Application Layer
SSH
– Port
– Layer
TCP 22
Application Layer
NTP
– Port
– Description
– Layer
UDP 123
Synchronize time down to a millisecond or fraction of a millisecond
Can use different methods such as radio and satellite
Application Layer
Transport Layer (TCP/IP)
– Description/functions
– Example protocols
Communication session management
Defines level of service and status of connection when transporting data
Examples: TCP and UDP
TCP (Protocol)
- Two functions:
– Flow control provided by sliding windows
– Reliability provided by sequence numbers and acknowledgements - Breaks messages into segments
TCP Segment Header
- Fields
Fields:
source port
destination port
sequence/acknowledgement numbers
control bits (SYN, ACK, FIN, etc.)
window size
TCP Window Size
Controls communication flow
sets # of messages transmitted before waiting for ack (ack # matches the seq number of the next segment to be sent)
Ex: Window size 1 - each segment must be acknowledged before another is sent
Can be changed to maximize bandwidth efficiency
UDP Header
64 bits long
Only includes Source port, Destination port, Length, and checksum
Socket
– Purpose
– 3 Parts
Used to track different concurrent network sessions
Includes IP address, TCP/UDP, and port number
Port number ranges
- Well-known: 0-1023
- User/Registered: 1024-49151
– Users connect to registered ports using ephemeral source ports - Dynamic/ephemeral: 49152-65535 (1025-5000 if older than win XP)
TCP/IP Layer Interaction
Adjacent layers work together on the same system
Same layers communicate with the same layer on a different system
Network Layer (TCP/IP)
Primary protocol is IP
Packages data into IP datagrams
Routes IP datagrams
Protocol Ex: IPv4/6, ARP, ICMP (ping)
Internet Protocol (IP)
Defines how data is sent from one computer to another on the internet
Messages divided into “packets”
IPv4 Packet Structure
Divides data segments (from Transport Layer) into packets
Encapsulated data called IP Payload
IPv4 Header
– Size
– Fields
Max size 60 bytes, min 20 bytes
Includes info such as as IP version, Internet header length (IHL), Differentiated Services Code Point (DSCP)(type of service), Total Length of entire IP packet, Identification number, Flags, Fragment Offset, TTL, Protocol, Header Checksum, Source Address, Destination Address, and Options
IPv6 Packet Structure
– Two parts
Two main parts: Header/header extensions and Payload
IPv6 Header
– 8 items
Fixed 40 byte length
Contains:
- Version (4 bit)
- Traffic class (8 bits describing packet’s priority)
- Flow Label (20-bits for QoS Management)
- Payload Length (16-bit)
- Next Header (describes next extension header or where payload begins)
- Hop Limit (8 bits, similar to TTL)
- Source Address (128 bits)
- Destination Address (128 Bits)
IPv6 Packet Contents
Two Parts:
Extension Header – move variable length fields from IPv4 headers into the packet, such as authentication extension header and encapsulating security payload extension header
Upper Layer Protocol Data Unit (Payload) – comes after final extension header
ARP
Map IP address to MAC address
Allows communication on Ethernet LAN
Layer 2 protocol
ICMP
Provides feedback about problems in the network
Usually formed from a normal IP packet that has generated an ICMP response
Uses the following defined messages:
- Destination Unreachable
- Time Exceeded
- Parameter Problem
- Subnet Mask Request
- Redirect
- Echo
- Echo Reply
- Timestamp
- Timestamp Reply
- Information Request
- Information Reply
- Address Request
- Address Reply
Data Link Layer (TCP/IP)
Handles MAC addressing
Detects errors that may occur in physical layer
Frame Check Sequence - receiver checks for frame transmission errors and discards frame if one occurs
Primary protocols: Ethernet (IEEE 802.3) and PPP, STP
MAC Address
- hardware’s physical address, tied to NIC
- Layer 2 address
- Can’t be changed but may be spoofed
- 48 bits in length
– First 6 hex digits (24 bits) = organizational unique identifier (OUI)
– Last 6 (24 bits) are interface serial number
Ethernet Frame Structure
IEEE 802.3 standard
Includes:
- Preamble – signals start of frame and enables sync
- Start Frame Delimiter (SFD) – Signifies that destination MAC starts next byte
- Destination MAC
- Source MAC
- Type – Defines protocol inside the frame (IPv4/6, etc.)
- Data and Pad – Payload Data (46 bytes)
- Frame Check Sequence (FCS) – 32-bit cyclic redundancy check (CRC) for detecting corrupted data
Spanning Tree Protocol (STP)
Prevents frame loops within a switched network
Physical Layer (TCP/IP)
Encodes a signal onto medium for transmission
IEEE 802.3 media types
Coax
Twisted Pair (UTP/STP)
Fiber Optic
Coax
Consists of center core, surrounded by dielectric insulator, metallic shield, and finally plastic jacket
Still used with cable modems
Twisted pair cabling
Unshielded:
Four color-coded pairs
Cat 3, 5, 5e, and 6
Common connectors: RJ-11 and RJ-45 (standard)
Can use straight-through (unlike) or crossover cables (like)
Shielded:
Additional metal shielding around each pair or collection of pairs to reduce EMI
Primarily used in data networks
Fiber Optic Cables
Two modes:
Single Mode (SMF)
Multi Mode (MMF)
Single Mode Fiber (SMF)
Transmits using laser and glass core
Higher bandwidth and greater cable distance
Multi-Mode Fiber (MMF)
Transmits using LED
Larger core, typically plastic
Signal bounces off reflective surfaces and Light travels different distances depending on entry angle (modal dispersion)
Cheaper than SMF
Encapsulation/De-encapsulation
Adding headers/trailers around data, and removing headers to process data inside
IEEE
Institute of Electrical and Electronics Engineers
Non-Profit
Several categories:
802.1X - Authentication
802.3 - Ethernet
802.11 - Wireless
802.15 - WPAN
802.15.1 - Bluetooth
802.16 - WMAN
802.1x
Authentication
Port-based Network Access Control
Authentication mechanism for connecting to LAN/WLAN
Provides protection for other types of authentication such as remote access and VPN
802.3
Ethernet
Xerox, 1983, 802.3 CSMA/CD
Standards for physically connected networks
1980s - Ethernet (10Mbps) - Copper
1990s - Fast Ethernet (100Mbps) and 1000BASE-T (1 Gbps) - Copper
2018 - 200GBASE-X (200Gbps) - Fiber
CSMA/CD
Rules governing communication over Ethernet
- Carrier - Network signal
- Sense - Ability to detect
- Multiple Access - Equal access for all devices
- Collision - What happens when devices send at once
- Detection - How computers handle collisions
Devices wait until line is free, but when collision does occur, each device waits a random time then retransmits
10BASE2/5
“Thinnet”/”Thicknet”
Coax
One problem affects whole LAN
Uses physical bus (vampire taps) or logical bus (Hub)
Hub (topology)
One device talks at a time
1 collision/broadcast domain
10BASE-T
Twisted Pair Ethernet
UTP cabling
One problem does NOT affect whole LAN
star topology w/ bridge or switch
Bridge
2-4 interfaces
separate collision domain for each interface
adds bandwidth (half duplex)
Uses SOFTWARE to forward/filter frames (slower)
Switch
- 24-48 interfaces
- Separate collision domain for each interface
- Adds bandwidth (full duplex)
- Uses HARDWARE to forward/filter frames (faster)
- Learns MAC addresses:
– Listens to frames
– Source MAC and interface added to CAM table - Primary function - forward/filter frames based on CAM tables
- Inactive MACs removed (300 secs default) to make room for new ones
- Uses STP and places ports in forward or block state to prevent layer 2 (frame) loops
Switching logic
Unicast - ID single LAN interface card
Broadcast - all devices (FFFF.FFFF.FFFF) (switch does not learn addresses)
Multicast - dynamic subset of devices (switch does not learn addresses)
Switch forward/filter decision
Switch receives frame
If MAC destination is in table, forward to that interface. Otherwise, flood to all interfaces (ARP)
Collision Domain
Domain in which frame sent by one NIC could result in a collision with a frame from another NIC
One physical segment (shared medium)
Layer 2 devices separate collision domains by each interface
Layer 1 devices like hubs do not separate collision domains regardless of interfaces used
Broadcast Domain
Domain in which broadcast frame sent by one NIC is received by all other NICs
Routers ignore broadcasts
LAN design considerations
Total devices per collision domain
Broadcasts
Segment large LAN w/ routers to reduce bandwidth consumption from broadcasts
Break up collision domains with layer 2 devices.
Break up broadcast domains with layer 3 devices.
802.11
Wireless
MAC and physical specifications for implementing Wireless LAN (WLAN)
Wireless Specifications
802.11a - 11 Mbps
802.11b - 54 Mbps
802.11g - 54 Mbps
802.11n - 450 Mbps
802.11ac - 1 Gbps
IPv4 Classes
Class A - Internet hosts - 0-127
Class B - Internet hosts - 128-191
Class C - Internet hosts - 192-223
Class D - Internet multicasts - 224-239
Class E - Used experimentally - 240-255
Private IPv4 Ranges
Non-routable on public networks/internet
10.0.0/8
172.16-31.0.0/12
192.168.0.0/16
Special IPv4 addresses
127.0.0.1/8 - Loopback
THIS computer
Tests TCP/IP software but NOT the NIC
169.254.0.00/16 - Auto assigned private IP address
Allows LAN communication when no DHCP server can be reached/exists
IPv4 Ethernet Addressing
– “cast” options
Unicast - One sends to one
Multicast - One sends to many - Network copies data and delivers to each destination
Broadcast - One sends to all destinations on network - network copies data and sends to all destinations on network
IPv6 Benefits
More IP addresses
Better security
Optional NAT
Simpler header format
More efficient routing
Easier admin
Special IPv6 addresses
::1 - loopback
::/128 - unspecified
FE80::/10 - link local
FC00::/8 or FD00::/8 - Unique local
2000::/3 - global unicast
FF00::/8 - multicast
Types of IPv6 addresses
Global Unicast - globally routable
Unique Local - Private IP, routable in private network
Link Local - Routable within broadcast domain
IPv6 Addressing
–“Cast” options
- Unicast - Single Interface, similar to IPv4
- Multicast - Replaces IPv4 Broadcast - Packets delivered to every interface in a group
- Anycast - Typically used to locate nearest specific server, such as DNS/DHCP - Single address assigned to multiple nodes
Hub (network device)
Connects computers in a star topology
Transmits to every attached line in half-duplex (one signal can be sent OR received at a time)
Operates at Layer 1, not a smart device
Repeater
Used to regenerate/boost signals farther than max range (100m for twisted pair, for example)
Operate at Layer 1
Modem
Modulator-Demodulator
Converts carrier signal between analog and digital mode
Operates at Layer 1
Media Converter
– Description
– Layer
Allows connection/interoperability between dissimilar media types (such as UTP and fiber)
Operates at Layer 1
NIC
Implements electronics allowing physical and data link layer connections to a network
Often built into motherboard, but can be standalone card
Bridge
– Description
– Layer
Works at Layer 2 OSI
Reduces traffic on LAN by dividing it into two collision domains
Basic Switch
Operates mostly at Layer 2 OSI
Each port is a collision domain
WAP (Wireless Access Point)
Operates at Layer 2 OSI
Allows wireless devices to connect to wired network using Wi-Fi
Access Point usually connects to router but can be integrated into router itself
Basic Router
Operates at Layer 3 OSI
Connects two or more networks by forwarding packets between them
Uses routing table to select best path
Breaks up broadcast domains
Basic Firewall
Operates at Layer 3 and 4 OSI
Monitor and control in and out network traffic
Uses set of predefined rules to create barrier between trusted/untrusted connections/devices
OSI Layer 1
– Name
– PDU
– Devices
– TCP/IP Equivalent
Physical
PDU: Bit
Devices: Hub, Modem, Repeater, Cables, Media Converters, and NIC
TCP/IP equivalent: Link (old) or Physical (new)
OSI Layer 2
– name
– PDU
– Devices
– TCP/IP equivalent
– Header/trailer fields
Data Link
PDU: Frame
Devices: Switch, Bridge, WAP, NIC
TCP/IP Equivalent: Link (old) or Data Link (new)
Header/Trailer Fields: Preamble, SFD, Dest/source MAC, Type, FCS
OSI Layer 3
– name
– PDU
– Devices
– Protocols
– TCP/IP equivalent
– Header/trailer fields
Network
PDU: Packet, IP Datagram
Devices: Router, Multilayer Switch, Firewall
Protocols: IP, ARP, ICMP, IPv4/6
TCP/IP Equivalent: Internet (Old), Network (New)
Header/Trailer Fields: IHL, TTL, Source/Dest IP
OSI Layer 4
- Layer name
- PDU
- Devices
- Protocols
- TCP/IP Equivalent
- Header/trailer fields
Transport
PDU: Segment (TCP), Datagram (UDP)
Devices: Firewall
Protocols: TCP, UDP
TCP/IP Equivalent: Transport (Both)
Header/Trailer Fields: Source/Dest port, Window size, Control bits (Syn/Ack, etc.)
OSI Layer 5, 6, and 7
– Names
– PDU
– Devices
– Protocols
– TCP/IP Equivalent
Session, Presentation, Application
PDU: Data
Devices: Clients, Servers, Application Layer security appliances
Protocols: HTTP/S, POP3, SMTP, DNS, FTP, Telnet, SSH (all for application layer)
TCP/IP Equivalent: Application (Both)
Bus Topology
Every station shares the media and can see all traffic
One failure affects all nodes
Think straight line
Ring Topology
Can be bidirectional or unidirectional
If unidirectional, second link is necessary for redundancy
Each host connected to two other hosts, in a ring shape
Star Topology
One central device connects to several others, typically with a hub or switch
Switch = physical star & logical star
Hub = physical star & logical bus
Physical star
all nodes physically connected to central device
Logical star
All nodes in separate collision domains
Logical bus
All nodes in same collision domain
Mesh Topology
Each device is connected to every other device in network
Extremely reliable and provides redundancy
High admin overhead and requires exponential cabling
Hybrid Topology
Combination of two or more network topologies
Flexible, reliable, increased fault tolerance, easy to add new nodes, easy to diagnose
Difficult to manage and expensive
Circuit switched networks
Dedicated path between nodes, such as in telephone network
Data sent as stream of bits through sequence of predetermined links in network
Delivery guaranteed
Each data unit knows entire path address provided by source
Resource reservation due to fixed path
Packet Switched Networks
Routers determine addressing
Processes digital signals and routes through multiple pathways
Delivery not guaranteed
Each data unit knows only the final destination, intermediate path is determined by routers
No resource reservation due to shared bandwidth
Virtual Circuit
Process of providing connection-oriented service between hosts over packet-switched network (e.g. TCP)
Essentially, emulates circuit-switched process over packet-switched network
Guaranteed Delivery
DSCP
mechanism for classifying/prioritizing network traffic on IP networks. part of IPv4 Header
