Escolar Documentos
Profissional Documentos
Cultura Documentos
Trend Micro
Basic Networking
Course
Student Textbook
Information in this document is subject to change without notice, The names of companies, products, people,
characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual,
company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the
responsibility of the user.
Basic Networking
Table of Contents
Basic Networking................................................................................................ 5
Course Goal.................................................................................................................. 5
Course Objectives......................................................................................................... 5
Basic Networking
Basic Networking
Course Goal
Upon completion of this course, students will be able to
Course Objectives
After taking this course, you should be able to
Knowledge
Skills
Chapters
Each chapter focuses on different components of a network. Each chapter discusses
important concepts and terms used for networking it outlines.
Chapter Objectives
Every chapter starts with a list of objectives so that you can see how the chapter fits into
your overall course goal. After reading the chapter, you should be able to fulfill the chapter
objectives.
Introduction
Each chapter has a short introduction that follows the chapter objectives. The introduction
provides information that will act as a foundation for the rest of the chapter. Sometimes the
introduction will contain new information, and sometimes the introduction will be a brief
review of a concept you might have learned in a previous chapter.
Summary
Every chapter ends with a summary, outlining the important information explained in the
chapter.
Basic Networking
Basic Networking
Notes
Course Goals
Understand the fundamentals of networking
Define the different components that comprise a
simple network
Know how to perform basic troubleshooting on
a network
Notes
Basic Networking
Notes
10
Notes
11
Chapter 1 - Objectives
Understand the basic networking concepts
Describe the advantages of a peer-to-peer
network.
Describe the advantages of a server-based
network.
Define network architecture
Define network topology
Identify the basic networking components
Identify the advantages and disadvantages of
networking
Notes
12
Basic Networking
Dedicated
Back-up
Clients
Network Cables
Network Interface Card
(NIC)
Media Access Control
(MAC)
Connectivity Devices
Network Operating
System
Notes
13
Advantages:
Computers are located
at users' desks
Users act as their own
administrators and plan
their own security
Computers in the
network are connected
by a simple, easily
visible cabling system
Copyright 2005 - Trend Micro Inc.
Notes
14
Notes
15
Network Architecture
Provides framework and technology
foundation for designing, building and
managing a communication network
defines the structure of the network, including
hardware, software and layout
Notes
16
Network Architecture
Open System Interconnection (OSI) Model
10
Notes
17
11
Notes
18
Network Topology
Its the layout of a network, can be physical or logical.
Bus Topology, Ring Topology and Star Topology
The choice of network topology will be
influenced by some considerations
including:
Centralization
Cost
Maintenance and troubleshooting
Scalability
Security
Speed
Stability
Distances
Single point of failure
12
Notes
19
13
Notes
20
Introduction
Networks can be described as devices that are connected together using a network interface
card and network operating system, to allow them to exchange information. Many people
find networking difficult to learn because it can be a very complicated subject. One of the
main reasons why it seems complex is that networks consist of a number of hardware
devices and software elements, each with its own function dependent on one or the other.
While a network user may only perceive that he or she is using one computer application
(like a Web browser) and one piece of hardware (cable connector), these are only parts of a
much larger puzzle. In order for even the simplest task to be accomplished on a network,
dozens of different components must cooperate, passing control information and data to
accomplish the overall goal of network communication.
The best way to understand any complex system is to break it down into pieces and then
analyze what they do and how they interact. The most logical approach to do this is to
divide the overall set of functions into modular components, each of which is responsible
for a particular function. We also need to identify the interface that connects these
components and describe how they fit together. By simplifying the approach, we can begin
to eliminate the complexity of understanding networking.
A network has two main characteristics:
Interconnectivity
In networks, machines 'talk' to one another by packaging data into small units and by
sending these units across the network. Network communications use protocols. A
protocol is a set of rules that govern communications. Protocols detail what language
the computers are speaking when they talk over a network. If two computers are going
to communicate, they both must use the same protocol.
The first chapter provides a quick overview of basic networking concepts and its
components. It is also targeted to familiarize the students on general network terms and
their usages.
21
Most of the benefits of networking can be divided into two generic categories: connectivity
and sharing. Networks allow computers, and hence their users, to be connected together.
They also allow for the easy sharing of information and resources, and cooperation between
the devices in other ways. Since modern business depends so much on the intelligent flow
and management of information, suffice to say that networking is indeed, so valuable.
In no particular order, here are some of the specific advantages generally associated with
networking:
Connectivity and Communication: Networks connect computers and the users of
those computers. Individuals within a building or work group can be connected into
local area networks (LANs); LANs in distant locations can be interconnected into larger
wide area networks (WANs). Once connected, it is possible for network users to
communicate with each other using technologies like e-mail or instant messaging. This
makes the transmission of business (or non-business) information easier, faster, more
efficient and less expensive than it would be without the network.
Data Sharing: One of the most important uses of networking is to allow the sharing of
data. Before networking became a norm in the business world, an accounting employee
who wanted to prepare a report for her manager would have to produce it on her PC, put
it on a floppy disk, and then walk it over to the manager, who would transfer the data to
her PC's hard disk. (This sort of shoe-based network had been sometimes
sarcastically referred to as sneakernet.)
Networking allows thousands of employees to share data much more easily and quickly
than this. More so, it makes possible applications that rely on the ability of many people
to access and share the same data, such as databases, group software development, and
much more. Intranets and extranets can be used to distribute corporate information
between sites and to business partners. The term intranet refers to an internal network
that uses TCP/IP technologies like the Internet does.
The term Internet refers to the global internetwork of Transmission Control
Protocol / Internet Protocol (TCP/IP) networks we all know and use.
Hardware Sharing: Networks facilitate the sharing of hardware devices. For example,
instead of giving each of 10 employees in a department an expensive color printer (or
resorting to the sneakernet again), one printer can be placed on the network for
everyone to share.
Internet Access: The Internet is in itself, an enormous network, so whenever you
access the Internet, you are using a network. The significance of the Internet on modern
society is hard to exaggerate, especially for those of us in technical fields.
Internet Access Sharing: Small computer networks allow multiple users to share a
single Internet connection. Special hardware devices allow the bandwidth of the
connection to be easily allocated to various individuals as they need it, and permit an
organization to purchase one high-speed connection instead of many slower ones.
Data Security and Management: In a business environment, a network allows the
administrators to more effectively manage the company's critical data. Instead of having
this data spread over dozens or even hundreds of small computers in a haphazard
fashion as some of their users usually create it, data can be centralized on shared
22
servers. This makes it easy for everyone to find the data, makes it possible for the
administrators to ensure that the data is regularly backed up, and also allows for the
implementation of security measures to control who can read or change various pieces
of critical information.
Performance Enhancement and Balancing: Under some circumstances, a network
can be used to enhance the overall performance of some applications by distributing the
computation tasks to various computers on the network.
Entertainment: Networks facilitate many types of games and entertainment. The
Internet offers many sources of entertainment, of course. In addition, many multi-player
games exist that operate over a local area network. Many home networks are set up for
this reason, and gaming across wide area networks (including the Internet) has also
become quite popular. Of course, if you are running a business and have easily-amused
employees, you might insist that this is really a disadvantage of networking and not an
advantage!
23
organizations, these issues must be managed through explicit policies and monitoring,
which again, further increases management costs.
Data Security Concerns: If a network is implemented properly, it is possible to greatly
improve the security of important data. In contrast, a poorly-secured network puts
critical data at risk, exposing it to the potential problems associated with hackers,
unauthorized access and even sabotage.
When a company buys office supplies such as papers, ribbons, toner, or other consumables
for only one, two, or maybe three printers for the entire office, the costs are dramatically
lower than the costs for supplying printers at every workstation. Networks also allow more
space to store files. Client computers are not always able to handle the overhead involved in
storing large files like a database, for example, because they are already heavily involved in
the day-to-day work activities of the users. Because servers in a network can be dedicated
to only certain functions, a server can be allocated to store all the larger files that users
access everyday, freeing up disk space on the clients. Similarly, users can access an
applications that allow multiple users to use it in a single installation (this is called a site
license). If the server is capable of handling the overhead required by an application, then it
can reside on the server and be used by workstations through a network connection.
24
Servers
A server may come in many shapes and sizes. It is a machine that provides a service.
Servers are a core component of the network, providing a link to the services or resources
necessary to perform any task. The link it provides could be to a resource existing on the
server itself or a resource on a client computer. The server is the leader of the pack
offering distinctions to the client computers regarding where to go to get what they need.
Servers offer networks to the capability of centralizing the control of resources and can thus
reduce administrative difficulties. They can be used to distribute processes for balancing
the load on the computers and can thus reduce administrative difficulties. They can also
offer departmentalizing of files for improved readability. That way, if one server goes
down, then not all of the files are lost.
Servers perform several tasks. For example, servers that provide files to the user on the
network are called file servers. Likewise, servers that host printing services for users are
called print servers. There are other tasks as well, such as remote access services (also
known as RAS), administration, mail and so on. Servers can be multi-purpose or singlepurpose. If they are multi-purpose, they can be, for example, both a file server and a print
server at the same time. If the server is a single-purpose server, it is a file server only or
print server only.
In Windows NT-based systems, Remote Access Service or RAS is a built-in feature
that enables users to log into an NT-based LAN using a modem, X.25 connection or
WAN link. It works with several major network protocols, including TCP/IP, IPX, and
Netbeui.
A server is dedicated for network services. When a server encounters a system downtime, a
backup server is necessary to keep the services running.
These are the two types of servers in a network:
Backup Servers. These are assigned to provide one or more network services or
local access such as the DHCP (Dynamic Host Configuration Protocol) or DNS
(Domain Name System) server. A backup server is expected to be slightly more
flexible in its day-to-day use than a dedicated server. It can be used not only to
direct network traffic and perform administrative actions, but often to serve as front
end for the administrator to work with other applications or services. The backup
server can act as a workstation as well as a server.
Clients
In network terms, workstations are also known as clients. These are the computers that the
users on a network use to perform their tasks such as word processing, database design,
graphic design, email, and other office or personal tasks.
To make a workstation into a client computer, you must install a network interface card
(NIC), a special expansion card that allows the PC to talk on a network. You must connect
25
it to a cabling system that connects to another computer to talk to the servers. Once all this
has been accomplished, the computer will be on the network.
Workstations can range from a diskless computer system, a remote computer that has no
hard drive, floppy, CD-ROM or permanent storage media of any sort, to a desktop system.
As clients, they are allowed to communicate with the servers in the network in order to use
the networks resources.
To the client, the server may be just another drive letter. However, because it is a network
environment, the client is able to use the server as a doorway to more storage or more
applications, or though which it may communicate with other computers or other networks.
To a user, being on a network changes a few things:
Share and receive information from other users, or even collaborate on the same
document.
Use programs that would be too large for their computer to use by itself because of
the memory it requires to run it.
Network Cables
When the data is passed from one computer to another, it must find its way into the medium
that is used to physically transfer data from computer to computer. In traditional networks,
this medium is cable. In todays networks, Wireless technology allows data to be passed
through the air. The cable you choose, however, must support both the network architecture
and topology.
Cable is the medium through which information usually moves from one network device to
another. There are several types of cable which are commonly used with networks. In some
cases, a network will utilize only one type of cable, other networks will use a variety of
cable types. The type of cable chosen for a network is related to the network's topology
(layout), protocol, and size.
When choosing network cable, some of the factors such as characteristic impedance, noise,
cost, expandability, location of your computers and speed.
The Media Access Methods, also known as cable access methods, define how you put the
data on the cable. These define a set of rules for how computers put data on and retrieve it
from a network cable.
To know more about media access methods, specifically in a
local area network, go to Chapter 4, LAN Architecture.
26
that manufacturer. The numbers are never duplicated. This system permits a given
manufacturer to make 16 million devices with unique numbers.
The MAC address is often called the physical address of your system. It is
actually burned into the device. You can override it with software; but this is not
advisable because doing so can cause problems on the network if you duplicate
an existing MAC.
Each time you log onto the Internet, your IP may have changed but your physical
address doesn't unless you change your hardware. This physical address is broadcast
into the Internet. Your host can track that. If someone manages to come into your
wireless network at 2 a.m. and do a little spamming off your IP; their MAC address gets
sent into the host for tracking where the spam came from.
Attaches source address (MAC) of the destination device to the data packet
Converts data in to packets suitable for the particular network (Ethernet, Token
Ring, FDDI)
Connectivity Devices
Network connectivity devices such as hubs, or repeaters, are simple devices that
interconnect groups of users. For instance, hubs forward any data packets including e-mail,
word-processing documents, spreadsheets, graphics, print requests that they receive over
one port from one workstation to all their remaining ports. All users connected to a single
hub or stack of connected hubs are in the same "segment," sharing the hub bandwidth or
data-carrying capacity. As more users are added to a segment, they compete for a finite
amount of bandwidth devoted to that segment.
To know more about network connectivity devices, go to Chapter
5, Network Connectivity Devices.
27
Local area networks that have a single server with many clients connected to it who
put the NOS on the server. The main part of the NOS sits on the server, while the
smaller client software packages are loaded onto each client.
With larger networks that don't use a single server, such as a network running
TCP/IP, the NOS may be part of each machine's software.
Network operating systems (NOS) typically are used to run computers that act as servers.
They provide the capabilities required for network operation. These are also designed for
client computers and provide functions so the distinction between network operating
systems and stand alone operating systems is not always obvious.
NOS ties together all of the computers and peripherals in the network
Coordinates the functions of all computers and peripherals such as file and print
sharing; allows backing up of data
Provides security for and access to data and peripherals in a network such as
account administration for users.
A network operating system includes versions of Windows NT, Windows XP, Windows
2000/2003 Server, Novell Netware, Linux, Unix and others.
In general, all networks have certain components, functions, and features in common:
Resources - Any service or device made available for use by members of the
network.
A Local Resource is any peripheral (optical drive, printer, scanner, modem, and so
on) that is attached to your machine. Since the machine doesn't have to go on the
network to get to the device, it is called a local device or a local resource.
A Remote Resource is any device that must be reached through the network. Any
devices attached to a server, are remote resources.
28
Type of business
Network budget
Users act as their own administrators and plan their own security
Computers in the network are connected by a simple, easily visible cabling system
P2P networks are good choices for environments in the following instances:
Where users share resources, such as files and printers, but no specialized servers
exist
29
Where network security is not an issue and the organization and the network will
experience only limited growth within the foreseeable future.
Although a peer-to-peer network might meet the needs of small organizations, it is not
appropriate for all environments.
The rest of this section describes some of the considerations a network planner needs to
address before choosing which type of network to implement including administration,
resource-sharing, server requirements, security and training.
Network administration includes the task of managing users and security, making
resources available, maintaining applications and data, and installing and upgrading
application and operating system software. In a typical peer-to-peer network, no
system manager oversees administration for the entire network. Instead, individual
users administer their own computers.
On resource-sharing, all users can share any of their resources in any manner they
choose. These resources include data in shared directories, printers, and so on.
On server requirements, each computer must use a large percentage of its resources
to support the user at the computer (known as the local user). Also, to use additional
resources such as hard-disk space and memory, to support the user's accessing
resources on the network, known as the remote user. While a server-based network
relieves the local user of these demands, it requires at least one powerful, dedicated
server to meet the demands of all the clients on the network.
Network security (that is, making computers and data stored on them safe from
harm or unauthorized access) consists of setting a password on a resource, such as a
directory, that is shared on the network. All P2P network users set their own
security, and shared resources can exist on any computer rather than on a
centralized server only; consequently, centralized control is very difficult to
maintain. This lack of control has a big impact on network security because some
users may not implement any security measures at all. If security is an issue, a
server-based network might be a better choice.
Lastly, because every computer in a peer-to-peer environment can act as both a
server and a client, users need training before they are able to function properly as
both users and administrators of their computers.
30
Server-based networking
In an environment with more than 10 users, a peer-to-peer networkwith computers acting
as both servers and clientswill probably not be adequate. Therefore, most networks have
dedicated servers. A dedicated server is one that functions only as a server and is not used
as a client or workstation. Servers are described as "dedicated" because they are not
themselves clients, and because they are optimized to service requests from network clients
quickly and to ensure the security of files and directories. Server-based networks have
become the standard models for networking.
The number of connected computers and the physical distance and traffic between them
grows as networks increase in size. Because of this, more than one server is usually needed.
Spreading the networking tasks among several servers ensures that each task will be
performed as efficiently as possible.
Servers must perform varied and complex tasks. Servers for large networks have become
specialized to accommodate the expanding needs of users.
Examples of different types of servers included on many large networks are file and print
servers, application servers, mail servers, fax servers, communication servers, and even
directory services servers.
31
File and print servers manage user access and use of file and printer resources. To give an
example, when you are running a word-processing application, the word-processing
application runs on your computer. The word-processing document stored on the file and
print server is loaded into your computer's memory so that you can edit or use it locally. In
other words, file and print servers are used for file and data storage.
Application servers make the server side of client/server applications, as well as the data,
available to clients. In fact, servers store vast amounts of data that is organized to make it
easy to retrieve. Thus, an application server differs from a file and print server. With a file
and print server, the data or file is downloaded to the computer making the request. With an
application server, the database stays on the server and only the results of a request are
downloaded to the computer making the request.
A client application running locally accesses the data on the application server, can be
another example. You might search the employee database for all employees who were
born in November. Instead of the entire database, and only the result of your query is
downloaded from the server onto your local computer.
Mail servers operate like application servers in that there are a separate server and client
applications, with data selectively downloaded from the server to the client. Fax servers
manage fax traffic into and out of the network by sharing one or more fax modem boards.
Communications servers handle data flow and e-mail messages between the servers' own
networks and other networks, mainframe computers, or remote users who dial in to the
servers over modems and telephone lines.
Directory services servers enable users to locate, store, and secure information on the
network. For example, some server software combines computers into logical groupings
(called domains) that allow any user on the network to be given access to any resource on
the network.
32
Planning for specialized servers becomes important with an expanded network. The planner
must take into account any anticipated network growth so that network use will not be
disrupted if the role of a specific server needs to be changed.
In order to plan an effective network, a planner must understand the role of software in a
server-based Environment.
A network server and its operating system work together as a unit. No matter how powerful
or advanced a server might be, it is useless without an operating system that can take
advantage of its physical resources. Advanced server operating systems, such as those from
Microsoft and Novell, are designed to take advantage of the most advanced server
hardware.
Although a server-based network it is more complex to install, configure, and manage, it
has many advantages over a simple peer-to-peer network including sharing of resources,
management of network security, redundancy systems and large user-support.
A server is designed to provide access to many files and printers while maintaining
performance and security for the user. Server-based data sharing can be centrally
administered and controlled. Because these shared resources are centrally located,
they are easier to find and support than resources on individual computers.
One administrator who sets the policy and applies it to every user on the network.
This is often the primary reason for choosing a server-based approach to
networking.
Backups can be scheduled several times a day or once a week depending on the
importance and value of the data. Server backups can be scheduled to occur
automatically, according to a predetermined schedule, even if the servers are
located on different parts of the network.
Through the use of backup methods known as redundancy systems, the data on any
server can be duplicated and kept online. Even if harm comes to the primary data
storage area, a backup copy of the data can be used to restore the data.
Network Architecture
A network architecture is a blueprint of the complete computer communication network,
which provides a framework and technology foundation for designing, building and
managing a communication network. It defines the structure of the network, including
hardware, software and layout. We differentiate architecture by the hardware and software
required to maintain optimum performance levels.
There are so many existing types of network architecture. The most basic of these is the
Local-Area Network (LANs). This is a network that connects computers together that are
relatively close to each othergenerally, within the same room or building. The vast
majority of regular LANs connect using cables, so the term LAN by itself usually implies
2005 Trend Micro Incorporated
33
a wired LAN, but not always. There are many different types of LANs Ethernets being the
most common for PCs.
A proprietary network architectures used in the networking industry is the OSI (Open
Systems Interconnection) model defined by the International Organization for
Standardization.
The OSI Model was designed to promote interoperability by creating guideline for network
data transmission between computers that have different hardware vendors, software,
operating systems, and protocols. A protocol suite is most easily defined as a set of rules
used to determine how computers communicate with each other. The OSI model is used to
describe what tasks a protocol suite performs as you explore how data moves across a
network. Although not all protocols map directly according to what the model provides,
there are enough similarities that can be used to examine how these protocols function.
The OSI model consists of seven layers. Each layer performs a special function and then
passes on the result to another layer. When a sending node is transmitting a data, it formats
a network request and then passes the request to the network protocol at the top layer, the
Application layer. The protocol that runs at this layer performs an operation on the request
and then passes it to the next, lower layer. Each layer of protocols below the Application
layers perform it own calculation and appends its own information to the data sent from the
layer above it. At the receiving station, the process happens in reverse.
To know more information about the OSI model, go to Chapter 6
34
Network Topology
Once you choose the type of network to use, choose the manner in which your network will
be wired. A topology is a way of laying out the network. Topologies can be either
physical or logical. Physical topologies describe how the cables are run. Logical
topologies describe how the network messages travel. The choice of network topology will
be influenced by some considerations including:
Centralization
Cost
Scalability
Security
Speed
Stability
Distances
Single point of failure - a physical or logical location (a server, switch, router, etc)
where one or more network devices are connected. When this connection fails, one
or more workstations will not be able to transmit data.
The basic network topologies that will be discussed in this courseware are the Bus
Topology, Ring Topology and Star Topology.
35
36
Review Questions
1. Networking hardware includes all computers, peripherals, interface cards and other
equipment needed. These hardware are needed to
a) To perform data-processing and communications within the network
b) To facilitate many types of games and entertainment
c) To provide a framework and technology foundation for designing, building and
managing a communication network
d) None of the above.
2. This hardware component provides a link to the services or resources necessary to
perform any task.
a) Printer
b) Server
c) Client
3. What is the purpose of network architecture?
a) To provide access to many files and printers while maintaining performance
and security for the user
b) To provide a framework and technology foundation for designing, building and
managing a communication network
c) To enable users to locate, store, and secure information on the network
d) To allow users to share any of their resources in any manner they choose
4. An advantage in networking that allows the administrators to more effectively manage
the company's critical data is advantage on
a) Hardware and Software Management and Administration Costs
b) Network Hardware, Software and Setup Costs
c) Data Security and Management
5. It is a physical or logical location (a server, switch, router, etc) where one or more
network devices are connected
37
38
39
Chapter 2 - Objectives
Understand what network topology is
Identify the basic network topologies, their
characteristics, advantages and
disadvantages
Identify types of area networks (LAN, WAN,
and other types)
14
Notes
40
Chapter 2 - Objectives
Understand what network topology is
Identify the basic network topologies, their
characteristics, advantages and disadvantages
Identify types of area networks (LAN, WAN, and
other types)
15
Notes
41
16
Notes
42
17
Notes
43
Bus Topology
18
Notes
44
Bus Topology
19
Notes
45
Star Topology
It uses a switch
All peripheral nodes may
communicate with all others by
transmitting to, and receiving
from, the central node only.
20
Notes
46
Ring Topology
21
Notes
47
Hybrid Topology
a combination of any two or more network
topologies.
where two basic network topologies, when
connected together, can still retain the basic
network character
22
Notes
48
23
Notes
49
Area Networks
Metropolitan Area Network
(MAN)
Storage Area Network (SAN)
System Area Network (SAN)
Server Area Network (SAN)
Small Area Network (SAN)
Personal Area Network (PAN)
Desk Area Network (DAN)
Controller Area Network (CAN)
Cluster Area Network (CAN)
Wireless Local Area Network
(WLAN)
WLAN
SAN
PAN
Copyright 2005 - Trend Micro Inc.
24
Notes
50
Introduction
Network Topology is the specific physical, logical, or virtual, arrangement of the network
components and devices (nodes). It is determined only by the configuration of connections
between nodes. Distances between nodes, physical interconnections, transmission rates,
and/or signal types affect how data will be communicated in a network.
A node is any device on a network (server, workstation, printer, scanner, or any other
kind of peripheral) that is accessed directly by the network. A node has a unique
name or IP address so the rest of the network can identify it.
This chapter will discuss the forms and different types of topologies and their
characteristics.
The topology you choose for your network influences and is influenced by several factors:
Office layout
Cost of installation
Troubleshooting techniques
First, look at how your office is arranged. People who are setting up only a few computers
in a single room will have less difficult challenges that than those with many computers
distributed throughout several floors of a building.
Second, to a significant degree, the physical topology you choose for your network
determines what kind of cable you will get for it and vice versa. CAT 5 (Category 5) cable
is commonly used in networks. Some people use the Fiber Optic cable.
To know more about network cables, go to Chapter 3
51
Third, all physical topologies are not equal in terms of cost. Some of the cost will be
affected by the complexity of the topology you choose and more important, how hard it is to
make the topology fit your space. The bus topology, for example, is simple when done in a
small area but could be complicated to cable if you attempt to run it through a multi-floor
network.
Finally, troubleshooting techniques and requirements are determined to some degree by the
physical topology you use. For example, some topologies have built-in physical redundancy
to prevent breaks in the cable from interrupting communications. Other topologies isolate
each cable in the network so that a single break will not bring everything down.
Bus Topology
All nodes (file server, workstations, and peripherals) on the LAN are connected by one
linear cable, which is called the shared medium. It uses a common single cable, which is the
backbone and it functions as a shared communication medium that devices attach or tap
into with an interface connector. A device wanting to communicate with another device on
the network sends a broadcast message onto the wire that all other devices see, but only the
intended recipient actually accepts and processes the message.
Figure 2.1 Bus Topology - all nodes on the LAN are connected by one linear
cable.
A backbone is a part of a network that acts as the primary path for traffic that is
most often sourced from, and destined for, other networks. It is a set of nodes
and links connected together comprising a network, or the upper layer protocols
used in a network.
52
Every node on this cable segment sees transmissions from every other station on the same
segment. At each end of the bus there is a terminator, which absorbs any signal so it does
not reflect back across the bus. This medium cable apparently is the single point of failure.
In a bus topology, signals are broadcasted to all stations. Each computer checks the address
on the signal (data frame) as it passes along the bus. If the signals address matches that of
the computer, the computer processes the signal. If the address doesnt match, the computer
takes no action and the signal travels on down the bus.
Only one computer can talk on a network at a time. A media access method called
CSMA/CD Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is used to
handle the collisions that occur when two signals are placed on the wire at the same time.
To know more about Carrier Sense Multiple Access with Collision
Detection (CSMA/CD), go to Chapter 4, LAN Architecture
Each time a node on the network has data for another node, the sending node broadcasts the
data to the entire network. The various nodes hear it and look to see if the data is for them.
If so, they keep the data.
Every Ethernet card has a unique 48-bit address (its own 24-bit and another 24bit specified by the company), known as a MAC address. Each piece of data that
travels the network is directed to the address of the card in the node that should
receive the data.
53
A good example to show how this topology works would be the old telephone party lines
where a number of persons share a telephone number. Each person sharing the telephone is
assigned a distinctive ring to determine who was receiving a call. If your code was, say
three rings, and you heard the telephone ring three quick rings, you could pick it up and
know it was for you. On the other hand, if you heard two long and one short, youd know
that the call was for your next door neighbor and youll ignore it. In all cases, everyone
sharing the telephone heard the rings, but only one person who was supposed to receive it
the call, responded to it.
On a bus network, every workstation can send out information in a package called a packet.
It contains the source and the destination address in addition to the data.
Data transmitted on a network of any type, must conform to the strict format, called the
Data Logical Link Layer Frame format, which the network type uses for arranging data. For
instance, Ethernet packets in a 100Mpbs network can be no longer than 1518 bytes, just to
ensure that a single workstation doesnt hog the network too long. In a Gigabit network this
number has been increased to 9000 bytes. Therefore, the 9000 bytes was large enough to
carry an 8 KB application datagram (e.g. NFS) plus packet header overhead)
Before a workstation broadcasts to the network, it listens to determine if another machine is
using the network. If the coast is clear, then it broadcasts. The bus topology is passive. In
other words, the computers on the bus simply listen for a signal; they are not responsible
for moving the signal along.
The biggest problem with the broadcast method of network transmittal is distance. If the
distance between two computers on the same network (for example, Node A and Node B) is
too great, they may not hear each other on the line. If that happens, then Node A cannot tell
whether Node B is transmitting or not. Thinking that the line is not in use, Node A may
then begin its transmittal when Node B is already transmitting data. If the two nodes
transmit at the same time, an event called packet collision occurs, causing a frequency
ripple on the cable. The first node to detect this increased frequency ripple will send out a
high-frequency signal that will cancel out all the other signals. This signal tells all nodes
that a collision has occurred and that all nodes in the network should stop sending packets.
At this point, each node waits a random amount of time, and then tries broadcasting again.
They will do this up to 16 times before giving up.
Ethernet is probably the best known example of a logical bus network; its the most popular
LAN type. Early Ethernet systems used the bus topology with coaxial cable, a type of
network that is rarely seen today. Ethernet bus topologies are relatively easy to install and
don't require much cabling compared to the alternatives. 10Base-2 ("ThinNet") and 10Base5 ("ThickNet") both were popular Ethernet cabling options years ago. However, bus
networks work best with a limited number of devices. If more than a few dozen computers
are added to a bus, performance problems will likely result. In addition, if the backbone
cable fails, the entire network effectively becomes unusable.
Advantages of a Bus Topology
54
Failure of one station does not affect others. (However, if one machine fails, the
packet will not pass!)
Disadvantages of a Bus Topology
Difficult to administer/troubleshoot
For 10Base2
A cable break can fail the entire network; no redundancy; no backbone function
Star Topology
While the bus topology has the computers in a network logically connected directly to each
other, the star topology uses a switch (in the past, this was called a hub; a switch is also
known as a repeater), which rebroadcasts all transmissions received from any peripheral
node to all peripheral nodes on the network, including the originating node. All peripheral
nodes may thus communicate with all others by transmitting to, and receiving from, the
central node only. Most LANs installed today use the star topology. The main advantage of
the star network is that each computer has its own dedicated connection to the hub. If a
single cable or connector should fail, only one computer is affected.
Switches will be discussed in Chapter 5 Network Connectivity Device.
55
Figure 2.3 Star Topology - all nodes on the LAN are connected to a switch (also
called a repeater)
Characteristics of Star Topology
In the star topology, each server and workstation plugs into a central hub that provides
connections to all other devices connected to the switch. This means that each connection is
independent of all other connections; a break in workstation As cable will not affect
workstation Bs connection. It also means that the network is relatively easy to cable
because each workstation and server is no more than the maximum cable length from the
switch. Devices typically connect to the switch with Unshielded Twisted Pair (UTP)
Ethernet.
To know more about the UTP cable, go to Chapter 3 Basic Network
Cabling.
Easy to isolate problems because the hub can be a bottleneck and single
point of failure.
Disadvantages of a Star Topology
56
More expensive than bus topologies because of the cost of the switch.
The ring topology connects all PCs in the network in a loop, running double cables between
each node in order to maintain network integrity. In a ring network, every device has
exactly two neighbors for communication purposes. All messages travel through a ring in
the same direction (effectively either "clockwise" or "counterclockwise"). A failure in any
cable or device breaks the loop and can take down the entire network.
This setup has no start and no end. All computers are connected with a cable that loops
around. Signals travel in one direction on a ring while they are passed from one computer to
another and each computer checks a packet for its destination and passes it on as a repeater
would.
57
The heart of the ring logical topology is the token packet. To avoid packet collisions, the
ring topologies ensure that only one workstation can send information across the network at
any given time. Only the node that has control of the token packet can send information
across the network.
When a workstation is done with the token packet, it releases it to whatever station is next
in line. If nobody grabs it, the workstation releases it a second time. If nobody responds to
it the second time, then the workstation sends out a general query, know as a solicit
successor frame. This frame goes out over the network asking, Whos supposed to get the
next token?. If a workstation responds, the sending workstation addresses the token to that
workstation and passes the token. Because no single node can transmit for longer than it
takes for a piece of data to make a complete circuit of the network, no PC has to wait more
than once circuits worth of information before getting a chance to transmit.
In the ring topology, the data is not broadcasted on the network but passed from node to
node. Thus, timing is very important to make sure that the frames passed on the network are
receiving properly. The token is responsible for maintaining the timing. Given the tokens
importance in keeping order on a network using the ring logical topology, one computer is
dedicated to token management. This computer, called the token master or active monitor,
detects lost tokens, monitors frame transmissions, and creates new tokens when necessary.
The active monitor also maintains a regular clock tick on the network that keeps all other
nodes synchronized.
Advantages of a Ring Topology
No collisions
No terminators required
Hybrid Topologies
A hybrid topology is a combination of any two or more network topologies.
58
Instances can occur where two basic network topologies, when connected together,
can still retain the basic network character, and therefore not be a hybrid network.
For example, a tree network connected to a tree network is still a tree network.
Therefore, a hybrid network accrues only when two basic networks are connected
and the resulting network topology fails to meet one of the basic topology
definitions. For example, two star networks connected together exhibit hybrid
network topologies.
A hybrid topology always accrues when two different basic network topologies are
connected.
LAN Basics
A LAN connects network devices over a relatively short distance. A networked office
building, school, or home usually contains a single LAN, though sometimes one
building will contain a few small LANs, and occasionally a LAN will span a group of
nearby buildings. Besides operating in a limited space, LANs include several other
distinctive features. LANs are typically owned, controlled, and managed by a single
person or organization. They also use certain specific connectivity technologies,
primarily Ethernet.
WAN Basics
A Wide Area Network (WAN) spans a large physical distance. A WAN spans across
the countries. Geographically, it is a dispersed collection of LANs. A network device
59
called a router connects LANs to a WAN. In an Internet Protocol (IP) networking, the
router maintains both a LAN address (an IP address) and a WAN address.
WANs differ from LANs in that, like the Internet, most WANs are not owned by any
one organization but rather exist under collective or distributed ownership and
management. WANs use advance networking technologies for connectivity like ATM
(Asynchronous Transfer Mode), for instance.
A Storage Area Network connects servers to data storage devices through Fiber
Channel technology, which handles high-performance disk storage for applications on
many corporate networks.
A System Area Network connects high-performance computers with high-speed
connections in a cluster configuration or also known as Network of Workstations
(NOW). A cluster integrates the resources of two or more computing devices (that
could otherwise function separately) together for some common purpose.
60
Review Questions
1. The specific physical, logical, or virtual, arrangement of the network components and
devices
a) Network Topology
b) Ring Topology
c) Bus Topology
d) Star Topology
2. A backbone is best described as
a) A cable break that can fail the entire network
b) A set of nodes and links connected together comprising a network, or the upper
layer protocols used in a network
c) The most important thing to understand about the bus topology
3. The Data Logical Link Layer Frame format
a) Transmits the data in the network
b) listens to determine if another machine is using the network
c) repeats what it hears from the previous station
d) describes the format on how data is transmitted on any type of network
4. In this type of topology, the data is not broadcasted on the network but passed from
node to node
a) Network Topology
b) Ring Topology
c) Bus Topology
d) Star Topology
5. In this type of topology, each server and workstation plugs into a central hub that
provides connections to all other devices connected to the switch.
a) Network Topology
b) Ring Topology
c) Bus Topology
d) Star Topology
61
62
Distinguish between shielded (STP) and unshielded (UTP) twisted pair cable
Know what attenuation and crosstalk, the problems associated with them,
and the ways to prevent them
63
Twisted-Pair Cable
UTP Cable Grades
Fiber Optic Cable
Understanding Attenuation and Crosstalk
A General Guide on Cable Installation
25
Notes
64
Chapter 3 - Objectives
Identify the primary cable types used for Ethernet
networking
Know the characteristics of the Twisted-Pair cable
Distinguish between shielded (STP) and unshielded
(UTP) twisted pair cable
Know the characteristics of the Fiber Optic cables
Identify the advantages and disadvantages of each
cable type
Know the RJ-45 connector
Know the characteristics of a CAT 5
Know the maximum cable lengths (feet and meters)
Know what a terminator is and the common
problems associated with it
Know what attenuation and crosstalk, the
problems associated with them, and the ways to
prevent them
Apply general cabling installation guides
Copyright 2005 - Trend Micro Inc.
26
Notes
65
27
Notes
66
28
Notes
67
RJ-45 Connector
29
Notes
68
Notes
69
31
Notes
70
Length
Wire Map
Return Loss
DC Loop Resistance
Attenuation
NEXT (Near End Cross Talk)
PSNEXT (Power Sum Near-End Cross Talk)
FEXT, ELFEXT and PSELFEXT
Delay
Delay Skew
32
Notes
71
33
Notes
72
34
Notes
73
Introduction
There are three types of cable that can be used in structured Ethernet cabling design,
Unshielded Twisted-Pair (UTP), Shielded Twisted-Pair (STP) which are both types of
Twisted-Pair cable, and Fiber Optic cable.
UTP is the most widely used cable and is used as the primary media for floor distribution. A
UTP backbone is often installed for voice services. STP is used in applications where noise
is deemed to be a problem. When installed correctly it can allow the use of structured
cabling where previously the environment was too harsh. Fiber optic cable is
predominantly used as a backbone media for data services, its high speed and bandwidth
being ideal for this purpose.
Twisted-Pair Cable
Twisted-pair cable is a type of cabling that is used for telephone communications and most
modern Ethernet networks. A pair of wires forms a circuit that can transmit data. The pairs
are twisted to provide protection against crosstalk, the noise generated by adjacent pairs.
When electrical current flows through a wire, it creates a small, circular magnetic field
around the wire. When two wires in an electrical circuit are placed close together, their
magnetic fields are the exact opposite of each other. Thus, the two magnetic fields cancel
each other out. They also cancel out any outside magnetic fields. Twisting the wires can
enhance this cancellation effect. Using cancellation together with twisting the wires, cable
designers can effectively provide self-shielding for wire pairs within the network media.
74
The quality of UTP may vary from telephone-grade wire to extremely high-speed cable.
UTP contains 8 wires or 4 pair of either 22- or 24-gauge copper wire inside the jacket.
100 meter maximum length. 4-100 Mbps speed. Each of the eight individual copper
wires in UTP cable is covered by an insulating material. The wires in each pair are
twisted around each other.
UTP cable relies solely on the cancellation effect produced by the twisted wire pairs to
limit signal degradation caused by electromagnetic interference (EMI) and radio
frequency interference (RFI). To further reduce crosstalk between the pairs in UTP
cable, the number of twists in the wire pairs varies. The tighter the twisting, the higher
the supported transmission rate and the greater the cost is per foot.
Advantages and Disadvantages of the UTP Cabling
UTP cable offers many advantages. Because UTP has an external diameter of
approximately 0.43 cm (0.17 inches), its small size can be advantageous during
installation. Because it has such a small external diameter, UTP does not fill up wiring
ducts as rapidly as other types of cable. This can be an extremely important factor to
consider, particularly when installing a network in an older building. UTP cable is easy
to install and is less expensive than other types of networking media. In fact, UTP costs
less per meter than any other type of LAN cabling. And because UTP can be used with
most of the major networking architectures, it continues to grow in popularity.
However, the UTP cable is more prone to electrical noise and interference than other
types of networking media, and the distance between signal boosts is shorter for UTP
than it is for coaxial and fiber-optic cables, which means that UTP may be susceptible
to radio and electrical frequency interference.
The following summarizes the features of UTP cable:
75
and operates on 16-155 Mbps speed. It has a lower electrical interference than UTP and
it more expensive.
As specified for use in Ethernet network installations, STP reduces electrical noise both
within the cable (pair-to-pair coupling, or crosstalk) and from outside the cable (EMI
and RFI). STP usually is installed with STP data connector, which is created especially
for the STP cable.
The STP cabling supports a wide range of systems and protocols. It is easier to relocate
devices. STP can offer a high level of protection with out significant additional cost.
The installation of STP cable does minimize the sensitivity to routing (Proximity to
EMI sources) but adds complexity in terms of the quality of connections and grounding.
The following summarizes the features of UTP cable:
76
10/100 Ethernet cables have 8 wires, of witch 4 are used for data. The other wires are
twisted around the data lines for electrical stability and resistance to electrical
interference. The cables end in RJ-45 connectors that resemble large telephone line
connectors.
Two kinds of wiring schemes are available for Ethernet cables. Patch cables and
crossover cables. Crossover cables are special because with a single cable, two
computers can be directly connected together without a hub or switch. If a cable does
not say crossover, it is a standard patch cable. If you are connecting computers to a
switch, you need patch cables.
77
Category
Maximum Data
Rate
Usual Application
CAT 1
Less than 1
Mbps
CAT 2
4 Mbps
CAT 3
16 Mbps
CAT 4
20 Mbps
100 Mbps
CAT 5
100 Mbps
CAT 5E
CAT 6
1000 Mbps (4
pair)
200-250 MHz
The two most significant UTP grades for LAN use are Category 3 and Category 5. Category
3 cable was designed for voice-grade telephone networks and eventually came to be used
for Ethernet. Category 3 cable is sufficient for 10 Mbps Ethernet networks (where it is
called 10BaseT), but it is generally not used for Fast Ethernet (except under certain
conditions).
There have been many kinds of Ethernet, but the most popular is 10/100Mbps running over
copper twisted pair wires. 100Mbps Ethernet is also called 100baseT and Fast Ethernet. If
you have an existing Category 3 cable installation, you can use it to build a standard
Ethernet network, but virtually all new UTP cable installations today use at least Category 5
78
cable. The most common are CAT5, CAT5e and CAT6. CAT5 is good for most purposes
and can transfer data at 100Mbps. CAT5e is rated for 200Mbps and CAT6 is rated for
gigabit Ethernet.
Characteristics of Category 5
CAT5 is an Ethernet cable standard defined by the EIA/TIA. CAT5 is the 5th generation of
twisted pair Ethernet cabling and the most popular of all twisted pair cables in use today.
CAT5 cable contains four pairs of copper wire. CAT5 supports Fast (100 Mbps) Ethernet
and comparable alternatives such as ATM. As with all other types of twisted pair EIA/TIA
cabling, CAT5 cable runs are limited to a maximum recommended run rate of 100m (328
feet).
Although CAT5 cable usually contains four pairs of copper wire, Fast Ethernet
communications only utilize two pairs. A new specification for CAT5 cable, CAT5
enhanced (CAT5e), supports short-run Gigabit Ethernet (1000 Mbps) networking by
utilizing all four wire pairs and is backward-compatible with ordinary CAT5.
Twisted pair cable like CAT5 comes in two main varieties, solid and stranded. Solid CAT5
cable supports longer runs and works best in fixed wiring configurations like office
buildings. Stranded CAT5 cable, on the other hand, is more pliable and better suited for
shorter-distance, movable cabling such as on-the-fly patch cabling.
Though newer cable technologies like CAT6 and CAT7 are being developed, CAT5 cable
remains the popular choice, because it is both affordable and plenty fast enough for today's
LANs.
79
Fiber optic cable has the ability to transmit signals over much longer distances than coaxial
and twisted pair. It also has the capability to carry information at vastly greater speeds. This
capacity broadens communication possibilities to include services such as video
conferencing and interactive services. The 10BaseF refers to the specifications for fiber
optic cable carrying Ethernet signals. The maximum segment length is 2000 meters.
Advantages and Disadvantages of Fiber Optic Cabling
80
81
Maximum
Segment
Length
Speed
Cost
Advantages
Disadvantages
UTP
100 m
10 Mbps to
1000 Mbps
Least
expensive
Easy to install;
widely available and
widely used
Susceptible to
interference; can
cover only a
limited distance
STP
100 m
10 Mbps to
100 Mbps
More
expensive
than UTP
Reduced crosstalk;
more resistant to
EMI than Thinnet or
UTP
Difficult to work
with; can cover
only a limited
distance
FiberOptic
10 km and
farther
(single-mode)
100 Mbps to
100 Gbps
(single mode)
Expensive
Difficult to
terminate
2 km and
farther
(multimode)
100 Mbps to
9.92 Gbps
(multimode)
Cannot be tapped,
so security is better;
can be used over
great distances; is
not susceptible to
EMI; has a higher
data rate than
coaxial and twistedpair cable
Length
The length of a cable is one of the more obvious causes of attenuation because the longer it
is, the more resistance it has, and therefore less of the signal will get through. To measure
the length, a cable tester uses Time Domain Reflectometry (TDR). A pulse is sent down the
cable and when it reaches the far end it reflects back, by measuring the time it takes to
travel down the cable and back again, the tester can determine how long the cable is. To do
this, the tester also needs to know how fast the pulsed signal is traveling. This is called the
Nominal Velocity of Propagation (NVP) and is expressed as a percentage of the speed of
light. The NVP is usually somewhere between 60% and 90% of the speed of light, with
most Cat 5E cables being around 70%. Due to the twists in the cable, the measured length
will be greater than the physical length, so if a run looks like it might be over 80m it would
be wise to check it before it is tied up and terminated.
Wire Map
82
This test is to ensure that the two ends have been terminated pin for pin, i.e. that pin 1 at the
patch panel goes to pin 1 at the outlet, pin 2 goes to pin 2 etc. etc. The wire map also checks
for continuity, shorts, crossed pairs, reversed pairs and split pairs. A Split pair is probably
the only thing that requires an explanation here, as they are undetectable with a simple
continuity tester, this is because pin for pin they seem to be correct. A basic in cabling
indicates that balanced line operation requires that the signal is transmitted over a pair of
wires that are twisted together. With a 'split pair', the signal would be split between two
different pairs.
Return Loss
When a cable is manufactured there are slight imperfections in the copper. These
imperfections all contribute to the Structural Return Loss (SRL) measurement because each
one causes impedance mismatch which adds to the cables attenuation.
83
DC loop resistance
This is simply the resistance between the two conductors of a twisted pair which is looped
back at the far end. The primary purpose of this test is to make sure that there are no high
resistance connections in the link.
Attenuation
This is the decrease in signal strength (expressed as negative dB) from one end of a cable to
the other. The main causes of attenuation are impedance, temperature, skin effect and
dielectric loss. Impedance is the combination of resistance, inductance and capacitance in a
cable, and it is measured in Ohms and opposes the flow of current. Skin effect is
phenomena, which happens at high frequencies where the signal tries to escape from the
confines of the copper and into the air. The signal travels along the outer 'skin' of the copper
which effectively reduces the cross sectional area of the cable and therefore increases its
resistance.
84
Figure 3-10 shows a diagram of adding the three NEXT results for each pair
85
(ELFEXT). Moreover, no test parameter these days would be complete without adding the
results together for each pair and calling it a Power Sum measurement, so now we have
Power Sum Equal Level Far End Cross Talk or PSELFEXT for short.
Delay
This is the propagation delay or the time it takes for the signal to travel from one end of the
cable to the other, it is not very important on its own because it value is directly
proportional to the length of the cable. What is important is the relationship between the
delays on each of the four pairs.
Delay Skew
Delay Skew is the difference between the fastest and slowest pairs. Some networks use a
four pair transmission method, this means that the signal is split into four, sent down the
86
four pairs in the cable and re-combined at the far end. It is essential that the signals reach
the far end at near enough the same time, otherwise the signal will not be re-combined
correctly.
87
Cable trays should be used under false floors, otherwise, a suitable method of keeping the
cable off the floor slab should be employed. This is because the lime in the concrete
apparently reacts with the cables sheathing, and over time could damage the cable. I
personally think the cable will have outlived its usefulness long before this could have any
affect on the cables performance.
Care should be taken when pulling cables into trunking to avoid damage due to snagging.
Trunking partitions should be used to separate the data cables from power, and bridges
should be used where data cables have to cross the mains.
When terminating patch panels, cable looms should not exceed 48 cables. Each cable loom
should then be tied in a tidy manner to a cable tray fitted the full length of the cabinet.
All terminating should be carried out according to the manufacturers instructions and
guidelines, and the standards for generic cabling systems. The cable sheath should be
stripped back no more than 13mm from the point of termination and the twist rates should
be maintained.
Cable ties MUST be fitted to the individual RJ45 modules in the patch panels and outlets to
support each cable.
When terminating outlets, care must be taken to avoid damaging the copper cores when
stripping back the outer sheathing.
Excessive amounts of cable should not be left in the outlet backbox. Care should be taken
when attaching the outlet faceplate not to kink, trap or strain the cable.
Cable tray should be fitted in cabinets housing structured cabling to keep cable looms
secure and tidy, and to provide room for any additional cabling.
All cabinets must be earthed to the 16th edition IEEE wiring regulations (British
regulations). Where shielded cable is used the earth should be clean and where two cabinets
are linked with a copper backbone (shielded or unshielded) a minimum of 10mm earth wire
should also be installed to cross bond the cabinets. 3
88
Review Questions
1. The cable that is easy to install and is less expensive than other types of networking
media.
a) UTP
b) STP
c) Fiber Optic
2. This cable combined the techniques of shielding, cancellation, and wire twisting
a) UTP
b) STP
c) Fiber Optic
3. Attenuation is the tendency of a signal to weaken as it travels over a cable. This cable is
less subject to experiencing attenuation.
a) UTP
b) STP
c) Fiber Optic
89
90
35
Notes
91
Chapter 4 - Objectives
36
Notes
92
LAN Architecture
Network architecture refers to the structure
or layout of the hardware and software and
it includes the cable access method
(transmission), topology, and lower level
protocols.
The Local Area Network (LAN) is by far the
most common type of network.
37
Notes
93
38
Notes
94
39
Notes
95
40
Notes
96
41
Notes
97
42
Notes
98
43
Notes
99
LAN Devices
Devices commonly used in LANs include repeaters,
hubs, LAN extenders, bridges, LAN switches.
44
Notes
100
Ethernet Network
45
Notes
101
Introduction
Network architecture refers to the structure or layout of the hardware and software and it
includes the cable access method (transmission), topology, and lower level protocols.
The Local Area Network (LAN) is by far the most common type of network. The 3 most
common types of LAN architectures are Ethernet, Token Ring and ArcNet (Attached
Resource Computing Network), which are sometimes referred to as "lower-level protocols"
because they represent the specifications for the IEE802 model which encompasses the
Physical (1st) and Data link (2nd) layers of the OSI model. However, the major LAN
architecture in use today is Ethernet.
This chapter will introduce the LAN protocols, topologies, various media-access methods,
transmission methods, and devices used in a local-area network (LAN) and will primarily
focus on the Ethernet.
Contention is the most popular media access control used on LANs. This control
enables any station to immediately access the media if it is not in use. To accomplish
this, all stations sense or listen to the media using the receive channel. If no data
102
communication is sensed, the station can transmit a packet. If two stations listen at
exactly the same time, both will send packets. This situation results in a packet
collision. A collision renders the data packets unusable.
Contention Characteristics
When a device transmits, the device temporarily has total control of the media
until the transmission is complete.
More collisions will result from adding more devices to the network.
For CSMA/CD networks, switches segment the network into multiple collision
domains. This reduces the number of devices per network segment that must contend
for the media. By creating smaller collision domains, the performance of a network can
be increased significantly without requiring addressing changes.
Normally CSMA/CD networks are half-duplex, meaning that while a device sends
information, it cannot receive at the time. While that device is talking, it is incapable of
also listening for other traffic. This is much like a walkie-talkie. When one person
wants to talk, he presses the transmit button and begins speaking. While he is talking,
no one else on the same frequency can talk. When the sending person is finished, he
releases the transmit button and the frequency is available to others.
When switches are introduced, full-duplex operation is possible. Full-duplex works
much like a telephoneyou can listen as well as talk at the same time. When a network
device is attached directly to the port of a network switch, the two devices may be
capable of operating in full-duplex mode. In full-duplex mode, performance can be
increased, but not quite as much as some like to claim. A 100-Mbps Ethernet segment is
capable of transmitting 200 Mbps of data, but only 100 Mbps can travel in one direction
at a time. Because most data connections are asymmetric (with more data traveling in
one direction than the other), the gain is not as great as many claim. However, fullduplex operation does increase the throughput of most applications because the network
media is no longer shared. Two devices on a full-duplex connection can send data as
soon as it is ready.
103
Token Passing
This is a media that uses a special packet called a token. A token is a special control
frame on token ring, token bus, and FDDI (Fiber Distributed Data Interface) networks
that determines which stations can transmit data on a shared network. The node that has
the token can transmit. Unlike contention-based networks, such as Ethernet,
workstations on token-based networks do not compete for access to the network. Only
the station that obtains the token can transmit. Other stations wait for the token rather
than try to access the network on their own. On Ethernet networks, "collisions" occur
when two or more workstations attempt to access the network at the same time. They
must back off and try again later, which reduces performance, especially as the number
of workstations attached to a network segment increases.
A multicast transmission consists of a single data packet that is copied and sent to a specific
subset of nodes on the network. First, the source node addresses the packet by using a
multicast address. For example, the TCP/IP suite uses 175.123.167.198 to 239.255.255.255.
The packet is then sent into the network, which makes copies of the packet and sends a
copy to each node that is part of the multicast address.
104
A broadcast transmission consists of a single data packet that is copied and sent to all nodes
on the network. In these types of transmissions, the source node addresses the packet by
using the broadcast address. The packet is then sent on to the network, which makes copies
of the packet and sends a copy to every node on the network.
Multimedia broadcast traffic is a much more bandwidth-intensive broadcast traffic type.
Unlike a data broadcast, it is typically several megabits in size; therefore, it can quickly
consume network and bandwidth resources. Broadcast-based protocols are not preferred
because every network device on the network must expend CPU cycles to process each data
frame and packet to determine if that device is the intended recipient. Data broadcasts are
105
necessary in a LAN environment, but they have minimal impact because the data broadcast
frames that are traversing the network are typically small.
A broadcast storm occurs when a host system responds to a packet that is
continuously circulating on the network or attempts to respond to a system that
never replies. Typically, request or response packets are continuously generated
to correct the situation, often making matters worse. As the number of packets on
the network increases, congestion occurs that can reduce network performance
or cripple it.
LAN Devices
Devices commonly used in LANs include repeaters, hubs, LAN extenders, bridges, LAN
switches.
A repeater is a physical layer device used to interconnect the media segments of an
extended network. A repeater essentially enables a series of cable segments to be treated as
a single cable. Repeaters receive signals from one network segment and amplify, retime,
and retransmit those signals to another network segment. These actions prevent signal
deterioration caused by long cable lengths and large numbers of connected devices.
Repeaters are incapable of performing complex filtering and other traffic processing. In
addition, all electrical signals, including electrical disturbances and other errors, are
repeated and amplified. The total number of repeaters and network segments that can be
connected is limited due to timing and other issues. The illustration below shows a repeater
connecting two network segments.
106
A hub is a physical layer device that connects multiple user stations, each via a dedicated
cable. Electrical interconnections are established inside the hub. Hubs are used to create a
physical star network while maintaining the logical bus or ring configuration of the LAN. In
some respects, a hub functions as a multi-port repeater.
A LAN extender is a remote-access multilayer switch that connects to a host router. LAN
extenders forward traffic from all the standard network layer protocols (such as IP) and
filter traffic based on the MAC address or network layer protocol type. LAN extenders scale
well because the host router filters out unwanted broadcasts and multicasts. However, LAN
extenders are not capable of segmenting traffic or creating security firewalls.
Figure 4-5 Multiple LAN extenders can connect to the host router through a WAN
Ethernet Network
Ethernet is a shared LAN technology that was developed in the early 1970s by some of the
same pioneers who were working on the development of the Internet. The basic design
consists of a shared transmission medium in the form of a coaxial cable or a multi-port hub.
If the medium used is a cable, workstations (nodes) are tapped into the cable along its path
through a room or building. If a hub is used, workstations connect to the hub via twisted-
107
pair cables in a star-like configuration. Since the communication medium is shared, nodes
must listen to make sure the cable is not in use before transmitting. This works well for
small LANs, but the sharing scheme runs into problems as networks grow.
The Ethernet protocol is by far the most widely used in LAN technology because its
protocol has the following characteristics:
108
Ethernet 10Base2 uses thinnet and coaxial cables. A daisy chain can be
created by using a T-connector on each computers. It network interface card (NIC) and
a BNC 50-ohm terminator at both ends of the chain. Each segment (from one end to the
other of the chain or the point to point connection) can be up to 185 meters (600 feet).
Up to 30 connections can be supported, one ground per segment; a minimum of 1.5 feet
(.5 meters) between T-connectors; and a maximum of 1,818 feet (555 meters) per trunk
segment.
10BASE2 uses thin Ethernet cable. Thin coax cable, or Thin Ethernet,
implemented with T-connectors and terminators, such as RG-58 and A/U or C/U, have
the following specifications: a 50-ohm terminator on each end of the cable; a maximum
length of 1,000 feet (185 meters) per segment; a maximum of 30 devices per segment; a
network board using the internal transceiver; a maximum of 3 segments with attached
devices (populated segments); one ground per segment; a minimum of 1.5 feet (.5
meters) between T-connectors; a maximum of 1,818 feet (555 meters) per trunk
segment; and a maximum of 30 connections per segment.
Ethernet 100Base-T also uses twisted-pair wiring. The typical bit-rate of this
system is 100Mbit/s.
Specification
Cable Type
Maximum
length
10BaseT
Unshielded
Twisted Pair
100 meters
10Base2
Thin Coaxial
185 meters
10Base5
Thick Coaxial
500 meters
10BaseF
Fiber Optic
2000 meters
100BaseT
Unshielded
Twisted Pair
100 meters
100BASE-FX specification uses two-strand 62.5/125 micron multi- or singlemode fiber media. Half-duplex, multi-mode fiber media has a maximum segment
length of 412 meters. Full-duplex, single-mode fiber media has a maximum
segment length of 10,000 meters.
109
Workstations are attached to the hub with a UTP (unshielded twisted-pair) cable that
cannot exceed 100 meters (328 feet).
10Base-T connections use Category 5, which provides for future growth into faster
transmission technologies such as 100Base-T or 1000Base-T.
Below is a basic specifications list of the 10Base-T network.
The maximum number of nodes per segment is 1,024, not counting repeaters.
Use RJ-45 jacks at the end of cables. Pins 1 and 2 are "transmit" and pins 3 and 6
are "receive."
The distance from a station to a hub cannot exceed 100 meters (328 feet).
A bridge may be used to extend some of these limitations. Divide large networks
with routers as discussed earlier.
Limitations of Ethernet
There are practical limits to the size of our Ethernet network. A primary concern is the
length of the shared cable.
Electrical signals propagate along a cable very quickly, but they weaken as they travel,
and electrical interference from neighboring devices (fluorescent lights, for example)
can scramble the signal. A network cable must be short enough that devices at opposite
ends can receive each other's signals clearly and with minimal delay. This places a
distance limitation on the maximum separation between two devices on an Ethernet
network.
Additionally, since in CSMA/CD only a single device can transmit at a given time,
there are practical limits to the number of devices that can coexist in a single network.
Ethernet networks face congestion problems as they increased in size. If a large number
of stations connected to the same segment and each generated a sizable amount of
traffic, many stations may attempt to transmit whenever there was an opportunity.
Under these circumstances, collisions would become more frequent and could begin to
choke out successful transmissions, which could take inordinately large amounts of
time to complete. One way to reduce congestion would be to split a single segment into
multiple segments, thus creating multiple collision domains. This solution creates a
different problem, as now these now separate segments are not able to share
information with each other.
To alleviate these problems, Ethernet networks implemented bridges. Bridges connect
two or more network segments, increasing the network diameter as a repeater does, but
bridges also help regulate traffic. They can send and receive transmissions just like any
other node, but they do not function similar to a normal node. The bridge does not
110
originate any traffic of its own; like a repeater, it only echoes what it hears from other
stations.
Ethernet 802.2 is one of them. This frame includes fields from 802.3 and 802.2 (Logical
Link Control) and can support the Novell IPX/SPX (Internetwork Packet
Exchange/Sequenced Packet Exchange) and FTAM (File Transfer, Access, and
Management) protocols. The frame parameters are identical to those listed above,
except that the first three bytes of the data field are used to indicate 802.2 header
Logical Link Control (LLC) information.
Preamble
:
Destination Address :
Source Address
:
Length Field
:
Data Field
:
Pad Characters
:
Frame Check Sequence:
8 bytes
6 bytes
6 bytes
2 bytes
Between 46 and 1500 bytes (including LLC)
Variable, stuffs data field up to 46 bytes
4 bytes
111
: 64 bytes
: 1518 bytes (not including Preamble)
112
Review Questions
1. The network devices contend for the network media in the CSMA/CD method. This
means that
a) Nodes estimate when a collision might occur and avoid transmission during that
period.
b) When a device has data to send, it first listens to see if any other device is currently
using the network
c) The source node addresses the packet by using the broadcast address
d) The source node addresses the packet by using a multicast address
2. LAN extenders forward traffic from all the standard network layer protocols (such as
IP) and filter traffic based on
a) Packet
b) MAC address
c) Electrical connections
d) Cabling scheme
3. Why did Ethernet networks implement bridges?
a) To build a hierarchical wiring systems
b) To solve congestion problems due to increase of devices in the network
c) To combine fiber optic backbone and UTP cabling
d) To send a single packet to one or more nodes
4. An Ethernet connection standard that relies on twisted pair wiring (shielded or
unshielded) to connect computers.
a) Ethernet 10Base2
113
b) Ethernet 10Base-T
c) Ethernet100Base-T
5. In the 5-4-3 rule, which statement is true?
a) Between any two nodes on the network, there can only be a maximum of 5
segments, connected through 4 repeaters, 3 of the segments may be populated
(trunk) segments if they are made of coaxial cable.
b) Between any two nodes on the network, there can only be a maximum of 5
repeaters, connected through 4 segments, 3 of the segments may be populated
(trunk) segments if they are made of twisted-pair cable.
c) Between any two nodes on the network, there can only be a maximum of 5
segments, connected through 4 repeaters, 3 of the segments may be populated
(trunk) segments if they are made of twisted-pair cable.
114
Know what a broadcast storm is, how it is caused, and how it can be prevented
115
46
Notes
116
Chapter 5 - Objectives
47
Notes
117
Hubs
Repeaters
Switches
Bridges
Routers
Brouters
Gateways
48
Notes
118
Hubs
Hubs are devices used to link
several computers together.
Most often used in 10BaseT
Ethernet networks.
Multi-port repeaters. They repeat
any signal that comes in on one
port and copy it to all the other
ports (a process also called
broadcasting).
Hubs, like switches, allow
multiple nodes (computers,
servers and printers) to share the
same wired or wireless
connection.
49
Notes
119
Repeaters
Electrically amplifies the signal it
receives and rebroadcasts it
Can be separate devices or they
can be incorporated into a switch
therefore allowing connection of
segment of the same network even
if they use different media
Used to extend the network when
the total length of your network
cable exceeds the standards set for
the type of cable being used
50
Notes
120
Bridges
Allow you to segment a large network into two smaller, more efficient
networks while retaining the same broadcast domain
Extend a single LAN to greater distances by bridging two distant LANs
with bridges joined by fiber-optic cable
Monitor the information traffic on both sides of the network
Can inspect each message and, if necessary, broadcast it on the other
side of the network
51
Notes
121
Switches
Provide a central connection
point for cables from
workstations, servers, and
peripherals
Most switches are active - they
electrically amplify the signal as it
moves from one device to another
More expensive than a hub or
bridge and the configuration of
additional functions can be very
complex.
Switch is a faster, simpler device
than a router, but can incorporate
some of the router's functions.
Analyze the network to better
route the data
52
Notes
122
Routers
Can connect different network segments, if they are in the
same building or even on the opposite side of the globe.
Capable of translating the data information from one network
to another; it is similar to a superintelligent bridge.
Can also direct traffic to prevent head-on collisions
Can sense the traffic in entire network to determine which
sections are busiest and choose the shortest path
53
Notes
123
Brouters
A hybrid device that merges bridging and routing technology.
A network bridge and a router combined in a single product.
A bridge that can bridge multiple protocols and provide routing for
some of those protocols.
54
Notes
124
Gateways
55
Notes
125
Routing Table
A database which keeps track of the routes to networks and
the associated costs is called a routing table. It consists of
destinations, routes, and next hops. These entries define a
route to a destination network.
56
Notes
126
57
Notes
127
Multiprotocol Routing
58
Notes
128
59
Notes
129
60
Notes
130
Keys To Remember
Repeaters, bridges, routers and gateways all extend and
segment networks. The difference between these devices lies
in the different degrees of data discrimination and handling
capability.
Repeater: Regenerates signals to span longer segments
of network. Does not alter data.
Bridge: Links two subnets (networks) that use the same
media and protocol. May control data traffic and speed.
Router: Allows the interconnection of two or more
physically distinct networks and have advanced
intelligence enabling it to determine the most efficient
method of delivering data.
Gateways: Designed to connect radically different
networks.
Copyright 2005 - Trend Micro Inc.
61
Notes
131
Introduction
Network cables link computers to computers. Most cable types allow networks to be
hundreds of feet long. But what if your network needs to be bigger than that? What if your
requirement is to connect a LAN to other LANs? What if the architecture youre using for
your network is limiting the growth of your network along with the growth of your
company? The answer to this is found in a special class of networking devices known as
connectivity devices. These devices allow communications to break the boundaries of local
networks and allow your computers to talk to wide area networks such as other computers
in the next building, city or country.
Hubs
Repeaters
Switches
Bridges
Routers
Brouters
Gateways
These connectivity devices have made it possible to lengthen the distance of the network to
almost unlimited distances.
132
Hubs
Hubs are devices used to link several computers together. They are used most often in
10BaseT Ethernet networks. They are also very simple devices. In fact, they are just multiport repeaters. They repeat any signal that comes in on one port and copy it to all the other
ports (a process also called broadcasting).
There are two types of hubs: active and passive. Passive hubs simply connect all ports
together electrically and are usually not powered. Active hubs use electronics to amplify
and clean up the signal before it is broadcast to the other ports. In the category of active
hubs, there is also a class called "intelligent" hubs, which are hubs that can be remotely
managed on the network.
Up until a few years ago, hubs were considered fairly sophisticated devices that could
provide an adequate network infrastructure for most small and medium-sized organizations.
But bandwidth-hungry electronic business applications, powerful desktop PCs, heightened
security concerns, wireless and converged technologies and 24x7 operations have forever
changed the demands on the network. Today, organizations of all sizes must build switching
technology into their LAN infrastructures in order to get the performance, capacity and
intelligent services that they need. Hubs, like switches, allow multiple nodes (computers,
servers and printers) to share the same wired or wireless connection. However, even the
simplest switch is more sophisticated than a hub because it forwards data packets only to
the appropriate port for the intended recipient based on information in each packet. It
extends the collision domain, cannot filter information, therefore passing the packets to all
connected segments.
Figure 5-2 Network computers connected to the Internet through a network hub
133
Repeaters
Since a signal loses strength as it passes along a cable, it is often necessary to boost the
signal with a device called a repeater. The repeater electrically amplifies the signal it
receives and rebroadcasts it. Repeaters can be separate devices or they can be incorporated
into a switch, therefore allowing connection of segment of the same network, even if they
use different media. They are used to extend the network when the total length of your
network cable exceeds the standards set for the type of cable being used.
A good example of the use of repeaters would be in a local area network using a star
topology with unshielded twisted-pair cabling. The length limit for unshielded twisted-pair
cable is 100 meters. The most common configuration is for each workstation to be
connected by twisted-pair cable to a multi-port active concentrator. The concentrator
amplifies all the signals that pass through it allowing for the total length of cable on the
network to exceed the 100 meter limit.
Bridges
A bridge is a device that allows you to segment a large network into two smaller, more
efficient networks while retaining the same broadcast domain. It also extends a single LAN
to greater distances by bridging two distant LANs with bridges joined by fiber-optic cable.
A bridge monitors the information traffic on both sides of the network so that it can pass
packets of information to the correct location. It can provide a barrier that keeps electrical
or other problems on one segment from propagating to the other segment. Most bridges can
134
"listen" to the network and automatically figure out the address of each computer on both
sides of the bridge. The bridge can inspect each message and, if necessary, broadcast it on
the other side of the network. It isolates each LAN from the collisions that occur on other
LANs. Thus, it creates separate collision domains.
In the past, the bridge was a small box with several LAN connectors or a server with several
network interface cards. Today, bridges are more likely to appear in the form of switching
devices, which are technically multi-port bridges. Each port provides a separate LAN
connection that is bridged to the other ports.
Switches
A switch is a device that provides a central connection point for cables from workstations,
servers, and peripherals. In a star topology, twisted-pair wire is run from each workstation
to a central switch. Most switches are active, that is they electrically amplify the signal as it
moves from one device to another. Switches no longer broadcast network packets as hubs
did in the past, they memorize addressing of computers and send the information to the
correct location directly. However, switches are more expensive than a hub or bridge and
the configuration of additional functions can be very complex.
A switch selects a path or circuit for sending a unit of data to its next destination. In general,
a switch is a faster, simpler device than a router, but can incorporate some of the router's
functions. The basic switch simply selects the next path the data needs to go without
analyzing the entire path. This ability allows switches to disallow some signals from
continuing on the network. This can help reduce collisions, and increase network
performance. Some switches act at Level 3, sometimes called IP Switches or Layer 3
Switches.
These switches perform many of the functions of a router. They can analyze the network to
better route the data. These switches can also be used to break up segments. By assigning
different ports to different segments, the switch can route data to the correct segment.
The advantages of using a switch includes the capability to limit the collision domain, can
extend network distances, it uses MAC address to filter traffic, eases congestion, can
connect different types of media, and some can connect differing architectures.
135
On the other hand, a switch cannot filter broadcast packets. It is more expensive than a
repeater but slower than a repeater. This is primarily due to additional processing of packets
within the same broadcast domain.
A switch is like an advanced bridge. It separates network lines and helps reduce the number
of collisions. Instead of having two networks connected through a bridge, you can have
multiple networks connected through a switch. Here's one way to think of it: A repeater is to
a hub like a bridge is to a switch.
Routers
Routers are specialized computers that send your messages and those of every other Internet
user speeding to their destinations along thousands of pathways. A router can connect
different network segments, if they are in the same building or even on the opposite side of
the globe. A router transmitting data is capable of translating the data information from one
network to another; it is similar to a superintelligent bridge. Routers select the best path to
route a messages between any two protocols using fiber optic, coaxial, and twisted-pair
cabling, based on the destination address and origin. It changes the packet size and format
to match the requirements of the destination network. The router can also direct traffic to
prevent head-on collisions, and is smart enough to know when to direct traffic along back
roads and shortcuts.
A router is more complicated than a bridge in that it can make decisions about where and
how to send packets of information.
While bridges know the addresses of all computers on each side of the network, routers
know the addresses of computers, bridges, and other routers on the network. Routers can
even "listen" to the entire network to determine which sections are busiest -- they can then
redirect data around those sections until they clear up.
136
A network needs a router to connect to the Internet. In this case, the router serves as the
translator between the information on your LAN and the Internet. It can also work in MAN
and WAN environments. It also determines the best route to send the data over the Internet.
The advantage of using a router over a bridge is that routers can determine the best path that
data can take to get to its destination. Like bridges, they can segment large networks and
can filter out noise. However, they are slower than bridges because they are more intelligent
devices; as such, they analyze every packet, causing packet forwarding delays. Because of
this intelligence, they are also more expensive.
137
A configuration table can be as simple as a half-dozen lines in the smallest routers, but can
grow to massive size and complexity in the very large routers that handle the bulk of
Internet messages.
A router, then, has two separate but related jobs:
It ensures that information doesn't go where it's not needed. This is crucial for
keeping large volumes of data from clogging the connections of "innocent
bystanders."
In performing these two jobs, a router is extremely useful in dealing with two separate
computer networks. It joins the two networks, passing information from one to the other
and, in some cases, performing translations of various protocols between the two networks.
It also protects the networks from one another, preventing the traffic on one from
unnecessarily spilling over to the other. As the number of networks attached to one another
grows, the configuration table for handling traffic among them grows, and the processing
power of the router is increased. Regardless of how many networks are attached, though,
the basic operation and function of the router remains the same.
Internet data, whether in the form of a Web page, a downloaded file or an e-mail message,
travels over a system known as a packet-switching network. In this system, the data in a
message or file is broken up into packages about 1,500 bytes long. Each of these packages
gets a wrapper that includes information on the sender's address, the receiver's address, the
package's place in the entire message, and how the receiving computer can be sure that the
package arrived intact. Each data package, called a packet, is then sent off to its destination
via the best available route - a route that might be taken by all the other packets in the
message or by none of the other packets in the message. If there is a problem with one piece
of equipment in the network while a message is being transferred, packets can be routed
around the problem, ensuring the delivery of the entire message.
Note: To know more information about routing protocols, go to
Chapter 7 TCP/IP Protocols.
138
The routing table consists of three types of entries: destinations, routes, and next hops.
Figure 5-6 Illustration that shows how the routing table entries are related
Brouters
A brouter is a hybrid device that merges bridging and routing technology. A brouter is a
network bridge and a router combined in a single product. If a data unit on one LAN is
intended for a destination on an interconnected LAN, the bridge forwards the data unit to
that LAN; otherwise, it passes it along on the same LAN. A bridge usually offers only one
path to a given interconnected LAN.
139
A router connects a network to one or more other networks that are usually part of a wide
area network (WAN) and may offer a number of paths out to destinations on those
networks. A router therefore needs to have more information than a bridge about the
interconnected networks. It consults a routing table for this information.
Since a given outgoing data unit or packet from a computer may be intended for an address
on the local network, on an interconnected LAN, or the wide area network, it makes sense
to have a single unit that examines all data units and forwards them appropriately
Many routers today have bridging functions built into them. When you enable these
functions, your router becomes a bridging-router, or brouter. Basically, a brouter is a bridge
that can bridge multiple protocols and provide routing for some of those protocols. It can be
programmed only to pass data packets using a specific protocol such as IP to route data
packets to the appropriate network. In this case, it is functioning in a similar manner to a
bridge, hence the name.
Gateways
A gateway forwards data between Internet Protocol (IP) networks. It is a machine that acts
as an interface between a small network and a much larger one, such as a local area network
connecting to the internet. Gateways are also used in large corporations to connect small
office-based LANs into the larger corporate mainframe networks. Usually, the gateway
connects to a high-speed network cable or medium called the backbone.
In the early days of the Internet, routers were called gateways. These devices provided
links, initially between mainframe computers, and then later between LANs and other
networks. The term route" is more common now, but gateway is still used when configuring
the IP protocol for host devices. Some networks have multiple routers that lead to other
networks. A host can be configured so that one of the routers is selected over any of the
others. It is usually called the default gateway, meaning that it is the primary path to other
networks.
140
They work at all levels of the OSI model due to the type of translation service they are
providing:
Address Gateway connects networks using the same protocol, but using different
directory spaces such as Message Handling Service
Internet Routing
Internet routing devices traditionally have been called gateways. In today's terminology,
however, the term gateway refers specifically to a device that performs application-layer
protocol translation between devices. Interior gateways refer to devices that perform these
protocol functions between machines or networks under the same administrative control or
authority, such as a corporation's internal network. These are known as autonomous
systems. On the other hand, exterior gateways perform protocol functions between
independent networks.
Routers within the Internet are organized hierarchically. Routers used for information
exchange within autonomous systems are called interior routers, which use a variety of
Interior Gateway Protocols (IGPs) to accomplish this purpose. The Routing Information
Protocol (RIP) is an example of an IGP.
Routers that move information between autonomous systems are called exterior routers.
These routers use an exterior gateway protocol to exchange information between
autonomous systems. The Border Gateway Protocol (BGP) is an example of an exterior
gateway protocol.
Routing Protocol
A routing protocol is a type of client that registers with the routing table manager. Routers
use routing protocols to route data across a network like RIP (Routing Information
Protocol) and OSPF (Open Shortest Path First) to exchange information regarding routes to
a destination. Routing protocols are either unicast or multicast. Routing protocols advertise
routes to a destination. A routing protocol describes how updates are sent, what knowledge
is contained in these updates, when to send this knowledge, and how to locate recipients of
the updates.
Other types of routing methods include:
141
A route is a path in the network that goes to a destination that has a certain cost associated
with it. The cost is represented by its administrative preference and its protocol-specific
metric. Each route has an administrative preference (specified by the routing policy), and a
client-dependent metric. The routing table manager uses this information to determine
which route is the better route to a destination. Routes with lower preference are better
routes (one being lowest, and therefore best). If two routes have the same preference, the
route with the lower metric is the better route.
Preference is normally used to indicate priority between clients. For example, an
administrator can assign OSPF a lower (better) preference than RIP. In this case,
OSPF routes are preferable to RIP routes.
Routes with lower costs are preferred over all other routes. A route entry in the routing table
includes a handle to the destination, the owner of this route, the neighbor (peer) that
provided the route information, flags associated with the state of the route, flags associated
with the route, the preference and metric for the route, the list of views to which the route
belongs, information that is private to the owner of the route, and a list of next hops used to
reach the destination.
Routes have one or more next hops associated with them. If the destination is not on a
directly connected network, the next hop is the address of the next router (or network) on
the outgoing network that can best route data to the destination. The best route is the route
that has the least cost, based on the routing policy in use. Each next hop can be used to
forward data on the path to the destination. All routes owned by a client share a common set
of next-hop entries that were added by the client.
Each next hop is uniquely identified by the address of the next hop and the interface index
used to reach the next hop. If the next hop itself is not directly connected, it is marked as a
"remote" next hop. In this case, the forwarder must perform another lookup using the next
hop's network address. This lookup is necessary to find the "local" next hop used to reach
the remote next hop and the destination.
142
A next-hop entry in the routing table includes the network address of the next hop, the
owner of the next hop, the identifier of the outgoing interface, the state of the next hop,
flags associated with the next hop, information that is private to the owner of the next hop
and a handle to the destination corresponding to the remote next hop.
A protocol with the same protocol identifier (that is, the same vendor identifier and
protocol-specific identifier) can register with the routing table manager multiple times. Each
time, the protocol registers using a different protocol instance identifier. For example, an
implementation of OSPF from a particular vendor can register as Vendor-OSPF-1 and
Vendor-OSPF-2. This enables a specific protocol implementation to partition the
AS consists of routers, run by one or more operators that present a consistent view of
routing to the external world. (Routers under a common administration). The Internet
Network Information Center (InterNIC) assigns a unique autonomous system to enterprises.
This autonomous system is a 16-bit number. A routing protocol such as Cisco's Interior
Gateway Routing Protocol (IGRP) requires that you specify this unique, assigned
autonomous system number in your configuration.
Global Configuration selects a routing protocol, RIP or IGRP and assign IP network
numbers without specifying subnet values.
Unicast Routing
A unicast route to a destination is used by a unicast routing protocol to forward unicast data
to that destination. Examples of unicast routing protocols include: Routing Information
Protocol (RIP), Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP).
The RIP for IP routing communicates RIP learned routes by using the Route Table Manager
(Rtm.dll), the central repository for routing information for all routing protocols that
operate under the Routing and Remote Access service and for other components such as the
IP Router Manager.
143
The Windows Server 2003 Routing and Remote Access service supports (for
IPv4 only) both RIP version 1 and version 2 (RIP v1 and RIP v2). However, RIP
v1 is considered outdated. RIP v1 was the first routing protocol accepted as a
standard for TCP/IP. The updated RIP version 2 (RIP v2) supports simple
password authentication (a form of router identification, not a security option) and,
more important, provides improved support for classless networks.
The unicast routing also uses Windows Sockets (Winsock) to send and receive RIP traffic.
Winsock is an implementation of the industry-standard Sockets API for the Windows
operating system. Lastly, it exports management APIs to support SNMP management
information bases (MIBs) and other management applications by using the IP Router
Manager. A MIB is a set of objects, which represent various types of information about a
device that are used by SNMP to manage the device.
Unicast IP Routing in a Windows-based Internetwork4
A typical IPv4 internetwork might contain a mix of computers running Windows Server
2003, Windows XP, Windows 2000 Server, Windows 2000 Professional, or UNIX
operating systems. These computers might be located in multiple subnets connected by
hardware routers from Cisco Systems and software routers running the Windows Server
2003 Routing and Remote Access service. Such an internetwork can easily communicate
with computers on the global Internet because the Internet is also an IP internetwork.
A medium-size or enterprise-size Windows IP internetwork typically deploys the Active
Directory directory service, DNS, and DHCP, and the following routing-related services:
DHCP relay agents to enable DHCP clients on a subnet with no DHCP server to
request IP addresses from a DHCP server located on a different subnet
ICMP router discovery to enable IP hosts to discover the best default gateway
router on a subnet
Multicast Route
A multicast route to a destination is used by some multicast routing protocols to create the
information that is used to forward multicast data from hosts on the destination network of
the route (known as reverse path forwarding). Examples of multicast routing protocols
include: Multicast Open Shortest Path First (MOSPF), Distance Vector Multicast Routing
Protocol (DVMRP), and Protocol Independent Multicast (PIM).
The routing table manager supports multiple instances of the same protocol (such as
Microsoft's implementation of OSPF and a third-party OSPF) running on the router.
144
This allows routers to use the different capabilities of each version. These protocols have
different protocol identifiers.
Protocol identifiers are comprised of a vendor identifier and a protocol-specific
identifier. The protocol-specific identifier is the same for different implementations
of the protocol, such as Microsoft's implementation of OSPF and a third-party
implementation of OSPF. Only when the vendor and protocol-specific identifiers
are combined is there a unique identifier for a routing protocol.
How RIP and OSPF work
Routing Information Protocol (RIP) for IP facilitates the dynamic exchange of routing
information between RIP routers over IP internetworks. It is the best known and currently
most widely used of the distance vector dynamic routing protocols for IP internetworks, is
an open standard developed by the Internet Engineering Task Force (IETF).
RIP version 1 (RIP v1), which is now outmoded, was the first routing protocol accepted as a
standard for TCP/IP. The updated RIP version 2 (RIP v2) supports simple password
authentication (a form of router identification, not a security option) and, more important,
provides improved support for classless networks. The Windows Server 2003 Routing and
Remote Access service supports both RIP v1 and RIP v2 (for IPv4 only).
The Windows Server 2003 Routing and Remote Access service does not support
RIPng, the version of RIP for IPv6, or any other IPv6 routing protocol.
Open Shortest Path First (OSPF) for IP enables OSPF routers to dynamically exchange
routing information with each other over complex IP internetworks. Routers can add or
remove routes automatically as networks are added or removed from the internetwork,
dynamically building and synchronizing a database of the OSPF network topology. As its
name implies, OSPF is designed to calculate the shortest path to any destination within an
OSPF autonomous system (AS). OSPF, the best known and most widely used link state
routing protocol, is an open standard developed by the Internet Engineering Task Force
(IETF) as an alternative to RIP. OSPF is defined in RFC 2328. The Windows Server 2003
Routing and Remote Access service supports OSPF for IPv4 only.
The OSPF routing protocol is available only on 32-bit versions of Windows Server
2003. The Windows Server 2003 Routing and Remote Access service does not
support OSPF (or any other dynamic routing protocol) for IPv6.
145
Unicast routing forwards packets from one host to another host using the unicast destination
IP address. Multicast IP routing forwards packets from one host to multiple hosts using the
multicast destination IP address. Network address translation (NAT) functionality is part of
the Routing and Remote Access service. A server that has been configured as a NATenabled router, with a private IP address and at least one public IP address, translates the
private addresses (and TCP or UDP port numbers) in outgoing packets. The outgoing
packets can then be forwarded to a resource on a public network, such as the Internet. The
NAT-enabled router also translates incoming traffic and forwards the incoming packets to
the appropriate address on the private network.
146
Frame relay
TDM is a multiplexing technique that divides a circuit into multiple channels based on
time. The technique is associated with telephone company voice services. T1 and T3
circuits are divided into multiple channels using time division multiplexing. The most
common TDM circuit for business users is the T1 line (1.544 Mbits/sec). It consists of
24 multiplexed 64-Kbit/sec voice channels. Each channel may carry a single phone
5
call, or the entire circuit may be dedicated to data.
Broadband wireless
Comparing T1 and T3
T1 or Trunk Level 1 is a digital transmission link with a total signaling speed of 1.544
Mbps. Since the development of T1 in 1957 by AT&T's Bell Labs, it has become the
building block of dedicated voice and data service in North America. T1, also know as DS1,
is part of a progression of digital transmission pipes - a hierarchy known generically as DS,
or Digital Signal Level.
Frame Relay, VPN and Dedicated Internet Access all use T1 connections to make the
respective service possible, but they are not the same. By itself, Trunk Level 1 service is
nearly useless. It takes a standard or protocol like Frame Relay or VPN to provide data
transport over a Wide Area Network.
The four most common uses of a T1 line include the following:
From one point into a secure carrier network as with Frame Relay;
147
carrier's backbone. They typically include SLAs (Service Level Agreements) that guarantee
uptime and performance.6
148
Review Questions
1. This process of transmitting data repeats any signal that comes in on one port and copy
it to all the other ports
a) Routing
b) Broadcasting
c) Multiplexing
d) Repeating
2. This device is used to extend the network when the total length of your network cable
exceeds the standards set for the type of cable being used.
a) Router
b) Hub
c) Repeater
d) Brouter
3. This device connects a network to one or more other networks that are usually part of a
wide area network (WAN) and may offer a number of paths out to destinations on those
networks.
a) Router
b) Hub
c) Repeater
d) Brouter
149
4. Which of these examples do not belong to protocols used for unicast routing?
a) RIP
b) OSPF
c) TDP
d) BGP
5. Which among these statements is true?
a) Unicast routing removes packets from one host to another host using the unicast
destination IP address.
b) Unicast routing forwards packets from one host to another host using the multicast
destination IP address.
c) Multicast IP routing forwards packets from one host to multiple hosts using the
multicast destination IP address.
d) Multicast IP routing forwards packets from one host to multiple hosts using the
unicast destination IP address.
150
Know how the Data Link Layer is divided up into the LLC and MAC layers in
the IEEE 802 model
Identify where a particular hardware device operates the layer in the OSI model
151
62
Notes
152
Chapter 6 - Objectives
63
Notes
153
64
Notes
154
65
Notes
155
Introduction
The Open System Interconnection (OSI) model, developed by the International
Organization for Standardization, defines how the various hardware and software
components involved in data communication should interact with each other.
A good analogy to describe this would be a traveler who prepares herself to return home
through many dangerous territories by obtaining permits to enter each country at the very
beginning of the trip. At each boundary, she has to hand over a permit to enter the country.
Once inside, she asks the border guards for directions to reach the next destination and then
shows the permit to the new territory as proof that she has a legitimate reason for wanting to
go there.
In reference to the OSI model, each component along the data communications path is
assigned a layer of responsibility, in other words, a territory over which it rules. Each
layer extracts the permit, or header information it needs from the data and then uses this
information to correctly forward what's left to the next layer. This layer also takes away its
permit and forwards the data to the next layer, and so the cycle continues until it reaches to
the seventh layer.
This chapter describes OSI Reference Model in detail. It discusses some general concepts
related to the OSI model and networking models overall. Some useful analogy will help you
understand how the reference model works to explain the interaction of networks on
multiple levels. This chapter also aims to familiarize you of the seven layers of the OSI
Model and then conclude with a summary of the layers and their respective functions.
156
can be added without changing the physical network, and new network hardware can be
installed without rewriting the application software.
Each layer provides a specific type of network service. It illustrates why groups of related
protocols are frequently called protocol stacks.
157
The connections between the different applications that are running on these
processors are carried by the higher layers (5-7).
The connections between the different processors are carried by the lower layers (14).
The physical and the data link layers, the lower layers 1 & 2, of the network
protocol stack together define a machine's network interface.
Communication Protocols
The approach used to designing a communication system is known as a layered
architecture. Each layer has specific responsibilities and specific rules for carrying out those
responsibilities, and knows nothing about the procedures the other layers follow. The layer
carries out its task and delivers the message to the next layer in the process, and that is
enough.
They break the communication process into manageable chunks. Designing a small part
of a process is much easier than designing the entire process, and simplifies engineering.
A change at one layer does not affect the other layers. New delivery technology's can be
introduced without affecting other layers.
When a layer receives a message from an upper layer, the lower layer frequently encloses
the message in a distinct package.
The protocols at the various layers have the appearance of a stack, and a complete model
of data communication architecture is often called a protocol stack.
Layers follow specific procedures for communicating with adjacent layers. The interfaces
between layers must be clearly defined.
An address mechanism is the common element that allows packets to be routed through
the various layers until it reaches its destination. Sometimes, layers add their own address
information.
Essentially, each layer at the sender's end communicates with the corresponding layer at
the receiver's end.
Errors can occur at any of the layers. For critical messages, error-detecting mechanisms
should be in place to either correct errors or notify the sender when they occur.
Network protocols are typically described with a layered model, in which the protocols are
stacked on top of each other. Data coming into a machine is passed from the lowest-level
protocol up to the highest, and data sent to other hosts moves down the protocol stack. The
layered model is a useful description because it allows network services to be defined with
their functions, rather than their specific implementation. New protocols can be substituted
at lower levels without affecting the higher-level protocols, as long as these new protocols
behave in the same manner as those that were replaced. Each layer has certain functions.
158
Communication in a heterogeneous network can take place if the functions in each layer are
successfully executed to conform to the standards.
The following section will discuss the different layers of the OSI Model and their functions
at each layer.
Directories
Network management
The Application layer is responsible for defining how interactions occur between network
services or applications and the network. These services include (but are not limited to) file,
print and messaging services.
The Application layer supplies network services to end-user applications. Network services
are typically protocols that work with user's data. For example, in a Web browser
application, the Application layer protocol HyperText Transfer Protocol (HTTP) packages
the data needed to send and receive Web page content as illustrated above. The Application
layer provides data to (and obtains data from) the Presentation layer.
159
Application
Protocols
File transfer
FTP, TFTP
Terminal emulation
Telnet
Electronic mail
SMTP
Network management
SNMP
FTP enables a file on one system to be copied to another system. Users don't actually
log in as full users to the machine they want to access but instead use the FTP service to
provide access. The remote machine must be set up with the permissions necessary to
provide the user access to the files.
FTP uses TCP to create and maintain a connection between source and destination
machines. Once the connection to a remote machine has been established, FTP enables
you to copy one or more files to your machine. The term transfer implies that the file is
moved from one system to another, but the original is not affected, files are copied from
one system to another.
Trivial File Transfer Protocol (TFTP)
TFTP is a very simple, unsophisticated file transfer protocol that lacks ant security. It
uses UDP as a transport. Although not as sophisticated or as fast as FTP, TFTP can be
used on many systems that do not enable FTP access. In some ways, TFTP can be
analogous to an e-mail message requesting and receiving a file instead of a text body.
Telnet
The Telnet service provides a remote login capability. This lets a user on one machine
log into another machine and act as if they are directly in front of the second machine.
The connection can be anywhere on the local network, or on another network anywhere
in the world, as long as the user has permission to log into the remote system. Telnet
uses TCP to maintain a connection between two machines.
Simple Mail Transfer Protocol (SMTP)
SMTP is one protocol used for transferring electronic mail. This protocol is transparent
to the user. SMTP connects to different machines and transfers mail messages, much
like FTP transfers files. The two most commonly used email client protocols are POP3
(Post Office Protocol) and IMAP (Interactive Mail Access Protocol).
160
NFS is used to transparently enable multiple machines to access each other's directories.
NFS accomplishes this by using a distributed filesystem scheme. NFS systems are
common in large corporate environments.
Remote Procedure Calls (RPC)
This serves as a distributed windowing and graphics system used for communication
between X terminals and UNIX workstations
161
The Post Office Protocol and Simple Mail Transfer Protocol used by the server to
receive, store and send your e-mail. When setting up your e-mail program, you include
this information so the program knows where to get your e-mail from.
Usenet Newsgroups
This is one of the programs/protocols that run on the server to give you access to
Newsgroups.
HTTP
The Hyper Text Transfer Protocol is used to translate web pages to and from your Web
Browser. This is why web addresses start with http://...
FTP
The File Transfer Protocol is used by programs such as CuteFTP and WS-FTP to
interpret and transfer data to the next layer of the network.
DNS Domains
These are domain names such as unsw.edu.au, and the next level of the network.
SNMP Hardware
The Simple Network Management Protocol controls the physical devices that make up
the network, such as hubs, switches, etc.
NFS
The Network File System is the client/server application that allows your computer to
store and update files in your directory on the server.
162
Half-duplex: Only one node may send at a given time, and nodes take turns
transmitting.
Connection establishment: The nodes establish contact. They negotiate the rules of
communication, including the protocol to be used and communication parameters.
Connection release: When the nodes no longer need to communicate, they engage
in an orderly release of the session.
Connection establishment and Connection release represent extra overhead for the
communication process. When devices are managed on a network, they send out periodic
status reports that generally consist of single frame messages. If all such messages were sent
as part of a formal session, the connection establishment and release phases would transfer
far more data than the message itself. In such situation, communicating using a
connectionless approach is common. The sending node simply transmits its data and
assumes availability of the desired receiver. A connection-oriented session approach is
better for complex communication. Consider transmitting a large amount of data to another
node. Without formal controls, a single error anytime during the transfer would require
resending of the entire file. After establishing a session, the sending and receiving nodes
can agree on a checkpoint procedure. If an error occurs, the sending node must retransmit
only the data sent since the previous checkpoint. The process of managing a complex
activity is called activity management.
A session is created over a virtual "port", which is the "location" where the Layer 6 protocol
talks to the Layer 4 protocol.
163
Small frames improve network efficiency when many devices must share the
network. If devices could transmit frames of unlimited size, the might monopolize
the network for an excessive period of time. With small frames, devices take turns
at shorter intervals, and devices are more likely to have ready access to the network.
One responsibility of the transport layer is to divide messages into fragments that fit within
the size limitations established by the network. At the receiving end, the transport layer
reassembles the fragments to recover the original message.
When messages are divided into multiple fragments, the possibility increases that segments
might not be received in the order sent. When the packets are received, the transport layer
must reassemble the message fragments in the correct order. To enable packets to be
reassembled in their original order, the transport layer includes a message sequence number
in its header.
The transport layer is responsible for delivering messages from a specific process on one
computer to the corresponding process on the destination computer. The transport layer
assigns a Service Access Point (SAP) ID to each packet.
The SAP ID is an address that identifies the process that originated the message. The
SAP ID enables the transport layer of the receiving node to route the message to the
appropriate process.
164
Identifying messages from several processes so that the message can be transmitted through
the same network medium is called multiplexing. The procedure of recovering messages
and directing them to the correct process is called demultiplexing. Multiplexing is a
common occurrence on networks, which are designed to enable many dialogues to share the
same network medium. Because multiple protocols may be supported for any given layer,
multiplexing and demultiplexing can occur at many layers.
Although the data link and network layers can be assigned responsibility for detecting errors
in transmitting data, that responsibility generally is dedicated to the transport layer.
Two general categories of error detection can be performed by the transport layer:
Reliable delivery: Does not mean that errors cannot occur, only that, errors are
detected if the do occur. Recovery from a detected error can take the form of simply
notifying upper layer processes that the error occurred. Often, however, the transport
layer can request the retransmission of a packet for which an error was detected.
Unreliable delivery: Does not mean that errors are likely to occur, but rather,
indicates that the transport layer does not check for errors. Because error checking
takes time and reduces network performance, unreliable delivery often is preferred
when a network is known to be highly reliable, which is the case with majority of
local area networks. Unreliable delivery generally is used when each packet contains
a complete message, whereas reliable delivery is preferred when messages consist of
large number of packets. Unreliable delivery is often called datagram delivery, and
independent packets transmitted in this way frequently are called datagrams.
165
For layer 3 and lower is there mostly an upper-limit for the size of these packets. In
broadcast-networks is the routing very simply, so that the network-layer is thin or event
existing. This is the reason why the transport layer-protocol TCP so many times is
combined with IP, called TCP/IP.
Serial Line Internet Protocol (SLIP): A very simple layer two protocol that provides
only basic framing for IP.
Point-to-Point Protocol (PPP): A more complex, full-featured data link layer protocol
that provides framing as well as many additional features that improve security and
performance.
Routing
The Network layer adds the concept of routing above the Data Link layer. As illustrated
above, when data arrives at the Network layer, the source and destination addresses
contained inside each frame are examined to determine if the data has reached its final
destination. If the data has reached the final destination, the Network layer formats the data
into packets delivered to the Transport layer. Otherwise, the Network layer updates the
destination address and pushes the frame back down to the lower layers.
This is the layer that knows where to send the packets produced in the Transport Layer. It
addresses information packets by their Internet Protocol address and also controls such
things as the route of the message, which is the best and quickest way to go, and which way
to go if one of the routes is broken.
166
IP version 4
IP version 6
IPX/SPX used with Novell servers such as the UNSW Chancellery Server.
To support routing, the Network layer maintains logical addresses such as IP addresses for
devices on the network. The Network layer also manages the mapping between these
logical addresses and physical addresses. In IP networking, this mapping is accomplished
through the Address Resolution Protocol (ARP).
ARP is one of several protocols that helps determine addresses on a network. ARP works
with IP to set routes to a destination. ARP converts an IP address to a network interface
hardware address.
Three devices operate at the Network layer: routers, brouters and Layer 3 switches. The
Layer 3 switches perform the multiport, virtual LAN, data-pipelining functions of a
standard Layer 2 switch, but it can also perform basic routing functions between virtual
LANs. In some workgroups, a Layer 3 switch can replace a router.
As the receiving computer listens to the wire to recover messages send to it, a
detection mechanism is required to tell whether to treat signals it detects as datacarrying signals or to discard them as mere noise.
If the detection mechanism detects that it is indeed data-carrying signals, the second
decision the receiving end must be able to make is to determine whether the data
was intended for itself, some other computer on the network, or a broadcast.
If the receiving end engages in the process of recovering data from the wire, it
needs to be able to tell where the data train intended for the receiver ends. After it
determines this, the receiver should discard subsequent signals unless it can
determine that they belong to a new, impeding transmission.
167
It is important to realize that the primary concern of the receiving station is to make sure
that the information embedded in the package is recovered error-free. It is not concerned
about the actual contents of that field. Instead, processing the data in the information field is
delegated to another process as the receive process reverse to listening mode to take care of
future transmissions.
Devices that can communicate on a network frequently are called nodes, station or device.
The data link layer is responsible for providing node-to-node communication on a single,
local network. To provide this service, the data link layer must perform two functions. It
must provide an address mechanism that enable messages to be delivered to the correct
nodes. Also, it must translate messages from upper layers into bits that the physical layer
can transmit. When the data link layer receives a message to transmit, it formats the
message into a data frame (packets). The sections of a frame are called fields.
The Data Link Layer is made up of two sublayers namely the Media Access Control (MAC)
sublayer and the Logical Link Control (LLC) sublayer.
The LLC sublayer provides error-free transfer of data frames from one node to
another. It establishes and terminates logical links, controls frame flow, sequences
frames, acknowledges frames, and retransmits unacknowledged frames. It uses
frame acknowledgement and retransmission to provide virtually error-free
transmission over the link to the layers above.
The MAC sublayer manages access to the physical layer, checks frame errors, and
manages address recognition of received frames.
This is the layer where the protocols control the transfer of the data across the physical
network (the cables).
PPP is the Point to Point Protocol used when you connect to the Internet via a modem.
PPP is the protocol that controls the transfer of data to your modem, the physical device.
SLIP has been superseded by PPP.
When obtaining data from the Physical layer, the Data Link layer also manages physical
addressing schemes such as MAC address, which is also called Ethernet address or physical
address. The MAC address has a 12-digit hexadecimal number (i.e.
07:57:AC:1F:B2:76). Normally, the MAC address of a network interface card is set at
the factory and cannot be changed. The switch is also another device that manipulates data
at this layer.
At this layer, data coming from the upper-layer protocols are divided into logical bits called
packets. A packet is a unit of transmission. The size and format of these packets depend on
the transmission technology. The Data Link layer checks for physical transmission errors
and packages bits into frames.
This logic includes information about where the data should go, which computer
sent the data, and the overall validity of the bytes sent. It can describe the
method of media access such as CSMA/CD, token passing, and CSMA/CA.
168
In most situations, the Data Link layer then waits for a positive ACK. If it does not receive
any, or if the frame is damaged, then another frame is sent.
One of the major components of the Data Link Layer is the result of IEEE 802 networking
standards.
169
themselves. However the technologies used are often called the same name as the type of
cables (confusing). The physical layer technologies include:
ISDN (Intergrated Digital Services Network) lines which run over you telephone
cable but much faster than a modem.
ADSL (Asymmetric Digital Subscriber Line) which runs over your normal
telephone line but on different wires, so you can be connected and use the phone at
the same time.
Cat 1-5
Coaxial Cables
170
Layers
Name
Description
Application
Application
telnet
SMTP
FTP
Presentation
telnet
FTP
sendmail
Session
telnet
FTP
sendmail
Transport
TCP
UDP
171
or IP.
In case IP, lost packets arriving out of order must be
reordered.
TCP (Transport Control Protocol) - Internet transport
protocol.
TCP/IP Widely used for network/transport layer
(UNIX).
UDP (Universal Datagram Protocol) - Internet
connectionless transport layer protocol.
Application programs that do not need connectionoriented protocol generally use UDP.
Network
IP
ARP
Link
Ethernet
ARP
172
Physical
Ethernet
Review Questions
1. This layer in the OSI model is responsible for formatting data exchange. This is
where the set of character are converted and the data is encrypted.
a) Application Layer
b) Transport Layer
c) Presentation Layer
d) Session Layer
2. This layer is responsible for providing node-to-node communication on a single,
local network.
a) Physical Layer
b) Data Link Layer
c) Session Layer
d) Application Layer
3. Which of the following statements is true?
a) FTP uses UDP to create and maintain a connection between source and
destination machines and TFTP also uses UDP as a transport.
b) FTP uses TCP to create and maintain a connection between source and
destination machines and TFTP uses TCP as a transport.
c) TFTP uses TCP to create and maintain a connection between source and
destination machines while FTP uses UDP as a transport.
d) FTP uses TCP to create and maintain a connection between source and
destination machines while TFTP uses UDP as a transport.
173
174
Understand the name resolution methods for NetBIOS and Host names
175
66
Notes
176
Chapter 7 - Objectives
Describe the characteristics of the TCP/IP
protocol
Understand how MAC addresses are resolved
in TCP/IP
Know the components of the TCP/IP protocol
Know what a DHCP is and how it is employed
Know what a WINS is and how it is employed
Know what a DNS is and how it is employed
Distinguish between a LMHOSTS file and an
HOSTS file
Understand the name resolution methods for
NetBIOS and Host names
Copyright 2005 - Trend Micro Inc.
67
Notes
177
TCP/IP Protocol
The system, or protocol, for this transmission is defined
as the Internet Protocol, or IP. The Internet addressing
scheme is defined within that protocol.
The Terminal Control Protocol, or TCP. It makes sure
packets get where they are going and are reassembled in
the right order.
The main protocols at the Internet and Transport layers are
the Internet Protocol (IP), Transmission Control Protocol
(TCP) and User Datagram Protocol (UDP).
68
Notes
178
69
Notes
179
70
Notes
180
71
Notes
181
Internet Protocol
IP has two primary responsibilities:
providing connectionless delivery of datagrams
between internetworked devices;
and providing fragmentation and reassembly of
datagrams to support data links with different
maximum-transmission unit (MTU) sizes.
72
Notes
182
IP Routing Protocol
Static Routing
Dynamic Routing
Copyright 2005 - Trend Micro Inc.
73
Notes
183
74
Notes
184
75
Notes
185
76
Notes
186
77
187
78
Notes
188
WINS server
WINS client computers
Non-WINS in network
WINS proxies
79
Notes
189
80
Notes
190
81
Notes
191
82
Notes
192
83
Notes
193
84
Notes
194
85
Notes
195
Introduction
If you are in a meeting, you have certain rules of order that are used so that everyone isn't
talking at once. If you wish to speak you raise your hand and avoid speaking until the
moderator recognizes you. It is the same with an Ethernet network and with the Internet.
The Internet transmits data in something called packets, each 1500 bytes. Each packet has
some overhead information about the address to which it is to go, where it fits relative to
other packets in your total transmission, and some error-checking information. This system
was birthed during the cold war with concerns about a city being destroyed. The packets
could be routed through the network in multiple ways and then reassembled at the
destination. If one path was down, a packet would automatically be sent another way. This
means the packets of a particular message you get (email, web page, or file) could arrive at
your system using multiple routes. It is then reassembled just before it reaches you. The
system, or protocol, for this transmission is defined as the Internet Protocol, or IP. The
Internet addressing scheme is defined within that protocol.
There is a second protocol that is closely related to the Internet Protocol, and this one is
called the Terminal Control Protocol, or TCP. It makes sure packets get where they are
going and are reassembled in the right order. The TCP and IP protocols are so closely
related that they are often referred to as the TCP/IP protocol. For most people doing
networking and broadband Internet, this is the only networking protocol you need to install
on your computer.
Since TCP/IP is a protocol suite, it is most often discussed in terms of the protocols that
comprise it. Each protocol resides in a particular layer of the OSI model discussed in the
previous chapter. Every TCP/IP protocol is charged with performing a certain subset of the
total functionality required to implement a TCP/IP network or application. TCP/IP is
actually a suite of protocols that work together to provide for reliable and efficient data
communications across an internetwork, which is a network of networks, local and wide
area.
There are there are many hundreds of TCP/IP protocols and applications, however, there are
only a few TCP/IP protocols that are usually called the core of the suite, because they are
responsible for its basic operation. The main protocols at the Internet and Transport layers
are the Internet Protocol (IP), Transmission Control Protocol (TCP) and User Datagram
Protocol (UDP). These core protocols support many other protocols, to perform a variety of
functions at each of the TCP/IP model layers. Still others enable user applications to
function.
196
Conformity (modularity)
Even though it preceded the emergence of the OSI model by nearly a decade,
TCP/IP conforms to the OSI model. TCP/IP protocols communicate only with the
layers immediately below and above the layers on which they operate. This layering
creates a modularity that can easily be adapted by any system.
Internet addressing
TCP/IP supports a 32-bit (4-octet) addressing scheme that enables it to address over
four billion Internet hosts. This address system is used to identify both the network
and the host.
In addition to the preceding characteristics, the protocols that make up the TCP/IP protocol
suite also provide a wide range of functionality, versatility, and interoperability options to
networked users. It is scalable for use in small and large networks. In large networks, it
provides routing services. It is designed to be fault tolerant, able to dynamically reroute
packets if network links become unavailable by using alternate paths. Protocol companions
such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS)
offer advanced functionality.
Documentation of the Internet protocols (including new or revised protocols) and policies
are specified in technical reports called Request For Comments (RFCs), which are
published and then reviewed and analyzed by the Internet community. Protocol refinements
197
are published in the new RFCs. To illustrate the scope of the Internet protocols, maps many
of the protocols of the Internet protocol suite and their corresponding OSI layers.
Figure 7-1 Internet protocols span the complete range of OSI model layers.
At the lowest levels of the network, a frame is transmitted across media based on its
destination media access control (MAC) address. For Ethernet and Token Ring networks,
the MAC address is a 48-bit field that uniquely identifies the destination network interface
for each frame. The MAC address is usually written and displayed in network packet
capture logs as a series of 12 hexadecimal digits in the format 0xAB-CD-EF-12-34-56.
Normally, a network adapter filters out all incoming frames except those that contain one of
the following destination addresses:
198
As a packet traverses a network or series of networks, the source MAC address is always
that of the network interface card (NIC) that placed it on the media, and the destination
MAC address is that of the NIC that is intended to pull it off the media. In a routed network,
this means that the source and destination MAC address changes with each hop through a
network-layer device (a router or a layer-3 switch). Therefore, two packets with the same
source or destination address at the IP level can contain different MAC addresses,
depending on the path the packet takes through the network.
Processing Received Frames
Because the hardware makes the first filtering decision, the NIC can discard any frames that
do not meet the filter criteria without incurring any CPU processing. All frames, including
broadcasts, that pass the hardware filter and frame check sequence validation (a check for
data corruption in the frame) are passed up to the NIC driver through a hardware interrupt.
Because the NIC driver software runs on the computer, any frame that makes it this far
requires some CPU time to process. The NIC driver brings the frame into system memory
from the interface card. The frame is then passed up to the appropriate bound transport
driver or drivers. Frames are passed up to all bound transport drivers in the order that they
are bound.
199
and four. However, there is much more to TCP/IP than just TCP and IP. The protocol suite
as a whole requires the work of many different protocols and technologies to make a
functional network that can properly provide users with the applications they need.
TCP/IP uses its own four-layer architecture that corresponds roughly to the OSI Reference
Model and provides a framework for the various protocols that comprise the suite. It also
includes numerous high-level applications, some of which are well-known by Internet users
who may not realize they are part of TCP/IP, such as HTTP (which runs the World Wide
Web) and FTP.
Since TCP/IP is a protocol suite, it is most often discussed in terms of the protocols that
comprise it. Every TCP/IP protocol is charged with performing a certain subset of the total
functionality required to implement to implement a TCP/IP network or application. They
work together to allow TCP/IP as a whole to operate.
There are a few TCP/IP protocols that are usually called the core of the suite, because
they are responsible for its basic operation. However, the main protocols at the internet and
transport layers are the Internet Protocol (IP), Transmission Control Protocol (TCP) and
User Datagram Protocol (UDP). These core protocols support many other protocols, to
perform a variety of functions at each of the TCP/IP model layers. Still others enable user
applications to function.
200
IP Address
The IP address uniquely identifies your computer on the network. It is a four-field, 32 bit
address, separated by periods, normally expressed as four "octets" in a "dotted decimal
number (notation)."
The four numbers in an IP address are called octets because they can have
values between 0 and 255 (28 possibilities per octet).
201
Depending on the class you use, different parts of the address show the network portion and
the host address as shown below.
The class of address can be determined easily by examining the first octet of the address
and mapping that value to a class range in the following table. In an IP address of
172.31.1.2, for example, the first octet is 172. Because 172 falls between 128 and
191, 172.31.1.2 is a Class B address.
The PING (Packet Internet Groper) TCP/IP utility is used to check the validity of a remote
IP address.
IP Subnet Addressing
IP networks can be divided into smaller networks called subnetworks (or subnets).
Subnetting provides the network administrator with several benefits, including extra
flexibility, more efficient use of network addresses, and the capability to contain broadcast
traffic (a broadcast will not cross a router).
Subnets are under local administration. As such, the outside world sees an organization as a
single network and has no detailed knowledge of the organization's internal structure.
A given network address can be broken up into many subnetworks. For example,
172.16.1.0, 172.16.2.0, 172.16.3.0, and 172.16.4.0 are all subnets
within network 171.16.0.0. (All 0s in the host portion of an address specifies the entire
network.)
Subnet Mask
The subnet mask is used to specify which part of the IP address is the network address and
which part of the address is the host.
202
By using 255, you are selecting the octets used to identify the network address. For
example, in the Class B network address 192.200.2.1, if the subnet mask is
255.255.0.0, then 192.200 is the network address, and 2.1 is the host address.
The default gateway is configured if the network contains a router. This address is
configured by the network administrators and it informs each personal computer or other
network device where to send data if the target station does not reside on the same subnet as
the source. If your machine can reach all stations on the same subnet (usually a building or
a sector within a building), but cannot communicate outside of this area, it is usually
because of an incorrectly configured default gateway.
As an example below, Network A uses the IP address 131.1.0.0. Network B uses the IP
address 131.2.0.0. In this case, each network card in the router should be configured
with an IP address of the network card on the router that is attached to the network segment.
In this example, the computer Win2K1 is attached to Network A. the default gateway that
would be configured for this computer is 131.1.0.0. The computer Win2K2 is attached
to Network B. The default gateway that would be configured for this computer is
131.2.0.10.
The router performs a set process to determine the network (or more specifically, the
subnetwork) address. First, the router extracts the IP destination address from the
incoming packet and retrieves the internal subnet mask. It then performs a logical AND
operation to obtain the network number. This causes the host portion of the IP
destination address to be removed, while the destination network number remains. The
router then looks up the destination network number and matches it with an outgoing
interface. Finally, it forwards the frame to the destination IP address.
203
If you are NOT using a router, go to the command mode on your computer and enter
IPCONFIG -all. The screen will display the IP, subnet, DNS server, physical address,
and more. The DNS server is the system on the Internet that converts a domain name to
its IP address.
If you are using a router, this is more complicated as the router shields your system
from the actual Internet addressing. Try the above on your system and you will get the
IP and subnet assigned by the DHCP in the router to your computer. To find the actual
address you are using on the Internet, you will need to access the configuration screen
of the router (or wireless access point if you are using that - which as a router in it.) For
instance, if you are using a Linksys wireless access point, type this is http://192.168.1.1/
on your browser. For a Linksys WAP on the configuration screen you would then select
the Status option. You will then see the IP, subnet, DNS, physical address and more you
are using with the Internet at that time.
One quick troubleshooting trick when your system locks up on the Internet is to close
the browser or email program and then disconnect the power cord from the modem for
30 seconds. Then restore the modem's power again. This forces the router to request a
new IP from the Internet. This takes the system a few seconds to complete. Then your
system is up again. This also forces the router to reassign the local IPs again as well.
You could use the router's reset button to do this, but I like the strategy of dropping the
modem's power.
204
An IP routing table, which consists of destination address/next hop pairs, is used to enable
dynamic routing. An entry in this table, for example, would be interpreted as follows: to get to
network 172.31.0.0, send the packet out Ethernet interface 0 (E0).
IP routing specifies that IP datagrams travel through internetworks one hop at a time. The
entire route is not known at the onset of the journey, however. Instead, at each stop, the next
destination is calculated by matching the destination address within the datagram with an
entry in the current node's routing table.
Each node's involvement in the routing process is limited to forwarding packets based on
internal information. The nodes do not monitor whether the packets get to their final
destination, nor does IP provide for error reporting back to the source when routing anomalies
occur. This task is left to another Internet protocol, the Internet Control-Message Protocol
(ICMP).
Destination Unreachable
205
Redirect
Time Exceeded
Router Advertisement
Router Solicitation
206
Router-Advertisement messages from each of its interfaces. Hosts then discover addresses
of routers on directly attached subnets by listening for these messages. Hosts can use
Router-Solicitation messages to request immediate advertisements rather than waiting for
unsolicited messages.
IRDP offers several advantages over other methods of discovering addresses of neighboring
routers. Primarily, it does not require hosts to recognize routing protocols, nor does it
require manual configuration by an administrator.
Router-Advertisement messages enable hosts to discover the existence of neighboring
routers, but not which router is best to reach a particular destination. If a host uses a poor
first-hop router to reach a particular destination, it receives a Redirect message identifying a
better choice.
207
Full-duplex operation means that TCP processes can both send and receive at the same
time. TCP is a connection-based protocol, meaning that the sending and the destination
machines communicate with each other by sending status messages back and forth. If the
connection is lost because of routing problems or machine failures, errors are sent to the
applications that use TCP. Some service use TCP to maintain a connection between two
machines, notably FTP or Telnet, both of which enable you to move files and commands
back and forth between two machines as if you were logged into both at the same time.
208
length of the UDP header and data. Checksum provides an (optional) integrity check on the
UDP header and data.
The router separates the Internet network from the local network. The DHCP in the router
product acts as a small server system. When a computer in a local network needs an address
from the Internet, it asks the DHCP for and address and the DHCP assigns a local IP. The
NAT in the router then requests and obtains an IP from the Internet DHCP. The Internet
sees a completely different address for this system than any address you see here. The
router then converts between that address and any local computer address.
209
Notice that all local addresses begin with 192.168.1. This is the "Part 1" of any local
address and defines the network. Any local network using Linksys equipment will have this
same "Part 1". It is never seen by the larger Internet network, as the router converts
everything. When an Internet network is defined by the first three octet groups it is called a
Class C network. A Class C network can have as many as 2,097,152 possible addresses, but
supports only 254 possible hosts (the other two addresses are reserved). A Class A network,
in comparison, is defined by the single first octet. There can be only 126 Class A networks;
but each can support over 12 million hosts. A class B network would be defined by the first
two octets.
The router product also blocks any attempt from outside the local network to access the
local computers using their 192.168.1.XXX address. The router knows this is a local
number only, and protects the network from any outside intrusion using this number. In
other words, you have a firewall here as well.
How does DHCP work? When the client starts up, it sends a broadcast DHCPDISCOVER
message, requesting a DHCP server. The request included the hardware address of the
client computer. Any DHCP server receiving the broadcast that has available IP services
will send a DHCPOFFER message to the client. This message offers an IP address for a set
period of time, a subnet mask, and a server identifier (the IP address of the DHCP server).
The address offered by the server is marked unavailable and will not be offered to other
clients during the DHCP negotiation period.
A DHCP lease is the amount of time that the DHCP server grants to the DHCP client
permission to use a particular IP address. A typical server allows its administrator to set
the lease time.
The client selects one of the offers and broadcasts a DHCPREQUEST message, indicating
its selection. This allows any DHCP offers that were not accepted, to be returned to the
pool of IP addresses. The selected DHCP server then sends back a DHCPACK message as
an acknowledgment, indicating the IP address, the subnet mask, and the duration of the
lease that the client will use. It may also send additional configuration information such as
the default gateway address or the DNS server address.
210
211
212
Computer Name
In the flat NetBIOS name space, a single name clearly resolves a computer name to a
network address. This is the name that previous Windows versions stored in browser and
master browser lists, enabling peer Windows networks to browse resources on networked
Windows computers. In this scenario, the term associated with the computer was computer
name. Registration of the computer name depended on network broadcasts (and a master
browser, determined by elections won by later Windows version numbers or Windows NT
usage, or a combination). This was useful for small, peer-based Windows networks, but
networks soon grew beyond what the use of broadcasts and simple flat-file master browser
lists could service.
Host Name
The Windows Internet Naming Service (WINS) came in, which enabled a dynamic and
centralized repository of NetBIOS-based computer names stored on WINS servers. These
repositories could service a larger network. This was a step in the right direction because
name-resolution queries could be directed to a WINS server (rather than being broadcast)
and conflicts could be centrally arbitrated. With WINS, the term computer name was
retained, but the term host name also appeared and was used interchangeably with computer
name. At the time, WINS was used to solve the default names for Windows platforms, but
DNS was gaining with the popularity and proliferation of larger and larger networks.
Networks grew, and WINS became less capable of handling the growing volume of names.
The decreasing capability of WINS to handle the name-resolution load was not due to the
processing power required for resolution, but instead, to the fact that generating unique
names for lots of computers became an ever-increasing management burden.
Fully Qualified Domain Name
DNS is a better solution; with its hierarchical name space, the need for unique computer
names is isolated to a given domain, enabling a computer name such as server1 to exist in
different domain locations in the same hierarchy. With the capability to have the same host
name in different domains, there was a need for a name that properly addressed the DNS
hierarchy. The name had to include not only the computer name or host name, but also a
name that could clearly identify, or fully qualify, that computer within the entire DNS
hierarchy. That name is the fully qualified domain name (FQDN) - for example,
server1.widgets.microsoft.com.
Fully Qualified Domain Name (FQDN) is a name that uniquely identifies a host in the
DNS hierarchy, such that a host called server1 in the products hierarchy at Microsoft
may have an FQDN of server1.products.Microsoft.com.
Relative Distinguished Name
However, in certain situations, the domain-hierarchy part of the FQDN is cumbersome and
a local name for a given computer (or any other DNS host) that is relative to the DNS
domain in which the host resides is needed. That name is the relative distinguished name.
The relative distinguished name is simply the single host name to the left of the leftmost dot
213
Rather than imposing new names or new naming conventions on users of NetBIOS names,
DNS simply uses the computer name (host name) as the relative distinguished name and
appends the DNS domain hierarchy to that name to create the FQDN. The following figure
illustrates how to identify the computer-name (or host-name, or relative distinguished
name) part of the FQDN:
Figure 7-10 shows how to identify the computer-name (or host-name, or relative
distinguished name) part of the FQDN
Microsoft NetBIOS Computer Naming Conventions
A computer name can be up to 15 alphanumeric characters with no blank spaces. The name
must be unique on the network and can contain the following special characters:
! @ # $ % ^ & ( ) - _ ' { } . ~
The following characters are not allowed:
214
WINS servers - When WINS client computers enter the network, they contact a
WINS server using a directed message. The client computer registers its name with
the WINS server and uses the WINS server to resolve NetBIOS names to IP
addresses.
WINS client computers - WINS client computers use directed (P-node) messages
to communicate with WINS servers and are typically configured to use H-node
communication. Windows 2000, Windows NT, Windows 95 and 98, and Windows
for Workgroups computers can be WINS client computers.
Non-WINS client computers - Older Microsoft network client computers that can't
use P-node can still benefit from WINS. Their broadcast messages are intercepted
by WINS proxy computers that act as intermediaries between the B-node client
computers and WINS servers. MS-DOS and Windows 3.1 client computers
function as non-WINS clients.
WINS proxies -Windows NT, Windows 95 and 98, and Windows for Workgroups
client computers can function as WINS proxies. They intercept B-node broadcasts
on their local subnet and communicate with a WINS server on behalf of the B-node
client computer.
Out of the box, when you configure a Windows NT Serverbased network to use WINS for
its name registration, it adheres to the h-node broadcasting methodology. The h-node refers
to one of the NetBIOS over TCP/IP modes that defines how NBT identifies and accesses
resources on a network.
In a nutshell, the WINS client checks to see if it is the local machine name during name
resolution. Then it looks at its cache of remote names. Any name that is resolved is placed
in a cache, where it remains for 10-minutes. After that, it attempts to contact the WINS
215
server, and then attempts to broadcast. It also checks the LMHOSTS file (if it is configured
to use and check the LMHOSTS file). Lastly, it tries the HOSTS file and then DNS (if
appropriately configured).
When a WINS client boots on the network, a Name Registration Request packet is sent to
the WINS server via TCP/IP to register the client computer name. As many Name
Registration Request packets are sent as necessary to register names. Not surprisingly, these
packets contain the WINS clients IP address and name. When a client uses WINS it
announces to the WINS server over TCP/IP rather than broadcasting to all computers.
216
There are billions of IP addresses currently in use, and most machines have a
human-readable name as well.
There are many billions of DNS requests made every day. A single person can
easily make a hundred or more DNS requests a day, and there are hundreds of
millions of people and machines using the Internet daily.
Millions of people manually change and add domain names and IP addresses every
day.
It is impossible to remember IP addresses of all of the Web sites we visit every day! Human
beings just are not that good at remembering strings of numbers. We are good at
remembering words, however, and that is where domain names come in. Just a few
examples of the hundreds of popular domain names stored below. For example:
Top-Level Domains
The root of system is unnamed. There is a set of what are called "top-level domain names"
(TLDs). The COM, EDU and UK portions of these domain names are called the top-level
domain or first-level domain. There are several hundred top-level domain names, including
COM, EDU, GOV, MIL, NET, ORG and INT, as well as unique two-letter
combinations for every country.
ccTLD represented by two-letter country-codes from ISO 3166, e.g., uk, fr, de, ch
gTLD given in Internet informational RFC 1591 Domain Name System Structure and
Delegation:
mil: US military
Within every top-level domain there is huge list of second-level domains. In the COM firstlevel domain, some of these examples include google, yahoo, msn, trendmicro, plus
millions of others.
217
Every name in the COM top-level domain must be unique, but there can be duplication
across domains. For example, howstuffworks.com and howstuffworks.org are completely
different machines. In the case of bbc.co.uk, it is a third-level domain. Up to 127 levels are
possible, although more than four is rare.
The left-most word, such as www or encarta, is the host name. It specifies the name of a
specific machine (with a specific IP address) in a domain. A given domain can potentially
contain millions of host names as long as they are all unique within that domain.
How are Domain Names distributed?
Because all of the names in a given domain need to be unique, there has to be a single entity
that controls the list and makes sure that there are no duplicates. For example, the COM
domain cannot contain any duplicate names, and a company called Network Solutions is in
charge of maintaining this list. When you register a domain name, it goes through one of
several dozen registrars who work with Network Solutions to add names to the list.
Network Solutions, in turn, keeps a central database known as the whois database that
contains information about the owner and name servers for each domain. If you go to the
whois form, you can find information about any domain currently in existence.
While it is important to have a central authority keeping track of the database of names in
the COM (and other) top-level domain, you would not want to centralize the database of all
of the information in the COM domain. For example, Microsoft has hundreds of thousands
of IP addresses and host names. Microsoft wants to maintain its own domain name server
for the microsoft.com domain. Similarly, Great Britain probably wants to administrate the
uk top-level domain, and Australia probably wants to administrate the au domain, and so
on. For this reason, the DNS system is a distributed database. Microsoft is completely
responsible for dealing with the name server for microsoft.com - it maintains the machines
that implement its part of the DNS system, and Microsoft can change the database for its
domain whenever it wants to because it owns its domain name servers.
Every domain has a domain name server somewhere that handles its requests, and there is a
person maintaining the records in that DNS. This is one of the most amazing parts of the
DNS system - it is completely distributed throughout the world on millions of machines
administered by millions of people, yet it behaves like a single, integrated database.
218
219
If you have a mixture of Windows and third-party DNS servers in your organization, you
will run into problems if you attempt to replicate WINS lookup records to these third-party
DNS servers. Only Microsoft DNS servers support WINS lookup records; thus, zone
transfers to third-party DNS servers will fail. In this situation, you should use WINS referral
to create and delegate a special "WINS zone" that refers queries to WINS when needed.
This zone does not perform any registrations or updates. Clients need to be configured to
append this additional WINS referral zone to their queries for unqualified names, thus
allowing clients to query both WINS and DNS as required. You also need to ensure that this
WINS referral zone is not configured to transfer to any third-party DNS servers.
220
Figure7-13 Start or stop the TCP/IP services from the command prompt
To get a complete guide on how to use these utilities and services, go to
Microsoft web site at thus URL:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/enus/tcpip_utils.mspx
Arp
Displays and modifies entries in the Address Resolution Protocol (ARP) cache, which
contains one or more tables that are used to store IP addresses and their resolved
Ethernet or Token Ring physical addresses. There is a separate table for each Ethernet
or Token Ring network adapter installed on your computer. Used without parameters,
the command arp displays help.
Nslookup
Displays information that you can use to diagnose Domain Name System (DNS)
infrastructure. Before using this tool, you should be familiar with how DNS works. The
Nslookup command-line tool is available only if you have installed the TCP/IP
protocol.
Finger
221
222
Rsh
Runs commands on remote computers running the RSH service or daemon.
Windows XP and Windows 2000 do not provide an RSH service. An RSH service
called Rshsvc.exe is provided with the Windows 2000 Server Resource Kit. Used
without parameters, rsh displays help.
Lpr
Sends a file to a computer running Line Printer Daemon (LPD) in preparation for
printing. Used without parameters, lpr displays command-line help for the lpr
command.
Tftp
Transfers files to and from a remote computer, typically a computer running UNIX, that
is running the Trivial File Transfer Protocol (TFTP) service or daemon. Used without
parameters, tftp displays help.
Nbtstat
Displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables for
both the local computer and remote computers, and the NetBIOS name cache.
Nbtstat allows a refresh of the NetBIOS name cache and the names registered with
Windows Internet Name Service (WINS). Used without parameters, nbtstat displays
help.
Tracert
Determines the path taken to a destination by sending Internet Control Message
Protocol (ICMP) Echo Request messages to the destination with incrementally
increasing Time to Live (TTL) field values. The path displayed is the list of near-side
router interfaces of the routers in the path between a source host and a destination. The
near-side interface is the interface of the router that is closest to the sending host in the
path. Used without parameters, tracert displays help.
Netstat
Displays active TCP connections, ports on which the computer is listening, Ethernet
statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP
protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over
IPv6 protocols). Used without parameters, netstat displays active TCP connections.
223
Although TCP/IP standards are always published as RFCs, not all RFCs specify standards.
RFCs are authored by individuals who voluntarily write and submit a draft proposal for a
new protocol or specification to the Internet Engineering Task Force (IETF) and other
working groups. Submitted drafts are first reviewed by a technical expert, a task force, or an
RFC editor, and then assigned a status.
If a draft passes this initial review stage, it is circulated to the larger Internet community for
a period of further comment and review and assigned an RFC number. This RFC number
remains constant. If changes are made to the proposed specification, drafts that are revised
or updated are circulated by using a new RFC (a number higher than the original RFC
number) to identify more recent documents. 8
RFC
number
1256
1323
791
1332
792
Internet Control
Message Protocol
(ICMP)
1518
793
Transmission Control
Protocol (TCP)
1519
816
826
1534
1542
854
Telnet Protocol
(TELNET)
1552
862
1661
863
864
865
867
224
Title
Discard Protocol
(DISCARD)
Character Generator
Protocol (CHARGEN)
Quote of the Day
Protocol (QUOTE)
Daytime Protocol
(DAYTIME)
Title
ICMP Router Discovery
Messages
TCP Extensions for High
Performance
PPP Internet Protocol
Control Protocol (IPCP)
An Architecture for IP
Address Allocation with
CIDR
Classless Inter-Domain
Routing (CIDR): An Address
Assignment and Aggregation
Strategy
Interoperation Between
DHCP and BOOTP
Clarifications and Extensions
for the Bootstrap Protocol
PPP Internetwork Packet
Exchange Control Protocol
(IPXCP)
The Point-to-Point Protocol
(PPP)
1662
1748
1749
1812
894
IP over Ethernet
1828
919
Broadcasting Internet
Datagrams
1829
922
950
959
1001
1002
1009
Broadcasting Internet
Datagrams in the
Presence of Subnets
Internet Standard
Subnetting Procedure
File Transfer Protocol
(FTP)
Protocol Standard for a
NetBIOS Service on a
TCP/UDP Transport:
Concepts and Methods
Protocol Standard for a
NetBIOS Service on a
TCP/UDP Transport:
Detailed Specifications
Requirements for
Internet Gateways
1851
1852
1878
1886
1994
1995
1034
1996
1035
2018
TCP Selective
Acknowledgment Options
1042
2085
HMAC-MD5 IP
Authentication with Replay
Prevention
2104
2131
2136
2181
2236
2308
2401
2402
IP Authentication Header
1055
1065
1112
1122
1123
1144
1157
1179
A Nonstandard for
Transmission of IP
Datagrams Over Serial
Lines: SLIP
Structure and
Identification of
Management Information
for TCP/IP-based
Internets
Internet Group
Management Protocol
(IGMP)
Requirements for
Internet Hosts Communication Layers
Requirements for
Internet Hosts Application and Support
Compressing TCP/IP
Headers for Low-Speed
Serial Links
Simple Network
Management Protocol
(SNMP)
Line Printer Daemon
Protocol
1188
IP over FDDI
2406
1191
1201
2581
IP Encapsulating Security
Payload (ESP)
TCP Congestion Control
Table 7-2 RFCs supported by the TCP/IP protocol and supporting services
225
Review Questions
1. This is the primary transport protocol of the TCP/IP protocol suite
a) TCP
b) UDP
c) IP
d) STP
2. The TCP/IP protocol that provides for source and destination addressing is a) IP
b) TCP
c) UDP
d) All of the above
3. This TCP/IP utility is used to check the validity of a remote IP address.
a) PING
b) FTP
c) ARP
d) IPCONFIG
4. The dynamic Windows-based service used to resolve NetBIOS names into their IP
addresses is
a) ICMP
b) DNS
c) WINS
d) DHCP
226
5. Which of the following does a router normally use when making a decision about
routing TCP/IP?
a) Destination MAC address
b) Source MAC address
c) Destination IP address
d) Source IP address
e) Destination MAC and IP address
227
228
86
Notes
229
Chapter 8 - Objectives
Identify the basic network problems
Know what a network troubleshooting strategy
means
Know how to perform basic troubleshooting
techniques
Know some helpful prevention tips
Know the commonly used tools to troubleshoot
network problems
87
Notes
230
Data Collected
Protocol information and other Remote
Monitoring (RMON) and RMON2 data
Network
Routing information
Data Link
88
Notes
231
Recognizing
Symptoms
Understanding the
Problem
Identifying and
Testing the Cause
of the Problem
Solving the
Problem
89
Notes
232
90
Notes
233
91
Notes
234
Introduction
When you encounter a problem in your network, the first question you need to ask is, What
changed? Computer hardware has gotten so reliable that it is difficult to determine where
the problem lies. So you do a process of elimination. Depending on how well you know
your network the components, its behavior and the overall function of each device
attached to it, it may take a few minutes to long hours just trying to figure out what has
changed.
More often than not, network administrators do not manage the network, they manage the
changes that occur in the network. Thats when an administrator needs to design a
network troubleshooting strategy.
Network troubleshooting means recognizing and diagnosing networking problems with the
goal of keeping your network running optimally. As a network administrator, your primary
concern is maintaining connectivity of all devices (a process often called fault
management). You also continually evaluate and improve your network's performance.
Because serious networking problems can sometimes begin as performance problems,
paying attention to performance can help you address issues before they become serious.
This chapter will discuss the basic network issues that require network troubleshooting
strategy. It also provides general prevention tips and solving problem tips toward the end of
the chapter.
Loss of connectivity - When users cannot access areas of your network, your
organization's effectiveness and productivity are impaired. Immediately correct any
connectivity breaks.
Timeout problems - Timeouts cause loss of connectivity, but are often associated
with poor network performance.
235
users may be complaining that it takes them longer to do their work. Some performance
problems are intermittent, such as instances of duplicate addresses. Other problems can
indicate a growing strain on your network, such as consistently high utilization rates or high
CPU usage.
If you regularly examine your network for performance problems, you can extend the
usefulness of your existing network configuration and plan network enhancements, instead
of waiting for a performance problem to adversely affect the users' productivity.
Data Collected
Application
Presentation
Session
Transport
236
Network
Routing information
Data Link
Physical
Error counts
Know your network - Understand overall flow patterns and interactions between
systems, and determine how your network is really being used at the application
level.
Optimize your network - Gain an insight into traffic and application usage trends
to help you optimize the use and placement of current network resources and make
wise decisions about capacity planning and network growth.
Does the change involve a device or network path for which you already have a
backup solution in place?
After you have an idea of how the change is affecting your network, you can categorize it as
either critical or non-critical. Both of these categories need resolution (except for changes
that are one-time occurrences); the difference between the categories is the amount of time
that you have to fix the problem.
By using a strategy for network troubleshooting, you can approach a problem methodically
and resolve it with minimal disruption to network users. As a best practice, have an accurate
and detailed map of your current network environment. Beyond that, a good approach to
problem resolution is:
Recognizing Symptoms
237
Recognizing Symptoms
When resolving any problem, the first step is to identify and interpret the symptoms. You
may discover network problems in several ways. Users may complain that the network
seems slow or that they cannot connect to a server. Your management console is showing
an alert sign indicating that something is not properly functioning in your network.
User Comments
Although you can often solve networking problems before users notice a change in their
environment, you invariably get feedback from your users about how the network is
running, such as:
It takes them much longer to copy files across the network than it usually does.
When they send e-mail to another site, they get a routing error message.
Network management software usually has a feature that can alert you to areas of your
network that need attention. For example:
Your weekly utilization report (which indicates the 10 ports with the highest
utilization rates) shows that one port is experiencing much higher utilization levels
than normal.
You receive an email message from your network management station that the
threshold for broadcast and multicast packets has been exceeded.
These signs usually provide additional information about the problem, allowing you to
focus on the right area.
Analyzing Symptoms
When a symptom occurs, ask yourself these types of questions to narrow the location of the
problem and to get more data for analysis:
238
To what degree is the network not acting normally (for example, does it now take
one minute to perform a task that normally takes five seconds)?
Is the user trying to reach a server, end station, or printer on the same subnetwork
or on a different subnetwork?
Are many users complaining that the network is operating slowly or that a specific
network application is operating slowly?
Are the problems intermittent? For example, some files may print with no
problems, while other printing attempts generate error messages, make users lose
their connections, and cause systems to freeze.
A network device is not working properly and cannot send or receive some or all
data.
Network management software can easily locate and report a physical connection break
(layer 1 problem). It is more difficult to determine why a network device is not working as
expected, which is often related to a layer 2 or a layer 3 problem.
To determine why a network device is not working properly, look first for:
Valid service - Is the device configured properly for the type of service it is
supposed to provide? For example, has Quality of Service (QoS), which is the
definition of the transmission parameters, been established?
If you cannot reproduce a problem, then no problem exists unless it happens again
on its own.
If the problem is intermittent and you cannot replicate it, you can configure your
network management software to catch the event in progress.
Although network management tools can provide a great deal of information about
problems and their general location, you may still need to swap equipment or replace
components of your network until you locate the exact trouble spot.
239
After you test your theory, either fix the problem as described in "Solving the Problem" or
develop another theory.
Sample Problem Analysis
What you know - In this case, the user's workstation cannot communicate with the
mail server.
Can the workstation communicate with the network at all, or is the problem
limited to communication with the server? Test by sending a "Ping" or by
connecting to other devices.
Is the workstation the only device that is unable to communicate with the
server, or do other workstations have the same problem? Test connectivity at
other workstations.
Can the workstation communicate with any other device on the subnetwork?
1.1
1.2
1.2.1 If only the server cannot be reached, this suggests a server problem. Confirm by
doing step 2.
1.2.2 If other devices cannot be reached, this suggests a connectivity problem in the
network. Confirm by doing step 3.
2
2.2
If yes, then the problem is that the workstation is not communicating with the
subnetwork. (This situation can be caused by workstation issues or a network issue with
that specific station.)
3
3.2
When you determine whether the problem is with the server, subnetwork, or workstation,
you can further analyze the problem, as follows:
240
For a problem with the server - Examine whether the server is running, if it is
properly connected to the network, and if it is configured appropriately.
For a problem with the subnetwork - Examine any device on the path between
the users and the server.
For a problem with the workstation - Examine whether the workstation can
access other network resources and if it is configured to communicate with that
particular server.
A laptop computer that is loaded with a terminal emulator, TCP/IP stack, TFTP
server, CD-ROM drive (to read the online documentation), and some key network
management applications. With the laptop computer, you can plug into any
subnetwork to gather and analyze data about the segment.
A spare managed hub to swap for any hub that does not have management.
Swapping in a managed hub allows you to quickly spot which port is generating the
errors.
A single port probe to insert in the network if you are having a problem where you
do not have management capability.
Console cables for each type of connector, labeled and stored in a secure place.
Based on these findings, you can decide how to redistribute network traffic.
Adding segments to your LAN (for example, adding a new switch where utilization
is continually high)
Replacing faulty equipment (for example, replacing a module that has port
problems or replacing a network card that has a faulty jabber protection
mechanism)
To help solve problems, make sure you have the following items below available for your
use:
241
Spare hardware equipment (such as modules and power supplies), especially for
your critical devices
Network software, such as Ping, Telnet, and FTP and TFTP. You can use these
applications to troubleshoot, configure, and upgrade your system.
Ping
Packet Internet Groper (Ping) allows you to quickly verify the connectivity of your network
devices. Ping attempts to transmit a packet from one device to a station on the network, and
listens for the response to ensure that it was correctly received. You can validate
connections on the parts of your network by pinging different devices:
242
A successful response indicates that a valid network path exists between your
station and the remote host and that the remote host is active.
Slower response times than normal can indicate that the path is congested or
obstructed.
A failed response indicates that a connection is broken somewhere; use the message
to help locate the problem.
Ping devices when your network is operating normally so that you have a
performance baseline for comparison.
You want to test devices on different subnetworks. This method allows you to
Ping your network segments in an organized way, rather than having to
remember all the hostnames and locations.
Your Domain Name System (DNS) server is down and your system cannot
look up host names properly. You can Ping with IP addresses even if you
cannot access hostname information.
To troubleshoot problems that involve large packet sizes, Ping the remote host
repeatedly, increasing the packet size each time.
243
Use the Ping functions of your network management platform. For example,
in your HP OpenView map, select a device and click the right mouse button
to gain access to ping functions.
This indicates that the destination routes are available but that there is a problem
with the destination itself.
<destination> is unreachable
This indicates that your system does not know how to get to the destination. This
message means either that routing information to a different subnetwork is
unavailable or that a device on the same subnetwork is down.
ICMP host unreachable from gateway
Indicates that your system can transmit to the target address using a gateway, but
that the gateway cannot forward the packet properly because either a device is
misconfigured or the gateway is not operating.
Telnet
Telnet, which is a login and terminal emulation program for Transmission Control
Protocol/Internet Protocol (TCP/IP) networks, is a common way to communicate with an
individual device. You log in to the device (a remote host) and use that remote device as if
it were a local terminal.
244
If you have established an out-of-band Telnet connection with a device, you can use Telnet
to communicate with that device even if the network is unavailable. This feature makes
Telnet one of the most frequently used network troubleshooting tools. Usually, all device
statistics and configuration capabilities are accessible by using Telnet to connect to the
device's console.
You can invoke the Telnet application on your local system and set up a link to a Telnet
process that is running on a remote host. You can then run a program that is located on a
remote host as if you were working at the remote system.
Providing Read and Write access so that you can display, create, and delete files
and directories
245
TFTP is a simple version of FTP that does not list directories or require passwords. TFTP
only transfers files to and from a remote server.
Analyzers
An analyzer, which is often called a Sniffer, is a network device that collects network data
on the segment to which it is attached, a process called packet capturing. Software on the
device analyzes this data, which is a process referred to as protocol analysis. Most
analyzers can interpret different types of protocol traffic, such as TCP/IP, AppleTalk, and
Banyan VINES traffic.
You usually use analyzers for reactive troubleshooting - when you see a problem
somewhere on your network, you attach an analyzer to capture and interpret the data from
that area. Analyzers are particularly helpful for identifying intermittent problems. For
example, if your network backbone has experienced moments of instability that prevent
users from logging on to the network, you can attach an analyzer to the backbone to capture
the intermittent problems when they happen again.
246
Probes
Like Analyzers, a probe is a network device that collects network data. Depending on its
type, a probe can collect data from multiple segments simultaneously. It stores the collected
data and transfers the data to an analysis site when requested. Unlike an analyzer, probes do
not interpret data.
A probe can be either a stand-alone device or an agent in a network device. You can use a
probe daily to determine the health of your network. Use this data to make decisions about
reconfiguring devices and end stations as needed.
Figure 8-4 shows NIAS Centralized Probe Management for Enterprise Networks
Note: For enterprise organizations, Network Instruments has
released the Network Instruments Authentication Server (NIAS) for
assistance in managing the security and authentication parameters
for multiple console/probe connections. The NIAS is ideal for
enterprise organizations required to frequently change user names
and passwords to comply with network security policies. This easyto-install software solution makes authenticating users safe, secure
247
Cable Testers
Cable testers examine the electrical characteristics of the wiring. They are most commonly
used to ensure that building wiring and cables meet Category 5, 4, and 3 standards. For
example, network technologies such as Fast Ethernet require the cabling to meet Category 5
requirements. Testers are also used to find defective and broken wiring in a building.
The first thing to understand about testing data cables is the Attenuation to Crosstalk Ratio
(ACR). Attenuation is the reduction in signal strength over the length of the cable and
frequency range, the crosstalk is the external noise that is introduced into the cable. So, if
these two areas meet, the data signal will be lost because the crosstalk noise will be at the
same level as the attenuated signal.
Figure 8-5 shows the pink area in the graph is the attenuation and the blue area is the
crosstalk.
ACR is the most important result when testing a link because it represents the overall
performance of the cable.
248
Another critical network feature is fault tolerance, which is the network's ability to recover
from an unexpected failure. Since a company's revenue and reputation often ride on its
network, many companies employ multiple layers of fault tolerance that ranges from a
backup power source in case of an electrical power outage to mirroring the data from one
server onto another server that will automatically take over ("fail over") in case of failure.
Network clusters are also used to prevent unexpected data loss.
With the network design and installation complete, the focus shifts to network management
and maintenance. Network administrators must ensure the network operates reliably, that its
performance or speed is adequate, and that it is secure from unwanted intrusion. With the
advice of internal or external security professionals, network administrators use techniques
and technology, including firewalls and user authentication, to ensure data stored on a
computer on the network cannot be read without proper authorization.
By designing your network for troubleshooting, you can access key devices on your
network when your network is experiencing connectivity or performance problems. Having
adequate management access depends on these design criteria:
Position of the management station so that it can gather the greatest amount of
network data through Simple Network Management Protocol (SNMP) polling
Ability to communicate with each device even when your management station
cannot access the network
249
The following sections discuss how to design your network with the preceding criteria in
mind:
Using Probes
250
The backbone is usually protected with redundant power and technologies, like
Fiber Distributed Data Interface (FDDI), that correct their own problems. This
redundancy ensures that the backbone remains operational, even when other areas
of the network are having problems.
The backbone is typically faster and has a higher bandwidth than other areas of
your network, making it a more efficient location for a management station.
Make sure that the capacity of your backbone can accommodate the SNMP traffic that the
management applications generate.
Figure 8-7 shows a management station that is set up at the network backbone and
polling network devices.
Although SNMP management from the backbone is a good way to keep track of
what is happening on your network, do not rely on it exclusively because SNMP
management occurs in-band (that is, SNMP traffic shares network bandwidth with
data traffic).
Very heavy data traffic or a break in the network can make it difficult or impossible
for the management station to poll a device.
Traffic that SNMP polling adds to the network may contribute to networking
problems.
Using Probes
To minimize the frequency of SNMP traffic on your network, set up one or more probes to
collect Remote Monitoring (RMON) data from the network devices. In the distributed
model illustrated below, the management station uses SNMP polling to collect data from
251
the probes rather than from all the network devices. Distributing the management over the
network ensures you of some continued data collection even if you have network problems.
Note: Many management applications support data from MIBs
other than the RMON MIBs. For this reason, even if you are using
RMON probes, some SNMP polling to individual devices from a
key management station is always useful for a complete picture of
your network.
To extend your remote monitoring capabilities, use embedded RMON probes or roving
analysis (monitoring one port for a period of time, moving on to another port for a while,
and so on). However, with roving analysis, you cannot see a historical analysis of the ports
because the probe is moving from one port to another.
Some probes, like 3Com's Enterprise Monitor, are designed to support the large number of
interfaces that are found in switched environments. The probe's high port density supports
this multi-segmented switched environment. You can also use the probe's interfaces to
monitor mirror (or copy) ports on the switch, which means that all data received and
transmitted on a port is also sent to the probe.
Probes do not indicate which port has caused an error. Only a managed hub (a hub or switch
with an onboard management module) can provide that level of detail. Probes and a hub's
own management module complement each other.
252
On the FDDI backbone, you need to continually monitor whether it is being overutilized,
and, if so, by what type of traffic. By placing monitoring software with an FDDI media
module directly at the backbone, you can gather utilization and host matrix information. In
addition, the probe provides a full range of FDDI performance statistics that a LAN
monitoring program can record or that SNMP traps can report to the management station.
To ensure management access to the probe, provide a direct connection to the probe from
your management station. You can use this connection to access probe data even if the ring
is unusable and keeps management traffic off the main ring.
253
The Internet link is a concern for dedicated network management because it:
Requires budgeting
In a way that is similar to monitoring the FDDI backbone, some LAN monitoring program
reports can indicate whether you are paying for too much bandwidth or whether you need to
purchase more. Some can also indicate the level of use on a workgroup basis for internal
billing and highlight the top sites that users visit. Similarly, you can monitor for unexpected
conversations and protocols.
You also need to know the error rates on this link and whether you are experiencing
congestion because of circumstances on the Internet provider's network.
Switch Management Monitoring
The third area of interest in this network is the large number of switch-to-end station links.
When detailed analysis of these devices is required (for example, if one of the ports on the
network suddenly reports much higher traffic than normal), you need to track the source of
the problem and decide whether you can optimize the traffic path. In this case, you need a
way to view the traffic on the switch port at a conversation level.
By placing a monitoring program in a central location, you can easily attach it to the
switches that have the most Ethernet ports as the need arises. By using the roving analysis
feature of many 3Com devices, you can copy data from a monitored port to the port on the
switch that is connected to this program. When a problem arises, roving analysis is
activated for a particular switch and these data are collected from the monitoring programs.
These applications can then monitor the network data for the devices that are connected to
that switch.
254
Telnet - Out-of-band and in-band access using a network connection. For example,
on 3Com's CoreBuilder 6000 switch, using Telnet you can access the management
console by using a dedicated Ethernet connection to the management module (outof-band) and from any network attached to the device (in-band).
Serial line - Direct, out-of-band access using a terminal connection. This type of
connection allows you to maintain your connections to a device if it reboots.
Figure 8-9 shows management of a device through the serial line and modem ports.
Sometimes, direct access to network devices through out-of-band management is the only
way to examine a network problem. For example, if your network connections are down,
you can Telnet to one of your key routers and examine its routing table. The routing table
lists the devices that the router can reach, allowing you to narrow the area of the problem.
You can also Ping from this device to further investigate which areas of the network are
down.
Using Communications Servers
Although out-of-band management keeps you in contact with a particular device during a
network problem, it does not inform you about all the areas of your network from a central
point. You must access each device separately. To manage devices more centrally, you can
set up a communications server (often called a comm server).
255
For optimal benefit, provide two management connections to the communication server:
Connect the comm server to the network (an in-band connection) so that you can
access the devices from anywhere on the network using reverse Telnet.
Connect your management workstation directly to one of the serial ports of the
comm server (an out-of-band connection) so that you can access the devices when
the network is down.
256
Configure the management station to run without any network connection - including
NIS, NFS, and DNS lookups.
Have more than one interface available on the management station, an arrangement
called dual hosting. Connect vital probes to the second interface to create a private
monitoring LAN (one without regular network traffic) on which network problems do
not impair communication.
Do not give the management station privileges on the network, such as the ability to log
in with no passwords. Hackers can easily spot management stations.
Provide remote access through a modem to the management station so that you can
keep track of your network's activity remotely.
IP Address
Gateway Address
Subnet Mask
SNMP Traps
257
How these parameters are configured can vary by device. For more information,
see the manufacturers User Guide for each device.
If the device is accessible by Ping, then its IP address is valid and you may have a
problem with the SNMP setup. Go to step 5.
If the device is not accessible by Ping, then there is a problem with either the path
or the IP address.
2. To test the IP address, Telnet into the device using an out-of-band connection. If Telnet
works, then your IP address is working.
3. If Telnet does not work, connect to the device's console using a serial line connection
and ensure that your device's IP address setting is correct. If your management station is
on a separate subnetwork, make sure that the gateway address and subnet mask are set
correctly.
4. Using a management application, perform an SNMP Get and an SNMP Set (try to
poll the device or change a configuration using management software).
5. If you cannot reach the device using SNMP, access the device's console and make sure
that your SNMP community strings and traps are set correctly.
You can access the console using Telnet, a serial connection, or a Web management
interface.
Prevention Tips
This section provides some prevention strategies you can apply:
Ask you management to decide on a downtime comfort level. The faster you want to
get the network back up and running, the more money you need to spend in preparation.
Downtime will stretch to several hours if you have some, but not all, available equipment
for replacement.
Have your management decide which users must get back online first. In case of a
serious network problem, you may be able to support only a few users.
Know your stock equipment. Make an inventory of all your network hardware and
software so youll know what to buy spare parts for and get updated drivers.
Expect everything and everyone to let you down. If you expect the worst, youre
prepared for anything. Youre also pleasantly surprised almost all the time, since the worst
rarely happens.
258
Anything that can fail, will fail. Be prepared for any LAN component to fail, be stolen or
be tampered with.
Know your LAN component profiles. On a server, failures are likely to occur (in order):
disks, RAM, the power supply, or network adapters (NICs). The same applies to a client or
workstation, but only one user is unconvenienced.
Balance your network to eliminate as many single points of failure as possible. Many
network administrators spread every workgroup across two wiring concentrators, so one
failure wont disable an entire department. You can also spread a groups applications
across multiple servers.
Test your backup and restore software and hardware. Determine how long it takes to
completely restore a volume with your backup hardware and software. You cant easily
bring a replacement hard disk online until the restored files are in place.
Duplicate system knowledge among the IT staff. If a person, even you, is the single point
of failure, take precautions. You do not want to come back from your honeymoon just to
replace a hard disk drive!
Your suppliers will let you down sometime, somehow. Support organizations have
problems, too. Dont assume that your suppliers can provide a replacement drive that they
supposedly always have. If you must have one without fail, have it on your shelf.
Find sources of information before you need them. Always check out your sources for
updates and participate in network-oriented bulletin board service and Internet newsgroups.
The more you know, and the more places you can go for quick information, the better off
you are.
Document everything far more than you think necessary. Write down everything about
your network then fill in the blanks. Assume that someone else, your manager, for instance,
needs to fill in your place when youre away. Will your documentation provide your
manager with enough information? If some or all your information is stored electronically,
reprint the information after every substantial change, and store the paper in a safe location.
Its hard to read electronic documentation from a dead server disk!
Keep valuable network information in a safe. Your password, some backup tapes, boot
disks, software licenses, proof of purchase forms, and copy of your network documentation
should be stored in a safe. Only network administrator and your manager should have
access to it.
Make your network as standardized as possible. Hardware and software consistency is
not the hobgoblin of small minds; its the savior of the harried administrator. Standardized
configuration and policy files make life easier. It may be impossible to keep them
consistent, but try. Find a good network interface card and stick with it. Make as few
Windows desktop arrangements as you can.
Make a detailed disaster recovery plan in case of a partial or a complete network
disaster and test your recovery plan. Companies with workable recovery plans stay in
business after s disaster. Those without barely survive after a couple of years after the
disaster.
259
260
Review Questions
1. A problem with unreliable packet delivery can be caused by a problem with the a) high utilization rates or high CPU usage
b) swapping equipment or reconfiguring segments
c) transmission media or with a router configuration
d) background noise of your network
2. If you have established an out-of-band Telnet connection with a device, what would
happen?
a) You cannot use Telnet to communicate with that device even if the network is
available.
b) You can use Telnet to communicate with that device even if the network is
unavailable.
c) You can use PING to communicate with that device even if the network is
unavailable.
d) You can use PING to communicate with that device even if the network is
available.
261
262
263
b) STP
c) Fiber Optic
2. This cable combined the techniques of shielding, cancellation, and wire twisting
a) UTP
b) STP
c) Fiber Optic
3. Attenuation is the tendency of a signal to weaken as it travels over a cable. This cable is
less subject to experiencing attenuation.
a) UTP
b) STP
c) Fiber Optic
264
b) Ethernet 10Base-T
c) Ethernet100Base-T
5. In the 5-4-3 rule, which statement is true?
a) Between any two nodes on the network, there can only be a maximum of 5
segments, connected through 4 repeaters, 3 of the segments may be populated
(trunk) segments if they are made of coaxial cable.
b) Between any two nodes on the network, there can only be a maximum of 5
repeaters, connected through 4 segments, 3 of the segments may be populated
(trunk) segments if they are made of twisted-pair cable.
c) Between any two nodes on the network, there can only be a maximum of 5
segments, connected through 4 repeaters, 3 of the segments may be populated
(trunk) segments if they are made of twisted-pair cable.
265
b) OSPF
c) TDP
d) BGP
5. Which among these statements is true?
a) Unicast routing removes packets from one host to another host using the unicast
destination IP address.
b) Unicast routing forwards packets from one host to another host using the multicast
destination IP address.
c) Multicast IP routing forwards packets from one host to multiple hosts using the
multicast destination IP address.
d) Multicast IP routing forwards packets from one host to multiple hosts using the
unicast destination IP address.
266
d) FTP uses TCP to create and maintain a connection between source and destination
machines while TFTP uses UDP as a transport.
4. The most known protocol in the Network Layer is
a) PPP
b) SLP
c) IP
d) TIP
5. Any protocol or device that operates on the physical layer deals with which concept of
the network?
a) The biological concepts of the network
b) The logical concepts of the network
c) The physical concepts of the network
d) The contextual concepts of the network
267
4. The dynamic Windows-based service used to resolve NetBIOS names into their IP
addresses is
a) ICMP
b) DNS
c) WINS
d) DHCP
5. Which of the following does a router normally use when making a decision about
routing TCP/IP?
a) Destination MAC address
b) Source MAC address
c) Destination IP address
d) Source IP address
e) Destination MAC and IP address
268
Endnotes
Endnotes
1
http://www.bytepile.com/cable_categories.php
http://www.ciscopress.com/articles/article.asp?p=31276&seqNum=2
http://www.datacottage.com/nch/basics.htm
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/202b5d35-72474759-8d6e-e400f7742465.mspx
5
http://www.linktionary.com/t/tdm_newtork.html
http://www.t1-t3-dsl-line.com/page/32/
http://homepages.luc.edu/~bmontes/CIEP489-Images/Network-Protocols.gif
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/
http://www.windowsitpro.com/
10
www.3wan.com/NIAS.shtml
269