Chapter 1: Networking Protocols Flashcards
What are the four layers of the TCP/IP model?
- Application
- Transport
- Internet (Networking)
- Link
What are the two layers of the Link layer?
- Data Link
- Physical
Link Layer
- provides physical transmission support and includes the protocols used to transmit information over a link between two devices
- frames
- includes hardware and protocol necessary to send information between two hosts that are connected by a physical link (cable) or over the air (radio waves)
- Most popular protocol is Ethernet
Internet Layer
- aka Networking
- provides networking services and includes protocols that allow for the transmission of information through multiple hops
- each “hop device” knows how to reach the destination IP address and transmit the information to the next best node to reach the destination
- Packets
Routing Protocol
- the way each node (router) determines the best next node to the destination
Transport Layer
- when transmitting information, the sending host knows when the information is sent, but has no way to know whether it actually made it to the destination
- so, Transport Layer provides services to successfully transfer information between two end-to-end process
- detects whether any information went missing
- provides information about which type of information is being transmitted
- Segments
How does the Transport Layer distinguish between separate transactions, such as requesting a web page and starting an FTP transaction?
- the Transport Layer helps to separate the two requests by using the concept of a Transport Layer PORT
- port 80 for web request
- port 21 for an FTP transaction
- this service is called MULTIPLEXING
Application Layer
- top layer and most familiar to end users
- ## a user may use the mail client to send an email message (SMTP), or use a web browser to browse a website (HTTP)
TCP/IP Model Encapsulation
- each layer provides services for the level above it
- protocols at each layer include a protocol header
- the header includes enough information for the protocol to work toward the delivery of the information
- this process is called ENCAPSULATION
DNS Resolution
Step 1: Host A sends a recursive DNS query for a type A record to resolve www.cisco.com to its own DNS server (DNS A)
Step 2: DNS A server checks its DNS cache, but does not find the information. So, it sends an iterative DNS query to the root DNS server, which is authoritative for all of the Internet
Step 3: The root DNS server is not authoritative for that host, so it sends back a referral to the .com DNS server, which is authoritative server for the .com domain.
Step 4: The .com DNS server performs a similar process and sends a referral to the cisco.com DNS server
Step 5: The cisco.com DNS server is the DNS authoritative server for www.cisco.com so it can reply to DNS A with the information
Step 6: DNS A receives the information and stores it in its DNS cache for future use.
Step 7: Host A receives the information from DNS A and can start sending packets to www.cisco.com using the correct IP address.
How long does a DNS server store information in its cache?
- finite time based on the TTL value in the response from the authoritative DNS server for a given doamin
TCP
- Transmission Control Protocol
- reliable, connection-oriented protocol for communicating over the Internet
- Connection-oriented means that TCP requires a connection between two hosts established through a specific packet exchange before any data packets can be sent
- —-Services provided——
- multiplexing
- connection establishment and termination
- reliability (error detection and recovery)
- flow control
Why not use TCP for all applications?
- the reliability offered by TCP is done at the cost of lower speed and the need for increased bandwidth
Multiplexing
- allows multiple transport layer connections between the same hosts
- sockets are used to distinguish to which application a connection belongs
Connection Establishment and Termination
- a connection is established before data is sent
- this ensures that the other host is ready to receive data
- the connection is also terminated through a formal data exchange
Reliability
- data lost due to error or from the underlying datagram can be recovered by asking the remote device to send the information again
Flow Control
- TCP uses a windowing system to adjust the speed of transmission
TCP Header Fields
- Source and Destination Ports
- Sequence Number
- Acknowledgment Number
- Control Flags
- Window
- Urgent Pointer
TCP Flags
- URG
- ACK
- PSH
- RST
- SYN
ACK
- Acknowledgement flag
- Set to 1 after the connection has been established
PSH
- Push flag
- signifies that the data should be pushed directly to an application
RST
- Reset flag
- Resets the connection
SYN
- Synchronization
- sequence numbers
- relevant for connection establishment
- should only be set within the first packets from both of the hosts
FIN
- this flag signifies that there is no more data from sender
Window
- this field indicates the number of data bytes the sender of the segment is able to receive
- this field enables flow control
TCP Three-way Handshake
- First Packet (SYN): the client starts process of establishing a connection by sending a TCP segment that has the SYN bit set to 1. The client sends its initial sequence number X (random number chosen by client)
- Second Packet (SYN-ACK): the server responds with a SYN-ACK packet where it sends its own request for synchronization and its initial sequence number Y. Within the same packet, the server also sends the acknowledgment number X+1 (acknowledging the receipt of a packet with sequence number X, and requesting the next packet with sequence number X+1)
- Third Packet (ACK): the client responds with a final acknowledgment, requesting the next packet with the sequence number Y+1
What is the purpose of SYN from sender
- signals to the peer that it wants to synchronize the sequence numbers and establish the connection
- the client also sends its initial sequence number, which is random number chosen by the client
What are the steps of TCP/IP Model Encapsulation for a host requesting a web page using HTTP?
- Host requests a web page using the HTTP application layer protocol. The HTTP application generates the DATA payload.
- HTTP DATA payload send to the transport layer and a TCP header is created. The DATA payload and TCP header result in the TCP segment.
- The Internet layer receives the TCP information, attaches an IP header, and encapsulates it in an IP Packet.
- The IP packet is passed to the Data Link layer. An Ethernet header and trailer, and then transmits the Frame to the NIC, which will take care of the physical transmission of the frame.
IEEE 802.2
- Standard for LLC (Logical Link Control)
IEEE 802.3
- Standard for Ethernet Medium Access Control (MAC)
LLC
- Logical Link Control
- Initially used to allow several types of Layer 3 protocols to work with the MAC
- However, LLC is seldom used now because IP can be directly encapsulated using MAC.
What is the nomenclauture format for Ethernet Physical Layer standards?
- sTYPE-M
- s = speed
- TYPE = the modulation type (example, BASE = baseband)
- M = medium (example, T = twisted pair, F = fiber, L = long wavelength, X = external sourced coding)
100BASE-T
- standard = 802.3 (Ethernet)
- speed = 10 Mbps
- media = twisted pair (copper)
- distance = 100 m
100BASE-T
- standard = 802.3u (FastEthernet)
- speed = 100 Mbps
- media = twisted pair (copper)
- distance = 100 m
1000BASE-T
- standard = 802.3ab (GigaEthernet)
- speed = 1000 Mbps
- media = twisted pair (copper)
- distance = 100 m
1000BASE-LX
- standard = 802.3z (GigaEthernet)
- speed = 1000 Mbps
- media = Long wavelength (single-mode fiber)
- distance = 5 km
10GBASE-T
- standard = 802.3an (Gigabit Ethernet)
- speed = 10 GBps
- media = twisted pair (copper)
- distance = 100 m
What is the speed of Ethernet?
- 10 Mbps
What is the speed of FastEthernet?
- 100 Mbps
What is the speed of GigaEthernet?
- 1000 Mbps
What are the two modes of medium access with Ethernet MAC?
- half duplex
- full duplex
Half Duplex
- two Ethernet devices share a common transmission medium
- access is controlled by Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
- if a collision occurs, stations delay transmission set by the “backoff time”
- half duplex is rarely seen today
Full duplex
- two Ethernet devices can share simultaneously because there is a dedicated channel for the transmission
- no need to detect collisions or waiting before transmitting
- “collision free” medium access
What is an example of a device that uses Full Duplex?
- Switch
- provides a collision-free domain and dedicated transmission channel
What are the components of an Ethernet frame?
- Preamble
- Start Frame Delimiter
- Destination Address
- Source Address
- Length/Type
- MAC Client Data and Pad
- Frame Check Sequence
Preamble
- used for the two stations for synchronization purposes
SFD
- Start Frame Delimiter
- Indicates the start of the Ethernet frame
- Always set to 10101011
MAC Client Data and Pad
- contains information being encapsulated at the Ethernet layer
- Minimum length is 46 bytes
- Maximum length depends on the type of Ethernet Frame:
- Basic frames (most common) = 1500 bytes
- Q-tagged frames = 1504 bytes
- Envelope frames = 1982
FCS
- Frame Check Sequence
- used by the receiving device to check for errors in transmission
- called the “Ethernet Trailer”
What are the three types of MAC addresses?
- broadcast
- multicast
- unicast
Broadcast MAC address
- obtained by setting all 1s in the MAC address field
- the result is an address like FFFF.FFFF.FFFF
- a frame with a broadcast destination address is transmitted to all the devices within a LAN
Multicast MAC address
- transmitted to all frames belonging to a specific group
Unicast MAC address
- associated with a particular device’s NIC or port
- composed of two sections:
- first 24 bits = OUI (Organizational Unique Identifier)
- second 24 bits = Vendor assigned
Broadcast Storm
- when a frame loops between switches indefinitely, causing degradation of the network performance due to the useless forwarding of frames
- prevented by using STP (Spanning Tree Protocols)
STP
- Spanning Tree Protocols
- used to avoid layer 2 loops
- this is done by allowing traffic on certain ports and blocking it on others
- if the topology changes, (i.e. a link fails) STP will recalculate the new logical topology (aka “reconverge”) and unblock certain ports to adapt to the new topology
Reconvergence
- When STP detects a change in topology (i.e. a link failure) and recalculate the new logical topology to unblock certain ports in order to adapt to the new topology
STA
- Spanning Tree Algorithm used by STP to create a tree-like, loop-free logical topology
BID
- Bridge ID
- 8-byte ID that is independently calculated on each switch
- the first 2-bytes contain the priority
- the remaining 6-bytes include the MAC address of the switch
Root Switch
- represents the root of the spanning tree
- determined through “root election”
- the root switch BID is called the “root BID”
Port Cost
- numerical value associated to each spanning tree port
- usually this value depends on the speed of the port
- the higher the speed the lower the cost