lesson 3
lesson 4
lesson 5
lesson 6
lesson 7
lesson 8
lesson 9
lesson 10
lesson 11
network communications protocol
allows two or more devices to communicate over one or more networks.
examples include ip, tcp, http
network security protocols
secures data to provide authentication, integrity, and encryption
examples include ssh, ssl, tsl
routing protocols
allows routers to exchange route information, compare it, and select the quickest option availible
examples include ospf, bgp
service discovery protocol
used for the automatic detection of devices or services
examples include dhcp, dns
network protocol suite
a group of inter related protocols necessary to perform a communication function
open standard protocol suite
freely available, can be used by any vendor on their hardware
standards based protocol suite
endorsed by the networking industry, and approved by a standards organization. insures that products from different origin can interoperate
4 - application: represents data to users, plus encoding and dialog control
3 - transport: supports communication between various devices across diverse networks
2 - internet: determines the best path through the network
1 - network access: controls the hardware devices and media that make up the network
(// means subcategory, //// means item in said subcategory)
application layer
// name system
////DNS [domain name system]
*
// host config
//// dhcpv4
//// dhcpv6
//// slaac
*
//// smtp
//// pop3
//// imap
*
// file transfer
//// ftp [file transfer protocol]
//// sftp
//// tftp
*
// web and web service
//// http
//// https
//// rest
transport layer
// connection
//// tcp
*
// connectionless
//// udp
internet layer
// internet protocol
//// ipv4
//// ipv6
//// nat
*
// messaging
//// icmpv4
//// icmpv6
//// icmpv6 nd
*
// routing protocols
//// ospf
//// eigrp
//// bgp
network access layer
// address resolution
//// arp
*
// data link protocols
//// ethernet
//// wlan
application -> transport -> internet -> network access
content layer -> rules layer -> physical layer
computer receiving: ethernet -> ip -> tcp -> data
computer encapsulating: data -> tcp -> ip -> ethernet
7 - application: contains protocols used for process-to-process communications
6 - presentation: provides representaions of data being transferred between the application layer
5 - session: provides services to the presentation layer to organize its data exchange
4 - transport: defines services to segment, transfer, and reassemble data between end devices
3 - network: exchanges individual pieces of data over the network between end devices
2 - data link: describes methods for exchanging data frames between devices over a common media
1 - physical: decribes the mechanical, electrical, functional, and procedural means to activate, maintain, and de-activate physical connections for a bit transmission to and from a network device
there are two parts to an ip address: the network and host portion
network portion[prefix]: the left most part of the address. indicates what network the device is on. all devices on the same network have the same network portion,
host portion[interface id]: remaining part of the address. identifies a specific device on the network. this portion is unique to each device.
example: 123.456.7.890
123.456.7. is the network portion
890 is the host portion
subnet mask divides the 2
mac versus ip
mac: identifies devices locally
ip: identifies devices globally
enable secret: gives extra security to enable password
enable password: priv exec mode, global ect
the physical layer sits at the bottom of the osi stack, and is the primary foundation of the network.
describes the purpose and functions of the physical layer in the network!!
a physical connection can be wired or wireless using radiowaves!! very cool
while wired connections are connected with real cables, devices on a wireless network must be connected to a wireless AP [access point] or router
NICs [network interface cards [a physical chip in the device]] connect a device to the network. ethernet NICs are used for wired connections, and wlan NICs are used for wireless. an end device may have one or both of these.
the osi physical layer allows the bits that make up the data link layer frame to be transported across the network media [wires or air]
this layer takes a complete frame from the data link layer and encodes it as a series [not all at once!!] of signals that are sent to the local media [wires or air]
PDU: protocol data unit; a basic unit of communication between devices, holds all those headers. ex, frames, packets
segments: split up data; the first step of packaging
packets: add addresses for routing; the second step
frames: prepare data for physical transmission; the final step
describes characteristics of the physical layer woah
the physical layer consists of electronic circuits, media [wires and air], and connectors. all of these components must met certain standards.
the physical layer standards address physical components, encoding, and signalling
physical components are the electronic hardware, media [wires or air], and other connectors that send bit-representing signals
components like nics, interfaces, connectors, cable materials, and cable designs all must meet these standards
encoding [or line encoding] is a method of converting data bits into a predefined 'code'. these codes are groups of bits used to make a predictable pattern that can be read by both the sending device and the recieving device
simply, its a method used to represent digital information, like how variables represent data in javascript [to natalia: i know you dont know javascript so this will go right over your head lolol]
ex. manchester encoding [used by older ethernet standards] == high to low voltage equals a 0, while low to high equals a 1
the physical layer has to make the signals [electrical, optical, wireless] that represent the 1/0 binary on the media [wires or air]
the way that the bits are represented is called the signaling method. the layer's standards must tell what kind of signal means a 1 and what means a 0. think morse code
data transfer is mostly discussed in terms of bandwidth
bandwidth is the capacity at which a medium can carry data [simply how mush data from a can get to b in a certain amount of time]
typically measured in kbps, mbps, or gbps. remember, the 'b' stands for bits, not bytes
a single bit is a boolean value [0/1]. a byte is 8 bits.
what can determine the bandwidth of a network you may ask?
* properties of the physical media [the connection [wires or air]]
* the systems that signal and detect network signals
* the law of physics
what measures good bandwidth? latency, thoughtput, and goodput of course!!!!!!!
latency means the amount of time [+ delays] that it takes for data to travel from a to b
thoughtput means the number of bits transferred over a given period of time
* thoughtput can be pretty fast, but never faster than the slowest link in the transfer path
however, due to a few factors, thoughtput mostly never matches the specified bandwidth given. its usually lower than bandwidth sadly
* amount of traffic, type of traffic, latency [wait time] created by amount of devices between a and b
goodput means the amount of usable data transferred over a certain amount of time
it's pretty much thoughtput minus the traffic of many steps like encapsulation and transmitted bits
from highest to lowest, [bandwidth] > [thoughtput] > [goodput]
cabling of the copper ooh
copper cables are the most common network cable. they are cheap, easy to install, and have low resistance to electrical currents
however, it is limited by distance and signal interference
data is transmitted through these cables as electrical pulses. a detector [in the network interface] of a destionation device has to recieve a signal that can be decoded to match the sent signal
however, the farther the signal travels, the more it deteriorates. [this is called signal attenuation]
because of this, all copper wiring must follow strict distance limitations
interference in timing and voltage values is also possible from two other sources:
* electromagnetic interference [EMI]: can distort and corrupt the data signals being sent due to radio waves and electromagnetic devices, such as lights or motors
* radio frequency interference [RFI]: same as emi
* crosstalk: a disturbance caused by the electric or magnetic fields of data on one wire to an ajacent wire. in telephone circuits, if this happens, you can hear the other signal's conversation. when a current flows through the wire, it creates a small circular magnetic field around itself, which can be picked up by other wires
* to counter emi and rfi, some kinds of wires are wrapped in a metallic shielding and need to be grounded
* to counter crosstalk, some kinds of wires have opposing circuit wire pairs twisted together, which prevents the crosstalk
you can also decrease the risk of electric noise by choosing the right cable type, designing the cable infrastructure to avoid known interference in a building's structure, and using the right cabling techniques such as correct handling and termination
there are 3 kinds of copper cabling!!!!!!!!!
utp is the most common networking media!
utp, terminated with rj-45 connectors, is used for interconnecting network hosts with devices like switches and routers
termination: connecting the cable to a device
in lans, utp cables have 4 pairs of color-coded wires that are twisted together and encased in a flexible plastic sheath that protects from damage a little bit. [the wire twisting helps protect against crosstalk]
the color coding identifies the individual pairs and wires and helps with termination
stp provide better noise protection than the above utp. however, stp is much more pricy and harder to install
like utp, stp also use rj-45 connectors
stp combine the shielding techniques to counter emi and rfi, and have wiretwisting to fight against crosstalk
shielding: the shit on the outside of the cable
to use the shielding to its full extent, stp cables are terminated with special shielded stp data connectors
if the cable isnt grounded properly, the shield might make like an antenna and pickup unwanted signals
nicknamed coax, this cable gets its name from its two connectors that share the same axis
they consist of the following:
* a copper conductor where the signals flow [the main cabling in the center]
* a layer of flexible plastic insulation that goes around the copper conductor
* the insulation is surrounded by a woven copper braid, or a metallic foil, that acts as the second wire in the ciruit or as a shield for the conductor
* a cable jacket to protect a bit against physical damage
theres lots of different kinds of connectors used with coax cables; bnc, n type, and f type for example
while utp has replaced coax in most situations, coax is still used in wireless and cable internet installations
more unshielded twisted pair cables!!! couldnt be happier
utp does not use shielding to prevent crosstalk, but it does use 2 other methods:
* cancellation: wires are paired while in a circuit, which causes their magnetic fields to oppose eachothers chargewise, cancelling out crosstalk
* varying twist numbers per wire pair: the number of twists in each wire pair is varied. each colored pair is twisted a different amount of times
utp cabling must conform to stanrdards given by the tia/eia
there are 8 different categories of copper cabling. the higher the category, the better the ability to carry higher bandwidth rates
category 5e is currently considered the minimum, whereas category 6 is the current recommended type for new installations
male components are the plugs, while female components are the sockets
situations may require utp cables to be wired differently. this means that the wires must be connected in different orders to different sets of pins in the rj-45
the two main cable types:
* ethernet straight-through: the most common type, is used to interconnect a host to a switch and a switch to a router
* ethernet crossover: a cable used to interconnect similar devices, like a switch to a switch or a router to a router. these are considered legacy nowadays
[* rollover cable: used to connect a cisco workstation to a router or switch]
the most common connectivity error is using one of these cables incorrectly, so device connections should always be checked
CABLE TYPE | STANDARD | APPLICATION |
---|---|---|
ethernet straight-through | both ends either t568a or t568b | connects a network host to a network device like a switch |
ethernet crossover | one end t568a one end t568b | connects 2 network hosts or 2 network devices |
rollover | cisco proprietary | connects a workstation to a router via adapter |
delicious
is better than copper cables, but is very pricy!!
these cool wires can transmit data over longer distances and at faster bandwidth, and are immune to emi and rfi
optical fiber is actually an very very very thin piece of flexible glass, used to send bits encoded as light pulses
2 kinds!! single mode fiber [SMF] and multimode fiber [MMF]
single mode fiber produces a single straight path for the light, whereas multimode allows multiple paths for the light
however, mmf has more dispersion than smf, so it can only travel up to 500 meters before signal loss
dispersion: how far the light can spread out in the wire
fiber optic cabling is used in 4 kinds of industries!!
* enterprise networks: used for backbone cabling and interconnecting infrastructure devices
* fiber to the home [FTTH]: used for always-on broadband services to homes and small buisnesses
* long haul networks: used by service providers to connect far away places to eachother
* submarine cable networks: used for high speed, high capacity connections capable of surviving underwater
a connector terminates the end of a fiber optic. there's many kinds avaliable, but the only differences are size and wiring
some kinds include:
* straight tip [st]: twist on / twist off type locking
* subscriber connector [sc]: also called square connectors. uses push pull locking
* lucent connector [lc] simplex: smaller sc connector. also called little or local connectors
* duplex multimode lc: a duplex version of an lc
fiber patch cords are required for interconnecting infrastructure devices
yellow cord means it's a single mode, and orange/aqua mean it's a multimode
fiber is primarily used as a backbone for high traffic, point to point connections. it is also used for interconnection of buildings in multi-building campuses
wireless media carries electromagentic signals that represent bits using radio or micro waves
wireless media provides the best mobility out of all media!!
however limitations are present;
* coverage area: building materials and terrain [like mountains] can limit coverage
* interference: wireless media can be easily disrupted by common devices, like cordless phones
* security: any knowledgeable unauthorized user can gain access to any transmission made [hackermode!!!]
* shared medium: wlans [wi-fis] operate in half duplex, meaning only one device can send or receive at a time. many users using the wlan may experience slower bandwidth
wireless standards set by the ieee include:
* wifi [ieee 802.11]: uses a condition based protocol called 'carrier sense multiple access / collision avoidance' [CSMA/CA], meaning that if one nic is transmitting, other nics must wait until it is finished.
* bluetooth [ieee 802.15]: aka a wireless personal area network [WPAN]. range from 1-100 meters
* wimax [ieee 802.16]: stands for mr worldwide interoperability for microwave access. uses point to multipoint topology to provide broadband access
* zigbee [ieee 802.15.4]: used for low data rate and low power communications. used for things that need short range, low data and long battery life [my nokia phone versus like an iphone 18]
wlan requires 2 network devices [another list!!! ohemgee]
* wireless access point [ap not wap sadly thad be really funnie]: concentrates wireless signals and connects to copper-based network infrastructure. integrates the function of a router, switch, and ap into a single fingle
* wireless nic adapters: provides wireless communication capability to network hosts
we will be learning about binary and hexidecimals here!!!
ipv4 addresses are shown in binary
most network administrators convert these to decimal, because it is easier to read
addresses contain a string of 32 bits, devided into 4 sections called octets. each octet contains a byte seperated with a dot
decimal is base 10, while binary is base 2
decimal ex.: 10, 100, 1000
binary ex.: 1, 2, 4, 8, 16
ip address octets represent the amount of a power of 2 between 0 and 7, starting at 7. they are all added together, making that octet
to make binary from a decimal, starting at 128, go down the list and subtract and count up the number of subtractions
7-0: 128, 64, 32, 16, 8, 4, 2, 1
big phat example
position value | 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
---|---|---|---|---|---|---|---|---|
binary number [11000000] | 1 | 1 | 0 | 0 | 0 | 0 | 0 | 0 |
add em up... | 128 | +64 | +0 | +0 | +0 | +0 | +0 | +0 |
reslut | 192 |
while ipv4 addresses use binary, v6 and ethernet mac use hexidecimal.
hexadecimal uses a base 16 system. this uses the digits 0-9 and letters a-f.
decimal | binary | hexadecimal |
---|---|---|
0 | 0000 | 0 |
1 | 0001 | 1 |
2 | 0010 | 2 |
3 | 0011 | 3 |
4 | 0100 | 4 |
5 | 0101 | 5 |
6 | 0110 | 6 |
7 | 0111 | 7 |
8 | 1000 | 8 |
9 | 1001 | 9 |
10 | 1010 | a |
11 | 1011 | b |
12 | 1100 | c |
13 | 1101 | d |
14 | 1110 | e |
15 | 1111 | f |
these addresses are 128 bits, and each 4 bits is represented by one hexadecimal digit. this totals 32 hexadecimal digits.
also not case sensitive!!
ipv6 addresses are formatted with a ':' between each 4 digits. a hextet means 4 hexadecimal values.
* first, convert the decimal number to 8 bit binary strings
* divide the strings into groups of 4 from the right
* convert each of the 4 binary digits into hexadecimal
ex with the number 168
** 168 in binary is 10101000
** 10101000 can be split into 1010 1000
** 1010 is a and 1000 is 8
** answer: a8!!
do the above backwards!!! hex -> binary -> decimal
the data link layer prepares network data for the physical network in the physical layer!
this layer is responsible for nic to nic communications.
[remember: nic stands for network interface card!!]
the data layer link does all of the following:
* lets upper layers access the media, because the upper layers have no clue what type of media is being used
* accepts layer 3 packets [ipv4 or v6] and encapsulates them into layer 2 frames
* controls how data is sent and received over the media
* exchanges frames with endpoints over the network
* recieved encapsulated data [usually layer 3 packets] and sends them to the proper upper-layer protocol
* detects errors and rejects corrupt frames
nodes: devices that can get, make, store, or send data along a communications path.
these can be end devices [ex. laptop] or an intermediary device [switch].
with no data link layer, network layer protocols like ip would have to adapt to each kind of media connected.
what the fuck does that mean
these standards are specific to ethernet lan, wlan, wpan, and other types of area network.
it's basically just the two halves of the data link layer.
the two sublayers are:
* logical link control [llc]: this ieee 802.2 sublayer talks with the networking software on the upper layers and the device hardware on the lower layers.
it writes information to frames that tells it what networking protocol is being used for the frame.
this lets multiple layer 3 protocols use the same network interface and media.
[in short, it takes the network protocol data, and gives it layer 2 control information to help it get to it's node.]
* media access control [mac]: implements this sublayer [ieee 802.3, .11, .15] in the hardware.
it is responsible for encapsulation and mac.
it also provides data link layer addressing and is a part of various physical layer technologies.
[in short, it controls the nic and other hardware that sends or gets data on the lan/man medium.]
but wait!! the mac layer can do so much more!!
it can do...
** frame delimiting, which provides important delimiters to identify fields within a frame. this provides synchronation between the sending and recieving nodes.
[note-- delimiters are just a character that marks the beguinning and/or end of something. like the p and /p in html.]
** addressing, which just gives a frame source and destination addresses for sending the layer 2 frame between devices.
** error detection, which includes a trailer used to detect transmission errors.
[note-- trailers are control information sent at the end of a data transmission.]
the mac sublayer also provides media access control [also called mac] that lets devices communicate over a half-duplex. full-duplex do not require access control.
note-- man stands for metropolitan area network.
the data link layer is responsible for controlling the transfer of frames accross media.
-- first, it accepts a frame from the medium [wires or air]
-- next, it de encapsulates the frame
-- then, it re encapsulates the packet into a new frame
-- and lastly, it forwards the new frame part that corrisponds to the segment of the physical network.
the data link protocols are usually not defined.
companies that do define the standards that apply to the network access layer include ieee, itu, iso, and ansi.
2 kinds 2 kinds 2 kinds 2 kinds 2 kinds:
** physical topology: identifies physical connections [like wires] and how and how all the devices are connected. sometimes specifies rooms or locations.
** logical topology == shows how frames transfer from one node to another in a visual medium. sometimes specifies device labels and layer 3 ip addresses.
[in short: physical = what we see, logical = what the computer sees]
wans are interconnected in 3 ways:
** point to point: one wan to another wan
** hub and spoke: one wan to many wans
** mesh: many wans connected to eachother
as said above, point to point directly connects two nodes.
however, nodes do not nessesarily have to share their media with other hosts.
in point to point protocol [ppp], a node does not have to think about where the information needs to go, because theres only one possibility.
a source [start] and destination [end] node can actually be indirectly connected over multiple intermediary devices.
what's cool is that in this situation, the logical topology does not change, because the point to point connection is still the same.
in multiaccess lan, end devices are connected to eachother via star or extended star topologies
star topologies look like a *, with devices at the end of each line, but no end device in the middle. in the middle would instead be an intermediary device, like an ethernet switch.
extended star topologies look like a *-*, with 2 star topologies connected via multiple ethernet switches.
theres a couple legacy toplogies as well. these arn't frequently used anymore, but are still good to be aware of nonetheless.
** bus topologies involve all end devices chained together, and terminated at each end. this was done via coax cables.
** ring topologies involve all end devices linked together in a ring, human centipede style. this does not need to be terminated.
the daring duo, half duplex and full duplex!!!
** half duplex: both devices can send and receive, but not at the same time.
** full duplex: both devices can send and receive at the same time.
it is crucial that any connected devices use the same duplex mode. no mismatching!!
[ note-- ethernet use full-duplex nowadays, but wlans still use half-duplex.]
a multiaccess network is a network that can have 2 or more end devices accessing the network at once.
ethernet lan and wlan are examples of multiaccess networks.
some multiaccess networks require rules to decide how devices share the media.
there are 2 sets: contention based access and controlled access
** contention based access: where all nodes are half-duplex, so only one device can send at a time.
there are 2 individual methods of this, but i will get into that in 6.2.7/8. ex: wlan.
** controlled access: each node waits its turn to use the network. this is almost obsolete.
note-- csma stands for carrier sense multiple access, which is a mac protocol where a node must check and wait until the network is clear to send data.
the cd stands for collision detection! this is used to detect if 2 devices send frames at the same time over a half-duplex.
if this happens, then both of the datas sent will be corrupted and need to be resent.
when a frame is sent over this kind of access method, it will go to all other devices, but the ones that don't need the data will just ignore it.
this is used in legacy ethernet lans.
the ca stands for collision avoidance!!
sometimes the nic can't tell if the network media is in use. to prevent collisions, it will wait to transmit.
when a device transmits, it logs how much time it will take. this information is sent to all other devices on
the network so they know how long the media will be in use.
what happens to the data link frame when it moves through a network? find out here!
the data link layer prepares the encapsulated data for transport by giving it a header and a trailer to make a frame.
each frame has 3 parts: header, data, trailer.
the data link protocol is in charge of nic to nic on the same network. even though there are lots of differant data link layer protocols
, all of their frames have the same 3 parts listed above. the structures of the header and trailer can vary, however.
there is no one size fits all protocol. control needs vary based on the conditions given. the header and trailer can be bigger or smaller to help combat this.
framing breaks the header and trailer into bite sized pieces.
some genertic frame fields include...
-- header: frame start, addressing, type, control
-- trailer: error detection, frame stop
but what do these fields mean???? fun table time!!
frame start and stop | identifies the start and end of the frames. |
---|---|
addressing | tells the source and destination nodes. |
type | identifies the layer 3 protocol in the data field. |
control | identifies special flow control services like qos. qos gives special priorities to certain messages. |
data | contains frame payload [packet header, segment header, data] |
error detection | included after data. makes up the trailer. determines if the frame arrived without error. |
a sending node makes a logical summery of the contents of the frame, called the cyclic redundancy check [crc].
this value is put in a frame check sequence [fcs] field to represent the contents of the frame.
in ethernet trailers, the fcs can be used to determine if there were any transmission errors.
the data link layer [layer 2] gives the addressing used in sending a frame over local media.
these are called physical addresses.
the addresses are contained in the frame header and specifies the node that the frame is being sent to on the local network.
however, unlike layer 3, layer 2 addresses don't tell what network the device is on.
instead, it just gives it a unique physical address that always stays the same, even on different networks.
because of this, layer 2 addresses are only used to connect devices on the same shared media.
** host to router: the source encapsulates the layer 3 ip packet in a layer 2 frame.
in the frame header, the host adds it's own layer 2 address as the source and the layer 2 address for the recieving router as the destination.
** router to router: the first router [router 1] encapsulates the layer 3 ip packet in a new layer 2 frame.
in the frame header, router 1 adds it's own layer 2 address as the source and the layer 2 address for the second router as the destination.
** router to host: the sending router encapsulates the layer 3 ip packet in a new layer 2 frame.
in the frame header, the router adds it's own layer 2 address as the source and layer 2 address for the host server as the destination.
order of address fields: dest. nic, source nic, source ip, dest. ip
the data link layer is only used for local delivery. layer 2 addresses have no meaning outside the lan.
if it needs to jump to another network, an intermediary device like a router is needed.
layer 3 handles the internetwork buisness.
currently, wired lans use ethernet protocols, and wireless lans use wlan protocols.
however, throughout the years, other protocols have been used.
ex: point to point [ppp], high level data link control [hdlc], frame relay, asynchronous transfer mode [atm], x.25.
these above protocols are being replaced in wireless networks by ethernet.
in a tcp/ip network, all of the osi layer 2 protocols work with the ip in osi layer 3.
however, different layer 2 protocols are used based off the local topology and the physical media [where the stuff is and whats connecting it].
to be more specific, the protocol is determined by the technology used to implement the topology.
the technology used depends on the size and services of the network.
all protocols provide media access control [what does what over the media and when].
this allows many different network devices can act as layer 2-operating nodes. thses include nics and switches.
lans typically use high bandwidth technology, but not wans, because it's pricy.
explains how the ethernet sublayers are related to the frame fields.
ethernet is one of two lan technologies used today, the other being wlans. ethernet is wired while wlans are wireless.
ethernet operates in the data link layer and the physical layer. ethernet supports from 10 - 10,000 mb[bits]ps.
ethernet is defined by both the data link and physical layer protocols.
ethernet uses both of the sublayers in the data link layer to operate [llc and mac].
** mac == responsible for data encapsulation and media access control. it also provides data link layer addressing.
** llc == communicates between the networking software at the upper layers and the device hardware at the lower layers.
the llc is in charge of placing information in frames that identifies what layer protocol is being used for the frame.
this lets layer 3 protocls use the same network interface and media.
this sublayer is responsible for data encapsulation and media access.
what data does it encapsulate?
** ethernet frames [the internal structure of the ethernet frame]
** ethernet addressing [the frame that includes both a source and destination mac address to send the frame from
ethernet nic to ethernet nic on the same lan]
** ethernet error detection [the frame check sequence [fcs] in the trailer]
an ethernet frame can be anywhere from 64 bytes to 1518 bytes. this includes all bytes from the destination mac to the fcs trailer. the preamble is not included.
any frame less than 64 bytes is considered a collision fragment or runt frame, and is automatically gotten rid of.
any frame more than 1518 bytes is considered a jumbo frame.
both of these types of frames are dropped by the recieving device.
ethernet frame field details
field | size |
---|---|
preamble and sfd | 8 bytes [not included in total] |
destination mac address | 6 bytes |
source mac address | 6 bytes |
type / length | 2 bytes |
data | 46 to 1500 bytes |
fcs | 4 bytes |
describes the ethernet mac address.
quick reminder: ipv4 is represented by binary, while ipv6 and ethernet are represented by hexidecimal.
for a reminder about decimal and hexidecimal, click here.
sometimes, mac addresses are reffered to as burned-in addresses [bia] because the address is encoded permanently into the rom on the nic.
note-- on modern nics, this is possible to change and is not permanent.
when a computer boots, the nic copies it's mac address from the rom to the ram.
when this device forwards a message to an ethernet network, the ethernet header includes the source and destination nics.
when a nic recieves an ethernet frame, it checks to see if the destination mac address in the frame matches with the one in the ram of the nic.
if it doesn't match, the frame is discarded, as it means that there is corruption of some kind.
in ethernet, different mac addresses are used for layer 2 unicast, broadcast, and multicast. quick refresher.
a unicast mac address is the address that is used when a frame is being sent from one device to another single device.
address resolution protocol [arp] is a process used by the source host to determine the destination mac address of the end device.
neighbor discovery [nd] is a process used to determine the destination mac address by seeing what ipv6 addresses are associated with it.
note-- the source mac address must always be a unicast.
an ethernet broadcast frame is recieved and held on to by every device on an ethernet lan.
it has many features, including a destination mac address of ff-ff-ff-ff-ff-ff [48 ones],
the ability to flood out all ethernet switch ports except the incoming one,
and the inability to be forwarded by a router.
if encapsulated data is an ipv4 broadcast packet, it means that it's destination ipv4's host section is all ones.
by having this address, it means that all hosts on the local network, or broadcast domain, will get the packet.
multicast means to send to more than one end device, but not all.
when an ethernet multicast frame is sent, it is only recieved by devices on the ethernet lan in the same multicast group.
when encapsulating a mac address, the destination mac will be 01-00-5e for ipv4 and 33-33 for ipv6.
these packets are also not forwarded by a router, unless the router is configured to route them.
all devices actually end up reciving these packets, but they are discarded by devices not in the multicast group.
again, the source is always a unicast address.
explains how a switch builds it's mac address table and forwrads frames.
switches can't just forward every frame to all ports. that's where layer 2 mac addresses come in.
the switch forwards frames based only of of it's layer 2 ethernet mac address, and nothing else from the frame.
the switch looks at it's mac address table to forward each frame to the correct computer.
if that sounds vague, it is! i'll get back into it later.
switches have a weird thing called an entry timer. on default, a switch only holds single entrys in the table for 5 minutes at a time.
when it gets a frame from an address already in the table, the timer is reset.
switches build their mac address tables by looking at the aource mac addresses of frames recieved.
the switch forwards frames by looking for a match between the frame's destination mac and a mac in the table.
[i'm just shortening mac address to mac for the time being. my fingies hurttt]
the switch checks every frame for new information to learn. if the frame contains a source mac not yet in the table,
it's added to the table along with the incoming port number.
if the mac does exist, the switch takes the information anyway and refreshes the table.
note-- macs that are the same but with different ports are treated as new entrys. the table replaces the old port number with the new.
when sending out frames, the switch looks for a match in it's table for the destination mac.
if the mac is in the table, it will forward it out the specified port. if not, it sends it to all ports but the incoming one.
this is called an unknown unicast.
if the destination mac is a broad or multicast, the frame is sent out all ports but the incoming port.
when switches recieve frames from different devices, it can update it's mac table by peeping the source mac of every frame.
when the table contains the destination mac, it can filter the frame out a single port.
a switch can have multiple mac addresses associated with a single port.
the switch treats each source mac from the port as a unique entry.
when a device has an ip address that's on a remote network, the frame can't be sent directly to the destination device.
instead, the frame is sent to the default gateway, the router.
describes switch forwarding methods and port settings available on layer 2 switch ports.
in cisco switches, there are 2 frame forwarding methods.
** store and forward switching: the device recieves the entire frame and computes the crc.
if the crc is fine, the switch forwards it out the correct port.
** cut through switching: the device forwards the frame before it is fully recieved.
the destination address of the frame must at least be read before the frame can be forwarded.
[note-- CRC is a mathmatical formula that uses the number of bits to calculate if the recieved frame has an error.
if the crc is a-okay, the switch looks up the destination address, which determines where the frame goes.]
a plus of store and forward is that it looks for errors before sending the frame off. the switch discards any frames with errors.
in cut through switches, the switch sends the data off as soon as it is recieved, even if it isn't done transmitting.
as soon as it can read the destination mac, off it goes. the switch does not check for errors.
theres 2 types of cut through switching:
** fast forward switching: packets are immediately forwarded to the destination. any error packets are discarded by the nic.
this is the most commen type of cut through switching.
** fragment free switching: the first 64 bytes of the frame are stored before forwarding.
this type is seen as a hybrid between store and forward and fast forward.
it only stores the first 64 bytes because most errors occur in these bytes.
some switches are made to use cut-through until a certain amount of errors are reahced, then automatically switch to store and forward.
when the error rate goes back down, this change is undone.
ethernet switches may use buffering to store frames before forwarding them. it's also used when destination ports are busy.
there are 2 kinds of buffering:
** port based memory: frames are stored in queues linked to certain ports. the frame is only sent when all infront of it have sent.
any delays occur even if their are other open destination ports.
** shared memory: all frames are sent to a common memory buffer shared by all ports and the buffer memory is automatically allocated.
the frames in the buffer are linked to the destination port, letting packets be recieved on one port and sent to another.
the two super basic settings on switches are bandwitdh and duplex. these must match between the switch port and any connected devices.
a refresher on the two duplexes:
full duplex means that both ends can send and recieve at the same time, half duplex means only one end can send at a time.
autonegociation is an option on most ethernet switches and nics, letting two devices negociate the best bandwidth and duplex options.
any communicating devices must both either have autonegociation turned on or off. mismatch can cause collisions.
back in the day, certain connections needed certain cables.
nowadays, auto mdix [automatic medium-dependant interface crossover] automatically detects the type of cable attached to a port and configured the interfaces accordingly.
this setting is enabled by default.
the network layer, or osi layer 3, lets end devices exchange data across networks. ipv4 and v6 are the primary protocols used in this layer.
other protocols include routing protocols like ospf [open shortest path first] and messaging protocols like icmp [internet control message protocol].
network layers preform the following 4 operations to achieve end-to-end communications.
ip [the internet protocol] encapsulates the transport layer segment or any other data by adding an ip header.
the ip takes the transport layer packet's segment header and data and wraps that in a new packet with an added ip header.
all data is encapsulated layer by layer. like an onion
the ip header information stays the same from when the packet leaves to when the packet gets where it's going, except when NAT is involved for ipv4.
ip was designed to be a simple protocol with no bloat, with only the nessecary functions needed to send a packet from a source to a destination
over interconnected systems of networks.
it was not designed to track or manage the flow of packets. this is preformed primarily by tcp at layer 4.
the basic characteristics of ip...
ip is connectionless, which means that there is no set end-to-end connection made before the data is sent.
it's like sending someone a letter without telling them first.
ip cuts down on overhead [amount of non-data data in packets] and connections which is great, but also means packets are not guarenteed to get to point b,
because the ip doesn't establish a connection beforehand, and no data or response is sent back to point a.
ip is indifferent to the media. it can be sent as electronic signals. optical signals, and radio signals [wireless].
the osi data link layer is in charge of preparing an ip packet for transmission over the communications medium.
this allows ip packets to be delivered over any medium. however, different mediums have different pdu maximums.
this trait is called the maximum transmission unit [MDU]. the data link layer tells the network layer the mdu,
and the network layer then decides how big the packet can be.
sometimes, an intermediary device like a router has to split up ipv4 [ipv6 can't be split] packets when sending it to another medium.
this is called fragmentation. fragmentation causes latency [delay].
headers are needed in these packets to make sure it gets to it's destination or next step to it's destination.
an ipv4 header consists of fields full of binary that is read by the layer 3 process [ip]
the binary in each field identifys the various settings of the packet.
signifigant fields include... [copy-pasted]
the two most commonly referred to fields are the source and destination ip addresses. these don't usually change.
the internet header length [ihl], total length, and header checksum are used to intentify and validate said packet.
the remaining fields are used to reorder fragmented packets. ipv4 mainly uses identification, flags, and fragment offset fields.
ipv6 will eventually replace ipv4, but not right now. ipv4 has lots of issues.
** ipv4 address depletion: ipv4 only has a set number of unique addresses availible, which is approx. 4 billion.
** lack of end-to-end connectivity: network address translation [nat] is opten usd in ipv4 networks.
nat lets multiple devices share a single public ipv4 address. but, because it's shared, the internal netwrk host is hidden.
this is a problem for devices that require end-to-end.
** increased network complexity: nat was only meant as a way to transition from ipv4 to ipv6.
nat can also cause extra latency [delay] and make troubleshooting harder.
in the 90s, the ietf began to look for a replacement to ipv4. this led to ipv6.
ipv6 includes the following improvements:
** increased address speed: v6 uses 128 bit addressing unlike v4's 32.
** improved packet handling: v6's header has fewer fields and thus is simpler.
** eliminates the need for nat: nat is not needed due to the amount of public v6 addresses.
this can prevent nat-based problems.
v6 also has approx. 340 undecillion addresses, as opposed to v4's small 4 billion.
a big improvement from v4 to v6 is v6's simple headers.
v4 has a header length of up to 60 bytes [20 octets], with 12 fields [excluding options and padding].
v6, on the other hand, has a header length of up to 120 bytes [40 octets], with up to 8 fields.
ipv6 packet header fields include the following:
v6 packets may also have extendtion headers [eh] which provide optional network layer information.
these are optional and fit between the v6 header and the payload. they are used for fragmentation and security, among other things.
routers do not fragment v6 packets, unlike v4.
both v4 and v6 packets are always created at the source host.
this host has to be able to send this packet to the destination host.
to do this, host end devices make their own routing table.
another role of the network layer is to direct packet inbetween hosts. hosts can send the packets to...
the source end device determines whether the packet is destined for a local or remote host.
the source end device also determines whether the destination ip is on the same network that it itself is on.
the method varies by v4 or v6.
** v4: the source device checks it's subnet mask and v4 address to compare and check to see if they share a network.
** v6: local routers sends the local network addresses [the prefix] to all devices on the network.
many networks have several wired and wireless devices connected together using an intermediary device,
like a lan switch or a wap [wireless access point].
this provides interconnections between local hosts on a local network. they can reach eachother and share data with no additional devices.
any device outside this network is considered a remote host. routers are needed to send packets to remote hosts.
the router connected to the local network is called the default gateway.
the default gateway is the network device [ex. router] that routes traffic to other networks.
on a network, the default gateway usually has these 3 features:
** a local ip address in the same range as other hosts on the local network [this is the gateway's address.]
** the ability to bring data into and let data out of the local network
** the ability to route traffic to other networks
traffic can't be forwarded out of the network if there is no default gateway, the default gateway's address is not configured, or the default gateway is down.
hosts routing tables typically contain a default gateway.
for ipv4, the host either gets the address for this gateway from dhcp [dynamic host configuration protocol] or manually.
for v6, the router advertises it's address. the address can also be inputted manually.
having a configured default gateway creates a default route in the routing table. this is the route your computer will take to contact a remote network.
for windows, 'route print' or 'netstat -r' can be used in cmd to display the routing table. they do the same thing.
this command displays 3 sections:
** interface list: lists the mac addresses and their assigned interface number of every device [that's network capable] on the host.
** ipv4 route table: lists all known v4 routes, including direct connections, local networks, and local default routes.
** ipv6 route table: see above, but for ipv6.
routers also contain routing tables. shocker!!
routers examine the destination ip of any incoming packet and searches it's table to tell where to send it.
the table contains all known network addresses [prefixes] and where to send the packet. these are called route entries or routes.
the routing table stores three types of route entries:
** directly connected networks: these entries are active router interfaces.
routers consider directly connected routes as interfaces that are configured, activated, and have an ip address.
** remote networks: these entries are connected to other routers.
routers learn about remote networks either via dynamic routing protocols or manual configuration.
** default route: most routers also have default routes, like hosts. this is a last resort.
this is used when theres no good match in the table.
a router can learn about remote networks in 2 ways:
manually, where they are manually entered into the table using static routes,
or dynamically, where they are automatically learned using a dynamic routing protocol.
static routes are entries that are entered manually.
here's an example: R1(config)# ip route 10.1.1.0 255.255.255.0 108.108.108.108
if the topology changes, since the route is static, it doesn't change and would need to be manually fixed.
static routes are most efficiant for smaller networks where change isn't commonplace.
a dynamic routing protocol lets routers automatically learn and update their information about remote networks, including default routes.
unlike host's tables, there are no column headings indentifying the information in a router's routing table.
the 'show ip route' command in priviledged exec mode lets one see the ipv4 routing table.
at the start of each entry is an identifying code used to show the route's type and how it was learned.
common types include:
note-- a default route has a network address of all zeros.
sometimes when a host wants to send a message, it might only know the ip address of the destination, but not the mac. how can we fix this??
first, we must understand ethernet lan addresses: physical and logical.
** the physical address, or mac address, is used for nic to nic communication on the same ethernet network.
** the logical address, or ip address, is used to send the packet from a source device to either a local or remote end device.
layer 2 physical addresses [ex. ethernet mac] are used to send data link frames with an encapsulated ip packet from one nic to another on the same network.
if the destination ip is on the same network, the destination mac address will be that of the destination device.
when a destination ip is on a remote network, the destination mac will be that of the host's default gateway.
ip addresses of ip packets in a data flow are associated with mac addresses for each step of the way using certain protocols.
for v4, arp [address resolution protocol] is used, and for v6, icmpv6 nd [neighbor discovery] is used.
as said above, arp stands for address resolution protocol, which is used to connect ipv4 addresses to mac addresses.
each ip device on an ethernet network has a unique ethernet mac address.
when an ethernet layer 2 frame is sent, it contains the destination and source mac addresses.
to send a packet to another host of the same ipv4 network, the host must know both the v4 and mac address of the destination.
ip addresses are a given, but mac addresses must be discovered. this is where arp is used.
arp provides 2 basic functions: matching ipv4 addresses to mac addresses, and maintaining a table of ipv4 to mac address matches.
when a packet is send to the data link layer to be encapsulated into an ethernet frame, the sending device looks at a table in it's memory to find the mac address associated with the v4 address.
this table is kept temporarily in ram and is called the arp table or cache.
if the packet's destination v4 is on the same network as the source v4, the device will search it's table for the destination v4 address.
if the destination is on a different network, the device searches the table for the v4 address of the default gateway.
for both of these cases, the device is looking for a v4 address and it's matching mac address.
each row of an arp table connects a v4 address to a mac address. this is called a map, or mapping.
the arp table temporarily caches [saves] the mapping for devices on the local network.
if the device locates the v4 address, the matching mac address is used as the frame's destination mac.
if there is no entry, the device sends an arp request.
a device sends an arp request when it needs a mac matching a v4 address, and there is no mac in it's table.
arp requests are encapsulated directly inside an ethernet frame with no v4 header. instead, the header's informations looks like the following:
** destination mac: ff-ff-ff-ff-ff-ff, a broadcast address, requiring all nics on the lan to process teh request. greedy!!
** source mac: the mac address of the arp request's sender.
** type: 0x806 is the type field, indicating that it is an arp request and that the frame needs to be send to the arp process.
even though it is a broadcast, only the device on the lan with the matching v4 address will respond.
the device with the target v4 address will respond with an arp reply.
this is encapsulated in an ethernet frame with the following information:
** destination mac: the mac address of the arp request sender.
** source mac: the mac address of the arp reply sender.
** type: 0x806, the arp message type field.
only the requesting device will receive the reply. after the reply is received, the device will add the v4 and it's matching mac to the table.
if no device responds to the request, the packet is dropped.
like routing tables, entries in arp tables are time stamped.
if the device doesn't get a frame from a device before the timestamp expires, the device's entry is removed from the table.
also like routing tables, static entries can be added, but this is rarely done. static entries do not expire and must be manually removed.
when the destination v4 isn't on the same network as the source v4, the source must send the frame to it's default gateway.
the default gateway is the interface of the local router.
when a source device has a packet with a v4 address of another network, the packet is encapsulated in a frame with the mac address of the router.
the v4 address of the default gateway is stored in the v4 configuration of the hosts.
when the host makes a packet to be sent, it checks to see if the destionation v4 and it's own v4 address are on the same layer 3 network.
if this is false, the source looks in it's arp table for the v4 address of the default gateway.
if no gateway entry exists, it uses the arp process to find the mac address of the default gateway.
each entry has a cache timer that removes the entry if it hasn't been used for a specified period of time.
for windows, this is commonly between 15 and 15 seconds.
manual removal of entries are also possible using commands. after this happens, the arp request process must happen again to map that device.
on cisco routers, the show ip arp
command is used to display the arp table of the device.
on windows, arp -a
is used to achieve the same effect.
because it is a broadcast frame, an arp request is gotten and looked at by every device on the sender's network.
in some situations, mostly in large networks, this broadcast can reduce performance for a short period of time.
as soon as the initial arp request is sent and the requesting device gets the mac address it needs, the network will go back to normal.
in some cases, arp can pose a security risk. an evil individual like myself could use arp spoofing to perform an arp poisoning attack.
a poisoning attack is when a device sends an arp request, and an evil individual replys to the request with their own mac address.
this results in the evil individual's mac address being added to the table, and all packets meant for the other device are instead forwarded to them.
neighbor discovery, also called nd or ndp, is used for resolution, route discovery, and redirection for ipv6 addresses using icmpv6.
icmpv6 uses 5 messages to achieve these purposes:
** neighbor solicitation messages [device-device]
** neighbor advertisement messages [device-device]
** router solicitation messages [device-router]
** router advertisement messages [device-router]
** redirect messages
neighbor solicitation and neighbor advertisement messages are used for device to device messaging, such as address resolution [arp for v6].
devices include both host computers and routers.
router solicitation and router advertisement messages are used for device to router messaging.
this is mostly used for dynamic address allocation and stateless address autoconfiguartion [slaac].
like arp for ipv4, v6 devices use nd to find mac addresses from known v6 addresses. this is also called mac address resolution.
neighbor solicitation and neighbor advertisement messages are used for mac address resolution.
neighbor solicitation messages request mac addresses, and neighbor advertisement messages reply with mac addresses.
these messages are sent using special ethernet and v6 multicast addresses.
this lets the nic determine if it's meant for it's device without having to pass it on to the os.
when configuring initial settings on a router, the following steps should be performed.
remember to always start with enable
then configure terminal
!!
note-- exit
returns you to the previous configuration.
1. configure the device name.
Router(config)# hostname HOSTNAME-GOES-HERE
2. secure privileged exec mode.
Router(config)# enable secret PASSWORD-GOES-HERE
3. secure user exec mode.
Router(config)# line console 0
Router(config-line)# password PASSWORD-GOES-HERE
Router(config-line)# login
4. secure remote telenet / ssh sccess.
Router(config-line)# line vty 0 4
Router(config-line)# password PASSWORD-GOES-HERE
Router(config-line)# login
Router(config-line)# transport input ssh telnet
5. secure all passwords in the config file.
Router(config-line)# exit
Router(config)# service password-encryption
6. provide legal notification. [i will not be]
Router(config)# banner motd DELIMITER MESSAGE-HERE DELIMITER
7. save the configuration!!!
Router(config)# end
Router# copy running-config startup-config
congifuring a router is very easy!!! it just includes the following commands:
Router(config)# interface TYPE-AND-NUMBER-HERE
Router(config-if)# description DESCRIPTION-TEXT-HERE
Router(config-if)# ip address IPV4-ADDRESS-HERE SUBNET-MASK-HERE
Router(config-if)# ipv6 address IPV6-ADDRESS/PREFIX-LENGTH
Router(config-if)# no shutdown
note-- when router interfaces are configured, a message confirming the enabled link should appear.
while the description command is not required, it's useful for troubleshooting by providing information about the network type.
description text is limited to 240 characters.
the no shutdown command activates the interface [almost like powering on the interface].
note 2-- on inter-router connections with no ethernet switch, both connected interfaces must be configured and enabled.
R1> enable
R1# configure terminal
Enter configuration commands, one per line.
End with CNTL/Z.
R1(config)# interface gigabitEthernet 0/0/0
R1(config-if)# description Link to LAN
R1(config-if)# ip address 192.168.10.1 255.255.255.0
R1(config-if)# ipv6 address 2001:db8:acad:10::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#
*Aug 1 01:43:53.435: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down
*Aug 1 01:43:56.447: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to up
*Aug 1 01:43:57.447: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state to up
R1(config)#
R1(config)#
R1(config)# interface gigabitEthernet 0/0/1
R1(config-if)#/description Link to R2
R1(config-if)# ip address 209.165.200.225 255.255.255.252
R1(config-if)# ipv6 address 2001:db8:feed:224::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#
*Aug 1 01:46:29.170: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down
*Aug 1 01:46:32.171: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up
*Aug 1 01:46:33.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1, changed state to up
R1(config)#
above is an example of what it might look like to configure a router named 'r1'.
several commands can be used to verify your interface's configuration, but the most useful is show ip interface brief
.
show ipv6 interface brief
can also be used.
the following commands are the most popular show
commands used for interface verification
show ip interface brief
and show ipv6interface brief
:
displays all interfaces, their ip addresses, and their status.
connected and configured interfaces should display a status and protocol of "up".
anything else would indicate a problem.
show ip route
and show ipv6 route
:
outputs the contents of the ip routing tables in the ram.
show interfaces
:
displays statistics for all interfaces on the device. this will only display the ipv4 addressing information.
show ip interface
:
displays ipv4 statistics for all interfaces on a router.
show ipv6 interface
:
displays ipv6 statistics for all interfaces on a router.
important background information:
if your lan only has one router, that is your default gateway. if your lan has more than one, you must configure one to be the default gateway.
default gateways are only used when a host wants to send a packet to another network.
a default gateway is not used when one device on a lan wants to send to another device on the same lan.
when sending a packet to a device on another lan, the packet would have the destination address of the device,
but would first forward the packet to it's default gateway. the default gateway then forwards the packet out to the appropriate interface to reach the device.
this also applies to ipv6 networks.
to manage a switch over a lan, it must have a switch virtual interface [svi] configured.
the svi is configured with a unique ipv4 address and subnet mask on the lan.
to access this switch from another network, it must also have a default gateway address configured.
to configure a v4 default gateway on a switch, the ip default-gateway IP-ADDRESS
global configuration command is used.
the IP-ADDRESS would be the v4 address of the local router interface connected to the switch.
note-- packets coming from host computers connected to the switch must also have the default gateway address configured on their host computer's os.
an ipv4 address is a 32 bit address made up of a network portion and a host portion.
to distinguish the two, you must look at the address first.
the network portion's size isn't really consistant in the address. however, it is the same for all devices on the network.
the purpose of the subnet mask is to differentiate the network and host portions of the v4 address.
it doesn't actually contain any of the address, it just tells the computer where to look for each section of the address.
it's like a computer's roadmap. every '0' is a section of the network portion, while every '1' is not.
most subnet masks are combinations of the numbers 255 and 0, with periods inbetween.
this can get really annoying really quick. there is a better way!!
it's a method called the prefix length.
it tells you how many bits are set to '1', and is written in slash notation. here's an example.
subnet mask | 32 bit address | prefix length |
---|---|---|
255.0.0.0 | 11111111.00000000.00000000.00000000 | /8 |
the '/8' would tell the computer that the first 8 bits are the network portion, and that the remaining 26 bits are the host portion.
remember, '1's represent the network portion, and '0's represent the host portion.
a logical AND is one of three boolean operations, in addition to OR and NOT.
logical AND is the comparison of two bits.
if both bits are 1, then the output is 1. if they are any other combination, the output is 0.
to find the network address, the computer preforms an AND on each bit of the host address and the subnet mask.
the first bit of the host address is ANDed to the first digit of the subnet mask, and so on.
the resulting binary is the network address.
there are three kinds of ip addresses: network, host, and broadcast addresses.
network addresses are addresses that represent a specific network.
three things determine if a device belongs to this network:
* it has the same subnet mask as the network address.
* it has the same network bits as the network address, as indicated with the sibnet mask.
* it is located on the same broadcast domain as other hosts with the same network address.
a host finds it's network address by ANDing between it's ipv4 address and subnet mask.
host addresses are individual addresses unique to a device on the network.
note that different devices on different networks can have the same host address, since there are only 254.
this portion is indicated by 0s in the subnet mask.
this portion can be any combination of bits but 0000 [a network address] and 1111 [a broadcast].
broadcast addresses an address used to send data to every device on the network [the broadcast domain].
a broadcast address will have all 1s in the host portion.
unicast means to send a message from one device to one device.
a unicast has the destination ip address of the single receiving device.
source ip addresses can only be unicast addresses.
broadcast means to send a message from one device to all devices on the network.
a broadcast has the destination ip address with all 1s in the host portion.
a broadcast packet must be processed by all devices in the broadcast domain.
a broadcast domain is all hosts on a network segment. by default, routers do not forward broadcasts.
because all devices must process the message sent, broadcasts should be limited to avoid slowing performance.
routers can be used to subdivide networks to eliminate excess broadcast traffic.
note-- only ipv4 uses broadcast packets, not ipv6.
an ip directed broadcast is a broadcast that uses the highest address in the network as the destination address instead of the default broadcast address [all 1s].
this sends the message to all hosts on the network, not just the segment.
devices not connected to the destination network forward these directed broadcasts the same way they forward unicasts.
directed broadcasts can be turned off using the no ip directed-broadcasts
command.
multicast means to send a message from one device to multiple select devices.
a multicast packet has the destination ip address from 224.0.0.0 to 239.255.255.255 which are resevered multicast addresses.
hosts that receive particular multicast packets are called multicast clients. these clients use serves requested by a client program to join a multicast group.
each multicast group has one single destination ip address. everything sent to that address goes to every device in the group.
there's many kinds of ipv4 addresses.
public ip addresses anre addresses that are globally routed by isp routers.
private ip addresses are ip addresses that can't connect to the internet, and are instead used to assign v4 addresses to internal hosts.
private address blocks [the range of the addresses] include 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16.
private ip addresses have to be translated to a public address to be forwarded to an isp, or they get discarded.
the private ip address must be translated with nat to a public one. nat is used for translating public to private and vice versa.
companies that have web servers and such also have devices with public ip addresses. these devices can perform the nat.
this area of the network is called the dmz [demilitarized zone].
there exists special ip addresses that cannot be assigned to hosts, like broadcast addresses.
there are also special addresses that can be assigned to hosts, but restrict network interaction for the host.
loopback addresses are one of these special addresses. these addresses are used for the host to ping itself.
these addresses are 127.0.0.0/8, but 127.0.0.1 is the most commonly used.
the ping
command can be used to test if the tcp/ip configuration works. this pings the host that sent it.
link-local addresses are also special addresses. the addresses for these are 169.254.0.0/16.
these addresses are more commonly known as apipa [automatic private ip addresses] or self-assigned addresses.
they are used by a windows dhcp client when there are no dhcp servers available.
way way back in the 1980s [81] ipv4 addresses belonged to one of three classes: a, b, or c.
the classes work as follows:
* class a [0.0.0.0/8 to 127.0.0.0/8] were designed for very very large networks and had more than 16 million host addresses per network.
these used a fixed /8 prefix.
* class b [128.0.0.0/16 to 191.255.0.0/16] were designed for moderate sized networks and had about 65000 host addresses.
these used a fixed /16 prefix.
* class c [192.0.0.0/24 to 223.255.255.0.24] were designed for small networks and had a maximum of 254 host addresses.
these used a fixed /24 prefix.
note-- while class d and e do exist, they are rarely talked about.
while classed addressing worked for the early internet, classless addressing is more efficiant now.
all public ip addresses must be unique. but how are they assigned?
both v4 and v6 addresses are managed by the iana. the iana allocates blocks of addresses to the rir.
the 5 rirs include afrinic, apnic, arin, lacnic, and ripe ncc.
the rirs are responsible for allocating ip addresses to smaller network isps. organizations can also get addresses directly from the rir.
quick reminder on broadcasts...
in ethernet lans, broadcasts and arps are used to locate other devices.
arp sends layer 2 broadcasts to a known ipv4 address on a local network to discover it's mac.
ethernet lan devices can also use other services to locate other devices.
the service dhcp [dynamic host configuration protocol] is used to send broadcasts on a local network to locate a dhcp server.
this lets a host aquire it's ipv4 address configuration.
switches send broadcasts to all devices except the sending one.
reminder over!! onto the real lesson
routers do not propegate broadcasts. when one is recieved, it is not forwarded.
the area in which a broadcast can be received is called a broadcast domain. thanks ccna textbook!
large broadcast domains contain many hosts. more hosts means more broadcasts, which can affect the network and slow it down.
the solution to this is to create smaller broadcast domains. this process is called subnetting.
these smaller network pieces are called subnets.
each subnet in a network has a somewhat unique prefix in it's address.
prefixes are sometimes extended to accomedate this.
subnetting reduces overall traffic and improves network performance.
it also lets policies be added which can allow or not allow subnets to communicate with eachother.
in addition, it reduces the amount of devices affected by broadcast errors.
subnets are commonly split up by location, group, function, or device type.
subnets are made by stealing one or more host bits to use as network bits.
the more bits stolen, the more subnets can be defined, but the number of possible hosts is reduced.
you need a good balance of subnets and host numbers.
apart from the common /8 /16 and /24 prefixes, there are tons of other possible prefixes!!!
for each bit borrowed, the number of subnetworks is doubled [starting with 1 bit = 2 new subnets], while the number of hosts are decreased by half minus 2.
when a large number of subnets are needed, an ipv4 address is required with more bits to borrow.
in a /16 prefix, 16 bits are used by the network, leaving 16 bits to be used for subnetting.
/16 prefix addresses can have up to 16384 subnets!!
to make 100 subnets, we must allocate 7 bits to the subnet portion of the network portion.
this actually makes 128 subnets, but it's close enough. each subnet can have 510 hosts in this example.
this will result in a /23 prefix.
this is getting really retarded ccna dot com.
for 1000 subnets in a /8 prefix, 10 bits will need to be borrowed. this results in a /18 prefix.
this makes 1024 subnets with 16382 hosts each because there are 14 bits left, and 2^14-2 is 16382.
using both private and public ip address affects how you subnet your network.
there are two sections in a typical enterprise network:
* intranet, which is the internal, private part of the network that uses private v4 addresses. this section is only accessible by the organization.
* dmz [demilitarized zone], which is the part of the network containing resources availible to the internet, like a web server. this part uses public v4 addresses.
both of these sections have their own challenges when it comes to subnetting.
for intranet, again it uses private v4 addresses. this can allow for lots of subnets.
for dmz, with it's public v4 addresses, there are very limited options for subnetting, as v4 addresses are running out.
some administrators use vlsm [variable subnet length masking] to make more addresses, which involves subnetting with different subnet masks.
to min/max subnet numbers, two things need to be taken into account when planning subnets:
the number of individual subnets needed and the amount of host addresses needed for each network.
remember, as the amount of subnets goes up, the number of availible hosts go down.
vlsm, or variable length subnet mask, lets you have subnets of various lengths.
vlsm is mainly used to maximize available host address, since there are so few v4 addresses.
remember, only v4 addresses need to be preserved. there are more than enough v6 addresses.
traditional subnetting, with each subnet having the same amount of host addresses, can leave a lot of unused addresses. This is where vlsm is used.
as said many times above, vlsm lets networks be divided into uneven parts via different sized subnet masks.
these different sized masks are applied to already existing regular sized subnets, to help make more addresses.
before you start subnetting, you need a plan.
this plan includes how many subnets you need, how many hosts are needed per subnet, what devices will be part of the subnet, what parts of the network will use private addresses / public address, and so on.
good subnets also take growth into account.
within a network, lots of different devices require addresses!
* end user clients: most networks dynamically allocate v4 addresses to client devices.
with dhcp, addresses can be reused when the device is no longer being used.
* servers and peripherals: simple, static ip addresses are used here.
* servers that are accessible from the internet: these have a public v4 address, accessed using nat.
for internal servers, some organizations assign them private addresses and vpns can be used to access them remotely.
* intermediary devices: simple, static v4 addresses here also!
* gateway: typically has the highest or lowest address in the network.
when an ipv6-using device needs a gua [global unicast address], they send out a router solicitation [rs] message.
if a router has the information seeked, it will reply with one of three types of router advertisement [ra] messages:
* method one [slaac], which includes the prefix, prefix length, and default gateway address,
* method two [slaac with a stateless dhcpv6 server], which includes some but not all information, prompting the device to get the rest from a stateless dhcpv6 server,
* method three [stateful dhcpv6 with no slaac], which includes the gateway address, but the rest must be obtained from a stateful dhcpv6 server.
useful vocabulary!!
gua - global unicast address
slaac - stateless address autoconfiguration
dns - domain name system [a database where domain names are turned into ip addresses]
stateful - keeps information about a connection or application, sometimes in a server
stateless - does not keep that information
dgcp - dynamic host configuration protocol
lla - link-local address [an address only for local links, like talking to another device on a network]
to the top ^