Networking Basics
1. What are three types of computing done in networks?
Three types of computing are centralized, distributed, and collaborative (cooperative) computing.
2. What are two main classifications of networks?
The two main classifications of networking are client/server and peer-to-peer networking.
3. List five services that networks provide.
The following are some of the possible services provided by a network:
• File services
• Print services
• Database services
• Messaging services
• Communication services
• Security services
• Directory services
ARP:
- What is ARP?
Address Resolution Protocol (ARP) is a network protocol, which maps a network layer protocol address to a data link layer hardware address. For example, ARP is used to resolve IP address to the corresponding Ethernet address.
- To which OSI layer does ARP belong?
ARP belongs to the OSI data link layer (Layer 2). ARP protocol is implemented by the network protocol driver. ARP packets are encapsulated by Ethernet headers and transmitted.
- Which RFC specify the requirements for ARP?
RFC 826 specifies the ARP packet format and other details.
- What is the use of ARP?
A host in an Ethernet network can communicate with another host, only if it knows the Ethernet address (MAC address) of that host. The higher level protocols like IP use a different kind of addressing scheme (like IP address) from the lower level hardware addressing scheme like MAC address. ARP is used to get the Ethernet address of a host from its IP address. ARP is extensively used by all the hosts in an Ethernet network. - Why a IP address needs to be mapped to a MAC address, why can’t the MAC address itself is represented using the IP address?
The length of a MAC address is 6 bytes and the length of an IP address is 4 bytes. Obviously, the MAC address cannot be represented using the IP address. So an IP address must be mapped to the corresponding MAC address. - Can ARP be used in a network other than Ethernet?
ARP is a general protocol, which can be used in any type of broadcast network. The fields in the ARP packet specifies the type of the MAC address and the type of the protocol address. ARP is used with most IEEE 802.x LAN media. In particular, it is also used with FDDI, Token Ring, and Fast Ethernet, in precisely the same way as it is with Ethernet. - How does ARP resolve an IP address to an Ethernet MAC address?
When ARP needs to resolve a given IP address to Ethernet address, it broadcasts an ARP request packet. The ARP request packet contains the source MAC address and the source IP address and the destination IP address. Each host in the local network receives this packet. The host with the specified destination IP address, sends an ARP reply packet to the originating host with its IP address. - What is an ARP cache?
ARP maintains the mapping between IP address and MAC address in a table in memory called ARP cache. The entries in this table are dynamically added and removed. - When is an ARP request packet generated?
The following steps results in the generation of an ARP request packet:- The IP module sends a packet, destined for another host in the network, to the ARP module.
- The ARP module looks up the ARP table (cache) to resolve the IP address.
- If the supplied IP address is present in the ARP cache, it is resolved into its Ethernet address.
- If the ARP module is not able to find an entry for this IP address in the ARP cache, then it sends an ARP request packet to the Ethernet driver, to resolve the IP address to the Ethernet address.
- After the IP address is resolved by the ARP module, the packet is sent to the Ethernet driver for transmission.
- What happens when a host receives an ARP request packet?
The ARP request is received and processed by all the hosts in the network, since it is a broadcast packet. The following steps are carried out when a ARP request packet is received by a host:- If the IP address to be resolved is for this host, then the ARP module sends an ARP reply packet with its Ethernet MAC address.
- If the IP address to be resolved is for this host, then the ARP module updates its ARP cache with the source Ethernet MAC address to source IP address mapping present in the ARP request packet. If the entry is already present in the cache, it is overwritten. If it is not present, it is added.
- If the IP address to be resolved is not for this host, then the ARP module discards the ARP request packet.
- Will a host update its ARP cache upon receiving any ARP request?
A host will update its ARP cache, only if the ARP request is for its IP address. Otherwise, it will discard the ARP request. - What is the disadvantage if a host updates its ARP cache upon receiving any ARP request?
The host will exhaust the ARP cache with a lot of unused ARP entries, if it updates the ARP cache for any ARP request. - What happens when a host receives an ARP reply packet?
The ARP reply packet is received only by the host, which transmitted the ARP request packet. The ARP module adds the Ethernet hardware address to IP address mapping present in the ARP reply packet to the ARP cache. - Is there a separate packet format for ARP request and ARP reply?
No. Both the ARP request and ARP reply packets use the same format. - Which MAC address is an ARP request directed to?
All ARP request packets are transmitted with the Ethernet broadcast address, so that all hosts in the network will receive the request. - To which MAC address is an ARP reply packet directed to?
ARP reply packet is directed to the host, which transmitted the ARP request packet. - If a host is not able to get the MAC address of a host, how it knows about its IP address?
A host will either use a static file like /etc/hosts or DNS protocol to get the IP address of another host. - What will happen if an ARP reply is not received for an ARP request?
If an ARP reply is not received, then that IP address cannot be resolved to an Ethernet address. Without a Ethernet address, the packets cannot be transmitted. - When is an entry added to the ARP cache?
A new entry is added to the ARP cache when an IP address is successfully mapped to a MAC address. Usually, entries are added dynamically to the ARP cache. Static entries can also be added. - What will happen if a new ARP request packet is received, but the MAC address to IP address is already present in the ARP cache?
If a ARP request packet is received and the mapping already exists in the ARP cache, it will be overwritten with the values present in the request. - When is an entry removed from an ARP cache?
An entry in an ARP cache is removed after a pre-determined timeout period (e.g. 20 minutes).
- What is the format of an ARP packet?
The various fields of a ARP request/reply packet and their length are shown below
+--------+
|Hardware| 2 bytes
|MAC |
|Address |
|Type |
+--------+
|Protocol| 2 bytes
|Address |
|Type |
+--------+
|Hardware| 1 byte
|MAC |
|Address |
|Size |
+--------+
|Protocol| 1 byte
|Address |
|Size |
+--------+
|Op | 2 bytes
+--------+
|Sender | 6 bytes (depends on the above size field)
|MAC |
|Address |
+--------+
|Sender | 4 bytes (depends on the above size field)
|IP |
|Address |
+--------+
|Target | 6 bytes (depends on the above size field)
|MAC |
|Address |
+--------+
|Target | 4 bytes (depends on the above size field)
|IP |
|Address |
+--------+
The fields are further explained below:
+———+——————————————————-+
|Ethernet |For a ARP request, source MAC address is the MAC |
|Header |address of the host sending the ARP request, |
| |destination MAC address is the Ethernet broadcast |
| |address (FF:FF:FF:FF:FF:FF), frame type field is 0×806.|
| |For ARP reply, source MAC address is the MAC address of|
| |the host replying to the ARP request, destination MAC |
| |address is the MAC address of the host that sent the |
| |ARP request, and the frame type field is 0×806. |
+———+——————————————————-+
|Hardware |Type of the hardware MAC address which is being mapped.|
|Address |For Ethernet the value of this field is 1. |
|Type | |
+———+——————————————————-+
|Protocol |Type of the protocol address to which the MAC address |
|Address |is mapped. For IP address the value of this field is |
|Type |0×800. |
+———+——————————————————-+
|Hardware |Size of the hardware MAC address. For Ethernet, the |
|Address |value of this field is 6. |
|Size | |
+———+——————————————————-+
|Protocol |Size of the protocol address. For IP, the value of |
|Address |this field is 4. |
|Size | |
+———+——————————————————-+
|Operation|Type of operation being performed. The value of this |
| |field can be 1 (ARP request), 2 (ARP reply) |
+———+——————————————————-+
|Source |The hardware MAC address of the host sending the ARP |
|MAC |request or reply. This is same as the source MAC |
|address |address present in the Ethernet header. |
+———+——————————————————-+
|Source |The IP address of the host sending the ARP request or |
|IP |reply. |
|address | |
+———+——————————————————-+
|Target |The hardware MAC address of the host receiving the ARP |
|MAC |request or reply. This is same as the destination MAC |
|address |address present in the Ethernet header. |
+———+——————————————————-+
|Target |The IP address of the host receiving the ARP request |
|IP |or reply. |
|address | |
+———+——————————————————-+
- What is the size of an ARP request and reply packet?
The size of an ARP request or reply packet is 28 bytes.
- How to differentiate between a ARP request packet and a ARP reply packet, as the Ethernet type field is same on both the packets?
An ARP request packet can be differentiated from an ARP reply packet using the ‘operation’ field in the ARP packet. For a ARP request it is 1 and for an ARP reply it is 2.
- Why is the hardware MAC address present in both the Ethernet header and the ARP packet (request and reply)?
The Ethernet header is processed by the data link driver and removed from the packet. When the ARP layer gets the packet, it needs to know the hardware and protocol addresses in order to update the table. That is why the hardware MAC address is present in both the Ethernet header and the ARP packet.
- What is proxy ARP?
Proxy ARP is the process in which one system responds to the ARP request for another system. For example, host A sends an ARP request to resolve the IP address of host B. Instead of Host B, Host C responds to this ARP request. - What is the use of proxy ARP?
When routers receive ARP requests from one network for hosts on the network, they will respond with a ARP reply packet with their MAC address. For example, let us say host A is in one network, host B is in another network and router C connects these two networks. When host A sends an ARP request to resolve the IP address of host B, the router C receives this packet. The router C sends an ARP reply with its MAC address. So host A will send all the packets destined for host B to the router C. Router C will then forward those packets to host B. Proxy ARP is also used if a host in a network is not able to understand subnet addressing. For example, if host A and host B are actually in two different subnets, but host A cannot understand subnet addressing. So host A assumes that host B is present in the same network. In this case a router, host C, can use proxy ARP to route packets between host A and host B. - What is gratuitous ARP?
When a host sends an ARP request to resolve its own IP address, it is called gratuitous ARP. In the ARP request packet, the source IP address and destination IP address are filled with the same source IP address itself. The destination MAC address is the Ethernet broadcast address (FF:FF:FF:FF:FF:FF). - What is the use of gratuitous ARP?
Gratuitous ARP is used for the following:- In a properly configured network, there will not be an ARP reply for a gratuitous ARP request. But if another host in the network is also configured with the same IP address as the source host, then the source host will get an ARP reply. In this way, a host can determine whether another host is also configured with its IP address.
- When the network interface card in a system is changed, the MAC address to its IP address mapping is changed. In this case, when the host is rebooted, it will send an ARP request packet for its own IP address. As this is a broadcast packet, all the hosts in the network will receive and process this packet. They will update their old mapping in the ARP cache with this new mapping.
CIDR
- What are the limitations of IPv4 address classes?
The limitations of IPv4 address classes are:- A large number of IP addresses are wasted because of using IP address classes.
- The routing tables will become large. A separate routing table entry is needed for each network resulting in a large number of routing table entries.
- How a large number of IP addresses are wasted using IPv4 address classes?
If a network has slightly more number of hosts than a particular class, then it needs either two IP addresses of that class or the next class of IP address. For example, let use say a network has 300 hosts, this network needs either a single class B IP address or two class C IP addresses. If class B address is allocated to this network, as the number of hosts that can be defined in a class B network is (2^16 – 2), a large number of host IP addresses are wasted. If two class C IP addresses are allocated, as the number of networks that can be defined using a class C address is only (2^21), the number of available class C networks will quickly exhaust. Because of the above two reasons, a lot of IP addresses are wasted and also the available IP address space is rapidly reduced. - What are the possible solutions to the limitations of IP addressing?
The possible solutions to the limitation of IPv4 addressing are:- IP version 6 (IPv6) or IP next generation (IPng). This is the latest version of IP. This solves a lot of problems in IPv4. This document doesn’t discuss about IPv6.
- Classless Inter Domain Routing (CIDR).
- What is CIDR?
Classless Inter Domain Routing (CIDR) is a method for assigning IP addresses without using the standard IP address classes like Class A, Class B or Class C. In CIDR, depending on the number of hosts present in a network, IP addresses are assigned. - Which RFCs discuss about CIDR?
RFCs 1517, 1518, and 1519 discusses about CIDR. - What is the difference between classful IP addressing and classless IP addressing?
The difference between classful IP addressing and classless IP addressing is in selecting the number of bits used for the network ID portion of an IP address. In classful IP addressing, the network ID portion can take only the predefined number of bits 8, 16, or 24. In classless addressing, any number of bits can be assigned to the network ID. - How is a network ID assigned in a CIDR IP address?
In CIDR IP addressing, the first ‘n’ bits of an IP address are assigned to identify the network and the remaining bits are used to identify the host, where the value of ‘n’ may be between 1 to 31. The value of ‘n’ depends on the number of hosts in the network. - How is an IP address represented in CIDR notation?
In CIDR notation, an IP address is represented as A.B.C.D /n, where “/n” is called the IP prefix or network prefix. The IP prefix identifies the number of significant bits used to identify a network. For example, 192.9.205.22 /18 means, the first 18 bits are used to represent the network and the remaining 14 bits are used to identify hosts. - What are the advantages of CIDR?
The advantages of CIDR over the classful IP addressing are:- CIDR can be used to effectively manage the available IP address space.
- CIDR can reduce the number of routing table entries.
- How CIDR can be used to effectively manage the IP address space?
Using CIDR IP addressing, any number of contiguous bits can be assigned to identify networks, depending on the number of hosts it needs to support. This will greatly reduce the number of wasted IP addresses. For example, let us say a network has 900 hosts. If classful IP addressing is used, this network needs 4 class C IP addresses or one class B IP address. If a class B IP address is used, as the maximum number of hosts in a class B network is 65534, a very large number (65534 – 900) of host IP addresses will be wasted. As the number of class C IP networks is limited (2097152), it is not preferable to assign 4 class C IP addresses to this network. On the other hand, if CIDR is used, then this network can be assigned an IP address with a network prefix of 22 (i.e. /22). This means, 10 bits are available for hosts, resulting in 1024 available host IP addresses, satisfying the exact requirements of the network. So CIDR the IP address space can be effectively used. - How CIDR reduces the number of entries in a routing table?
Using classful IP addressing, a separate entry is needed in the routing table of a router for each network. This results in a routing table with a large number of entries due to the existence of a large number of networks. As each router has its own limitation, this large routing table will lead to reduced performance and eventual breakdown of the router. If CIDR addressing is used, a single entry can be used to represent a group of networks. This will reduce the number of entries in the router. This is known as route aggregation. The routes for the individual networks will be present in another router down the path. Each entry in the router will have a network prefix associated with it. The network prefix is used to identify the correct network from the given IP address. - Will CIDR completely eliminate IP address crunch problem?
No. Even using CIDR, all the available IP addresses will get used at some point in time. The final solution to this problem is to use the next version of IP (IPv6).
Ethernet
- What is Ethernet?
Ethernet is a Local Area Network (LAN) cabling and signaling specification for baseband networks. Ethernet uses a bus or star topology for connecting different nodes in a network. - To which OSI layer does Ethernet belong?
Ethernet belongs to both the Physical Layer (Layer 1) and the Data Link layer (Layer 2) in the OSI architecture. - What are the standard data rates for Ethernet?
The standard data rates for Ethernet are 10 Mbps, 100 Mbps, and 1 Gbps - What are the IEEE standards that cover Ethernet?
The following IEEE standards define Ethernet:
+--------+----------------------------------------------------+
|IEEE | Description |
|Standard| |
+--------+----------------------------------------------------+
|802.2 |Logical Link Control (LLC) Specification. Specifies|
| |the general interface between the network layer |
| |(IP, IPX, etc) and the data link layer (Ethernet, |
| |Token Ring, etc). |
+--------+----------------------------------------------------+
|802.3 |CSMA/CD Network (Ethernet) Specification. Specifies|
| |the frame format, cabling and signaling standards. |
+--------+----------------------------------------------------+
- How two systems in an Ethernet network communicate?
In a Ethernet network, a system broadcasts the data using a Ethernet frame. The destination system is specified in the Ethernet frame using its Ethernet address. All the systems in the network listen for an Ethernet frame with their Ethernet address in it. When a system receives an Ethernet frame with its address in it, it processes the frame and sends it to the higher layers (like IP) for further processing. - What is a “collision”?
At any one instance, in an Ethernet network, only one device can transmit. If two devices transmit at the same instance, then the signals from both devices will collide and a “collision” will occur. When a “collision” occurs, the signals will get distorted and the frame will be lost. Collisions are very common in a Ethernet network. - How is “collision” handled in Ethernet networks?
Ethernet uses the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) media access control mechanism to detect and recover from a collision. - What is CSMA/CD?
CSMA/CD is a media access control mechanism used in Ethernet to recover from frame collision. The following steps are followed to recover from a collision.
Step 1: Before an Ethernet device sends a frame on the Ethernet cable, it listens to find if another device is already transmitting a frame (Carrier Sense).
Step 2: Once the device finds that other devices are not transmitting any frame, it starts transmitting the frame. If two devices detect that the Ethernet cable is free at the same time, then both will start transmitting the frames (Multiple Access). This will result in collision.
Step 3: The Ethernet devices while transmitting the frames, also listen for the collision. (Collision Detect).
Step 4: If they detect a collision, both the devices stop sending the frame (back off).
Step 5: They retry the transmission after a logarithmic time-out period. This process is repeated till the frame is transmitted successfully, for a maximum of 16 times. The frame is discarded after the 16th retry.
- What is “late collision”?
An Ethernet device will detect a collision, while it is transmitting, only if the collision reaches it before it completes transmitting the entire frame. If the collision reaches the transmitter, after it completed sending the entire frame, then the transmitter will not detect the collision, it will assume the collision occurred because of some other frame. This is called “late collision”. Late collision will occur, if the length of the Ethernet network segment is greater than the standard allowed length. - How “late collision” is avoided in Ethernet?
Late collision can be avoided, if the maximum length of the Ethernet network segment is restricted, such that if a collision occurs, it will reach the transmitter before the transmitter completed transmitting the entire frame. In a typical 10 Mbps network, the minimum length of an Ethernet frame is 576 bits (72 bytes) and the maximum length of a single Ethernet network segment is 2.5 kms. - What is an Ethernet address?
Each device in an Ethernet network is uniquely identified by a 48 bit (6 bytes) address called Ethernet address. Ethernet address is also known as Media Access Control (MAC) address. Ethernet addresses are represented as six pairs of hexadecimal digits separated by a colon. Ethernet address are buried in the network adapter by the manufacturer. A Ethernet address of a device cannot be changed. Example: 00:60:08:11:B1:AB, 00:00:c0:5e:83:0e - What is a broadcast address?
The Ethernet address in which all the bits are 1 is known as a broadcast address. It is represented as FF:FF:FF:FF:FF:FF. A frame with this address is received and processed by all the nodes in the network. - What are the different Ethernet frame formats?
The different Ethernet frame formats are listed below: Ethernet II and IEEE 802.3 - Why there are different Ethernet frame formats?
Xerox developed the first version of Ethernet, Ethernet I. The second version of Ethernet, Ethernet II, was developed by DEC, Intel and Xerox. After this the Ethernet was standardized by IEEE and the new format is known as 802.3 format. To provide backward compatibility with Ethernet II, 802.2 SNAP format was developed. - What is the format of an Ethernet II frame?
+-----------+----------+----------+-----------+----------+
|Destination|Source MAC|Frame type|Data | CRC |
|MAC Address|Address |(IP, ARP) |(46 to | Checksum |
|(6 bytes) |(6 bytes) |(2 bytes) |1500 bytes)| (4 bytes)|
+-----------+----------+----------+-----------+----------+
- What is the format of an 802.3 frame?
The various components of an 802.3 frame are shown below:
+----------+---------+-----------+----------+
|802.3 MAC |802.2 LLC|Data | CRC |
|Header |Header |(43 to | Checksum |
|(14 bytes)|(3 bytes)|1497 bytes)| (4 bytes)|
+----------+---------+-----------+----------+
The first two components, MAC Header and LLC Header are further expanded below: 802.3 MAC Header:
+-----------+----------+---------+
|Destination|Source MAC|Length of|
|MAC Address|Address |the frame|
|(6 bytes) |(6 bytes) |(2 bytes)|
+-----------+----------+---------+
802.2 LLC Header:
+-----------+--------+--------+
|Destination|Source |Control |
|SAP |SAP |Byte |
|(1 byte) |(1 byte)|(1 byte)|
+-----------+--------+--------+
- What is the format of an 802.2 SNAP frame?
+----------+---------+----------+-----------+----------+
|802.3 MAC |802.2 LLC|802.2 SNAP|Data | CRC |
|Header |Header |Header |(38 to | Checksum |
|(14 bytes)|(3 bytes)|(5 bytes) |1492 bytes)| (4 bytes)|
+----------+---------+----------+-----------+----------+
The 802.2 SNAP header is further expanded below. 802.2 SNAP Header:
+---------------------+---------+
|OUI (Organizationally|Type |
|Unique Id) |(2 bytes)|
|(3 bytes) | |
+---------------------+---------+
- How is the length of an Ethernet II frame calculated?
The length of an Ethernet II frame is not present in the frame itself. It depends on the Ethernet network interface used. When the interface sends a frame to the network device driver, it supplies the length of the received frame. - What is the minimum and maximum size of an Ethernet frame?
The minimum size of an Ethernet frame is 64 bytes. The breakup of this size between the fields is: Destination Address (6 bytes) + Source Address (6 bytes) + Frame Type (2 bytes) + Data (46 bytes) + CRC Checksum (4 bytes). The minimum number of bytes passed as data in a frame must be 46 bytes. If the size of the data to be passed is less than this, then padding bytes are added. The maximum size of an Ethernet frame is 1518 bytes. The breakup of this size between the fields is: Destination Address (6 bytes) + Source Address (6 bytes) + Frame Type (2 bytes) + Data (1500 bytes) + CRC Checksum (4 bytes). The maximum number of bytes of data that can be passed in a single frame is 1500 bytes. - What is a SAP?
SAP, Service Access Point, is the logical point at which services are provided by an OSI layer. Typically, the protocols in the network layer (like IP) bind at specific SAP in the Logical Link Control Layer( LLC) for accessing the services provided by it. - Why Sub Network Access Protocol (SNAP) header is required?
The 802.2 LLC header replaces the ‘protocol type’ of the Ethernet II format with two SAP fields, Source SAP and Destination SAP. The value of the SAP field in the 802.2 header is equivalent to the ‘protocol type’ field in the Ethernet II header. The value of the SAP field will be between 1 and 255, since it is an 8 bit field. On the other hand, the ‘protocol type’ value for the standard protocols like IP, ARP, etc is grater than 1500. Obviosuly, these values cannot be represented in the SAP fields. So to provide compatibility with Ethernet II, SNAP header was added to the 802.2 LLC header. In a SNAP frame, both the SAP values will be 0xAA and the first 5 bytes of the data will give the protocol ID. Out of the 5 bytes of data, the last 2 bytes are same as the protocol type field of the Ethernet II frame. The first 3 bytes are called as ‘Organizationally Unique Identifer’ (OUI) and are allocated as a vendor identifier. Typically, OUI will be zero.
- What are the values for SSAP, DSAP, control and org fields in a 802.2 SNAP frame?
+-------+-----+
|Field |Value|
+-------+-----+
|SSAP |0xAA |
|DSAP |0xAA |
|Control|3 |
|OUI |0 |
+-------+-----+
- How to differentiate between an 802.3 frame and an Ethernet II frame?
The value of ‘length’ field in an 802.3 frame must be less than 1500 and in a Ethernet II frame the value of ‘type’ field must be more than 1500. Since the 802.3 frame ‘length’ field and the Ethernet II frame ‘type’ field are at the same offset from the header, depending on the value present, the frame can be differentiated. - What is promiscuous mode?
Normally, a Ethernet network interface will pass a frame to the above network layers only if it is addressed to that interface. If the network interface is put in the promiscuous mode, the Ethernet network interface will send all the frames (frames addressed to any host in the network), regardless of their destination address to the above network layers. This mode is used by network analyzers to capture all the frames. - What is MTU?
Maximum Transmission Unit (MTU) is the maximum number of bytes that can be transmitted in a single transmission unit. Every communication medium has a MTU. For Ethernet, the MTU of a frame is 1500.
IP :
- What is IP?
Internet Protocol (IP) is an unreliable, best effort delivery, connection-less protocol used for transmitting and receiving data between hosts in a TCP/IP network. - To which OSI layer does IP belong?
IP belongs to the Network Layer (layer 3) in the OSI model. - Which RFC discusses IP?
RFC 791 discusses about the IP protocol version 4. - Which version of IP is discussed in this document?
IP version 4 (IPv4) is discussed in this document. - What do you mean by IP is an unreliable protocol?
IP is a unreliable protocol because it does not guarantee the delivery of a datagram to its destination. The reliability must be provided by the upper layer protocols like TCP. IP does not support flow control, retransmission, acknowledgement and error recovery. - What do you mean by IP is a best-effort protocol?
IP is a best-effort protocol, because it will make every effort to always transmit a datagram and also datagrams will not be just discarded. However, the delivery of the datagram to the destination is not guaranteed. - What do you mean by IP is a connection-less protocol?
IP is a connection-less protocol because it does not maintain state information about the connection to a destination host. Each datagram is handled independent of other datagrams and also each datagram may reach the destination through different network routes. - What is the role of IP in the TCP/IP protocol suite?
IP is used for- Transmitting data from higher-level protocols like TCP, UDP in IP datagrams, from one host to another host in the network.
- Identifying individual hosts in a network using an IP address.
- Routing datagrams through gateways and
- Fragmenting and reassembling datagrams based on the MTU of the underlying network.
- What is an IP Datagram?
An IP datagram is a basic unit of information used by the IP layer to exchange data between two hosts. A IP datagram consists of an IP header and data. - How higher-level data is carried by IP to a destination host?
The data from higher-level protocols like TCP, UDP is encapsulated in an IP datagram and transmitted to the destination host. IP will not modify the higher-level data. - What is the minimum and maximum size of an IP datagram?
The minimum size of an IP datagram is 576 bytes and the maximum size is 65535 bytes. - What is the minimum and maximum size of an IP datagram header?
The minimum size of an IP datagram header is 20 bytes. The maximum IP datagram header size is 60 bytes. - Is there a limitation on the minimum size of a IP datagram a network can handle?
Yes. All IP networks must be able to handle datagrams of at least 576 bytes in length. - What are the fields in an IP datagram header?
The various fields in an IP datagram header and their size in bits are shown below:
+————-+
| Version | 4 bits
+————-+
| IP Header | 4 bits
| Length |
+————-+
| Type of | 8 bits
| Service |
+————-+
| Size of the | 16 bits
| Datagram |
+————-+
| Datagram ID | 16 bits
+————-+
| Control | 3 bits
| Flags |
+————-+
| Fragment | 13 bits
| Offset |
+————-+
| Time to | 8 bits
| Live |
+————-+
| Protocol | 8 bits
+————-+
| Header | 16 bits
| Checksum |
+————-+
| Source IP | 32 bits
| Address |
+————-+
| Destination | 32 bits
| IP Address |
+————-+
| Options | Variable Length
+————-+
The various fields are explained below:
+———–+—————————————————–+
| Version | IP protocol version. For IPv4, this value is 4. |
+———–+—————————————————–+
| IP Header | Length of the IP header in multiples of |
| Length | 32-bit words. |
+———–+—————————————————–+
| Type of | Quality of Service(QOS) requested for this datagram.|
| Service | |
| (TOS) | |
+———–+—————————————————–+
| Datagram | Length of the entire datagram in bytes, including |
| Size | the header and the payload. |
+———–+—————————————————–+
| Datagram | Current datagram identifier. |
| ID | |
+———–+—————————————————–+
| Control | Bit 0: Reserved |
| Flags | Bit 1: 0 – Allow fragment, 1 – Don’t fragment. |
| | Bit 2: 0 – Last fragment, 1 – More fragments. |
+———–+—————————————————–+
| Fragment | Specifies the offset in the original IP datagram, |
| Offset | where this fragment begins. This is a multiple of |
| | 32 bit words. |
+———–+—————————————————–+
| Time to | The time upto which this datagram can live in the |
| Live | network. |
| (TTL) | |
+———–+—————————————————–+
| Protocol | Indicates to which upper-layer protocol layer this |
| | datagram should be delivered. e.g. TCP, UDP |
+———–+—————————————————–+
| Header | IP header checksum. |
| Checksum | |
+———–+—————————————————–+
| Source IP | IP address of the source host sending this IP |
| Address | datagram. |
+———–+—————————————————–+
| Target IP | IP address of the destination host to which this |
| Address | IP datagram must be delivered. |
+———–+—————————————————–+
| Options | Used for timestamps, security, source routing, etc. |
+———–+—————————————————–+
- What is the byte order used for transmitting datagram headers in the TCP/IP protocol suite?
All the datagram headers in the TCP/IP protocol suite are transmitted in the “big endian” byte order. i.e. The most significant byte is transmitted first. This is also called as “network byte order”.
- Why there are two length fields (IP header length, IP datagram length) in the IP header?
The size of the IP header is not fixed. Depending on the IP options present, the size of the IP header will vary. A separate field for the IP header length is added, so that the destination system can separate the IP datagram header from the payload. - How is the value for datagram identifier calculated?
The IP datagram identifier is just a sequence number assigned by the transmitting host. The algorithm for assigning value to this field is not specified by the IP protocol. - What is the use of datagram identifier field?
The IP datagram identifier field is used to uniquely identify and assemble the different fragments of an IP datagram. - Is the datagram identifier field unique for each IP datagram?
Yes. The IP datagram identifier field is different for each IP datagram transmitted. The fragments of an IP datagram will have the same identifier value. - What is the use of Type Of Service field in the IP header?
The Type Of Service (TOS) field is used TCP to describe the desired quality of service for an IP datagram by upper layer protocols like TCP. This field can be used to specify the nature and priority of a IP datagram (like Network Control, Immediate, Critical, etc) and the criteria for selecting a path for forwarding a datagram by a gateway. - What are the different types of criteria can be specified using the TOS field?
The different types of criteria that can be specified by the TOS field in an IP datagram are:- Minimize delay,
- Maximize throughput
- Maximize reliability
- Minimize cost and
- Normal service.
- Which RFC discusses the Type Of Service (TOS) field?
RFC 1349 discusses the Type Of Service (TOS) field. - What is the use of the Time To Live (TTL) field in the IP header?
The TTL field is used to limit the lifetime of a IP datagram and to prevent indefinite looping of IP datagrams. - How is the TTL field used to prevent indefinite looping of IP datagrams?
The TTL field contains a counter value set by the source host. Each gateway that processes this datagram, decreases the TTL value by one. When the TTL value reaches zero, the datagram is discarded. - What is the typical value for the TTL field?
The typical value for a TTL field is 32 or 64. - When is a datagram considered undeliverable?
If a datagram cannot be delivered to the destination host due to some reason, it is considered an undeliverable datagram. - How a datagram becomes an undeliverable datagram?
A datagram may become undeliverable, if- The destination host is down.
- The route for the destination host is not found.
- A network in the route to the destination host is down.
- The Time To Live (TTL) value of the datagram becomes zero.
- What happens to an undeliverable datagram?
An undeliverable datagram is discarded and an ICMP error message is sent to the source host. - Is it possible for an IP datagram to be duplicated?
Yes. A host may receive the same copy of an IP datagram twice. It is upto the higher layer protocols to discard the duplicate copy of the datagram. - Which part of the IP datagram is used for calculating the checksum?
The checksum field in the IP header covers only the IP header. The payload data is not used for calculating this checksum.
IP Address:
- What is an IP address?
IP address is an network layer protocol address for a host in a TCP/IP network. - What is the use of an IP address?
IP address is used to uniquely identify each host in a network. IP address is needed in order to communicate with other hosts in the network using the TCP/IP suite of protocols. - Which version of IP is covered by this document?
This document covers IP version 4. - Which RFC specifies the IP address standard?
RFC 1166 specifies the IP Version 4 address format. - How a host determines its IP address?
A host determines its IP address during the boot-up process either from a configuration file stored in the local hard disk of the system or using a network protocol like RARP, DHCP, BOOTP from the servers in the network. - Is there any relation between the MAC address and IP address of a host?
No. There is no relation between the MAC address and the IP address of a host. - Can a single network interface have more than one IP address associated with it?
Yes. It is possible to associate more than one IP address to a single network interface. This is discussed in detail in RFC 1122. - What is the difference between a host name and an IP address?
A host name is used to identify a host by human beings and higher level user applications. But IP protocol uses only IP addresses to identify a host in the network. A host-name is provided just as a convenience for users of the network and higher level applications. - How a host name is resolved to the corresponding IP address?
A host name is resolved to the corresponding IP address either from a configuration file stored in the local machine or using a network protocol like DNS or WINS from a server in the network. - What is the size of an IP address?
The size of an IP address is 32 bits (4 bytes). - How an IP address is represented?
The following notation is used to represent an IP address. This notation is called the dotted decimal format: M.N.O.P, where M, N, O and P represent the first, second, third and fourth bytes of an IP address respectively. The size of each byte is 8 bits and the value of each byte can be from 0 to 255. For example, 192.9.205.21 is an IP address. - What are the components of an IP address?
A IP address consists of the following components: Network ID and Host ID. For example, in the IP address 192.9.205.21, the network ID is 192.9.205 and the host ID is 21. - What is a network ID?
A network ID uniquely identifies a network. All the hosts in a single network will have the same network ID. For example, in the IP address 192.9.205.21, the network ID is 192.9.205. A router analyses only the network ID portion of an IP address for datagram forwarding. - What is a host ID?
A host ID uniquely identifies a host in a network. Two hosts in two different networks can have the same host ID. For example, in the IP address 192.9.205.21, the host ID is 21. - What is a unicast IP address?
A unicast IP address is an IP address uniquely identifying a host in a network. The datagram with a unicast IP address is received and processed by only a single host. For example, the IP address 192.9.205.21 is a unicast IP address. - What is a multicast IP address?
A multicast address is an IP address identifying a particular group of hosts in network. This group of hosts is called a multicast group. For example, the IP address 225.2.100.1 is a multicast IP address. - What is a broadcast IP address?
The datagram with a broadcast IP address is received and processed by all the hosts in the local network. For example, the IP addresses 255.255.255.255, 192.9.205.255, 180.10.255.255, 10.255.255.255 are broadcast IP addresses. - How IP addresses are classified?
IP addresses are classified based on the number of bytes allocated to the Network ID and the Host ID in an IP address. - What is the use of classifying IP addresses?
IP addresses are classified so that networks and hosts can be easily managed. - What are the different classes of IP addresses?
IP addresses are classified into the following classes:- Class A
- Class B
- Class C
- Class D
- Class E
- How to determine the class of an IP address?
The class of an IP address can be determined from the first four bits of the first byte of the IP address. - How many bytes does each Class of IP address use to represent network and host IDs?
The number of bytes used by each network Class to represent the network and host are shown below:
+----------+----------------+----------------+
|IP Address| Bytes used for | Bytes used for |
|Class | Network ID | Host ID |
+----------+----------------+----------------+
| Class A | 1 | 3 |
| Class B | 2 | 2 |
| Class C | 3 | 1 |
| Class D | - | - |
| Class E | - | - |
+----------+----------------+----------------+
- What is the format of the various IP address classes?
The format of the different IP address classes is shown below:
+----------+-------------------------------------+
|IP Address| IP Address format |
|Class | |
+----------+-------------------------------------+
| Class A | 0NNNNNNN.HHHHHHHH.HHHHHHHH.HHHHHHHH |
| Class B | 10NNNNNN.NNNNNNNN.HHHHHHHH.HHHHHHHH |
| Class C | 110NNNNN.NNNNNNNN.NNNNNNNN.HHHHHHHH |
| Class D | 1110MMMM.MMMMMMMM.MMMMMMMM.MMMMMMMM |
| Class E | 1111RRRR.RRRRRRRR.RRRRRRRR.RRRRRRRR |
+----------+-------------------------------------+
In the above table,
N denotes the network ID bits,
H denotes the host ID bits,
M denotes the multicast address bits and
R denotes reserved bits.
- How many number of networks and hosts can be represented using the IP address classes?
The maximum number of networks and hosts that can be represented using the various IP address classes is shown below in the table:
+----------+----------------+---------------------+
|IP Address| Maximum number | Maximum number of |
|Class | of networks | hosts per network |
+----------+----------------+---------------------+
| Class A | 126 (2^7 - 2) | 16777214 (2^24 - 2) |
| Class B | 16384 (2^14) | 65534 (2^16 - 2) |
| Class C | 2097152 (2^21) | 254 (2^8 - 2) |
| Class D | - | - |
| Class E | - | - |
+----------+----------------+---------------------+
In the above table,
-
- The numbers are calculated using the number of bits used to represent the network ID and host ID.
- The maximum number of networks for Class A IP address is reduced by 2 to account for the reserved network IP address 0.xxx.xxx.xxx and 127.xxx.xxx.xxx
- The maximum number of hosts for all the classes is reduced by 2 to account for the reserved host IP address in which all the host ID address bits are either one or zero.
- What is the possible range of IP addresses for the different classes?
+----------+-----------------------------------+
|IP Address| Possible range of IP address |
|Class | |
+----------+-----------------------------------+
| Class A | 0.0.0.0 through 127.255.255.255 |
| Class B | 128.0.0.0 through 191.255.255.255 |
| Class C | 192.0.0.0 through 223.255.255.255 |
| Class D | 224.0.0.0 through 239.255.255.255 |
| Class E | 240.0.0.0 through 247.255.255.255 |
+----------+-----------------------------------+
- What kind of networks use a Class A or Class B or Class C IP address typically?
Class A IP address is used for a network with large number of hosts. Class C IP address is used for a network with less number of hosts. Class B IP address is used for a network with medium number of hosts. - What is the use of Class D IP addresses?
The Class D IP addresses are used for multicasting. - What is the use of Class E IP addresses?
The Class E IP addresses are reserved for experimental purpose. - How to decide which class of IP address to use for a particular network?
The class of IP address to use for a particular network depends on the maximum number of hosts in the network. For example, if the maximum number of hosts in a network will be less than 254 hosts, then a Class C IP address can be used for the network. If the maximum number of hosts in a network will be greater than 254 hosts but less than 65534, then a Class B network can be used. - Does the maximum number of hosts in a network, restrict the class of IP address that can be used for the network?
No. Any possible class of IP address can be used to represent a network. For example, if a network has 200 hosts, it can use either a class A or class B or class C IP address. - What are the various special IP addresses?
The various special IP address are shown below in the table:
+—————-+————————————————-+
|IP Address | Description |
+—————-+————————————————-+
|0.0.0.0 | Local host. |
+—————-+————————————————-+
|127.xxx.xxx.xxx | Local loopback address. The value of the last |
| | 3 bytes are ignored. The datagram with this IP |
| | address is never transmitted over the network. |
+—————-+————————————————-+
|xxx.0.0.0 | Local host IP address. The x represents the |
|xxx.xxx.0.0 | network ID bits. |
|xxx.xxx.xxx.0 | |
+—————-+————————————————-+
|0.xxx.xxx.xxx | IP address of a host in the local network. The |
|0.0.xxx.xxx | x represents the host ID bits. |
|0.0.0.xxx | |
+—————-+————————————————-+
|255.255.255.255 | Limited Broadcast address. Datagram with this |
| | address will be received and processed by all |
| | the hosts in the local network. This datagram |
| | is not forwarded to other networks by routers. |
+—————-+————————————————-+
|xxx.255.255.255 | Directed broadcast address. The datagram with |
|xxx.xxx.255.255 | this IP address is received by all the hosts in |
|xxx.xxx.xxx.255 | the specified network. The x represents the |
| | network ID bits. |
+—————-+————————————————-+
IP Fragmentation:
- What is meant by IP fragmentation?
The breaking up of a single IP datagram into two or more IP datagrams of smaller size is called IP fragmentation. - Why is an IP datagram fragmented?
Every transmission medium has a limit on the maximum size of a frame (MTU) it can transmit. As IP datagrams are encapsulated in frames, the size of IP datagram is also restricted. If the size of An IP datagram is greater than this limit, then it must be fragmented. - Which RFCs discuss IP fragmentation?
RFC 791 & RFC 815 discusses about IP datagrams, fragmentation and reassembly. - Is it possible to select an IP datagram size to always avoid fragmentation?
It is not possible to select a particular IP datagram size to always avoid fragmentation, as the MTU for different transmission It is possible, though, for a given path to choose a size that will not lead to fragmentation. This is called Path MTU Discovery and is discussed in the RFC 1191. The TCP transport protocol tries to avoid fragmentation using the Maximum Segment Size (MSS) option. - Where an IP datagram may get fragmented?
An IP datagram may get fragmented either at the sending host or at one of the intermediate routers. - Where are the IP datagram fragments reassembled?
The IP fragments are reassembled only at the destination host. - How to prevent an IP datagram from being fragmented?
A IP datagram can be prevented from fragmentation, by setting the “don’t fragment” flag in the IP header. - What happens when a datagram must be fragmented to traverse a network, but the “don’t fragment” flag in the datagram is set?
The datagram whose “don’t fragment” flag is set is discarded, if it must be fragmented to traverse a network. Also, a ICMP error message is sent back to the sender of the datagram. - Will all the fragments of a datagram reach the destination using the same path?
The different fragments of the same IP datagram can travel in either in the same path or in different paths to the destination. - Will all the fragments of a datagram arrive at the destination system in the correct order?
The different fragments of a single IP datagram can arrive in any order to the destination system. - What happens to the original IP datagram when one or more fragments are lost?
When one or more fragments of an IP datagram are lost, then the entire IP datagram is discarded after a timeout period. - What is the minimum size of an IP fragment?
The minimum size of an IP fragment is the minimum size of an IP header plus eight data bytes. Most firewall-type devices will drop an initial IP fragment (offset 0) that does not contain enough data to hold the transport headers. In other words, the IP fragment normally need 20 octets of data in addition to the IP header in order to get through a firewall if offset is 0. - What are the limitations on the size of a fragment?
The size of an IP datagram fragment is limited by- The amount of remaining data in the original IP datagram
- The MTU of the network and
- Must be a multiple of 8, except for the final fragment.
- How is an IP datagram fragment differentiated from a non-fragmented IP datagram?
A complete IP datagram is differentiated from an IP fragment using the offset field and the “more fragments” flags. For a non-fragmented IP datagram, the fragment offset will be zero and the “more fragments” flag will be set to zero. - How are the fragments of a single IP datagram identified?
The “identification” field in the IP header is used to identify the fragments of a single IP datagram. The value of this field is set by the originating system. It is unique for that source-destination pair and protocol for the duration in which the datagram will be active. - How is the last fragment of an IP datagram identified?
The last fragment of an IP datagram is identified using the “more fragments” flag. The “more fragment” flag is set to zero for the last fragment. - How is the length of a complete IP datagram calculated from the received IP fragments?
Using the fragment offset field and the length of the last fragment, the length of a complete IP datagram is calculated. - How is an IP datagram fragmented?
In the following example, an IP datagram is fragmented into two. This same algorithm can be used to fragment the datagram into ‘n’ fragments.- The IP layer creates two new IP datagrams, whose length satisfies the requirements of the network in which the original datagram is going to be sent.
- The IP header from the original IP datagram is copied to the two new datagrams.
- The data in the original IP datagram is divided into two on an 8 byte boundary. The number of 8 byte blocks in the first portion is called Number of Fragment Blocks (NFB).
- The first portion of the data is placed in the first new IP datagram.
- The length field in the first new IP datagram is set to the length of the first datagram.
- The fragment offset field in the first IP datagram is set to the value of that field in the original datagram.
- The “more fragments” field in the first IP datagram is set to one.
- The second portion of the data is placed in the second new IP datagram.
- The length field in the second new IP datagram is set to the length of the second datagram.
- The “more fragments” field in the second IP datagram is set to the same value as the original IP datagram.
- The fragment offset field in the second IP datagram is set to the value of that field in the original datagram plus NFB.
- How a destination system reassembles the fragments of an IP datagram?
- When a host receives an IP fragment, it stores the fragment in a reassembly buffer based on its fragment offset field.
- Once all the fragments of the original IP datagram are received, the datagram is processed.
- Upon receiving the first fragment, a reassembly timer is started.
- If the reassembly timer expires before all the fragments are received, the datagram is discarded.
- What fields are changed in an IP header due to fragmentation?
The following IP header fields are changed due to IP fragmentation:- Total Length
- Header Length
- More Fragments Flag
- Fragment Offset
- Header Checksum
- Options
- What happens to the IP options field when an IP datagram is fragmented?
Depending on the option, either it is copied to all the fragments or to only the first fragment. - Which IP options are copied to all the fragments of an IP datagram?
If the most significant bit in the option type is set (i.e. value one), then that option is copied to all the fragments. If it is not set (i.e. value zero), it is copied only to the first fragment.
RARP :
- What is RARP?
Reverse Address Resolution Protocol (RARP) is a network protocol used to resolve a data link layer address to the corresponding network layer address. For example, RARP is used to resolve a Ethernet MAC address to an IP address. - To which OSI layer does RARP belong?
RARP belongs to the OSI data link layer (layer 2). - Which RFC specifies the requirements for RARP?
RFC 903 specifies the RARP packet format and other details. - Why is RARP needed?
Normally, the IP address of a system is stored in a configuration file in the local disk. When the system is started, it determines its IP address from this file. In the case of a diskless workstation, its IP address cannot be stored in the system itself. In this case, RARP can be used to get the IP address from a RARP server. - What is a RARP server?
All the mappings between the hardware MAC addresses and the IP addresses of the hosts are stored in a configuration file in a host in the network. This host is called the RARP server. This host responds to all the RARP requests. - Where is the mapping between the MAC address and IP addresses stored in a RARP server?
The mapping between MAC addresses and IP addresses is usually stored in a configuration file in the local hard disk in the RARP server. - Can RARP be used in a network other than Ethernet?
Yes. RARP is a general protocol, which can be used to map any type of hardware MAC address to any type of network layer protocol address. - How does RARP resolve an Ethernet MAC address to an IP address?
When a diskless system is booted up, it broadcasts a RARP request packet with its MAC address. This packet is received by all the hosts in the network. When the RARP server receives this packet, it looks up this MAC address in the configuration file and determines the corresponding IP address. It then sends this IP address in the RARP reply packet. The diskless system receives this packet and gets its IP address. - When is a RARP request packet generated?
A RARP request packet is usually generated during the booting sequence of a host. A host must determines its IP address during the booting sequence. The IP address is needed to communicate with other hosts in the network. - What happens when a RARP server receives a RARP request packet?
When a RARP server receives a RARP request packet it performs the following steps:- The MAC address in the request packet is looked up in the configuration file and mapped to the corresponding IP address.
- If the mapping is not found, the packet is discarded.
- If the mapping is found, a RARP reply packet is generated with the MAC and IP address. This packet is sent to the host, which originated the RARP request.
- What happens when a host receives a RARP reply packet?
When a host receives a RARP reply packet, it gets its IP address from the packet and completes the booting process. This IP address is used for communicating with other hosts, till it is rebooted. - What is the length of a RARP request and reply packet?
The length of a RARP request or a RARP reply packet is 28 bytes. - What is the RARP packet format?
The various fields of a RARP request/reply packet and their length are shown below:
+——–+
|Hardware| 2 bytes
|MAC |
|Address |
|Type |
+——–+
|Protocol| 2 bytes
|Address |
|Type |
+——–+
|Hardware| 1 byte
|MAC |
|Address |
|Size |
+——–+
|Protocol| 1 byte
|Address |
|Size |
+——–+
|Op | 2 bytes
+——–+
|Sender | 6 bytes (depends on the above size field)
|MAC |
|Address |
+——–+
|Sender | 4 bytes (depends on the above size field)
|IP |
|Address |
+——–+
|Target | 6 bytes (depends on the above size field)
|MAC |
|Address |
+——–+
|Target | 4 bytes (depends on the above size field)
|IP |
|Address |
+——–+
The fields are further explained below:
+———+——————————————————-+
|Ethernet |For a RARP request, source MAC address is the MAC |
|Header |address of the host sending the RARP request, |
| |destination MAC address is the Ethernet broadcast |
| |address (FF:FF:FF:FF:FF:FF), frame type field is 0×8035|
| |For RARP reply, source MAC address is the MAC address |
| |of the RARP server replying to the RARP request, |
| |destination MAC address is the MAC address of the host |
| |that sent the RARP request, and the frame type field is|
| |0×8035. |
+———+——————————————————-+
|Hardware |Type of the hardware MAC address present in the packet.|
|Address |For Ethernet the value of this field is 1. |
|Type | |
+———+——————————————————-+
|Protocol |Type of the protocol address requested for the MAC |
|Address |address. For IP address the value of this field is |
|Type |0×800. |
+———+——————————————————-+
|Hardware |Size of the hardware MAC address. For Ethernet, the |
|Address |value of this field is 6. |
|Size | |
+———+——————————————————-+
|Protocol |Size of the protocol address. For IP, the value of |
|Address |this field is 4. |
|Size | |
+———+——————————————————-+
|Operation|Type of operation being performed. The value of this |
| |field can be 3 (RARP request) or 4 (RARP reply). |
+———+——————————————————-+
|Source |In a RARP request packet, this is the hardware MAC |
|MAC |address of the source host. In a RARP reply packet, |
|address |this is the hardware MAC address of the RARP server |
| |sending the RARP reply. |
+———+——————————————————-+
|Source |In a RARP request packet, this is undefined. In a |
|IP |RARP reply packet, this is the IP address of the RARP |
|address |server sending the RARP reply. |
+———+——————————————————-+
|Target |In a RARP request packet, this is the hardware MAC |
|MAC |address of the source host. In a RARP reply packet, |
|address |this is the hardware MAC address of the host, that sent|
| |the RARP request packet. |
+———+——————————————————-+
|Target |In a RARP request packet, this is undefined. In a RARP |
|IP |reply packet, this is the IP address of the host |
|address |that sent the RARP request packet. |
+———+——————————————————-+
- Does RARP use the same packet format as ARP?
Yes. RARP uses the same packet format as ARP.
- How is a RARP packet differentiated from an ARP packet?
The frame type in the Ethernet header is used to differentiate a RARP packet from an ARP packet. The value of the opcode field in the RARP header can also be used. - Is the format of a RARP request packet the same as that of a RARP reply packet?
Yes. The packet format of a RARP request packet is same as that of a RARP reply packet. - How is a RARP request differentiated from a RARP reply packet?
The ‘operation’ field in the RARP packet is used to differentiate between a RARP request and a RARP reply packet. - What are the values for the source and destination IP address fields in a RARP request packet?
In an RARP request packet, the source and destination IP address values are undefined. - What are the values for the source and destination IP address values in a RARP reply packet?
In a RARP reply packet, the source IP address is the IP address of the RARP server responding to the RARP request and the destination IP address is the IP address of the host that sent the RARP request. - Do all the hosts in a network process a RARP packet?
Since a RARP request packet is a broadcast packet, it is received by all the hosts in the network. But only a RARP server processes a RARP request packet, all the other hosts discard the packet. The RARP reply packet is not broadcast, it is sent directly to the host, which sent the RARP request. - What will happen if more than one RARP server in a network responds to a RARP request?
If more than one RARP server respond to a RARP request, then only the first RARP reply received is used. All other replies are discarded. - What will happen if a RARP reply is not received for a RARP request?
If a RARP reply is not received within a reasonable amount of time, the host, which sent the RARP request, will not be able to complete its booting sequence. Usually the host will again retry sending the RARP request after a timeout period. - Are there any alternative protocols to RARP?
The BOOTP and DHCP protocols can be used instead of RARP to get the IP address from the MAC address.
IP subnetting:
- What is an IP sub-network?
A single IP class A, B, or C network is further divided into a group of hosts to form an IP sub-network. - What is the use of sub-networks?
Sub-networks are created for manageability, performance, and security of hosts and networks and to reduce network congestion. - Which RFC specifies IP subnetwork addressing?
RFC 950 specifies IP subnetwork addressing protocol. - How sub-networks are formed?
The host ID portion of an IP address is further divided into a sub-network ID part and a host ID part. The sub-network ID is used to uniquely identify the different sub-networks within a network. - What is a subnet mask?
Subnet mask is a 4 byte (32 bit) number used to identify the sub-network ID and the host ID from an IP address. All the hosts in a sub-network will have the same subnet mask. E.g. 255.255.255.0, 255.255.127.0, 255.255.0.0 - How a host determines its subnet mask?
A host determines its subnet mask during the boot-up sequence either from a configuration file stored in the local hard disk or from a server in the network using a network protocol like BOOTP, ICMP. - How is a subnet mask formed?
For all the bits in the IP address which are used to represent the network ID, and the sub-network ID, the corresponding bits in the subnet mask will be one. For all the bits in the IP address which are used to represent the host ID, the corresponding bit in the subnet mask will be zero. For example, if the first two bytes of the IP address are used to represent the network (class B address) and the third byte is used to represent the sub-network, and the last byte is used to represent the host, then the subnet mask will be 255.255.255.0 - Why a host needs to know about its subnet mask?
When a host “A” needs to communicate with another host “B”, it must know whether host “B” is in the same network or in a different network. If the host “B” is in the same network then host “A” can send the datagram directly to host “B”. But if the host B is in a different network, then host “A” must send the datagram to a proper router. By determining the network class of the IP address of host “B”, host “A” can determine whether host “B” is in the same network or in a different network. By using the subnet mask host “A” can find out whether host “B” is in the same subnet or in a different subnet. - How to determine to the network ID, sub-network ID and the host ID, given the IP address and the subnet mask?
The network class (A or B or C) of a given IP address can be easily determined by looking at the value of the first 4 bits of the first byte. From the network class, the number of bytes used to represent the network can be determined and hence the network ID can be determined. By performing a “AND” logical operation of the IP address and the subnet mask, the sub-network ID can be determined. In the value resulting from the “AND” operation, by removing the bytes used for the network ID, the remaining bits for which the corresponding bit in the subnet mask is one, represents the sub-network ID. - Is it possible to form a subnet mask by using bits in non-contiguous positions in the IP address?
Yes. It is possible to use non-contiguous bits in the host portion of an IP address to form the subnet field according to the standard. Only contiguous fields are usually used to form a subnet field. - Is it possible to determine whether the network is subnetted by using the IP address of a host alone?
No. It is not possible to determine whether a network is subnetted just by using the IP address alone. The subnet mask is needed to determine this. - Is it necessary for hosts in a network “M” to know about the subnetworks in another network “N” to communicate with hosts in that network?
No. Subnetworks in one network are transparent to hosts in another network.Example 1:
For example, let us say the IP address is 100.24.124.27 and the subnet mask is 255.255.0.0. As the most significant bit in the first byte of the IP address is zero, this is a Class A IP address. Therefore, the first byte represents the network ID. In this case, the network ID is 100. The result of a logical AND operation between the IP address and the subnet mask is 100.24.0.0. In this value, the first byte represents the network ID. For all the remaining one bit in the subnet mask, the corresponding bit in the IP address, represents the sub-network ID. In this case it is 24. The remaining bits in the IP address represent the host ID. In this case it is 124.27.
Example 2:
IP Address: 187.199.127.5
Sub-net mask: 255.255.255.0
Network Class: B
Network ID: 187.199
Result of logical AND operation: 187.199.127
Sub-network ID: 127
Host ID: 5
Example 3:
IP Address: 187.199.127.5
Sub-net mask: 255.255.240.0
Network Class: B
Network ID: 187.199
Result of logical AND operation: 187.199.112.0
Sub-network ID: 112
Host ID: 15.5
Example 4:
IP Address: 187.199.127.5
Sub-net mask: 255.255.128.0
Network Class: B
Network ID: 187.199
Result of logical AND operation: 187.199.0.0
Sub-network ID: 0
Host ID: 127.5
- What are the possible values for a sub-net mask?
All the possible values for a sub-net mask are shown below:
255.128.0.0
255.192.0.0
255.224.0.0
255.240.0.0
255.248.0.0
255.252.0.0
255.254.0.0
255.255.0.0
255.255.128.0
255.255.192.0
255.255.224.0
255.255.240.0
255.255.248.0
255.255.252.0
255.255.254.0
255.255.255.0
255.255.255.128
255.255.255.192
255.255.255.224
255.255.255.240
255.255.255.248
255.255.255.252
- What are the two types of subnetting?
The two types of subnetting are:
- Static length
- Variable length
- What is ‘Static Length’ subnetting?
If all the subnetworks in a single network use the same subnet mask, it is called as ‘Static Length’ subnetting. - What is ‘Variable Length’ subnetting?
If the different subnetworks in a single network use different subnet masks, it is called as ‘Variable Length’ subnetting. - What is the disadvantage in using ‘Static Length’ subnetting?
In the case of a ‘Static Length’ subnetwork, irrespective of the number of hosts in the subnetwork, a single subnet mask is used for all the subnetworks. Because of this, a large number of IP addresses will be wasted. For example, let us say, we have a class C IP network address 192.9.205.0 subnetted using a subnet mask 255.255.255.192. The total number of possible subnetworks is 4 and the total number of possible hosts per subnetwork is 32. Even if a subnetwork has just 4 hosts, it will be allocated the above subnetwork IP address, in this case 28 host IP addresses will be wasted. - What is the advantage in using ‘Static Length’ subnetting?
It is easy to configure a network using ‘Static Length’ subnetting. In addition, native IP routing understands only static subnetting. - What is the advantage is using ‘Variable Length’ subnetting?
In the case of ‘Variable Length’ subnetwork, IP addresses are allocated depending on the number of hosts present in the subnetwork. So available host IP addresses are efficiently used and are not wasted. - What is the disadvantage in using ‘Variable Length’ subnetting?
All the routers in a ‘Variable Length’ subnetted network must understand this type of subnetting. - What are the special subnetwork IP addresses?
The subnet addresses in which all the bits are zero or one are special subnet IP addresses. The subnet address in which all the bits are zero, represents the local subnetwork in which the datagram originated. The subnet address in which all the bits are one represents a subnet broadcast address. In the broadcast address, all the other bits including the network and host ID must be one.
RARP, BOOTP and DHCP
RARP
n ARP solves the problem of finding out which Ethernet address corresponds to a given IP address.
n Sometimes the reverse problem has to be solved: Given an Ethernet address, what is the corresponding IP address?
n In particular, this problem occurs when a diskless workstation is booted. Such a machine will normally get the binary image of its operating system from a remote file server. But how does it learn its IP address?
n The first solution devised was to use RARP (Reverse Address Resolution Protocol) (defined in RFC 903).
n This protocol allows a newly-booted workstation to broadcast its Ethernet address and say: My 48-bit Ethernet address is 14.04.05.18.01.25. Does anyone out there know my IP address?
n The RARP server sees this request, looks up the Ethernet address in its configuration files, and sends back the corresponding IP address.
n Using RARP is better than embedding an IP address in the memory image because it allows the same image to be used on all machines. If the IP address were buried inside the image, each workstation would need its own image.
n A disadvantage of RARP is that it uses a destination address of all 1s (limited broadcasting) to reach the RARP server. However, such broadcasts are not forwarded by routers, so a RARP server is needed on each network.
BOOTP
n To get around this problem, an alternative bootstrap protocol called BOOTP was invented.
n Unlike RARP, BOOTP uses UDP messages, which are forwarded over routers. It also provides a diskless workstation with additional information, including the IP address of the file server holding the memory image, the IP address of the default router, and the subnet mask to use.
n BOOTP is described in RFCs 951, 1048, and 1084.
n A serious problem with BOOTP is that it requires manual configuration of tables mapping IP address to Ethernet address. When a new host is added to a LAN, it cannot use BOOTP until an administrator has assigned it an IP address and entered its (Ethernet address, IP address) into the BOOTP configuration tables by hand.
n To eliminate this error-prone step, BOOTP was extended and given a new name: DHCP (Dynamic Host Configuration Protocol). DHCP allows both manual IP address assignment and automatic assignment. It is described in RFCs 2131 and 2132.
n In most systems, it has largely replaced RARP and BOOTP. Like RARP and BOOTP, DHCP is based on the idea of a special server that assigns IP addresses to hosts asking for one. This server need not be on the same LAN as the requesting host. Since the DHCP server may not be reachable by broadcasting, a DHCP relay agent is needed on each LAN,
n To find its IP address, a newly-booted machine broadcasts a DHCP DISCOVER packet.
n The DHCP relay agent on its LAN intercepts all DHCP broadcasts. When it finds a DHCP DISCOVER packet, it sends the packet as a unicast packet to the DHCP server, possibly on a distant network. The only piece of information the relay agent needs is the IP address of the DHCP server.
n An issue that arises with automatic assignment of IP addresses from a pool is how long an IP address should be allocated.
n If a host leaves the network and does not return its IP address to the DHCP server, that address will be permanently lost.
n After a period of time, many addresses may be lost. To prevent that from happening, IP address assignment may be for a fixed period of time, a technique called leasing. Just before the lease expires, the host must ask the DHCP for a renewal. If it fails to make a request or the request is denied, the host may no longer use the IP address it was given earlier.
-
- What is DHCP?
DHCP stands for “Dynamic Host Configuration Protocol”.
-
- What is DHCP’s purpose?
DHCP’s purpose is to enable individual computers on an IP network to extract their configurations from a server (the ‘DHCP server’) or servers, in particular, servers that have no exact information about the individual computers until they request the information. The overall purpose of this is to reduce the work necessary to administer a large IP network. The most significant piece of information distributed in this manner is the IP address.
-
- Can DHCP work with Appletalk or IPX?
No, it is too tied to IP. Furthermore, they don’t need it since they have always had automated mechanisms for assigning their own network addresses.
-
- Who Created It? How Was It Created?
DHCP was created by the Dynamic Host Configuration Working Group of the Internet Engineering Task Force (IETF; a volunteer organization which defines protocols for use on the Internet). As such, it’s definition is recorded in an Internet RFC and the Internet Activities Board (IAB) is asserting its status as to Internet Standardization. As of this writing (June 1998), DHCP is an Internet Draft Standard Protocol and is Elective. BOOTP is an Internet Draft Standard Protocol and is Recommended. For more information on Internet standardization, see RFC2300 (May 1998)
-
- How is it different than BOOTP or RARP?
DHCP is based on BOOTP and maintains some backward compatibility. The main difference is that BOOTP was designed for manual pre-configuration of the host information in a server database, while DHCP allows for dynamic allocation of network addresses and configurations to newly attached hosts. Additionally, DHCP allows for recovery and reallocation of network addresses through a leasing mechanism.
RARP is a protocol used by Sun and other vendors that allows a computer to find out its own IP number, which is one of the protocol parameters typically passed to the client system by DHCP or BOOTP. RARP doesn’t support other parameters and using it, a server can only serve a single LAN. DHCP and BOOTP are designed so they can be routed.
-
- How is it different than VLANs?
DHCP and VLANs, which are very different in concept, are sometimes cited as different solutions to the same problem. While they have a goal in common (easing moves of networked computers), VLANs represent a more revolutionary change to a LAN than DHCP. A DHCP server and forwarding agents can allow you to set things up so that you can unplug a client computer from one network or subnet and plug it into another and have it come alive immediately, it having been reconfigured automatically. In conjunction to Dynamic DNS, it could automatically be given its same name in its new place. VLAN-capable LAN equipment with dynamic VLAN assignment allows you to configure things so a client computer can be plugged into any port and have the same IP number (as well as name) and be on the same subnet. The VLAN-capable network either has its own configuration that lists which MAC addresses are to belong to each VLAN, or it makes the determination from the source IP address of the IP packets that the client computer sends. Some differences in the two approaches:
-
-
- DHCP handles changes by reconfiguring the client while a VLAN-capable network handles it by reconfiguring the network port the client is moved to.
- DHCP dynamic reconfiguration requires a DHCP server, forwarding agent in each router, and DHCP capability in each client’s TCP/IP support. The analogous capability in VLANs requires that all hubs throughout the network be VLAN-capable, supporting the same VLAN scheme. To this point VLAN support is proprietary with no vendor interoperability, but standards are being developed.
- DHCP can configure a new client computer for you while a VLAN-capable network can’t.
- DHCP is generally aimed at giving “easy moves” capability to networks that are divided into subnets on a geographical basis, or on separate networks. VLANs are generally aimed at allowing you to set up subnets on some basis other than geographical, e.g. instead of putting everyone in one office on the same subnet, putting each person on a subnet that has access to the servers that that person requires.
-
There is an issue with trying to use DHCP (or BOOTP) and VLANs at the same time, in particular, with the scheme by which the VLAN-capable network determines the client’s VLAN based upon the client computer’s source IP address. Doing so assumes the client computer is already configured, which precludes the use of network to get the configuration information from a DHCP or BOOTP server.
-
- What protocol and port does DHCP use?
DHCP, like BOOTP runs over UDP, utilizing ports 67 and 68.
-
- What is a MAC address?
A MAC address (also called an Ethernet address or an IEEE MAC address) is a number (typically written as twelve hexadecimal digits, 0 through 9 and A through F, or as six hexadecimal numbers separated by periods or colons, i.e. 0080002012ef, 0:80:0:2:20:ef) which uniquely identifes a computer that has an Ethernet interface. Unlike the IP number, it includes no indication of where your computer is located. In DHCP’s typical use, the server uses a requesting computer’s MAC address to uniquely identify it.
-
- What is a DHCP lease?
A DHCP lease is the amount of time that the DHCP server grants to the DHCP client permission to use a particular IP address. A typical server allows its administrator to set the lease time.
-
- What is a Client ID?
What is termed the Client ID for the purposes of the DHCP protocol is whatever is used by the protocol to identify the client computer. By default, DHCP implementations typically employ the client’s MAC address for this purpose, but the DHCP protocol allows other options. Some DHCP implementations have a setup option to specify the client ID you want. One alternative to the MAC address is simply a character string of your choice. In any case, in order for DHCP to function, you must be certain that no other client is using the client ID you choose, and you must be sure the DHCP server will accept it.
-
- Can DHCP support statically defined addresses?
Yes. At least there is nothing in the protocol to preclude this and one expects it to be a feature of any DHCP server. This is really a server matter and the client should work either way. The RFC refers to this as manual allocation.
-
- How does DHCP and BOOTP handle multiple subnets?
For the situations where there is more than one LAN, each with its own subnet number, there are two ways. First of all, you can set up a seperate server on each subnet. Secondly, a feature of some routers known as “BOOTP forwarding” to forward DHCP or BOOTP requests to a server on another subnet and to forward the replies back to the client. The part of such a router (or server acting as a router) that does this is called a “BOOTP forwarding agent”. Typically you have to enable it on the interface to the subnet to be served and have to configure it with the IP address of the DHCP or BOOTP server. On a Cisco router, the address is known as the “UDP Helper Address”.
-
- Can a BOOTP client boot from a DHCP server?
Only if the DHCP server is specifically written to also handle BOOTP queries.
-
- Can a DHCP client boot from a BOOTP server?
Only if the DHCP client were specifically written to make use of the answer from a BOOTP server. It would presumably treat a BOOTP reply as an unending lease on the IP address.
In particular, the TCP/IP stack included with Windows 95 does not have this capability.
-
- Is a DHCP server “supposed to” be able to support a BOOTP client?
The RFC on such interoperability (1534) is clear: “In summary, a DHCP server: … MAY support BOOTP clients,” (section 2). The word “MAY” indicates such support, however useful, is left as an option.
A source of confusion on this point is the following statement in section 1.5 of RFC 1541: “DHCP must provide service to existing BOOTP clients.” However, this statement is one in a list of “general design goals for DHCP”, i.e. what the designers of the DHCP protocol set as their own goals. It is not in a list of requirements for DHCP servers.
-
- Is a DHCP client “supposed to” be able to use a BOOTP server?
The RFC on such interoperability (1534) is clear: “A DHCP client MAY use a reply from a BOOTP server if the configuration returned from the BOOTP server is acceptable to the DHCP client.” (section 3). The word “MAY” indicates such support, however useful, is left as an option.
-
- Where is DHCP defined?
In Internet RFCs.
RFC 2131
-
- How can I relay DHCP if my router does not support it?
A server on a net(subnet) can relay DHCP or BOOTP for that net. Microsoft has software to make Windows NT do this.
-
- What is DHCP Spoofing?
Ascend Pipeline ISDN routers (which attach Ethernets to ISDN lines) incorporate a feature that Ascend calls “DHCP spoofing” which is essentially a tiny server implementation that hands an IP address to a connecting Windows 95 computer, with the intention of giving it an IP number during its connection process.
Internet Multicasting
n IP supports multicasting, using class D addresses.
n Each class D address identifies a group of hosts. Twenty-eight bits are available for identifying groups, so over 250 million groups can exist at the same time.
n When a process sends a packet to a class D address, a best-efforts attempt is made to deliver it to all the members of the group addressed, but no guarantees are given.
n Examples are updating replicated, distributed databases, transmitting stock
quotes to multiple brokers, and handling digital conference (i.e., multiparty) telephone calls.
Two kinds of group addresses are supported: permanent addresses and temporary ones.
à A permanent group is always there and does not have to be set up.
à Each permanent group has a permanent group address. Some examples of permanent group addresses are:
224.0.0.1 All systems on a LAN
224.0.0.2 All routers on a LAN
224.0.0.5 All OSPF routers on a LAN
224.0.0.6 All designated OSPF routers on a LAN
à Temporary groups must be created before they can be used. A process can ask its host to
join a specific group. It can also ask its host to leave the group.
à When the last process on a host leaves a group, that group is no longer present on the host. Each host keeps track of which groups its processes currently belong to.
Multicasting is implemented by special multicast routers, which may or may not be colocated
with the standard routers. About once a minute, each multicast router sends a hardware (i.e.,
data link layer) multicast to the hosts on its LAN (address 224.0.0.1) asking them to report
back on the groups their processes currently belong to. Each host sends back responses for
all the class D addresses it is interested in.
These query and response packets use a protocol called IGMP (Internet Group
Management Protocol), which is vaguely analogous to ICMP. It has only two kinds of
packets: query and response, each with a simple, fixed format containing some control
information in the first word of the payload field and a class D address in the second word. It
is described in RFC 1112.
Multicast routing is done using spanning trees. Each multicast router exchanges information
with its neighbors, using a modified distance vector protocol in order for each one to
construct a spanning tree per group covering all group members. Various optimizations are
used to prune the tree to eliminate routers and networks not interested in particular groups.
The protocol makes heavy use of tunneling to avoid bothering nodes not in a spanning tree.
What’s the difference between POP and IMAP?
|
POP |
IMAP |
| Post Office Protocol | Internet Messaging Access Protocol |
| Best if you use only one computer to check email | Best if you use many different computers to check your email |
| Downloads your email to the particular computer you are checking it on | Your mail is always on the server |
| Allows you to keep a large backlog of email messages only limited by the size of your computer. | You are limited by your mailbox size quota for how many messages you keep, although you can archive old messages and save them onto your computer manually. |
| Does not have a web interface (Some webmail companies, such as Yahoo, will let you check POP mail) | Has a web interface. If you are using NCF Webmail, you are using IMAP. |
| New messages are downloaded in their entirety, you have to wait for the message to download. | New message headers are downloaded so you see all your mail faster, the message you want to read is not downloaded to your computer until you click on it. |
What IPsec Does
n IPsec provides security services at the IP layer by enabling a system to select required security protocols, determine the algorithm(s) to use for the service(s), and put in place any cryptographic keys required to provide the requested services.
n IPsec can be used to protect one or more “paths” between a pair of hosts, between a pair of security gateways, or between a security gateway and a host. For example, a router or a firewall implementing IPsec is a security gateway.
n The set of security services that IPsec can provide includes access control, connectionless integrity, data origin authentication, rejection of replayed packets (a form of partial sequence integrity), confidentiality (encryption), and limited traffic flow confidentiality.
n Because these services are provided at the IP layer, they can be used by any higher layer protocol, e.g., TCP, UDP, ICMP, BGP, etc.
.
How IPsec Works
IPsec uses two protocols to provide traffic security –
à Authentication Header (AH) and
à Encapsulating Security Payload (ESP).
o The IP Authentication Header (AH) [KA98a] provides connectionless integrity, data origin authentication, and an optional anti-replay service.
o The Encapsulating Security Payload (ESP) protocol [KA98b] may provide confidentiality (encryption), and limited traffic flow confidentiality. It also may provide connectionless integrity, data origin authentication, and an anti-replay service.
o Both AH and ESP are vehicles for access control, based on the distribution of cryptographic keys and the management of traffic flows relative to these security protocols. These protocols may be applied alone or in combination with each other to provide a desired set of security services in IPv4 and IPv6.
Each protocol supports two modes of use: transport mode and tunnel mode.
In transport mode the protocols provide protection primarily for upper layer protocols; in tunnel mode, the protocols are applied to tunneled IP packets.
In transport mode, the IPsec header is inserted just after the IP header. The Protocol field in the IP header is changed to indicate that an IPsec header follows the normal IP header (before the TCP header). The IPsec header contains security information, primarily the SA identifier, a new sequence number, and possibly an integrity check of the payload.
In tunnel mode, the entire IP packet, header and all, is encapsulated in the body of a new IP packet with a completely new IP header. Tunnel mode is useful when the tunnel ends at a location other than the final destination. In some cases, the end of the tunnel is a security gateway machine, for example, a company firewall. In this mode, the firewall encapsulates and decapsulates packets as they pass though the firewall. By terminating the tunnel at this secure machine, the machines on the company LAN do not have to be aware of IPsec. Only the firewall has to know about it. Studying the flow patterns of packets, even if they are encrypted, is called traffic analysis.
The disadvantage of tunnel mode is that it adds an extra IP header, thus increasing packet size substantially. In contrast, transport mode does not affect packet size as much.
IPsec allows the user (or system administrator) to control the granularity at which a security service is offered. For example, one can create a single encrypted tunnel to carry all the traffic between two security gateways or a separate encrypted tunnel can be created for each TCP connection between each pair of hosts communicating across these gateways. IPsec management must incorporate facilities for specifying:
o which security services to use and in what combinations
o the granularity at which a given security protection should be applied
o the algorithms used to effect cryptographic-based security
Because these security services use shared secret values (cryptographic keys), IPsec relies on a separate set of mechanisms for putting these keys in place. One simple way is to compute the hash over the packet plus the shared key. The shared key is not transmitted, of course. A scheme like this is called an HMAC (Hashed Message Authentication Code). It is much faster to compute than first running SHA-1 and then running RSA on the result.
Where IPsec May Be Implemented?
There are several ways in which IPsec may be implemented in a host or in conjunction with a router or firewall (to create a security gateway). Several common examples are provided below:
a. Integration of IPsec into the native IP implementation. This requires access to the IP source code and is applicable to both hosts and security gateways.
b. “Bump-in-the-stack” (BITS) implementations, where IPsec is implemented “underneath” an existing implementation of an IP protocol stack, between the native IP and the local network drivers. Source code access for the IP stack is not required in this context, making this implementation approach appropriate for use with legacy systems. This approach, when it is adopted, is usually employed in hosts.
c. The use of an outboard crypto processor is a common design feature of network security systems used by the military, and of some commercial systems as well. It is sometimes referred to as a “Bump-in-the-wire” (BITW) implementation. Such implementations may be designed to serve either a host or a gateway (or both). Usually the BITW device is IP addressable. When supporting a single host, it may be quite analogous to a BITS implementation, but in supporting a router or firewall, it must operate like a security gateway.
Firewall
A "firewall" is an agent which screens network traffic in some way, blocking traffic it believes to be inappropriate, dangerous, or both.
Note that firewall functions are disjoint from network address translation (NAT) functions -- neither implies the other, although sometimes both are provided by the same device.
Characteristics :
Firewalls either act as a protocol end point and relay (e.g., a SMTP client/server or a Web proxy agent), as a packet filter, or some combination of both. When a firewall acts a protocol end point it may
(1) implement a "safe" subset of the protocol,
(2) perform extensive protocol validity checks,
(3) use an implementation methodology designed to minimize the likelihood of bugs,
(4) run in an insulated, "safe" environment, or
(5) use some combination of these techniques in tandem. Firewalls acting as packet filters aren't visible as protocol end
points. The firewall examines each packet and then
(1) passes the packet through to the other side unchanged,
(2) drops the packet entirely, or
(3) handles the packet itself in some way. Firewalls typically base some of their decisions on IP source and destination addresses and port numbers. For example, firewalls
may (1) block packets from the Internet side that claim a source
address of a system on the internal network, (2) block TELNET or RLOGIN connections from the Internet to the
internal network, (3) block SMTP and FTP connections to the Internet from internal
systems not authorized to send email or move files, (4) act as an intermediate server in handling SMTP and HTTP
connections in either direction, or (5) require the use of an access negotiation and encapsulation protocol such as SOCKS to gain access to the Internet, to the
internal network, or both. Eg:
A firewall consisting of two packet filters and an application gateway. Application gateway: Rather than just looking at raw packets, the gateway operates at the application level. A mail gateway, for example, can be set up to examine each message going in or coming out. For each one, the gateway decides whether to transmit or discard the message based on header fields, message size, or even the content.
Firewall Requirements
Applications have to continue to work properly in the presence of
firewalls. This translates into the following transparency rule:
The introduction of a firewall and any associated tunneling or access negotiation facilities MUST NOT cause unintended failures of legitimate and standards-compliant usage that would work were the firewall not present.
Also note that it is perfectly permissible for a firewall to provide additional facilities applications can use to authenticate or authorize various sorts of connections, and for the firewall to be configurable to require the use of such facilities. The SOCKS protocol is one example of such a facility.
Firewall vs NAT
n NAT provides some security for your network as you do not have a real Internet IP address and your network, usually, cannot be accessed from the Internet without some outbound connection first being created from your private/inside network.
n However, you still need a firewall to protect your network as NAT only hides your network but doesn’t really stop any packets from entering your network.
What are the different types of firewalls?
The different types of firewalls are:
Packet filter – A packet filter looks at each packet entering the
network and, based on its policies, permits or denies these packets.
A Cisco IOS Access Control List (ACL) is a basic firewall that
works in this way.
Stateful packet filter – A stateful packet filter also has rules;
however, it keeps track of the TCP connection state so it is able to
monitor the “conversations” as they happen on the network. It knows
the normal flow of the conversations and knows when the conversations
are over. Thus, it more intelligently is able to permit and deny
packets entering the network. Because of this, a stateful packet
filter (stateful firewall) is much more secure than a regular packet
filter.
Application gateway – An application gateway is a system that works
for certain applications only. It knows the “language” that that
application/protocol uses and it monitors all communications.
An example would be a SMTP gateway.
Proxy Server – A proxy server performs network transactions on your
behalf. The most common use for this is a Web-proxy server.
A Web-proxy will take requests from users’ Web browsers, get the
Web pages from the Internet, and return them to the user’s browser.
Virtual Private Networks
A network built up from company computers and leased telephone lines is called a private network. An example private network connecting three locations is shown in Fig.
Figure (a) A leased-line private network. (b) A virtual private network.
What is VPN (Virtual Private Networking)?
Originally, a private network for voice and data built from traditional carrier services, which also maintains security and privacy through encryption and security procedures.
They are called ”virtual” because they are merely an illusion.
A common design is to equip each office with a firewall and create tunnels through the Internet between all pairs of offices, as illustrated in Fig b.
VPN gives extremely secure connections between private networks linked through the Internet. It allows remote computers to act as though they were on the same secure, local network..
If IPsec is used for the tunneling, then it is possible to aggregate all traffic between any two pairs of offices onto a single authenticated, encrypted SA, thus providing integrity control, secrecy, and even considerable immunity to traffic analysis.
When the system is brought up, each pair of firewalls has to negotiate the parameters of its SA, including the services, modes, algorithms, and keys.
But since firewalls are primarily in the security business, it is natural to have the tunnels begin and end at the firewalls, providing a clear separation between the company and the Internet.
Thus, firewalls, VPNs, and IPsec with ESP in tunnel mode are a natural combination and widely used in practice. Once the SAs have been established, traffic can begin flowing.
Advantages
- Allows you to be at home and access your company’s computers in the same way as if you were sitting at work.
- Almost impossible for someone to tap or interfer with data in the VPN tunnel.
- If you have VPN client software on a laptop, you can connect to your company from anywhere in the world.
Disadvantages
- Setup is more complicated than less secure methods.
- The company whose network you connect to may require you to follow the company’s own policies on your home computers
VPN goes between a computer and a network (client-to-server), or a LAN and a network using two routers (server-to-server). Each end of the connection is an VPN “endpoint”, the connection between them is a “VPN tunnel”. When one end is a client, it means that computer is running VPN client.
The two types of VPN:
VPN Client-to-Server (Client-to-Box)
VPN Server-to-Server (Box-to-Box)
The whole purpose of VPN is to prevent data being altered, so, for example, a passthrough router that is also running NAT will break the VPN connection.
Network diagram
Study the Following Diagram in your Tanenbaum Book
——————————————————————–
4-22, 4-39, 4-42, 4-45, 4-47, 4-48, 4-49, 5-44, 5-52, 5-57, 5-60, 5-62, 5-63
Make necessary Assumptions if not mentioned in the problem
—————————————————————————–
1. Rooms
2. Distance
3. Moving of users
Principles
————-
- Localisation and isolation of traffic
- Ease of movement
- Ease of upgrade and extension
Steps
——–
- Identify the Physical separation.
- Identify the unit. (What is a unit? Depends on the question)
- A unit can be a system/user on the network
- Identify the following:
- Different Units Logical organization
- Their interconnection Physical Connection
- Identify the LAN technology
- When LAN is a unit, what are the interfaces?
- When user is a unit, what are the interfaces? Ex: Normal Ethernet card or WLAN card.
- Where does the system converge/fit? (hub, repeater, switch, bridge, router)
- Identify the Interconnection Technologies
- How many LAN segments would need to be connected through Switches, Bridges and vLAN Bridges
- How many Subnets and Routers would be needed?
- What would be the Technology for connecting the different Routers?
- How would the distant communication across offices happen
- Remote Bridges? (Use this sparingly)
- Leased Lines?
- Independent Internet Connection?
- If Users are moving
- Identify where problem can be solved through VLANs and VLAN Switches
- Within a LAN possible
- Across Networks (or Subets) VLAN solution not possible ie., VLANs cant span on the either side of a router
- Identify where all 802.11 would be needed
- Show the NAT box/ firewall, DHCP Server, DHCP Relay Agent, DNS Server also in the diagram
- NAT Box/Firewall provide the last point after which the connection proceeds to the ISP
- Mention the Systems having two Network Cards each connecting to different LANs. This would especially be true of Routers
- Mention the External IP Addresses
- Identify all the Services to be run
- If necessary mention that you are going by the CIDR
- Minimally explain the user profile
Guidelines
————-
- Draw a neat Diagram and clearly label the entities in the diagram, just as you would explain a Biology Digram.
- Use of Advanced Technologies where simpler Technologies work will lead to deduction of marks
- Safe to assume that Each Dept should be a single LAN (Not two Networks)
- Take Decisions based on distance between the LANs
- Interconnection of Routers of different LANs
- FDDI ring – high speed connection between routers. This would be better.
- Super LAN – 2 LANs with same technology
- When we connect 2 LANs via switches, hubs, repeaters, they behave like a single LAN
- VLAN Switches cannot facilitate VLAN across a Router. It has to be within the single LAN.
- When we connect 2 LANs via Routers, it means connecting two networks
- External world interaction – better to show “to high speed connection to ISP”.
- Leased Line – dedicated line (no routing takes places here, hence transmits faster)
- When to use Gateway?
– Whenever Multi protocol router is used
– When protocol translation is required
– To connect 2 different types of networks
- The ISP Details need not be described in detail.
Repeater
A repeater is a network device that repeats a signal from one port onto the other ports to which it is connected (see Figure). Repeaters operate at the OSI Physical layer.
A repeater does not filter or interpret anything; instead, it merely repeats (regenerates) a signal, passing all network traffic in all directions. Signals become weaker the farther they travel down a transmission medium, so repeaters are used to extend the distance between network stations. The term used to describe the loss of a signal’s strength is attenuation.
A repeater operates at the OSI Physical layer because a repeater doesn’t require any information from the upper layers of the OSI model to regenerate a signal.
A repeater merely passes along bits of data, even if a data frame is corrupt. The primary purpose of a repeater is to enable the network to expand beyond the distance limitations of the transmission medium
The advantages of repeaters are that they are fairly inexpensive and simple. In addition, although they cannot connect networks with dissimilar data frames (such as a Token Ring network to an Ethernet network), some repeaters can connect segments with similar data
frame types but dissimilar cabling (such as twisted pair and coaxial cable).
Bridge:
A bridge is a connectivity device that operates at the OSI Data Link layer. The messaging parameters available at the Data Link layer enable a bridge to pass a frame in the direction of its destination without simultaneously forwarding it to segments for which it was not intended. In other words, a bridge can filter network traffic. This filtering process reduces overall traffic because the bridge segments the network, passing frames only when they can’t be delivered on the local segment and passing frames to only the segment for which they are intended.
Figure 2.5 depicts a simple bridge implementation. In this process, a bridge filters traffic by tracking and checking the Data Link layer’s MAC sublayer addresses of incoming frames. The bridge monitors the source addresses of incoming frames and builds an address table that shows which nodes are on each of the segments. When a data frame arrives, the bridge checks the frame’s destination address and forwards the frame to the segment that contains the destination device or node. If the destination node exists on the same segment as the source node, the bridge stops the frame so it doesn’t pass unnecessarily to the rest of the network. If the bridge can’t find the destination address in its address table, it forwards the frame to all segments except the source segment.
To understand the role a bridge plays, think of a bridge as similar to a bridge with a toll booth on a street. The toll booth operator knows which houses are on either side of the bridge. Based on this scenario, when a person walks down the street and approaches the toll booth, the toll booth operator either lets this person pass or stops him. If this person is going to a house on the other side of the bridge, the toll booth operator allows the person to pass. If the intended house number is not on the other side of the bridge, the person is not allowed to pass. Remember, the walker’s position is on the same street the whole time. This will be important for you to remember when the Network layer in the OSI model is discussed. In some cases, a bridge can also perform the same functions that a repeater performs, if this feature is built into the bridge, including expanding cabling distance and linking dissimilar cable types. In addition, a bridge can improve performance and reduce network traffic by splitting the network and confining traffic to smaller segments.
Gateway Services:
Routers can handle interconnection of networks whose protocols function in similar ways. When the rules differ sufficiently on the two networks, however, a more powerful device is required. A gateway is a device that can translate the different protocols used by different networks. Gateways can be implemented starting at the Network layer or at higher layers in the OSI model, depending on where the protocol translation is required.
A router is a connectivity device that operates at the OSI Network layer (see Figure 2.9). The information available at the Network layer gives a router far more sophisticated packet-delivery capabilities than a bridge provides. As with a bridge, a router constructs a routing
table, but the Network layer addressing information (discussed earlier in this chapter) enables routers to pass packets through a chain of other routers, or even choose the best route for a packet if several routes exist. (See Chapter 6 for more information on routers
and how they operate.) To understand the function of routers, it might be useful to compare
them directly to a concept you should already understand at this point, that of a bridge. A bridge separates a LAN segment without changing the LAN address. Think of a bridge on a street used to cross a river. Even though you cross the bridge, you are still on the same street. A router is more like an intersection. Think of three
streets converging to a single intersection. No matter which path you take from your current street, you end up on a new street. The router’s functionality is to direct the traffic down the correct street at the intersection. A hybrid device called a brouter combines some characteristics of a router and a bridge. A brouter routes routable protocols using information available at the Network layer and acts as a bridge for nonroutable
protocols. A routable protocol is a protocol that can pass through a router. TCP/IP and IPX/SPX are examples of routable protocols.
The Transport layer either requests retransmission or notifies upper-layer protocols so that they can take corrective action. The Transport layer enables upper-layer protocols to interface with the network but hides the complexities of network operation from them. One of the functions of the Transport layer is to break large messages into segments suitable for network delivery.
Transport Layer Connection Services
Some services can be performed at more than one layer of the OSI model. In addition to the Data Link and Network layers, the Transport layer can take on some responsibility for connection services. The Transport layer interacts with the Network layer’s connection-oriented and connectionless services and provides some of the essential quality control features. Some of the Transport layer’s activities include the following:
. Repackaging. When large messages are divided into segments for transport, the Transport layer must repackage the segments when they are received before reassembling the original message.
. Error control. When segments are lost during transmission or when segments have duplicate segment IDs, the Transport layer must initiate error recovery. The Transport layer also detects corrupted segments by managing end-to-end error control using techniques such as checksums.
. End-to-end flow control. The Transport layer uses acknowledgments to manage end-to-end flow control between two connected devices. Besides negative acknowledgments, some Transport layer protocols can request the retransmission of the most recent segments.
ACCESS METHODS
An access method is a set of rules governing how the network nodes share the transmission medium. The rules for sharing among computers are similar to the rules for sharing among humans in that they both boil down to a pair of fundamental philosophies:
1) first come, first served and 2) take turns. These philosophies are the principles defining the three most important types of media access methods:
. Contention. In its purest form, contention means that the computers are contending for use of the transmission medium.
Any computer in the network can transmit at any time (first come, first served)
. Polling. One device is responsible for polling the other devices to see whether they are ready for the transmission or reception of data.
. Token passing. The computers take turns using the transmission medium.
Contention
In pure contention-based access control, any computer can transmit at any time. This system breaks down when two computers attempt to transmit at the same time, in which case a collision occurs (see Figure 4.1). Eventually, when a network gets busy enough, most attempts to transmit result in collisions and little effective communication can take place.
Mechanisms are usually put into place to minimize the number of collisions. One mechanism is carrier sensing, whereby each computer listens to the network before attempting to transmit. If the network is busy, the computer refrains from transmitting until the network quiets down. This simple “listen before talking” strategy can significantly
reduce collisions. Another mechanism is carrier detection. With this strategy, computers
continue to listen to the network as they transmit. If a computer detects another signal that interferes with the signal it’s sending, it stops transmitting. Both computers then wait a random amount of time and attempt to retransmit. Unless the network is extremely
busy, carrier detection along with carrier sensing can manage a large volume of transmissions.
Carrier detection and carrier sensing used together form the protocol used in all types of ethernet: Carrier Sense Multiple Access with Collision Detection (CSMA/CD). CSMA/CD limits the size of the network to 2,500 meters. At longer distances, the broadcast-sensing
mechanisms don’t work—a node at one end can’t sense when a node at the other end starts to broadcast.
Polling
Polling-based systems require a device (called a controller, or master device) to poll other devices on the network to see whether they are ready to either transmit or receive data as seen in Figure 4.2. This access method is not widely used on networks because the polling
itself can cause a fair amount of network traffic. A common example of polling is when your computer polls its printer to receive a print job.
Token Passing
Token passing utilizes a frame called a token, which circulates around the network. A computer that needs to transmit must wait until it receives the token, at which time the computer is permitted to transmit. When the computer is done transmitting, it passes the token frame to the next station on the network. Figure 4.3 shows how token passing is implemented on a token-ring network.
A topology defines the arrangement of nodes, cables, and connectivity devices that make up the network. Two categories form the basis for all discussions of topologies:
. Physical topology. Describes the actual layout of the network transmission media.
. Logical topology. Describes the logical pathway a signal follows as it passes among the network nodes.
Physical and logical topologies can take several forms. The most common and the most important for understanding the Ethernet and token-ring topologies (described later in this chapter) are the following:
. Bus topologies
. Ring topologies
. Star topologies
. Mesh topology
ROUTING
An internetwork consists of two or more physically connected independent networks that are able to communicate. The networks that make up an internetwork can be of very different types. For example, an internetwork can include Ethernet and token-ring networks.
Because each network in an internetwork is assigned an address, each network can be considered logically separate; that is, each network functions independently of other networks on the internetwork. Internetwork connectivity devices, such as routers, can use network address information to assist in the efficient delivery of messages. Delivering packets according to logical network address information is called routing. The common feature that unites internetwork connectivity devices (routers and brouters) is that these devices can perform routing. The following list details some common internetwork
connectivity devices:
. Routers
. Brouters
Routers
Bridges are suitable for relatively simple networks, but bridges have certain limitations that become more significant in complex network situations. One limitation of bridges is that packets intended for all people on a subnet, also known as a broadcast, are received by every
single device on the network. By being able to section off a LAN segment into different network segments, routers allow you to control and group devices that work together to be on the same network segment.
Consider the network in Figure 6.9. Both bridges are aware of the existence of Node B, and both can pick up the packet from Net A and forward it. At the very least, the same packet can arrive twice at Node B.
A worse case, however, is that these relatively unintelligent bridges can start passing packets around in loops, which results in an everincreasing number of packets that circulate on the network and never reach their destinations. Ultimately, such activity can (and will) saturate the network. An algorithm, called the spanning tree algorithm, enables complex Ethernet networks to use bridges while redundant routes exist. The algorithm enables the bridges to communicate and construct a logical network without redundant paths. The logical network is reconfigured if one of the paths fails.
Another problem is that the bridges cannot analyze the network to determine the fastest route over which to forward a packet. When multiple routes exist, this is a desirable capability, particularly in wide area networks (WANs), where some routes are often considerably slower than others.
Routers organize the large network in terms of logical network segments. Each network segment is assigned an address so that every packet has both a destination network address and a destination device address.
Routers are more “intelligent” than bridges. Not only do routers build tables of network locations, but they also use algorithms to determine the most efficient path for sending a packet to any given network. Even if a particular network segment isn’t directly attached
to the router, the router knows the best way to send a packet to a device on that network. In Figure 6.10, for example, Router A knows that the most efficient step is to send the packet to Router C,not Router B.
Notice that Router B presents a redundant path to the path Router A provides. Routers can cope with this situation because they exchange routing information to ensure that packet loops don’t occur. In Figure 6.10, if Router A fails, Router B provides a backup
message path, thus making this network more robust. One consequence of all the processing a router performs on a packet is that routers generally are slower than bridges.
You can use routers to divide large, busy LANs into smaller segments, much as you can use bridges. But that’s not the only reason to select a router. Routers also can connect different network types. An example of this would be a router that connected a token-ring
segment with the Ethernet segments. On such networks, a router is the device of choice, as a bridge cannot perform this function. The protocols used to send data through a router must be specifically designed to support routing functions. IP, IPX, and DDP (the
AppleTalk Network-layer protocol) are routable transport protocols. NetBEUI is a non-routable transport protocol. Transport protocols will be discussed in greater detail in Chapter 7.
Because routers can determine route efficiencies, they usually are employed to connect a LAN to a wide area network (WAN). WANs frequently are designed with multiple paths, and routers can ensure that the various paths are used most efficiently.
The Network layer functions independently of the physical cabling system and the cabling system protocols—independently, that is, of the Physical and Data Link layers. This is the reason that routers easily can translate packets between different cabling systems. Bridges,
on the other hand, cannot translate packets in this way because they function at the Data Link layer, which is closely tied to physical specifications.
Routers come in two general types:
. Static Routers. These routers do not determine paths. Instead, you must configure the routing table, specifying potential routes for packets.
. Dynamic Routers. These routers have the capability to determine routes (and to find the optimum path among redundant routes) based on packet information and information obtained from other routers.
Brouters
A brouter is a router that also can act as a bridge. A brouter attempts to deliver packets based on network protocol information, but if a particular Network layer protocol isn’t supported, the brouter bridges the packet using device addresses.
Internet Protocol (IP)
The Internet Protocol (IP) is a connectionless protocol that provides datagram service, and IP packets are most commonly referred to as IP datagrams. IP is a packet-switching protocol that performs the addressing and route selection. An IP header is appended to packets,
which are transmitted as frames by lower-level protocols. IP routes packets through internetworks by utilizing routing tables that are referenced at each hop. Routing determinations are made by consulting logical and physical network device information, as provided by the Address Resolution Protocol (ARP).
IP performs packet disassembly and reassembly as required by packet size limitations defined for the Data Link and Physical layers being implemented. IP also performs error checking on the header data using a checksum, although data from upper layers is not errorchecked.
Transmission Control Protocol (TCP)
The Transmission Control Protocol (TCP) is an internetwork connection-oriented protocol that corresponds to the OSI Transport layer. TCP provides full-duplex, end-to-end connections. When the overhead of end-to-end communication acknowledgment isn’t
required, the User Datagram Protocol (UDP) can be substituted for TCP at the Transport (host-to-host) level. TCP and UDP operate at the same layer. TCP corresponds to SPX in the NetWare environment (see the “NetWare IPX/SPX” section). TCP maintains a logical connection between the sending and receiving computer systems. In this way,
the integrity of the transmission is maintained. TCP detects any problems in the transmission quickly and takes action to correct them. The trade-off is that TCP isn’t as fast as UDP, due to the number of acknowledgments received by the sending host.
TCP also provides and assumes message fragmentation and reassembly and can accept messages of any length from upper-layer protocols. TCP fragments message streams into segments that can be handled by IP. This process enables the application being used to not
break up the data into smaller blocks. IP still can perform fragmentation for UDP packets and further fragmentation for TCP packets. When used with IP, TCP adds connection-oriented service and performs segment synchronization, adding sequence numbers at the
byte level. In addition to message fragmentation, TCP can multiplex conversations
with upper-layer protocols and can improve use of network bandwidth by combining multiple messages into the same segment. Each virtual-circuit connection is assigned a connection identifier called a port, which identifies the datagrams associated with that
connection.
User Datagram Protocol (UDP)
The User Datagram Protocol (UDP) is a connectionless Transport (host-to-host) layer protocol. UDP does not provide message acknowledgments; rather, it simply transports datagrams. Like TCP, UDP utilizes port addresses to deliver datagrams. These port addresses, however, aren’t associated with virtual circuits and merely identify local host processes. UDP is preferred over TCP when high performance or low network overhead is more critical than reliable delivery. Because UDP doesn’t need to establish,
maintain, and close connections, or control data flow, it generally outperforms TCP. The downfall in UDP is that it does not perform as reliably as TCP when transmitting data; thus, UDP is often used when transmitting smaller amounts of data.
UDP is the Transport layer protocol used with the Simple Network Management Protocol (SNMP), the standard network management protocol used with TCP/IP networks. UDP enables SNMP to provide network management with a minimum of network overhead.
Address Resolution Protocol (ARP)
Three types of address information are used on TCP/IP internetworks:
. Physical addresses. Used by the Data Link and Physical layers.
. IP addresses. Provide logical network and host IDs. IP addresses consist of four numbers typically expressed in dotted-decimal form.
. Logical node names. Identify specific hosts with alphanumeric identifiers, which are easier for users to recall than the numeric
IP addresses. An example of a logical node name is MYHOST.COM.
Given an IP address, the Address Resolution Protocol (ARP) can determine the physical address used by the device containing the IP address. ARP maintains tables of address resolution data and can broadcast packets to discover addresses on the network segment or
use previously cached entries. The physical addresses discovered by ARP can be provided to Data Link layer protocols. All addresses in the ARP table are only local addresses. Any non-local address contains the hardware address of the local port on the router that is used to access that non-local segment.
Switching Techniques:
Switching techniques are mechanisms for moving data from one network segment to another. These techniques are as follows:
. Circuit switching
. Message switching
. Packet switching
Circuit Switching
Circuit switching establishes a path that remains fixed for the duration of a connection (see Figure 2.6). Much as telephone switching equipment establishes a route between two telephones, circuit switching networks establish a path through the internetwork when
the devices initiate a conversation. These paths tend to be reliable and fast in performance.
Circuit switching provides devices with a dedicated path and a well defined bandwidth, but circuit switching is not free of disadvantages.
First, establishing a connection between devices can be time consuming. Second, because other traffic cannot share the dedicated media path, bandwidth might be inefficiently utilized. This can be compared to having a telephone conversation, yet not speaking. You
are using the line, thus not allowing others to use it, but you are not transmitting any data. Finally, circuit-switching networks must have a surplus of bandwidth, so these types of switches tend to be expensive to construct.
Message Switching
Message switching treats each message as an independent entity. Each message carries address information that describes the message’s destination, and this information is used at each switch to transfer the message to the next switch in the route. Message switches are
programmed with information concerning other switches in the network that can be used to forward messages to their destinations. Message switches also may be programmed with information about the most efficient routes. Depending on network conditions, different
messages may be sent through the network by different routes, as shown in Figure 2.7.
Message switching transfers the complete message from one switch to the next, where the message is stored before being forwarded again. Because each message is stored before being sent on to the next switch, this type of network frequently is called a store-and forward
network. The message switches often are general-purpose computers and must be equipped with sufficient storage (usually hard drives, or RAM) to enable them to store messages until forwarding is possible.
Message switching is commonly used in email because some delay is permissible in the delivery of email. Message switching uses relatively
low-cost devices to forward messages and can function well with relatively slow communication channels. Other applications for message switching include group applications such as workflow, calendaring, and groupware. Message switching offers the following advantages:
. Data channels are shared among communicating devices, improving the efficiency of available bandwidth.
. Message switches can store messages until a channel becomes available, reducing sensitivity to network congestion.
. Message priorities can be used to manage network traffic.
. Broadcast addressing uses network bandwidth more efficiently by delivering messages to multiple destinations.
The chief disadvantage of message switching is that message switching is not suited for real-time applications, including data communication, video, and audio.
Packet Switching
In packet switching, messages are divided into smaller pieces called packets. Each packet includes source and destination address information so that individual packets can be routed through the internetwork independently. As you can see in Figure 2.8, the packets that make up a message can take very different routes through the internetwork. So far, packet switching looks considerably like message switching, but the distinguishing characteristic is that packets are restricted to a size that enables the switching devices to manage the packet data entirely in memory. This eliminates the need for switching devices to store the data temporarily on disk. Packet switching, therefore, routes packets through the network much more rapidly and efficiently than is possible with message switching. Several methods of packet switching exist. Two common methods of packet switching are as follows:
. Datagram
. Virtual circuit
These two methods are discussed in the following sections.
Datagram Packet Switching
Datagram services treat each packet as an independent message. Each packet is routed through the internetwork independently, and each switch node determines which network segment should be used for the next step in the packet’s route. This capability enables switches to bypass busy segments and take other steps to speed packets through the internetwork (refer to Figure 2.8). Datagrams are frequently used on LANs. Network layer protocols are responsible for delivering the frame to the appropriate network. Then, because each datagram includes destination address information (in most cases this is the MAC address), devices on the local network can recognize and receive appropriate datagrams.
Packet switching meets the need to transmit large messages with the fairly small frame size that can be accommodated by the Physical layer. The Network layer is responsible for fragmenting messages from upper layers into smaller datagrams that are appropriate for the
Physical layer. The Network layer is also responsible for reconstructing messages from datagrams as they are received.
Virtual Circuit Packet Switching
Virtual circuits operate by establishing a formal connection between two devices in communication. When devices begin a session, they negotiate communication parameters, such as maximum message size, communication windows, and network paths. This negotiation establishes a virtual circuit, which is a well-defined path through the internetwork by which the devices communicate. This virtual circuit generally remains in effect until the devices stop communicating. Virtual circuits are distinguished by the establishment of a logical connection. Virtual means that the network behaves as though a dedicated physical circuit has been established between the communicating devices. Even though no such physical circuit actually exists, the network presents the appearance of a physical connection
to the devices at the ends of the circuit. Virtual circuits are frequently employed in conjunction with connection-oriented services, which are discussed later in this chapter.
Packet switching offers the following advantages:
. Packet switching optimizes the use of bandwidth by enabling many devices to route packets through the same network channels. At any given time, a switch can route packets to several different destination devices, adjusting the routes as required to achieve the best efficiency.
. Because entire messages are not stored at the switches prior to forwarding, transmission delays are significantly shorter than those encountered with message switching. Although the switching devices do not need to be equipped with large amounts of hard drive capacity, they might need a significant amount of real-time memory. In addition, the switching devices
must have sufficient processing power to run the more complex routing protocols required for packet switching. A system must be in place by which devices can recognize when packets have been lost so that retransmission can be requested.
Compare the implications of using connection-oriented communications
with connectionless communications.
The OSI Network layer determines the route a packet will take as it passes through a series of different LANs from the source PC to the destination PC. The complexity and versatility of Network layer addressing gives rise to two different communication modes for passing
messages across the network, both of which are recognized under OSI:
. Connection-oriented mode. Error correction and flow control are provided at internal nodes along the message path.
. Connectionless mode. Internal nodes along the message path do not participate in error correction and flow control. To understand the distinction between connection-oriented and connectionless communications, you must consider an important distinction between the OSI model’s Data Link and Network layers. In theory, the Data Link layer facilitates the transmission of data across a single link between two nodes. The Network layer describes the process of routing a packet through a series of nodes to a destination on another link on the network. An example of this latter scenario is a message passing from a PC on one LAN segment through a series of routers to a PC on a distant part of the network. The internal
nodes forwarding the packet also forward other packets between other end nodes. In connection-oriented mode, the chain of links between the source and destination nodes forms a kind of logical pathway connection. The nodes forwarding the data packet can track which packet is part of which connection. This enables the internal nodes to provide flow
control as the data moves along the path. For example, if an internal node determines that a link is malfunctioning, the node can send a notification message backward, through the path to the source computer.
Furthermore, because the internal node distinguishes among individual, concurrent connections in which it participates, this node can transmit (or forward) a “stop sending” message for one of its connections without stopping all communications through the node.
Another feature of connection-oriented communication is that internal nodes provide error correction at each link in the chain.
Therefore, if a node detects an error, it asks the preceding node to retransmit.
Connectionless mode does not provide these elaborate internal control mechanisms; instead, connectionless mode relegates all error correcting and retransmitting processes to the source and destination nodes. The end nodes acknowledge the receipt of packets and retransmit if necessary, but internal nodes do not participate in flow control and error correction (other than simply forwarding messages between the end nodes). The advantage of connectionless mode is that connectionless communications can be processed more quickly and more simply because the internal nodes only forward data and thus don’t have to track connections or provide retransmission or flow control. The differences between connection-oriented and connectionless modes of communication may be easier to understand by analogy.
Imagine talking to someone and then having her reaffirm that she understood what you have told her after each sentence. Connectionless mode is like having a conversation with someone, but the speaker just carries on and assumes that the listener understands.
Connection-oriented is slower, yet more reliable. Connectionless is faster, but has less capability to correct errors (misunderstandings in the conversation example) as they occur.
Connectionless mode does have its share of disadvantages, however, including the following:
. Messages sometimes get lost due to an overflowing buffer or a failed link along the pathway.
. If a message gets lost, the sender doesn’t receive notification.
. Retransmission for error correction takes longer because a faulty transmission can’t be corrected across an internal link. It is important to remember that the OSI model is not a set of rules for communication; the OSI model is a framework in which models of communication are explained. As such, individual implementations of connectionless protocols can attenuate some of the preceding disadvantages. It is also important to remember that connection- oriented mode, although it places much more emphasis on
monitoring errors and controlling traffic, doesn’t always work either.
Ultimately, the choice of connection-oriented or connectionless communications mode depends on interoperability with other systems, the premium for speed, and the cost of components.
