computer network iiib

i

Table of Contents

ACKNOWLEDGEMENT ............................................................................................................. vi

CHAPTER ONE ............................................................................................................................. 2

1.0 Transmission control protocol/internet protocol TCP/IP ...................................................... 2

1.1 Transmission control protocol (TCP) ................................................................................... 7

1.2 User Datagram Protocol (UDP) ............................................................................................ 9

1.3 UDP Segment Format ......................................................................................................... 10

1.4 Port Numbers ...................................................................................................................... 10

1.5 Data Encapsulation ............................................................................................................. 16

1.6 De-encapsulation : .............................................................................................................. 18

1.7 Addressing .......................................................................................................................... 20

1.8 Physical Addresses.............................................................................................................. 21

1.9 Logical Addresses ............................................................................................................... 22

1.10 Port Addresses .................................................................................................................. 24

1.11 Addresses .......................................................................................................................... 26

1.12 Logical Addressing ........................................................................................................... 27

1.13 IPv4 ADDRESSES ........................................................................................................... 27

1.14 Classful Addressing .......................................................................................................... 28

1.15 Network Addresses: Special Purpose ............................................................................... 30

1.16 Application of classes of IP address ................................................................................ 31

1.17 Disadvantages of Classful addressing ............................................................................... 32

1.18 IP terminology .................................................................................................................. 32

1.19 Classless Addressing. ........................................................................................................ 35

1.20 Network Addresses ........................................................................................................... 37

1.21 Subnetting ......................................................................................................................... 38

1.22 Advantages of subnetting a network ................................................................................. 43

1.23 Types of subnetting technique .......................................................................................... 43

1.24 VLSM Design ................................................................................................................... 51

1.25 Introduction to Network Address Translation (NAT) ...................................................... 57

ii

1.26 Advantages of NAT .......................................................................................................... 58

1.27 Disadvantages of NAT ...................................................................................................... 58

1.28 Types of Network address Translation ............................................................................. 58

1.29 How NAT WORKS .......................................................................................................... 59

1.30 IP Configuration................................................................................................................ 60

1.31 Router Configuration ........................................................................................................ 61

CHAPTER TWO .......................................................................................................................... 63

2.0 Routing basics ..................................................................................................................... 63

2.1 Static Routing...................................................................................................................... 64

2.2 Advantages of configuring routing table by static Routing ................................................ 64

2.3 Disadvantages of configuring routing table by static routing ............................................. 64

2.4 Creating routing table for each router By static Routing .................................................... 68

2.5 Dynamic Routing ................................................................................................................ 70

2.6 Classes Dynamic routing protocols .................................................................................... 70

2.7 Types of dynamic routing protocols ................................................................................... 71

2.8 Routing information protocol (RIP).................................................................................... 72

2.9 Configuring RIP Routing .................................................................................................... 72

2.10 Holding Down RIP Propagations...................................................................................... 79

2.11 RIP Version 2 (RIPv2) ...................................................................................................... 80

2.12 Interior Gateway Routing Protocol (IGRP) ...................................................................... 80

2.13 Advantages of IGRIP over RIP......................................................................................... 81

2.14 Configuring IGRP Routing ............................................................................................... 81

2.15 Open Shortest Path First (OSPF) Basics ........................................................................... 81

CHAPTER THREE ...................................................................................................................... 83

3.0 Routing and switching ........................................................................................................ 83

3.1 Layer 2 Switching ............................................................................................................... 83

3.2 Differences between HUB and Switch as layer 2 switching devices ................................. 83

3.3 What is Network Segmentation? ........................................................................................ 83

3.4 Advantages of Network Segmentation ............................................................................... 83

3.5 What is collision Domains? ................................................................................................ 84

3.6 Advantages of using layer 2 switching (Switches) ............................................................. 85

iii

3.7 Bridges versus switching .................................................................................................... 85

3.8 Three function of switches at layer 2 .................................................................................. 86

3.9 Disadvantages of loop in LAN network ............................................................................. 87

3.11 What is broadcast Domains? ............................................................................................. 89

Broadcast domain...................................................................................................................... 89

3.12 Before Layer 2 Switching ................................................................................................. 89

3.13 Disadvantages of network before layer 2 switching (Flat network) ................................. 90

3.14 Virtual Local Area Network (VLAN‘s) ............................................................................ 91

3.15 Advantages of layer 2 switched network .......................................................................... 92

3.16 Disadvantages of a layer 2 switched network ................................................................... 92

3.17 How layer 2 switched networks can be solved? ............................................................... 92

3.18 Advantages of VLANS ..................................................................................................... 93

3.19 VLAN‘s Membership ....................................................................................................... 94

3.20 Types of VLAN configuration .......................................................................................... 95

3.21 Routing between VLAN‘s ................................................................................................ 95

3.22 Configuring VLANS ......................................................................................................... 96

3.23 VLAN Trunking Protocol (VTP) .................................................................................... 106

3.24 Advantages of VTP ......................................................................................................... 106

3.25 VTP modes of operation ................................................................................................. 107

3.26 Configuring VTP on VLAN‘s ........................................................................................ 108

3.27 Virtual private Networks (VPN) ..................................................................................... 115

3.28 Traditional Connectivity before VPN ............................................................................. 115

3.29 What is VPN? ................................................................................................................. 115

3.30 Brief Overview of How it Works.................................................................................... 116

3.31 Four Critical Functions of VPN ...................................................................................... 116

3.31 Tunneling in VPN ........................................................................................................... 117

3.32 Types of VPN ................................................................................................................. 118

3.33 Advantages of using VPN compared to traditional WAN links ..................................... 119

CHAPTER FOUR ....................................................................................................................... 120

4.0 Internet Data Centrers (IDC‘s).......................................................................................... 120

4.1 Plain old telephone service (POTS) .................................................................................. 120

iv

4.2 Characteristics of PSTN/POTS ......................................................................................... 122

4.3 Limitation of POTS........................................................................................................... 122

4.4 Common Channel signaling Network (CCSN)................................................................. 122

4.5 Services that are supported by SS7 ................................................................................... 123

4.6 SS7 Architecture ............................................................................................................... 124

4.7 Types of SS7 signaling points: ......................................................................................... 124

4.8 Types of SS7 Signaling Links........................................................................................... 126

4.9 Advantages of Using SS7 ................................................................................................ 126

4.10 SS7 Transport and Higher Layers ................................................................................... 128

4.11 Commonly Used ISUP Signals ....................................................................................... 129

4.12 What is SCCP? ................................................................................................................ 130

4.13 Service Functions of SCCP Network .............................................................................. 131

4.14 Intelligent networks (IN‘s) .............................................................................................. 132

4.15 Components of an Intelligent Network (IN) ................................................................... 132

4.16 Structure of the IN .......................................................................................................... 133

4.17 Benefits of Intelligent Networks ..................................................................................... 134

4.18 Web Caching ................................................................................................................... 135

4.19 Types of Web Caches ..................................................................................................... 135

4.20 Benefits of Web caching and suitability for the deployment in the environment .......... 136

CHAPTER FIVE ........................................................................................................................ 137

5.0 Network Management ....................................................................................................... 137

5.1 Function of the Network management system.................................................................. 137

5.2 Simple network management protocol (SNMP) ............................................................... 140

5.3 SNMP protocol Concept ................................................................................................... 141

5.4 Internet Management Components ................................................................................... 142

5.5 Network and Internet security ........................................................................................... 144

5.6 Computer Security ............................................................................................................ 145

5.7 Challenges of computer security ....................................................................................... 146

5.8 Important terms to understand .......................................................................................... 147

5.9 Division of security problems ........................................................................................... 147

5.10 Classical encryption Techniques..................................................................................... 149

v

5.11 Types of cryptosystems................................................................................................... 149

5.12 Characteristics of cryptographic systems ........................................................................ 152

5.13 Caesar Cipher Encryption technique .............................................................................. 152

References ................................................................................................................................... 154

vi

ACKNOWLEDGEMENT

I, Mr. Kifaru J. Malale, would like to thank God, my Almighty for giving me the power and

strength to prepare this Study guide. This study guide, is aimed for guiding students at NTA

Level 7 who pursue Advanced Diploma in Telecommunications, on how to go through in order

to cover their syllabus for Computer Network IIIB

Nevertheless, many thanks should go directly to all staff members (Both Academic and

Management Part), who truly, by one way or another advised me, in order to come up with a

good Study guide, that covers what is supposed under the syllabus

vii

This page is intentionally left blank

2

CHAPTER ONE

1.0 Transmission control protocol/internet protocol TCP/IP

TCP/IP suite, was created by the department of defense to ensure and preserve data integrity, as

well as maintain communications in the event of catastrophic war

TCP/IP and the DoD model

DoD model is a condensed version of the OSI model. It is composed of only four instead of

seven layers

A. Process/ application layers

B. Hosts to hosts layers

C. Internet layers

D. Network Access layers

Figure bellows shows the comparison between, DoD model and the OSI model

Figure 1.1 : Comparison of DOD and OSI model

When talking about different protocols in the IP stack, The layer of the OSI model and

DoD model, are interchangeable. In other words, the internet layer and the network

layers, describe the same thing, as do the Hosts to hosts layer and the transport layer

The process/ application layers define the protocols for a node to node

applications/process and also control the user interface specifications

Hosts to Hosts layer defines protocols, for setting up the level of transmission service

for application, creating reliable end to end communication, ensuring error free delivery

of data

Internet layer protocols, defines protocols, related to the logical transmission of packets

over the entire network, routing of packets among multiple networks

3

Network access layer, defines protocols that monitor the exchange of data between hosts

and network, it oversees hardware addressing, defines protocols for physical transmission

of data

Figure bellows, shows the TCP/IP protocols suite, together with how its protocols, are

related to the DoD layers model

Figure 1.2 : TCP/IP protocol suite stack

A. PROCESS/APPLICATION layers protocols

This is top most DoD layer model which corresponds to the top three layers models in the

OSI layer model. It includes Application layer, presentation layer and session layer. In

this section, different protocols and applications will be covered in details. This include,

TELNET, FTP, TFTP, NFS, SMTP, LPD, X WINDOW, SNMP, DNS, DHCP/BootP

TELNET (telephone network)

This protocol is specialized in terminal emulation. It allows a user on a remote client

machine called telnet client, to access the resources of another machine (telnet server).

Through this protocols, a telnet client will appear as though is being connected directly to

the local network of the telnet server.

This projection is actually a software image (a virtual terminal that can interact with the

chosen remote host)

These emulated terminals are of text mode type and can execute refined procedures, like

displaying menus that gives users the opportunity to choose option from them and aces

application of the telnet server

4

Examples of situations where this application protocols helps is, when accessing website,

logging into website of the college/ triumphant while seated home

FTP (File Transfer Protocols)

Is the protocol that helps us to transfer files between two machines, allows access to files

and directories (browsing of files) .But FTP isn‘t only a protocols, but also is a programs

or an applications that operates as a protocols. FTP can team up with TELNET to

transparently log you into the FTP server and therefore provides for the transfer of files

between those servers and your remote machines. In this case users must be subjected to

an authentication login, which is probably secured with password and user names

implemented by the system administrators to restrict access

As programs, it‘s employed by users, to perform task manually (By hand),

TFTP (trivial file transfer protocols)

This is a compact little protocol that allows only file transfer and receiving between client

machine and server machines. It is different from FTP protocols, in the sense that it can‘t

provide more functions like FTP protocols, such as browsing of files capability, there is

no authentication when using these protocols, and therefore it is insecure. Few websites,

supports it because of its inherently insecurity

Other disadvantages of TFTP over FTP, is that TFTP can send smaller blocks of files

compared to FTP

NFS (Network File system)

This protocol is specialized in file sharing. It allows two different types of file system to

inter-operate. Examples, two users NT server, and Unix Client host, have different file

system, NT-file system and UNIX file system respectively. Besides that these two users

have different file system, i.e. file name lengths , different case sensitivity, securities and

so on, both UNIX USER and NT USER are allowed to share files in normal way with the

help of this protocol

5

SMTP (Simple mail transfer protocol)

This protocol is used to send emails through internet. It uses the queued or spooled

method of mail delivery. Once a message is sent to a destination machine (server),

usually a disk. The server at the destination posts a vigil regularly checking this queue for

messages. When it detects them, it proceed t6o deliver them to their destination

POP3 ()

It is a protocol used to receive emails. It operates in the same way as the SMTP protocol

HTTP (Hypertext Transfer protocol)

Are the protocols, used to access data on the World Wide Web (www?). HTTP function

as a combination of both SMTP, and FTP

LPD (Line printer daemon protocol)

This is a protocol that is designed for printer sharing. LPD along with the LPR (Line

printer) program, allows prints jobs to be spooled/ queued and sent to the network

printers using TCP/IP

X WINDOW

This protocol is designed for client server operations. It defines protocols for writing

client/ servers applications, based on Graphical User interface (GUI) . the Idea is to allow

a program called a client to run on one computer and have it , displays things through a

window server on another computer

SNMP (Simple network management protocol)

This is a protocol, whose function is to collects and manipulates valuable network

information and quickly notifying manager, about any sudden turn of events. Thus, this

protocol can stand as the watch Dog Over the network

It gathers data by polling the devices on the network from management station at fixed or

random intervals, requiring them to disclose certain information. When all is well SNMP

receives baseline report delimiting the operational traits of a health network

DNS (Domain Name Service protocol)

This is a protocol, whose function is to resolve Domain name of hosts to their

corresponding IP address. It resolves specifically, internet names such as

www.triumphantcollege.com to their corresponding IP address. DNS was designed to

make our life easier.

Think about this, What would happen if you want to move your web page, to different

service provider. The Ip address would change, and no one would know what the new

one was. DNS, allows us to use a domain name to specify an IP address. You can change

http://www.triumphantcollege.com/

6

the IP address as often as you want, no one will know the difference provided the domain

name is not changed

Shows an example of how a DNS client/server program can support an e-mail program to

find the IP address of an e-mail recipient.

Figure 1.3: DNS server

A user of an e-mail program may know the e-mail address of the recipient; however, the

IP protocol needs the IP address. The DNS client program sends a request to a DNS

server to map the e-mail address to the corresponding IP address

DHCP (Dynamic Host configuration protocol)

This is a protocol that helps to give IP address to Hosts automatically. It allows easier

administration, and works well in small to even large scale sized network

Apart from that, with DHCP protocols, there is a lot of information a DHCP server can

provide automatically to hosts, especially when a host is requesting an IP address from

DHCP server. This information includes

IP address

Subnet Mask

Domain Name

Default Gateway (Routers)

DNS

DHCP is a connectionless, which uses User Datagram protocol for communication with

the Hosts

7

BootP (Bootstrap protocol)

This is a protocol that helps to give IP address to hosts automatically. BootP is the same

as DHCP but differs in the fact that, Hardware address of each hosts must be entered

manually in BootP table, while DHCP, hardware address will be added automatically in

the DHCP table

B. Host to Host Layer protocol

This is the second from top most DoD layer model which corresponds to transport layers

models in the OSI layer model. The main purpose of this layer is to shield the upper layer

applications from complexities of the networks.

In this layers, there are two protocols used

Transmission control protocol (TCP protocol)

User data gram protocol (UDP protocol)

1.1 Transmission control protocol (TCP)

This protocols, helps to take large block of information from application layer, and breaks them

into small blocks of information called segments. This process is called SEGMENTATION

Next, it numbers and sequences each segments, so that the destinations TCP protocol can put the

segment back into the order of the application/process intended

After these segments are sent, TCP (in transmitting side), waits for acknowledgement of the

receiving TCP (in the receiving Side). If no acknowledgement is received with in certain time

period, depending on the design, the TCP on the transmitting side will resend the segments

BEFORE TRSANSMISSION

Senders TCP protocol contact the destination TCP protocol to establish connection (also known

as Virtual circuit). This type of connection is known as connection oriented

During this initial handshake, two TCP‘s also agree on the amount of information to be sent

before receiving acknowledgement

TCP is a full duplex, connection oriented, reliable and accurate protocols.

8

TCP SEGEMNT FORMAT

Figure 1.4: TCP Segment format

Function of each section in the TCP segment

Destination port The port number of the application requested on the destination host.

Sequence number Puts the data back in the correct order or retransmits missing or damaged

data, a process called sequencing.

Acknowledgment number defines which TCP octet is expected next.

Header length the number of 32-bit words in the TCP header. This indicates where the data

Begins. The TCP header (even one including options) is an integral number of 32 bits in length.

Reserved Always set to zero.

Code bits Control functions used to set up and terminate a session.

Window The window size the sender is willing to accept, in octets.

Checksum The cyclic redundancy check (CRC), because TCP doesn‘t trust the lower layers

and checks everything. The CRC checks the header and data fields.

Urgent A valid field only if the Urgent pointer in the code bits is set. If so, this value indicates

the offset from the current sequence number, in octets, where the first segment of non-urgent

data begins.

9

Options May be 0 or a multiple of 32 bits, if any. What this means is that no options have to be

present (option size of 0). However, if any options are used that do not cause the option field to

total

a multiple of 32 bits, padding of 0s must be used to make sure the data begins on a 32-bit

boundary.

Data Handed down to the TCP protocol at the Transport layer, which includes the upper layer

headers.

1.2 User Datagram Protocol (UDP)

This is one of the protocols, that can also delivers information‘s from source to destinations in

unreliably way. It does this job by utilizing far few network resources (Bandwidth), as TCP does

There is some situation, where it would be wiser for developers to use UDP, instead of TCP.

Examples,

When reliability issues have already been handled in Process/Application layer

NFS protocol also can happen that, it has been designed to handle reliability issues, so

making use of TCP becomes, impractical and redundant

But ultimately, it is up to the application developers who decide whether to use UDP or TCP and

not the user who wants to transfer data faster

Why UDP protocol is called UNRELIABLE Protocol compared to TCP protocol

UDP doesn‘t sequence the segments and doesn‘t care about in which order the segments

arrive at the destination

UDP doesn‘t allows for an acknowledgement of safe arrival of each segment

UDP doesn‘t create virtual circuit, nor doesn‘t contact the destination before delivering

information to it (Because of this, it‘s also considered a connectionless protocol)

Note:

This doesn‘t mean that UDP is ineffective, only that it doesn‘t handle issues of reliability

as TCP does

TCP for reliability or UDP for faster transfers.

10

1.3 UDP Segment Format

Figure below, clearly illustrates UDP‘s markedly low overhead as compared to TCP‘s hungry

usage. Look at the figure carefully—can you see that UDP doesn‘t use windowing or provide for

acknowledgments in the UDP header

It‘s important for you to understand what each field in the UDP segment is. The UDP segment

contains the following fields:

Figure 1.5 : UDP segment structure

Source port: Port number of the application on the host sending the data.

Destination port: Port number of the application requested on the destination host.

Length: Length of UDP header and UDP data.

Checksum; Checksum of both the UDP header and UDP data fields.

Data: Upper-layer data.

1.4 Port Numbers

These port numbers identify the source and destination application or process in the TCP

segment.

TCP and UDP must use port numbers to communicate with the upper layers, because they‘re

what keep track of different conversations crossing the network simultaneously.

11

Figure below, illustrates how both TCP and UDP use port numbers.

Figure 1.6: TCP and UDP use port numbers

Keys protocols that uses TCP, UDP with their corresponding commonly known port

Numbers

C. The Internet Layer Protocols

This is the third from top most DoD layer model which corresponds to Network layers

models in the OSI layer model. The main purpose of this layer is to provide a single

network interface to the upper-layer protocols (routing, and providing a single network

interface to the upper layers.)

Common protocols, used in this layer are as follows

Internet Protocol (IP)

Internet Control Message Protocol (ICMP)

Address Resolution Protocol (ARP)

Reverse Address Resolution Protocol (RARP)

Proxy ARP

12

Internet Protocol (IP)

This is protocol, whose function is to know, or be aware of all interconnected networks. It can do

this because all the machines on the network have software, or logical, address called an IP

address

IP protocols, looks at the packets destination address, then by using its routing table, then it

decides where a packet is to be sent next by choosing the best path

IP protocol, receives segments from the Host-to-Host layer and fragments them into datagrams

(Packets) if necessary

IP protocol in the router, looks at each packet‘s address. Then, using a routing table, it decides

where a packet is to be sent next, choosing the best path.

Each router (layer 3 device) that receives a datagram makes routing decisions based on the

packet‘s destination IP address.

IP protocol in the router then reassembles datagrams/ packets back into segments on the

receiving side

Figure below, shows an IP header. This will give you an idea of what the IP protocol has to

go through every time user data is sent from the upper layers and is to be sent to a remote

Network.

Figure 1.7 : IP datagram structure

13

Version: IP version number.

Header Length Header: length (HLEN) in 32-bit words.

ToS : with IP Precedence Bits Type of Service tells how the datagram should be handled. The

First 3 bits are the priority bits.

Total length: Length of the packet including header and data.

Identifier: Unique IP-packet value.

Flags: Specifies whether fragmentation should occur.

Frag offset Provides fragmentation and reassembly if the packet is too large to put in a frame.

It also allows different maximum transmission units (MTUs) on the Internet.

TTL The time to live (TTL) is set into a packet when it is originally generated. If it doesn‘t get

to where it wants to go before the TTL expires, boom—it‘s gone. This stops IP packets from

Continuously circling the network looking for a home.

Protocol Port of upper-layer protocol (TCP is port 6 or UDP is port 17 [hex]). Also supports

Network layer protocols.

Header checksum cyclic redundancy check (CRC) on header only.

Source IP address 32-bit IP address of sending station.

Destination IP address 32-bit IP address of the station this packet is destined for.

IP options Used for network testing, debugging, security, and more.

Data After the IP option field will be the upper-layer data.

Internet control Message protocol (ICMP)

This is also another protocol used at the internet layer for managing the network status in internet

Examples of these management functions, includes,

routes advertisement by the routers, (reporting IP address for the routers interface), All

hosts in the network listens to these advertisement from routers

Destination Unreachable If a router can‘t send an IP datagram any further; it uses ICMP

to send a message back to the sender, advising it of the situation. Examples check the

figure below, that shows the real situation

14

Figure 1.8: ICMP process

Buffer Full If a router‘s memory buffer for receiving incoming datagrams is full, it will

use ICMP to send out this message until the congestion abates.

Ping: Ping (Packet Internet Groper) uses ICMP echo messages to check the physical and

logical connectivity of machines on an internetwork.

Address Resolution Protocol (ARP)

This is also another protocol in the Internet layer, whose function is to

resolve/map/find/translates physical/MAC/NIC address of the host from a known IP address.

Here it works like this

When IP has a datagram to send, it must inform a Network Access protocol, such as Ethernet

or Token Ring, of the destination‘s hardware address on the local network. (It has already

been informed by upper-layer protocols of the destination‘s IP address.) If IP doesn‘t find the

destination host‘s hardware address in the ARP cache, it uses ARP to find this information.

As IP‘s detective, ARP interrogates the local network by sending out a broadcast asking the

Machine with the specified IP address to reply with its hardware address. So basically, ARP

Translates the software (IP) address into a hardware address

Figure, bellows, shows how ARP protocol, operates in a local Network

15

Figure 1.9 : Address Resolution Protocol

Reverse address Resolution protocol (RARP)

This is also a protocol in the internet layers whose function is to resolve/find/map the

MAC/NIC/physical address of the diskless machine to its corresponding IP address.

Here is how it works

When an IP machine happens to be a diskless machine, it has no way of initially knowing its

IP address. But it does know its MAC address. Reverse Address Resolution Protocol (RARP)

Discovers the identity of the IP address for diskless machines by sending out a packet that

includes its MAC address and a request for the IP address assigned to that MAC address. A

designated machine, called a RARP server, responds with the answer, and the identity crisis is

over. RARP uses the information it does know about the machine‘s MAC address to learn its IP

Address and complete the machine‘s ID portrait.

Figure 1.10: Reverse address resolution protocol

16

Proxy Address Resolution Protocol (Proxy ARP)

This is also a protocol found in internet layer, whose function is to help hosts from one

subnet to send its packet to another remote subnet at the time when it happens that, the

default gateway configured in this host is down

One advantage of using Proxy ARP is that is can be added to a single router on a network

Without disturbing the routing tables of all the other routers that live there too

But there‘s a serious downside to using Proxy ARP. Using Proxy ARP will definitely

increase the amount of traffic on your network segment, and hosts will have a larger ARP

table than usual in order to handle all the IP-to-MAC address mappings

1.5 Data Encapsulation

Data Encapsulation is the process where data is wrapped with the protocol information, as it goes

down through each layer of the OSI model at the Sending side

Each layer in the OSI model, communicates with its peer layer on the receiving side by using

protocol Data units (PDU)

Protocol data Units (PDU) holds control information and they are attached to the data, at each

layer of the OSI model

They are usually attached at the header (In front of the data units), but can also be in the trailer.

This PDU information can only be read by the peer layer on the receiving device. After it is read,

the PDU is stripped off, and the data is handed to the next layer up. Figure below, shows PDU‘s,

and how they attach control information at each layer

Figure 1.11: Encapsulation process

Figure above, demonstrate how, user data form upper layer is being converted for

transmission on the network

17

At the TRANSPORT LAYER

The data streams, is the handed down to the transport layer, which set up virtual circuit to the

receiving device

Next this data stream is broken up into smaller pieces, and transport layer header, PDU is

appended to the header of the data field to form SEGMENT

This PDU contains information about the SOURCE and DESTINATION PORT ADDRESS

Each segment is sequenced, so data streams can be put back together on the receiving side

exactly as it was transmitted

At the NETWORK LAYER

Each segment is the handed down to the Network layer for network addressing and routing

through the internet. In this case, Logical addressing (IP addressing), is used to route each

segments to the correct destination network

Again the network layer protocol add/append a new Extra PDU or control information to

each segments to PACKETS/DATAGRAM

This PDU contains information about sources and destination IP ADDRESS

At the DATA LINK LAYER

Again, the data link add/append extra control information (PDU), to each packets to form

frames. This PDU added, contains Important information about Sources and destination

MAC/NIC/Physical address

Also it is the responsibility of the data link layer to place each frames on a physical medium

so that it can transported to the destination

The data link layer, encapsulates each packet in a frame, and the frame‘s header carries

hardware address of the source and destination hosts

If the destination devices is on a remote network, then a frame is sent to the router to be

routed throughout and internetwork

At PHYSICAL LAYER

Physical layer is used to generated digital bits from frames bits, which can be read by the

device on the same local network

18

1.6 De-encapsulation :

is the opposite of the ENCAPSULATION, where the control information is removed from the

packet so that only, information/ data for the user remains

Data De-encapsulation, is usually done on the receiving side in the network

Summary of the data encapsulation at the transmitting device

Consider the figure below, so that to understand clearly the data encapsulation procedures

Figure 1.12: Encapsulation process

19

Before going further, consider the following explanation, in order to understand port numbers

Figure 1.13: Port numbers in virtual circuit

20

1.7 Addressing

Is the scheme is used in computer networks to locate specific destination in a networks

There are four levels of addresses that are used in an internet employing the TCP/IP protocols:

physical (link) addresses, logical (IP) addresses, port addresses, and specific addresses.

Consider the figure below

Figure 1.14 : Classification of addressing

Each address is related to a specific layer in the TCPIIP architecture, as shown in figure

below

Figure 1.15 : Classification of addresses basing on OSI layers

21

1.8 Physical Addresses

The physical address, also known as the link address, is the address of a node as defined

By its LAN or WAN. It is included in the frame used by the data link layer. It is the Lowest-level

address.

The physical addresses have authority over the network (LAN or WAN).The size

And format of these addresses vary depending on the network. For example, Ethernet

Uses a 6-byte (48-bit) physical address that is imprinted on the network interface card (NIC).

Consider the figure below

A node with physical address 10 sends a frame to a node with physical address 87. The two

nodes are connected by a link (bus topology LAN).

As the figure shows, the computer with physical addresses 10 is the sender, and the computer

with physical address 87 is the receiver. The data link layer at the sender receives data from an

upper layer. It encapsulates the data in a frame, adding a header and a trailer. The trailer usually

contains extra bits needed for error detection.

Figure 1.16 : communication with physical address

The header, among other pieces of information, carries the receiver and the sender physical (link)

addresses.

In a bus topology, the frame is propagated in both directions (left and right). The frame

propagated to the left dies when it reaches the end of the cable if the cable end is terminated

appropriately.

The frame propagated to the right is sent to every station on the network. Each station with a

physical addresses other than 87 drops the frame because the destination address in the frame

does not match its own physical address.

22

The intended destination computer, however, finds a match between the destination address in

the frame and its own physical address. The frame is checked, the header and trailer are dropped,

and the data part is de-encapsulated and delivered to the upper layer.

1.9 Logical Addresses

Logical addresses are necessary for routing packets through different networks interconnected

throughout world

Logical addresses are necessary for universal communications that are independent of

underlying physical networks. Physical addresses are not adequate in an internetwork

environment where different networks can have different address formats

A logical address in the Internet is currently a 32-bit address that can uniquely define a host

connected to the Internet. There are two versions of logical addresses

IP version 4 (IPV4) and IP version 6 (IPV6)

Consider the diagram below

It shows a part of an internet with two routers connecting three LANs. Each device (computer or

router) has a pair of addresses (logical and physical) for each connection.

In this case, each computer is connected to only one link and therefore has only one pair of

addresses. Each router, however, is connected to three networks (only two are shown in the

figure). So each router has three pairs of addresses, one for each connection.

23

Figure 1.17 : Communication with Logical addressing

The computer with logical address A and physical address 10 needs to send a packet to the

computer with logical address P and physical address 95. The sender encapsulates its data in a

packet at the network layer and adds two logical addresses (A and P).Note that in most

protocols, the logical source address comes before the logical destination address (contrary

to the order of physical addresses

The network layer, however, needs to find the physical address of the next hop before the packet

can be delivered. The network layer consults its routing table and finds the logical address of the

next hop (router I) to be F. The ARP discussed previously finds the physical address of router 1

that corresponds to the logical address of 20. Now the network layer passes this address to the

data link layer, which in tum encapsulates the packet with physical destination address 20 and

physical source address 10.

The frame is received by every device on LAN 1, but is discarded by all except router 1, which

finds that the destination physical address in the frame matches with its own physical address.

The router de-encapsulates the packet from the frame to read the logical destination address P.

24

Since the logical destination address does not match the router's logical address, the router knows

that the packet needs to be forwarded.

Router consults its routing table and ARP to find the physical destination address of the next hop

(router 2), creates a new frame, encapsulates the packet, and sends it to router 2.

Note the physical addresses in the frame. The source physical address changes from 10 to 99.

The destination physical address changes from 20 (router 1 physical address) to 33 (router 2

physical address). The logical source and destination addresses must remain the same; otherwise

the packet will be lost.

At router 2 we have a similar scenario. The physical addresses are changed, and a new frame is

sent to the destination computer. When the frame reaches the destination, the packet is de-

encapsulated

The destination logical address P matches the logical address of the computer. The data are de-

encapsulated from the packet and delivered to the upper layer.

1.10 Port Addresses

Is 16 bits in length address used for communication between source and destination processes

running in two Computers

The IP address and the physical address are necessary for a quantity of data to travel from a

source to the destination host. However, arrival at the destination host is not the final objective of

data communications on the Internet

Today, computers are devices that can run multiple processes at the same time. The end

objective of Internet communication is a process communicating with another process

For example, computer A can communicate with computer C by using TELNET. At the same

time, computer A communicates with computer B by using the File Transfer Protocol (FTP). For

these processes to receive data simultaneously, we need a method to label the different processes.

In other words, they need addresses. In the TCPI/IP architecture, the label assigned to a

process is called a port address.

Figure below, shows two computers communicating via the Internet. The sending computer is

running three processes at same time with port addresses a, b, and c. The receiving computer is

running two processes at same time with port addresses j and k.

25

Figure 1.18: Port address

Process a in the sending computer needs to communicate with process j in the receiving

computer. To show that data from process a need to be delivered to process j, and not k, the

transport layer encapsulates data from the application layer in a packet and adds two port

addresses (a and j), source and destination

The packet from the transport layer is then encapsulated in another packet at the network layer

with logical source and destination addresses (A and P). Finally, this packet is encapsulated in a

frame with the physical source and destination addresses of the next hop. We have not shown the

physical addresses because they change from hop to hop inside the cloud designated as the

Internet.

Note that although physical addresses change from hop to hop, logical and port addresses remain

the same from the source to destination.

26

1.11 Addresses

Some applications have user-friendly addresses that are designed for that specific address.

Examples include the e-mail address (for example, [email protected]) and the Universal

Resource Locator (URL) (for example, www.mhhe.com). The first defines the recipient of

an e-mail

27

1.12 Logical Addressing

Logical addressing is the communication at the network layer, and is the host-to-host (computer-

to-computer); a computer somewhere in the world needs to communicate with another computer

somewhere else in the world. Usually, computers communicate through the Internet. The packet

transmitted by the sending computer may pass through several LANs or WANs before reaching

the destination computer.

For this level of communication, we need a global addressing scheme; we called this logical

addressing. We use the term IP address to mean a logical address in the network layer of the

TCP/IP protocol suite.

The Internet addresses/Logical addresses/IP addresses are 32 bits in length; this gives us a

maximum of 232

addresses. These addresses are referred to as IPv4 (IP version 4) addresses or

simply IP addresses

1.13 IPv4 ADDRESSES

An IPv4 address is a 32-bit address that uniquely and universally defines the connection of a

device (for example, a computer or a router) to the Internet. IPv4 addresses are unique. They are

unique in the sense that each address defines one, and only one, connection to the Internet. Two

devices on the Internet can never have the same address at the same time

On the other hand, if a device operating at the network layer has m connections to the Internet, it

needs to have m addresses. We will see later that a router is such a device.

Notations

There are two prevalent notations to show an IPv4 address: binary notation and dotted decimal

notation.

Binary Notation

In binary notation, the IPv4 address is displayed as 32 bits. Each octet is often referred to as a

byte. So it is common to hear an IPv4 address referred to as a 32-bit address or a 4-byte address.

The following is an example of an IPv4 address in binary notation:

01110101 10010101 00011101 00000010

Dotted-Decimal Notation

To make the IPv4 address more compact and easier to read, Internet addresses are usually written

in decimal form with a decimal point (dot) separating the bytes. The following is the dotted

decimal notation of the above address:

117.149.29.2

28

1.14 Classful Addressing

This is IP addressing architecture, where the addresses are classified in terms of classes.

Although this scheme is becoming obsolete, we briefly discuss it here to show the rationale

behind classless addressing.

In Classful addressing scheme, the number of network bits, was fixed, Where by Class A has 8

bits for network, Class B has 16 bits for network part, and class C has 24 network bits

In Classful addressing, the address space is divided into five classes: A, B, C, D, and E. Each

class occupies some part of the address space.

We can find the class of an address when given the address in binary notation or dotted-decimal

notation. If the address is given in binary notation, the first few bits can immediately tell us the

class of the address.

If the address is given in decimal-dotted notation, the first byte defines the class.

Class A Addresses ranges

In a class A network address, the first byte is assigned to the network address, and the three

remaining bytes are used for host address. The class A format is as follows

Network. Host. Host. Host

The designers of the IP address scheme said that the first bit of the first byte in a Class A

network address must be reserved always be off, or 0. Consider first byte of the class A below

If we turn the other 7 bits all off and then turn them all on, we‘ll find the Class A range of

network addresses:

00000000 = 0

01111111 = 127

As the result number of class A networks that can be created is 128 given by 27

=128. This

means a Class A address must be between 0 and 127, inclusive.

So, a Class A network is defined in the first octet between 0 and 127

To complicate matters further, the network address of all 0‘s (00000000) is reserved to designate

the default route, and additionally the address 127 is reserved for diagnostics, can‘t be used

either, which means that you can really use the numbers 1-126 to designate class A network

addresses. This means that, the actual number of usable network address for class a is

29

N=27-2=126 addresses

Each class A addresses has 3 bytes (24 bits positions) for the host address of the machine. This

means that, there are total of different unique combinations of hosts addresses given by

N=224

=16,777,216 hosts addresses

But to find the maximum usable number of hosts address or valid hosts‘ addresses, you must

subtract by 2

N=224

-2=16,777,214 different hosts, because the hosts addresses with two patterns of either all

0‘s or of all 1‘s must be reserved for network address and broadcast address respectively

Class B addresses ranges

In a class B, the first two bytes are assigned to the network address and the remaining two bytes

are used for hosts‘ addresses. The format is as follows

Network. Network. Host. Host

But the internet designers request for comments (RFC‘s), decided that all class B network

addresses should start with binary digit 1, and the second bit should be zero (0). This leaves 14

bit positions available to manipulate.

In reality we get total number of network address given by N=214

=16384 different unique

network addresses

If you turn the other 6 bits all off and then all on in the first byte, you will find the range for a

Class B network:

10000000=128

10111111=191

As you can see above, class B address range span form 128-191 in the first byte

A class B addresses uses 2 bytes for host address. To find total number of valid hosts for class B

N=216

-2= 65,534 (we subtract 2 for the reserved patterns (all 0‘s for network address, all 1‘s for

broadcast))

Class C Address ranges

The first 3 bytes of a class C network address are dedicated to the network portion of the address,

with only 1 last byte remaining for host address. The format is as follows

Network. Network. Network. Host

30

But the internet designers request for comments (RFC‘s), decided that all class C network

addresses‘ first three bits, should start with 110. The internet designers defined that the first 2

bits of the first octet as always turned ON, but the third bit can never be turned ON

The calculation is as follows: 3 bytes or 24 bits minus 3 reserved bits, leaves 21 bits position.

Therefore to find total different unique network address in class C, proceed as follows

N=221

= 2,097,152 different class C networks

Following the same process as the previous classes, convert from binary to decimal to find the

range. Here‘s the range for a Class C network:

11000000 = 192

11011111 = 223

So, if you see an IP address that starts at 192 and goes to 223, you‘ll know it is a Class C IP

address.

Network Address Ranges: Classes D and E

The addresses between 224 and 255 are reserved for Class D and E networks.

Class D (224–239)

is used for multicast addresses and

Class E (240–255)

for scientific purposes, but I‘m not going

into these types of addresses in this book (and you don‘t need to know them).

1.15 Network Addresses: Special Purpose

Some IP addresses are reserved for special purposes, so network administrators can‘t ever assign

these addresses to nodes. Table below shows these IP addresses together with their function

31

Figure 1.19 : Special Ip addresses

CLASS Range Bits for

Net

ID/Host

ID

Usable

NET ID bits

Size/Networks Size/IP

addresses

Hosts/network

(Valid IP

addresses)

A 0-127 8/24 8-1=7 27-2=126 2

24=16777216 2

24-

2=162787214

B 128-191 16/16 16-2=14 214

-2=16384 216

=65536 216

-2=65534

C 192-223 24/8 24-3=21 221

-

2=2097152

28=256 2

8-2=254

1.16 Application of classes of IP address

Class A Addresses

32

Class A addresses were designed for large organizations with a large number of attached hosts or

routers.

Class B Addresses

Class B addresses was designed for midsize organizations with tens of thousands of attached

hosts or routers.

Class C addresses

Class C addresses were designed for small organizations with a small number of attached hosts

or routers.

1.17 Disadvantages of Classful addressing

One problem with Classful addressing is that each class is divided into a fixed number of blocks

with each block having a fixed size.

We can see the flaw in this design. A block in class A address is too large for almost any

organization. This means most of the addresses in class A were wasted and were not used.

A block in class B is also very large, probably too large for many of the organizations that

received a class B block

A block in class C is probably too small for many organizations.

Class D addresses were designed for multicasting as we will see in a later chapter. Each address

in this class is used to define one group of hosts on the Internet. The Internet authorities wrongly

predicted a need for 268,435,456 groups. This never happened and many addresses were wasted

here too.

And lastly, the class E addresses were reserved for future use; only a few were used, resulting in

another waste of addresses.

1.18 IP terminology

Netid and Hostid

33

In Classful addressing, an IP address in class A, B, or C is divided into netid and hostid. These

parts are of varying lengths, depending on the class of the address. Figure below, shows some

netid and hostid bytes.

In class A, one byte defines the netid and three bytes define the hostid. In class B, two bytes

define the netid and two bytes define the hostid. In class C, three bytes define the netid and one

byte defines the hostid.

Default Mask address

Is a 32 bit number made of contiguous 1‘s followed by contagious 0‘s. Mask address is being

used by computer to identify NET ID and HOST ID in a given IP address. The default masks

address for classes A, B, and C are shown in Table below. The concept does not apply to classes

D and E.

There are two main ways through which the default mask address can be presented as shown above in the

table, Dotted decimal notation and CIDR notation

CIDR-stands for classless interdomain Routing notation, and it tells us the number of 1‘s in the

given default masks address. This notation is also called slash notation or Classless Interdomain

Routing (CIDR) notation.

The notation is used in classless addressing, which we will discuss later. We introduce it here

because it can also be applied to Classful addressing

Subnetting

34

Is the process of borrowing bits from the HOST portion of the IP Address (HOST ID),

and reserve them to define the subnet address

Or it means, a process of dividing large network into smaller number of networks, called

subnets

Subnetting increases the number of 1‘s in the mask, as we will see later when we discuss

classless addressing.

Custom/ subnet mask Address

Is a 32 bit number made of contiguous 1‘s followed by contagious 0‘s obtained after

subnetting

Supernetting

Is the process where by several networks are combined to create a super network or a

supemet

The time came when most of the class A and class B addresses were depleted; however,

there was still a huge demand for midsize blocks. The size of a class C block with a

maximum number of 256 addresses did not satisfy the needs of most organizations

One solution was Supernetting.

In Supernetting, an organization can combine several class C blocks to create a larger

range of addresses.

An organization can apply for a set of class C blocks instead of just one. For example, an

organization that needs 1000 addresses can be granted four contiguous class C blocks.

The organization can then use these addresses to create one super network

Supernetting decreases the number of Is in the mask. For example, if an organization is

given four class C addresses, the mask changes from /24 to /22. We will see that classless

addressing eliminated the need for Supernetting

35

1.19 Classless Addressing.

This is addressing scheme that was discovered by allowing number of network bits to vary by

doing subnetting / borrowing bits from host‘s part to network part of the IP address.

Using a Classful IP addressing format worked well when the Internet was relatively small. But as

the number of networks on the Internet grew, the limitations of Classful addresses became

apparent. The Class A address space contains only 125 usable networks in the range 0–127

because networks 0 and 127 are reserved

To overcome address depletion and give more organizations access to the Internet,

classless addressing was designed and implemented. In this scheme, there are no

classes, but the addresses are still granted in blocks.

In classless addressing, when an entity, small or large, needs to be connected to the

Internet, it is granted a block (range) of addresses. The size of the block (the number of

addresses) varies based on the nature and size of the entity.

For example, a household may be given only two addresses; a large organization may be given

thousands of addresses. An ISP, as the Internet service provider, may be given thousands or

hundreds of thousands based on the number of customers it may serve.

Restriction To simplify the handling of addresses, the Internet authorities impose three

restrictions on classless address blocks:

1. The addresses in a block must be contiguous, one after another.

2. The number of addresses in a block must be a power of 2 (I, 2, 4, 8 ...).

3. The first address must be evenly divisible by the number of addresses.

Example, figure below shows a block of addresses, in both binary and dotted-decimal notation,

granted to a small business that needs 16 addresses.

We can see that the restrictions are applied to this block. The addresses are contiguous.

The number of addresses is a power of 2 (16 = 24 ), and the first address is divisible by 16.

36

A better way to define a block of addresses is to select any address in the block and the mask

address. As we discussed before, a mask is a 32-bit number in which the n leftmost bits are 1‘s

and the 32 – n rightmost bits are 0‘s. However it is a convenient way to express mask address in

CIDR notation

To define the whole block of address given any IP address and Mask Address in CIDR

notation

The IP address and the CIDR notation completely define the whole block (the first address, the

last address, and the number of addresses).

First Address

The first address in the block can be found by setting the 32 - n rightmost bits in the binary

notation of the address to 0‘s.

Last Address

The last address in the block can be found by setting the 32 - n rightmost bits in the binary

notation of the address to 1‘s.

Number of Addresses

The number of addresses in the block is the difference between the last and first address. It can

easily be found using the formula 232-n

, where n stands for number in CIDR notation

Example

A block of addresses is granted to a small organization. We know that one of the addresses is

205.16.37.39/28. What is the first address and Last address in the block?

Solution

To find first address in the block

The binary representation of the given address is 11001101 00010000 00100101 00100 I 11.

If we set 32 - 28 rightmost bits to 0, we get 11001101 000100000100101 0010000 or

205.16.37.32

37

To find Last address in the block

Solution

The binary representation of the given address is 11001101 000100000010010100100111. If we

set 32 - 28 rightmost bits to 1, we get 11001101 00010000 001001010010 1111 or 205.16.37.47.

The Last address will be 205.16.37.47.

To find the number of address

Solution

the value of n is 28, which means that number of addresses is 232-28

=24 = 16.

1.20 Network Addresses

A network address serves as a unique identifier for a computer on a network. When set up

correctly, computers can determine the addresses of other computers on the network and use

these addresses to send messages to each other.

Network address is the first address form the list of IP address given to the Organization by the

ISP. When an organization is given a block of addresses, the organization is free to allocate the

addresses to the devices that need to be connected to the Internet. The first address in the class,

however, is normally (not always) treated as a special address. The first address is called the

network address and defines the organization network. It defines the organization itself to the

rest of the world

Network address is the one that is used by routers to direct the message sent to the organization

from the outside.

http://compnetworking.about.com/od/workingwithipaddresses/ss/how-to-ping-the-ip-address-of-a-computer.htm

38

1.21 Subnetting

Is the process of borrowing bits from the HOST portion of the IP Address (HOST ID), and

reserve them to define the subnet address

Or it means, a process of dividing large network into smaller number of networks

Important terms to understand

Broadcast Address

Is the logical addressing (IP addressing) at which all devices connected to a network are able to

receive data gram or information

Subnets

These refers to small networks that obtained as the result of breaking down a large

network by subnetting

Number of subnets

Refers to the total number of smaller networks in a large network. It can be calculated

from the following formula

N=2S , where s stands for number of bits borrowed form hosts portion to Network Portion

Number of valid subnet is obtained by subtracting 2 form total subnets

N=2S -2

Subnet ID

This refers to IP address reserved for defining or identifying a particular subnet among

other subnets in a large network

Custom Mask address/ Subnet mask address

This refers 32 bit in length address made of contagious 1‘s followed by contagious 0‘s,

obtained after subnetting

If no bits is borrowed from HOST ID. The Mask address will be a default Mask Address

39

11111111 00000000 00000000 00000000

NET ID

8 bits

HOST ID

24 bits

Default mask address=

CIDR=/8

Decimal Notation 255.0.0.0

Assume 2 bits are borrowed from HOST PART to NET PART

11111111 11 000000 00000000 00000000

NET ID

10 bits

HOST ID

22 bits

Subnet Mask Address

CIDR notation /10


2

22

2

2

2 4

2 2 4194302

s

Number of subnetworks

s bits

N

N

Number of Hosts per subnetwork

N

To find The Network ID for each subnet (4 subnets)

Take 256(28)-192=64, then networks ID should have a fixed Block size of 64, starting with

0, keep adding until you reaches value of a subnet mask address i.e. 192

Sub-nets Subnet ID

1 255.0.0.0

2 255.64.0.0

3 255.128.0.0

4 255.192.0.0

Assume 4 bits are borrowed from HOST PART to Network part

40

11111111 1111 0000 00000000 00000000

NET ID

12 bits

HOST ID

20 bits

Subnet Mask Address

CIDR notation /12


4

20

2

4

2 16

2 2

2 2 1048574

s

h


N

s bits

N


N

N

To find Subnet ID for each 16 subnets

Take 256(28)-240=16, then keep adding 16 starting from 0 in the second octet until you reach

240

16.Subnets SUBNET ID

1. 255.0.0.0

2. 255.16.0.0

3. 255.32.0.0

4. 255.48.0.0

5. 255.64.0.0

6. 255.80.0.0

41

15 255.224.0.0

16. 255.240.0.0

For Class B IP address default mask address 255.255.0.0

11111111 11111111 00000000 00000000

NET ID

16 bits

HOST ID

16 bits

Default Mask Address

CIDR Notation =/16

Decimal notation 255.255.0.0

Assume 1 bits is borrowed from the HOST PART to NET PART

11111111 11111111 1 0000000 00000000

NET ID

17 bits

HOST ID

15 bits

Subnet Mask Address

CIDR Notation /17


42

1

15

2

1

2 2

2 2

2 2 32766

s

h


N

s bits

N


N

N

To find Subnet ID for each 2 subnets

Take 256-128=128, then keep adding 128 starting from 0 in the third octet until you reach 128

Subnets Subnet ID

1. 255.255.0.0

2. 255.255.128.0

Block Size

Block size is the size of subnet including network address, hosts addresses and broadcast

address.

Block size can be calculated using formula below

Block size N=2h , where h represent number of host bit available in given address

Octet /byte

Refers to portion of the IP address that contains 8 bits, each bits can have decimal

equivalent, as shown in the following table, with the highest decimal number starting

form most significant bit (MSB), and the lowest decimal number to the least significant

bit (LSB)

Bit Position 1st

bit

2nd

bit

3rd

bit

4th

bitt

5th

bit

6th

bit

7th

bit

8th

bit

Decimal equivalent 128 64 32 16 8 4 2 1

43

Hosts bit

Refers to the number of bit reserved in a hosts part of an IP address. Maximum number of

host/computers according to the number of hosts bit, can be calculated as shown from the

following table

Number of host bits

(h)

Total number of Hosts 2h (include valid and invalid )

2 22 =4

3 23 =8

4 24 =16

5 25 =32

6 26 =64

And so on And so on

Total Number of hosts per subnet

This refers to the total number of IP addresses to be assigned to in a given subnet. It can

calculated using the formula below

N=2h , where h stands for number of hosts bit in a given IP address

Number of valid host is obtained by also subtracting 2 from total number of host per subnet

N=2h - 2

1.22 Advantages of subnetting a network

Subnetting breaks large network in smaller networks and smaller networks are easier to

manage.

Subnetting reduces network traffic by reducing collision domains and broadcast

Domains, that overall improve performance.

Subnetting allows you to apply network security polices at the interconnection between

subnets.

Subnetting allows you to save money by reducing requirement for IP range.

1.23 Types of subnetting technique

Basically there are two main technique of subnetting

a) Traditional subnetting

This is subnetting procedures where all subnets are given constant or same subnet mask

address to use

44

It was the first technique to be used in subnetting procedures, but it had the disadvantages

of not providing efficient use of IP addresses. This was due to the fact that, same block

size of network address was allocated to all subnets regardless of the individual subnets

size

A critical issue when ―borrowing‖ bits from the host ID to create the subnet ID is to accurately

determines the following information:

1. How many subnets are needed

2. How many bits must be ―borrowed‖ from the host ID field for the new subnet ID field to

accommodate the required number of subnets

3. What is the largest number of hosts that will ever be on a given subnet

4. How many bits must be retained in the host ID field to accommodate the maximum

number of hosts needed

These considerations mandate that careful planning should be carried out before the subnetting

process is begun. It is obviously prudent to plan for future as well as for current needs. Once pre-

planning is complete, the actual subnetting process involves the following steps:

1. Determine how many subnets are needed

2. Determine the maximum number of hosts that will be on any given subnet

3. Determine how many bits to borrow from the host ID field for the subnet ID field

4. Determine how many bits must remain in the host ID field (and therefore cannot be

borrowed for the subnet ID)

5. Determine how many bits are in the original network ID and host ID fields

6. Check to ensure that the number of bits to be ―borrowed‖ from the host ID does not

exceed the number of bits to be retained for the host ID (i.e., check that the subnetting

problem is solvable)

7. Set an optimal length for the subnet ID field, including room for future growth

8. Create a modified (custom) subnet mask for the network

9. Determine the valid subnet ID‘s for the network

10. Determine the valid ranges of IP addresses for each subnet on the network

SUBNETTING CLASS C

Suppose an ISP assigns a Class C network address of 193.200.35.0/24 to a triumphant

college. After meeting with relevant personnel. ISP realized that currently college, needs 2

subnets with each to have a maximum of 30 hosts.

1. As a telecom student, third year show step by step how you can construct LAN

networks, with proper IP Address schemes

2. Construct the packet tracer for the LAN‘s Above

45

Steps 1:

Identify the class of the IP address

This is a class C, with 24 network bits, and 8 Hosts bits

Find the number of bits to be borrowed from host part (small‗s‘) in order to have 2 subnets

using the following formula below

2

2 2, 2

2 2 2

2 4

2 2

2

s

s

s

s

N N

s bits

Step 2:

Find total number Host bits to remain in host part (small ‗h‘), in order to have maximum of

30 hosts/subnet, using the following formula

5

2 2, 30

30 2 2

2 32

2 2

5

h

h

h

h

N N

h bits

But for class C, we have total of 8 bits, but s+h=2+5=7-bits, there is extra of 8-7=1 unused

bit, this unused bit should be added to the borrowed bits‗s‘, because in any organization is

more likely to run short of subnets rather than hosts on a subnet, therefore we allocate the

extra bit to s, incrementing s=2+1=3 borrowed bits

In this case the number of sub networks will change to

3

2 2, 3

2 2 8 2 6

sN s

N

But the number of hosts per sub networks will remain constant as before

46

5

2 2, 5

2 2 30

hN h bits

N hosts

Since we had three bits borrowed from the host part to network part, therefore the default

mask address change to custom mask address/subnet mask address as shown below in a table

Decimal notation CIDR Notation

Default Mask address 255.255.255.0 /24

Custom Mask Address 255.255.255.224 /27

Step 3

Determine the block size and hence Subnet ID and Valid IP address for each of 6 Subnets

Block size=256-224=32, then keep adding 32 to the left most zero octet until you reaches 224

(customer mask address)

Or To find block size, use N=2h , where h represent number of host bit remained after borrowing

Original Network ID (not a valid subnet

address since subnet ID is all 0‘s)

193.200.35.0

Address for subnet 1

First Valid IP address

Last Valid IP address

Broadcast Address

193.200.35.32

193.200.35.33

193.200.35.62

193.200.35.63


First valid IP address

Last Valid IP Address

Broadcast Address

193.200.35.64

193.200.35.65

193.200.35.94

193.200.35.95



Last valid IP address

Broadcast IP address

193.200.35.96

193.200.35.97

193.200.35.126

193.200.35.127

Address for subnet 4 193.200.35.128

47


Last valid IP address


193.200.35.129

193.200.35.158

193.200.35.159


First Valid IP address

Last Valid IP address


193.200.35.160

193.200.35.161

193.200.35.190

193.200.35.191


Valid first IP address

Valid Last IP address


193.200.35.192

193.200.35.193

193.200.35.222

193.200.35.223

Custom Subnet Mask (not a valid subnet

address since subnet ID is all 1‘s)

193.200.35.224

Step 4:

Draw the network above in a packet tracer, and simulate to see the network performance

In this case we are going to select use DHCP protocol; where by each subnets we will select

three Hosts only in order to save space

Figure 1.19 : Packet tracer diagram

48

CLI commands For router0

R1>en

R1#config t

R1(config)#interface fa 0/0

R1(config-if)#ip address 193.200.35.33 255.255.255.224

R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#ip dhcp pool Subnet1

R1(dhcp-config)#network 193.200.35.32 255.255.255.224

R1(dhcp-config)#default-router 193.200.35.33

R1(dhcp-config)#exit




R1(config-if)#exit

R1(config)#ip dhcp pool Subnet2




R1(config)#interface serial 0/0/0


49

R1(config-if)#clock rate 64000

R1(config-if)#bandwidth 64


R1(config-if)#exit

R1(config)#exit

R1#exit

CLI commands for Router2

Router>en

Router#config t

Router(config)#hostname R2

R2(config)#interface serial 0/0/0



R2(config-if)#clock rate 64000

R2(config-if)#bandwidth 64

R2(config-if)#exit




R2(config-if)#exit

R2(config)#ip dhcp pool subnet4

50







R2(config-if)#exit





R2(config)#interface Eth 0/1/0



R2(config-if)#exit





R2(config)#exit

R2#exit

51

b) Variable length subnet mask (VLSM) subnetting

This is a new technique of subnetting large network into smaller number of networks by using

different mask address to each of the subnets obtained

It is more efficient method of subnetting compared to Traditional subnetting, whereby this

method provide efficient use of available IP addresses

VLSM is the current technique used to split large network into smaller networks according to

the Host requirements of each subnet

In order to use VLSM technique, it is a must to identify total number of subnets

These subnets will include all LAN‘s and WAN‘s Links in a given network

LAN‘s include all network attached to a router through interface. The router interface usually is

called Fast Ethernet. There are two types of router fast Ethernet interface, shortened as fa 0/0,

and fa 0/1

WAN‘s links, these are used to interconnect two routers so that they can communicate each

other. Two router can be made to communicate each other through WAN‘s links attached to a

router through serial interface, different form fast Ethernet interface. In router, there are also two

types serial interface, shortened as s 0/0 and s 0/1

1.24 VLSM Design

It‘s time to jump into how to design and implement VLSM networks. First, let‘s take a look at a

Classful network, and then redesign the IP address scheme to work with VLSM. Check out

Example Use VLSM technique to subnet the following network topology, Use Network IP

address 192.168.10.0/24

Figure 1.20 : VLSM designing

52

From the Network above, it is required to be broken down into the following smaller subnets

Network A : 14 hosts

Network B : 30 Hosts

Network C ;20 Hosts

Network D : 6 hosts

For WAN link, each has maximum of two hosts

Network E: 2 hosts

Network F: 2 hosts

Network G: 2 Hosts

Network H ; 2 Hosts

Therefore we have total of 8 subnets, each with its own hosts requirement

When subnetting, start with subnet having largest number of hosts going down to subnet having

lower number of hosts

Given Network address 192.168.10.0/24

Start with Network B; 30 hosts

To accommodate 30 Hosts for network B

Find number of bits to be retained in the HOST ID is

5

2 2, 30

30 2 2

2 32

2 2 , 5

h

h

h

h

N N Hosts

h bits

Then for class C, 8 bits-5-bits=3 extra bits, must be transferred to NET PART, making total of

24-bits+3-extra bits=27 network Bits

The Network Address for this network will be 192.168.10.0/27 or 192.168.10.0 255.255.255.224

Subnet Mask: 255.255.255.224

53

Network Address: 192.168.10.0

Valid address range: 192.168.10.1 to 192.168.10.30

Broadcast Address: 192.168.10.31

Next IP address 192.168.10.32/27

Network C: 20 Hosts

Find number of bits to be retained in the HOST ID, proceed as follows

2 2, 20

20 2 2

2 22

22 exp 2,

h

h

h

N N Hosts

cannot be ressed in power of proceed below

Since 2h=22 hosts, is not in the table, take the next higher number from the table which is 2

h=32

2h =2

5

H=5-host-bits to be retained in the Host part

This require 5 number of host bits to be retained In the hosts part, since from the beginning

number of hosts bit retained is still 5, no extra bits to be transferred to the NET part . Then we

will continue to use the next IP address without changing anything in this NETWORK C

The Network Address for this network C will be 192.168.10.32/27 or 192.168.10.32

255.255.255.224

Therefore valid Hosts will be N=2h -2=2

5-2=32-2=30 Valid Hosts

Custom Subnet Mask Address: 255.255.255.224





54

Network A : 14 hosts


4

2 2, 14

14 2 2

2 16

2 2 , 4

h

h

h

h

N N Hosts

h bits

Therefore, 4 bits must be retained in the host part, therefore 5 bits-4 retained bits =1 extra bits,

to be transferred to NET PART, making total of 27-bits+1-extra bit=28 network Bits

The Network Address for this network will be 192.168.10.64/28 or 192.168.10.64

255.255.255.240

Subnet Mask/ custom subnet Mask address: 255.255.255.240





Network D : 6 Hosts


3

2 2, 6

6 2 2

2 8

2 2 , 3

h

h

h

h

N N Hosts

h bits




255.255.255.248


55





Network E : 2 Hosts


2

2 2, 2

2 2 2

2 4

2 2 , 2

h

h

h

h

N N Hosts

h bits




255.255.255.252






Network F : 2 Hosts


2

2 2, 2

2 2 2

2 4

2 2 , 2

h

h

h

h

N N Hosts

h bits

Therefore, 2 bits must be retained in the host part, since the Host PART is having 2 Bits; there

are no extra bits to be transferred to the Net PART

56


255.255.255.252






Network G : 2 Hosts


2

2 2, 2

2 2 2

2 4

2 2 , 2

h

h

h

h

N N Hosts

h bits

Therefore, 2 bits must be retained in the host part, since the Host PART is still having 2 Bits;

there are no extra bits to be transferred to the Net PART


255.255.255.252





Next IP address 192.168.10.100/30

57

Network G : 2 Hosts


2

2 2, 2

2 2 2

2 4

2 2 , 2

h

h

h

h

N N Hosts

h bits

Therefore, 2 bits must be retained in the host part, since the Host PART is still having 2 Bits;

there are no extra bits to be transferred to the Net PART


255.255.255.252





1.25 Introduction to Network Address Translation (NAT)

This was the technique established to conserve Internet global address space by translating your

private inside network addresses to a global outside address.

In NAT terminology, the inside network is the set of networks that are subject to translation. The

outside network refers to all other addresses—usually those located on the Internet

NAT operates on a Cisco router—generally only connecting two networks together—and

translates your private (inside local) addresses within the internal network, into public (inside

global) addresses before any packets are forwarded to another network. This functionality gives

you the option to configure NAT so that it will advertise only a single address for your entire

network to the outside world.

You typically use NAT on a border router. For illustration consider the diagram below, where

NAT should be applied on a corporate router

58

Figure 1.21 : NAT

1.26 Advantages of NAT

It conserve Internet global address space

it also increases network security by hiding internal IP addresses from external network

1.27 Disadvantages of NAT

NAT introduces delay in a router

1.28 Types of Network address Translation

Static NAT

Designed to allow one-to-one mapping between local and global addresses. This

flavor requires you to have one real Internet IP address for every host on your network.

Dynamic NAT

Designed to map an unregistered IP address to a registered IP address from out

of a pool of registered IP addresses. You don‘t have to statically configure your router to

map an inside to an outside address as in static NAT, but you do have to have enough real

IP addresses for everyone who wants to send packets to and from the Internet.

Overloading NAT

Overloading is a form of dynamic NAT that maps multiple unregistered IP addresses to a

single registered IP address (many-to-one) by using different ports. Therefore, it‘s also

known as port address translation (PAT).

59

1.29 How NAT WORKS

Consider the following diagram

Figure 1.22 : NAT operation

In the figure above, the host 10.1.1.1 send an outbound packet to the border router configured

with NAT

The router identify the IP address as an inside Local IP address, destined for the outside network.

The router translated the IP address and documents the translation in the NAT table

The packets is sent to an outside interface with the new translated IP source address

The external hosts returns the packets to the destination hosts and the NAT router translates the

inside global IP address back to the inside local IP address using NAT table

60

1.30 IP Configuration

Is the process of assigning IP addresses to each computer in a network? Basically, there are two

ways of assigning IP addresses to a computer network

i. Static IP configuration

Is the Type of IP configuration, where by an IT personnel is responsible to physically assign an

IP address to each hosts in a computer network. This is a method where an IP addresses is

assigned permanently to a computer, and doesn‘t change with time, and it is this reason, as to

why this method is called STATIC, because once an IP address is assigned to each computer, IP

address will not change, it will be permanent

ii. Dynamic IP configuration

This is a type of IP configuration. Where IP addresses are dynamically assigned to each

host in a computer network using DHCP server. IT personnel is only required to create

Dynamic Host Configuration protocol (DHCP) server in a Router or DNS Server, where

a pool of IP addresses will be defined. Once a host wants to connect to an internet, it will

request an IP addresses from the server in a router or DNS server, depending on where

the server has been defined

Configuration of DHCP protocol server in a CISCO router

Consider the network address 192.160.120.0/24, being subnetted into two subnets. Each subnets

has the host requirements shown in figure below.

Figure 1.23: DHCP protocol server with cisco packet tracer

61

1.31 Router Configuration

Router>en

Router#config t

Router(config)#interface fa 0/0

Router(config-if)#ip address 192.160.120.1 255.255.255.224

Router(config-if)#no shutdown

Router(config-if)#exit

Configuring the DHCP server protocol on subnet1

Router(config)#ip dhcp pool subnet1

Router(dhcp-config)#network 192.160.120.0 255.255.255.224

Router(dhcp-config)#default-router 192.160.120.1

Router(dhcp-config)#ip dhcp excluded-address 192.160.120.2 192.160.120.6

Router(config)#exit

Router#

Router#config t




Router(config-if)#


62

Configuring the DHCP server protocol on subnet2

Router(config)#ip dhcp pool subnet2



Router(dhcp-config)#ip dhcp excluded-address 192.160.120.34 192.160.120.36

Router(config)#exit

Router#

Router con0 is now available

63

CHAPTER TWO

2.0 Routing basics

The term routing is used for taking a packet from one device and sending it through the network

to another device on a different remote network. Routers don‘t really care about hosts—they

only care about networks and the best path to each network.

The router learns about remote networks from neighbor routers or from an administrator. The

router then builds a routing table that describes how to find the remote networks. If a network is

directly connected, then the router already knows how to get to it. If a network isn‘t connected,

the router must learn how to get to the remote network in two ways:

i. By using static routing

Meaning that someone must hand-type all network locations into the routing table.

If a change occurs in the network, the administrator is responsible for updating all

changes by hand into all routers.

ii. By using dynamic routing

In dynamic routing, a protocol on one router communicates with the same protocol

running on neighbor routers. The routers then update each other about all the networks

they know about and place this information into the routing table.

If a change occurs in the network, the dynamic routing protocols automatically inform all

routers about the event.

Typically, in a large network, a combination of both dynamic and static routing is used.

Figure 2.1: Types of Routing configuration

64

2.1 Static Routing

Static routing occurs when you manually add routes in each router‘s routing table. There are pros

and cons to static routing, but that‘s true for all routing processes.

2.2 Advantages of configuring routing table by static Routing

i. There is no overhead on the router CPU, which means you could possibly buy a cheaper

router than if you were using dynamic routing.

ii. There is no bandwidth usage between routers, which means you could possibly save

money on WAN links.

iii. It adds security, because the administrator can choose to allow routing access to certain

networks only.

2.3 Disadvantages of configuring routing table by static routing

i. The administrator must really understand the internetwork and how each router is

connected in order to configure routes correctly.

ii. If a network is added to the internetwork, the administrator has to add a route to it on all

routers—by hand.

iii. It‘s not feasible in large networks because maintaining it would be a full-time job in

itself.

Static Routing Syntax

ip route [destination network] [mask] [next-hop address or exit interface]

[administrative distance ] [permanent]

This list describes each command in the string:

ip route The command used to create the static route.

Destination network The network you‘re placing in the routing table.

Mask The subnet mask being used on the network.

Next-hop address The address of the next-hop router that will receive the packet and

forward it to the remote network.

Administrative distance Is used to measure the trustworthiness of routing information

received on one router from its neighboring router . An AD is an integer from 0-255,

where 0 equals the most trusted route and 255 the least trusted route. A value of 255

means, no traffic is allowed to pass via this route

If a router receives two updates listing same about a remote network, the first thing a

router check is the AD, if one of the advertised routes has lower AD than the other, the

route with lower AD is the one which will be placed in routing table

65

If both advertised routes has the same value of AD, then routing protocols metrics like

hop-count or bandwidth will be used to evaluate the best route

Consider the following table, that indicate default administrative distance

Examples on how to add route by static routing

The 150 at the end changes the default administrative distance (AD) of 1 to 150. No

worries— I‘ll talk much more about AD when we get into dynamic routing. For now, just

remember that the AD is the trustworthiness of a route, where 0 is best and 255 is worst.

Example:

Create routing tables in each router in the following network, use network address

192.160.120.0/24

Note that:

Each routing table automatically includes directly connected networks. To be able to

route to all networks in the internetwork, the routing table must include information that

describes where these other networks are located and how to get there.

66

Figure 2.2: Static routing table configuration

Router configuration in router0

Router>en

Router#config t




Router(config-if)#


Router(config)#ip dhcp pool subnetA



Router(dhcp-config)#exit





Router(config)#ip dhcp pool subnetB




Router(config)#interface serial 0/0/0

67


Router(config-if)#clock rate 64000

Router(config-if)#bandwidth 64



Router(config)#exit

Router#

Exit

Configuration in router1

Router>en

Router#config t





Router(config)#ip dhcp pool subnetC








ip dhcp pool subnetD










68

Router(config)#

Router(config)#exit

Router#exit

2.4 Creating routing table for each router By static Routing

By default, each outer includes directly connected networks in its routing table, except remote

networks

Example for a router0, use the CLI command ‗show ip route‘, the router will contains only

directly connected subnets, A and B only as shown below

Figure 2.3 : Verifying directly connected routes in a router

Now to add the two remote sub networks C and D in routing table of a router0 by static

routing, proceed as follows

Router>en

Router#config t

Router(config)#ip route 192.160.120.64 255.255.255.240 192.160.120.90


Router(config)#exit

In this case, two remotes subnets will be automatically added to the routing table. By

using again ‗sh ip route ‗command, you will see the routes has been automatically added

to the routing table as shown below

69

Figure 2.4 : Verifying directly connected routes in router

Configuring the routing table in Router1

For a router1, use the CLI command ‗show ip route‘, the router will contains only

directly connected subnets, C and D only as shown below

Figure 2.5: Verifying routing table in a routers

Now to add the two remote sub networks A and B in routing table of a router0 by static

routing, proceed as follows

Router>en

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.



70

Router(config)#exit

In this case, two remotes subnets will be automatically added to the routing table. By

using again ‗sh ip route ‗command, you will see the routes has been automatically added

to the routing table as shown below

Figure 2.6 : Verifying routing table in a router

2.5 Dynamic Routing

Dynamic routing is when protocols are used to find networks and update routing tables on

routers. True—this is easier than using static, but it‘ll cost you in terms of router CPU processes

and bandwidth on the network links.

A routing protocol defines the set of rules used by a router when it communicates routing information

between neighbor routers.

2.6 Classes Dynamic routing protocols

There are three classes of routing protocols:

a) Distance vector

The distance-vector protocols find the best path to a remote network by judging distance. Each

time a packet goes through a router, that‘s called a hop. The route with the least number of hops

to the network is determined to be the best route

b) Link state

In link-state protocols, also called shortest-path-first protocols, the routers each

create three separate tables. One of these tables keeps track of directly attached

neighbors, one determines the topology of the entire internetwork, and one is used as the

routing table

71

Link state routers know more about the internetwork than any distance-vector routing protocol.

OSPF is an IP routing protocol that is completely link state. Link state protocols send updates

containing the state of their own links to all other routers on the network.

c) Hybrid

Hybrid protocols use aspects of both distance vector and link state

2.7 Types of dynamic routing protocols

Dynamic routing protocols used in today internet are divided into following ways according to

the figure below

Figure 2.3 : Types of dynamic routing protocol

Keys:

IGP: Interior gateway protocol

EGP: exterior gateway protocol

RIPV1&2: Routing information protocol Version 1 & 2

IGRP: Interior gateway routing protocols

OSPF; open shortest path first

72

INTERIOR GATEWAY PROTOCOLS (IGP)

These are used to exchange routing information between routers that are under same

Autonomous system

Autonomous system is a collection of networks that are under same Administrative domains

All routers in same Autonomous system, will have same routing table

EXTERIOR GATEWAY PROTOCOLS (EGP)

These are used to communicate routing information that are under multiple Autonomous system

2.8 Routing information protocol (RIP)

Routing Information Protocol (RIP) is a true distance-vector routing protocol. It sends the

complete routing table out to all active interfaces every 30 seconds. RIP only uses hop count to

determine the best way to a remote network, but it has a maximum allowable hop count of 15 by

default, meaning that 16 is deemed unreachable

RIP works well in small networks, but it‘s inefficient on large networks with slow WAN links or

on networks with a large number of routers installed.

There are two type of RIP protocol

i. RIPV1

RIP version 1 uses only classful routing, which means that all devices in the

network must use the same subnet mask.

This is because RIP version 1 doesn‘t send updates with subnet mask information

in tow.

ii. RIPV2

RIP version 2 provides something called prefix routing, and does send subnet

mask information with the route updates. This is called classless routing.

2.9 Configuring RIP Routing

To configure RIP routing, just turn on the protocol with the router rip command and tell the RIP

routing protocol which networks to advertise. That‘s it. Let‘s configure our previous computer

network

Note: remember RIPV1 is a Classful IP routing, so whenever is applied, remember all network

should have same subnet mask

Now construct the following network in a packet tracer, the configure the whole network,

the at last configure the routing table using RIPV1 protocol

73

Figure 2.4 :Configuring RIP protocol

Configuration In Router0

Router>en

Router#config t




Router(config-if)#












Router(config)#exit

74

Router>en

Router#config t

Router(config)#router rip

Router(config-router)#network 192.160.120.0


Router(config-router)#exit

Router(config)#exit


Router>en

Router#config t






Router(config-if)# exit







Router(config)#exit

Router#exit

Router>en

Router#config t





Router(config)#exit

Router# exit

75

Configuration in Router2

Router>en

Router#config t













Router(config)#exit

Router#exit

Router>en

Router#config t





Router(config)#exit

Router#exit


Router>en

Router#config t







76

Router(config)#interface

Router(config)#interface fa 192.160.124.1 255.255.255.0

^




Router(config-if)#


Router(config)#ip dhcp pool SubnetE




Router(config)#exit

Router#

Router#exit

Router>en

Router#config t





Router(config)#exit

Router#exit

77

Applying RIP routing protocol in a network that has been subnetted in a Classful

Given the following computer network, with network address 192.160.120.0/27,

subnetted as shown below

Figure 2.5 : Applying RIP in Classful addressing


Router>en

Router#config t

















78



Router(config)#ip dhcp pool subnetB




Router(config)#exit

Router#exit

Note that, in a Classful subnetting, You would only need to type in the Classful network

address of 192.160.120.0 and let RIP find the subnets and place them in the routing table.

As shown below

Router>en

Router#config t




Router(config)#exit

Router configuration in router1

Router>en

Router#config t











Router(config)#ip dhcp pool subnetE






79


Router(config-if)#

Router(config)#ip dhcp pool subnetD




Router(config)#exit

Remember again, in a Classful subnetting, You would only need to type in the Classful

network address of 192.160.120.0 and let RIP find the subnets and place them in the

routing table. As shown below

Router>en

Router#config t




Router(config)#exit

So while yes, it‘s true that RIP has worked really well in our little internetwork, it‘s not the

solution for every enterprise. That‘s because this technique has a maximum hop count of only 15

(16 is deemed unreachable) and it performs full routing-table updates every 30 seconds, both

things that can wreak havoc in a larger internetwork.

2.10 Holding Down RIP Propagations

You probably don‘t want your RIP network advertised everywhere on your LAN and WAN.

There‘s not a whole lot to be gained by advertising your RIP network to the Internet, here are a

few different ways to stop unwanted RIP updates from propagating across your LANs and

WANs. The easiest one is through the passive-interface command.

This command prevents RIP update broadcasts from being sent out a defined interface, but that

same interface can still receive RIP updates.

Here‘s an example of how to configure a passive-interface on a router:

Lab_A#config t

Lab_A(config)#router rip

Lab_A(config-router)#network 192.168.10.0

Lab_A(config-router)#passive-interface serial 0/0

This command will stop RIP updates from being propagated out serial interface 0, but serial

interface 0 can still receive RIP updates.

80

2.11 RIP Version 2 (RIPv2)

RIP version 2 is mostly the same as RIP version 1. Both RIPv1 and RIPv2 are distance-vector

protocols, which means that each router running RIP sends its complete routing tables out all

active interfaces at periodic time intervals.

But RIPV1 is a Classful protocol while RIPV2 is a classless routing, because it support VLSM.

Both versions are Open standard because they can be used by any brand of router.

Disadvantages of rip, as a routing protocol

RIP just requires too much bandwidth, making it pretty intensive to use in your network.

Configuring RIPv2 is pretty straightforward. Here‘s an example:

Lab_C(config)#router rip

Lab_C(config-router)#network 192.168.40.0

Lab_C(config-router)#network 192.168.50.0

Lab_C(config-router)#version 2

2.12 Interior Gateway Routing Protocol (IGRP)

Interior Gateway Routing Protocol (IGRP) is a Cisco-proprietary distance-vector routing

protocol. This means that to use IGRP in your network, all your routers must be Cisco routers.

Cisco created this routing protocol to overcome the problems associated with RIP. We can say

that IGRIP is not open standard as RIPV1 & RIPV2

81

2.13 Advantages of IGRIP over RIP

IGRP has a maximum hop count of 255 with a default of 100. This is helpful in larger

networks and solves the problem of 15 hops being the maximum possible in a RIP

network

IGRP also uses a different metric than RIP. IGRP uses bandwidth and delay of the line as

a metric for determining the best route to an internetwork.

2.14 Configuring IGRP Routing

The command used to configure IGRP is the same as the one used to configure RIP routing with

one important difference: you use an autonomous system (AS) number. All routers within an

autonomous system must use the same AS number, or they won‘t communicate with routing

information.

Here‘s how to turn on IGRP routing:

Lab_A#config t

Lab_A(config)#router igrp 10

Lab_A(config-router)#network 192.168.10.0

Notice that the configuration in the above router commands is as simple as in RIP routing

except that IGRP uses an AS number. This number advertises only to the specific routers you

want to share routing information with.

2.15 Open Shortest Path First (OSPF) Basics

Open Shortest Path First (OSPF) is an open standards routing protocol that‘s been implemented

by a wide variety of network vendors, including Cisco. if you have multiple routers

and not all of them are Cisco, then only remaining options for configuring routing table in

routers are basically RIPv1, RIPv2, or OSPF. If it‘s a large network, then, really, your only

options are OSPF

OSPF is the first link-state routing protocol that most people are introduced to

OSPF provides the following features:

Consists of areas and autonomous systems

Minimizes routing update traffic

Allows scalability

Supports VLSM/CIDR

Has unlimited hop count

Allows multi-vendor deployment (open standard)

OSPF is supposed to be designed in a hierarchical fashion, which basically means that you

can separate the larger internetwork into smaller internetworks called areas. This is the best

design for OSPF.

82

The reasons for creating OSPF in a hierarchical design include:

To decrease routing overhead

To speed up convergence

To confine network instability to single areas of the network

This does not make configuring OSPF easier, but more elaborate and difficult. Figure below

shows a typical OSPF simple design.

Notice how each router connects to the backbone—called area 0, or the backbone area. OSPF

must have an area 0, and all routers should connect to this area if at all possible, but routers that

connect other areas to the backbone within an AS are called Area Border Routers

Figure 2.6 : OSPF System

OSPF runs inside an autonomous system, but can also connect multiple autonomous systems

together. The router that connects these ASes together is called an Autonomous System

Boundary Router (ASBR).

83

CHAPTER THREE

3.0 Routing and switching

3.1 Layer 2 Switching

When we discuss switching, we‘re talking about layer 2switching unless we say otherwise. Layer

2 switching is the process of using the hardware address of devices on a LAN to segment a

network. Switching breaks up large collision domains into smaller ones, and that a collision

domain is a network segment with two or more devices sharing the same bandwidth. A hub

network is a typical example of this type of technology

3.2 Differences between HUB and Switch as layer 2 switching devices

HUB

This refers to the device that connects all the segments in the star topology Ethernet network

Every device in the network connects to the HUB through a single port, and is used to connects

multiple devices without segmenting the network

3.3 What is Network Segmentation?

Network segmentation in computer networking is the act or profession of splitting a

computer network into sub networks, each being a network segment. Advantages of such

splitting are primarily for boosting performance and improving security.

3.4 Advantages of Network Segmentation

Reduced congestion: Improved performance is achieved because on a segmented

network there are fewer hosts per sub network, thus minimizing local traffic

Improved security: Broadcasts will be contained to local network. Internal network

structure will not be visible from outside

Containing network problems: Limiting the effect of local failures on other parts of

network

Therefore, for the HUB as the networking devices, any transmission received on one port,

will be sent out to the all other ports in the HUB, including the receiving pair of the

transmitting devices, so that carrier sense multiple access with collision detection

(CSMA/CD), on the transmitter can monitor the collision

A collision domain is a section of a network where data packets can collide with one another

when being sent on a shared medium or through repeaters, particularly when using early

versions of Ethernet. A network collision occurs when more than one device attempts to send

a packet on a network segment at the same time. Collisions are resolved using carrier sense

multiple access with collision detection (CSMA/CD) in which the competing packets are

discarded and re-sent one at a time. This becomes a source of inefficiency in the network.[1]

https://en.wikipedia.org/wiki/Computer_networking

https://en.wikipedia.org/wiki/Subnetwork

https://en.wikipedia.org/wiki/Network_segment

https://en.wikipedia.org/wiki/Data_packet

https://en.wikipedia.org/wiki/Collision_%28telecommunications%29

https://en.wikipedia.org/wiki/Shared_medium

https://en.wikipedia.org/wiki/Repeater

https://en.wikipedia.org/wiki/Ethernet

https://en.wikipedia.org/wiki/Carrier_sense_multiple_access_with_collision_detection

https://en.wikipedia.org/wiki/Carrier_sense_multiple_access_with_collision_detection

https://en.wikipedia.org/wiki/Collision_domain#cite_note-Lammle-1

84

It is important to note that, HUBS are just like the repeaters, which lack the intelligence

because, a broadcast sent out by any device on the HUB will be propagated to all other

devices connected to the HUB and this phenomena leads to the potential increasing of

collision in the LAN network. Hence HUBS are not suggested in todays networks for this

reason

A switch

Switch connects multiple segments together, much like the HUBS do, but with three

significant differences. A is more intelligent by recognizing the frame and pay attention to

the source and destination MAC address of the incoming frame as well as the port in which

the frame was received

HUBS don‘t do these things, they simply send out anything they receive on one port to all

other ports including the receiving port

So if a switch determines that, a frame final destination happens to be on one segment that‘s

connected via a different port than the one on which the frame was received , the switch will

only forward the frame out form the specific port on which the destination MAC address is

located

If the switch can‘t figure out the location of the frame destination, it will flood the frame out

every port except the one on which the frame port was received

Switches are layer 2 devices, which mean they segment the network with MAC address. IF

you see the term layer 3 switch, that means you are talking about the router, not a layer 2

switch. Consider the figure below, it shows , the differences between HUBS and switches in

segmenting the network

3.5 What is collision Domains?

A collision domain is, as the name implies, a part of a network where packet collisions can

occur. A collision occurs when two devices send a packet at the same time on the shared network

segment. The packets collide and both devices must send the packets again, which reduces

network efficiency. Collisions are often in a hub environment, because each port on a hub is in

the same collision domain. By contrast, each port on a bridge, a switch or a router is in a separate

collision domain.

85

The following example illustrates collision domains.

Figure 3.1 : Collision Domains

Unlike bridges which uses software to create and manage filter table (routing table for a switch),

switches use hardware called ASIC (Application specific integrated circuit), to accomplish this.

Layer 2 switches and bridges are faster than routers because they don‘t take up time to look up at

the network layer header information‘s, instead they look at the frames hardware‘s addresses

before deciding to forward, flood or drop the frame

Switches create private, dedicated collisions domains and provide independent bandwidth on

each port, unlike hubs

3.6 Advantages of using layer 2 switching (Switches)

Hardware based bridging (ASIC)

Wire speed

Low latency

Low cost

3.7 Bridges versus switching

Here are some significant similarities and difference between Bridges and switches

Bridges are software based while switches are hardware based switching devices

A switch can be viewed as a multiport bridges

Switches have higher number of ports than bridges

Both switches and bridges forward layer 2 broadcasts

86

3.8 Three function of switches at layer 2

There are three basic function of switches at layer 2

Address learning

Layer 2 devices, such as bridges and switches have the ability of learning addresses, i.e. they

remember source MAC addresses (Physical address) of each frame received on an interface and

enter this information into a MAC database known as forward filter table. But when the switch is

at first switched ON, always the forward filter table is empty as shown below

Figure 3.2 : Addressing learning

When a computer in a network transmit , and an interface of the switch receives the frame, the

switch place the frame‘s source MAC address forward or filter table, which allows it to

remember which interface the sending device is located on. The switch then has no choice but to

flood the network with this frame out of every port except the source port, because it has no idea

where the destination device is actually located

If a device answer to this flooded frame and sends a frame back , then the switch will take the

sources address from that frame and place the MAC address in its database as well, thereby

associating the newly discovered address with the interface that received the frame. Because now

the switch has both of relevant MAC address in its filtering table. The two devices can now make

point to point connection. The switch doesn‘t need to flood the frame as it did the first time

because now the frame can and will be forwarded only between the two devices recorded in the

table. This is exactly the thing that makes layer two switches better than HUBS, because in

HUBS networks, all the frame are forwarded out to all ports every time no matter what

The above procedures, a switch have to go through in order to learn the other MAC address of

the remain HOST attached to the remaining interface

87

Forward filter decision

When a frame arrives at a switch interface, the destination address is compared to the forward /

filter MAC database and a switches makes a forward/filter decision. In other words, if the

destination hardware address is known (Listed in the database), the frame will be sent out only to

the specified exit interface. The switch will not transmit the frame out any exit interface except

the destination interface

The process of not transmitting frame to other interface except the destination interface is called

FRAME FILTERING.

Frame filtering has advantages of preserving bandwidth to the interfaces through which the

frame is not sent

So by default, if a host or server sends out the broadcast on the LAN, the switch will flood the

frame out all active ports except the source port. Remember, switch creates small collision

domains, but still one large broadcast domain by default

Loop avoidance

Redundant links between switches are very wise thing to implement because they help prevent

complete network failure in the event that one link stop working. But these redundant links have

disadvantages , because the frame can be flooded down all redundant links simultaneous

creating loops. Here are the few problems caused by these loops, especially when no mechanism

to avoid these loop has been placed

3.9 Disadvantages of loop in LAN network

i. Broadcast Storm

This is a process where The switch will flood the broadcast endlessly throughout the

internetwork. In real life, it is often referred to as , something that were to permitted to repeat in

print. The figure below illustrate how broadcast can be propagated throughout the internetwork

Figure 3.3 : Broadcast storms

Pay attention to how a frame is continuously being flooded through the internetwork physical

network media

88

ii. Slowing down the network

What you see here, is that a device receives, multiple copies of the same frame, because that

frame can arrive from different segments at the same time. Figure below demonstrates how a

bunch of frame can arrive from multiple segments simultaneously

A server from a router in the figure, sends a unicast frame to router C. because it is a unicast

frame, switch A forward the frame, and switch B provides the same services by forwarding this

unicast frame

This is really bad, because the router C, receives the unicast frame twice, causing additional

overhead in the network

Figure 3.4 : Loop slows down the network

iii. Thrashing The MAC address filter table

This is a phenomenon where the switch is cough up in constantly updating the MAC address

filter table with the source hardware address locations that it might fail to forward the frame.

This happens because, the switch can receive the frame from more than one link.

iv. Multiple loops propagating in the network can leads to the failure of the switch to

perform its frame switching task especially when the broadcast storms happens

3.10 How to remove Network loops on layer 2 switching networks

In order to stop loop from keep occurring across layer 2 switching network (network that

involves bridges and switches), a special protocol, called spanning tree protocol (STP) must be

employed. It achieves this feat, by vigilantly monitoring the network to find all links and making

sure that, no loops occur by shutting down any redundant one

STP uses spanning tree algorithm (STA), to first create a topology database, and the search out

and destroys redundant links. With STP running, frames will be forwarded only on the premium

STP picked links

89

3.11 What is broadcast Domains?

Broadcast domain

A broadcast domain is a domain in which a broadcast is forwarded. A broadcast domain contains

all devices that can reach each other at the data link layer (OSI layer 2) by using broadcast. All

ports on a hub or a switch are by default in the same broadcast domain. All ports on a router are

in the different broadcast domains and routers don't forward broadcasts from one broadcast

domain to another.

The following example clarifies the concept.

-

Figure 3.5 : Broadcast domains

Switches truly have changed the way networks are designed and implemented. If a pure switched

design is properly implemented, it absolutely will result in a clean, cost-effective, and resilient

internetwork. In this chapter, we‘ll survey and compare network design before and after

switching technologies were introduced.

3.12 Before Layer 2 Switching

Let‘s go back in time a bit and take a look at the condition of networks before switches and how

switches have helped segment the corporate LAN

Before LAN switching, the typical network design looked like the network as shown in figure

below

90

Figure 3.6 : Hub Network

Here you can see that each network was attached with a hub port to the router (each segment also

had its own logical network number, though this is not obvious from the figure). Each node

attached to a particular physical network had to match that network number in order to be able to

communicate on the internetwork. Notice that each department had its own LAN, so if you

needed to add new users to Sales, for example, you would just plug them into the Sales LAN and

they would automatically be part of the Sales collision and broadcast domain. This design really

did work well for many years.

By default, switches break up collision domains and routers break up broadcast domains.

3.13 Disadvantages of network before layer 2 switching (Flat network)

A flat internetwork‘s security used to be tackled by connecting hubs and switches together with

routers. So it was basically the router‘s job to maintain security. This arrangement was pretty

ineffective for several reasons

First, anyone connecting to the physical network could access the network resources

located on that physical LAN.

Second, all anyone had to do to observe any and all traffic happening in that network was

to simply plug a network analyzer into the hub.

Third, in that same vein, users could join a workgroup by just plugging their workstations

into the existing hub. So basically, this was non-security!

This is why VLANs are so cool. By building them and creating multiple broadcast groups,

administrators can now have control over each port and user! The days when users could just

plug their workstations into any switch port and gain access to network resources are history,

because the administrator is now awarded control over each port and whatever resources that

port can access.

But devices called bridges did, and they were first used in the network to break up collision

domains. Bridges were sorely limited by the amount of ports and other network services they

could provide, and that‘s when layer 2 switches came to the rescue. These switches saved the day

91

by breaking up collision domains on each and every port—like a bridge, and switches could

provide hundreds of ports!

3.14 Virtual Local Area Network (VLAN’s)

A VLAN is a logical grouping of network users and resources connected to administratively

defined ports on a switch. We can break up broadcast domains in a pure switched internetwork,

By creating a virtual local area network (VLAN).

When you create VLANs, you are given the ability to create smaller broadcast domains within a

layer 2 switched internetworks by assigning different ports on the switch to different sub

networks. A VLAN is treated like its own subnet or broadcast domain, which means that frames

broadcast onto the network are only switched between the ports logically grouped within the

same VLAN.

By default, no hosts in a specific VLAN can communicate with any other hosts that are members

of another VLAN, so if you want inter-VLAN communication, the router will be needed

VLAN Basics

As shown in Figure below, layer 2 switched networks are typically designed as flat networks.

Every broadcast packet transmitted is seen by every device on the network, regardless of whether

the device needs to receive that data. By default, routers allow broadcasts only within the

originating network, but switches forward broadcasts to all segments. The reason it‘s called a flat

network is because it‘s one broadcast domain, not because its actual design is physically flat.

Figure 3.7 : Layer 2 switching

We see Host A sending a broadcast and all ports on all switches forwarding this broadcast,

except the port that originally received it.

92

Now look at Figure below, which pictures a switched network. It shows Host A sending a frame

with Host D as its destination, and as you can see, that frame is only forwarded out the port

where Host D is located. This is a huge improvement over the old hub networks, unless having

one collision domain by default is what you really want.

Figure 3.8 : Layer 2 switching

3.15 Advantages of layer 2 switched network

It creates individual collision domain segments for each device plugged into each port on the

switch. This scenario frees us from the Ethernet distance constraints, so now larger networks can

be built.

3.16 Disadvantages of a layer 2 switched network

It creates the larger the number of users and devices, hence, the more broadcasts and packets

each switch must handle!

Also, the security issue is very little, because all users can see all devices by default. And you

can‘t stop devices from broadcasting, nor users from trying to respond to broadcasts

3.17 How layer 2 switched networks can be solved?

Layer2 switched network can disadvantages can only be solved by creating VLANS. You can

solve many of the problems associated with layer 2 switching with VLANs

93

3.18 Advantages of VLANS

Network adds, moves, and changes are achieved by configuring a port into the

appropriate VLAN.

A group of users needing high security can be put into a VLAN so that no users outside

of the VLAN can communicate with them.

As a logical grouping of users by function, VLANs can be considered independent from

their physical or geographic locations.

VLANs can enhance network security.

VLANs increase the number of broadcast domains while decreasing their size. This leads

to less bandwidth consumed in the network

Another advantage is that when a VLAN gets too big, you can create more VLANs to

keep the broadcasts from consuming too much bandwidth—the fewer users in a VLAN,

the fewer users affected by broadcasts

VLANS removes physical boundary (Location), of the users in the same VLAN. i.e.

users can be physically located differently but they will still be under same VLAN

Since switches have become more cost-effective lately, many companies are replacing their flat

hub networks with a pure switched network and VLAN environment. All devices in a VLAN are

members of the same broadcast domain and receive all broadcasts. The broadcasts, by default,

are filtered from all ports on a switch that are not members of the same VLAN. This is great

because it offers all the benefits you gain with a switched design without the serious

anguish you would experience if all your users were in the same broadcast domain!

If you were paying attention to what you‘ve read so far, you know that layer 2 switches only read

frames for filtering—they don‘t look at the Network layer protocol. And by default, switches

forward all broadcasts. But if you create and implement VLANs, you‘re essentially creating

smaller broadcast domains at layer 2.

This means that broadcasts sent out from a node in one VLAN won‘t be forwarded to ports

configured to be in a different VLAN. So by assigning switch ports or users to VLAN groups on

a switch or group of connected switches, you gain the flexibility to add only the users you want

into that broadcast domain regardless of their physical location.

Consider the figure below that is representing VLAN implementation in order to reduce

disadvantages of flat internetworks (HUB networks

94

Figure 3.9 : VLAN’s Implementation

Figure above shows how six VLANs (numbered 2 through 7) were used to create a broadcast

domain for each department. Each switch port is then administratively assigned a VLAN

membership, depending on the host and which broadcast domain it must be in.

So now, if I needed to add another user to the Sales VLAN (VLAN 7), I could just assign the

port used to VLAN 7, regardless of where the new Sales team member is physically located—

nice! This illustrates one of the sweetest advantages to designing your network with VLANs over

the old collapsed backbone design. Now, cleanly and simply, each host that needs to be in the

Sales VLAN is merely assigned to VLAN 7.

Each VLAN is considered a broadcast domain, so it must also have its own subnet number, as

shown in Figure above. The nodes within each VLAN can communicate with each other, but not

with anything in a different VLAN, in order for a node to communicate to a node or host on a

different VLAN, a router (layer 3 switching device) must be used

3.19 VLAN’s Membership

VLANs are usually created by an administrator, who then assigns switch ports to each VLAN.

Such a VLAN is called a static VLAN. If the administrator wants to do a little more work up front

and assign all the host devices‘ hardware addresses into a database, the switches can be

configured to assign VLANs dynamically whenever a host is plugged into a switch. This is

called a dynamic VLAN.

95

3.20 Types of VLAN configuration

Static VLAN

Static VLANs are the usual way of creating VLANs, and they‘re also the most secure. The

switch port that you assign a VLAN association to always maintain that association until an

administrator manually changes that port assignment.

This type of VLAN configuration is comparatively easy to set up and monitor, and it works well

in a network where the movement of users within the network is controlled. And although it can

be helpful to use network management software to configure the ports, it‘s not mandatory.

Remember that in VLAN network, each host must also have the correct IP address information.

For example, each host in VLAN 2 from previous figure must be configured into the

172.16.20.0/24 network. It is also important to remember that, if you plug a host into a switch,

you must verify the VLAN membership of that port. If the membership is different than what is

needed for that host, the host will not be able to reach the needed network services, such as a

workgroup server.

Dynamic VLAN

A dynamic VLAN determines a node‘s VLAN assignment automatically. Using intelligent

management software, you can base VLAN assignments on hardware (MAC) addresses,

protocols, or even applications to create dynamic VLANs.

It‘s up to you! For example, suppose MAC addresses have been entered into a centralized VLAN

management application. If a node is then attached to an unassigned switch port, the VLAN

management database can look up the hardware address and assign and configure the switch port

to the correct VLAN.

3.21 Routing between VLAN’s

Hosts in a VLAN live in their own broadcast domain and can communicate freely. VLANs

create network partitioning and traffic separation at layer 2 of the OSI, and as I said when I told

you why we still need routers, if you want hosts or any other IP-addressable device to

communicate between VLANs, a layer 3 device is absolutely necessary.

For this, you can use a router that has an interface for each VLAN or a router that supports ISL

routing. The least expensive router that supports ISL routing is the 2600 series router. The 1600,

1700, and 2500 series don‘t support ISL routing.

96

Figure 3.10 : Routing between VLAN’s

As you can see from previous diagram, Router connecting three VLANs together for inter-

VLAN communication, one interface for each VLAN.

3.22 Configuring VLANS

Configuring VLANs is actually pretty easy. Figuring out which users you want in each VLAN is

not. It‘s super time-consuming, but once you‘ve decided on the number of VLANs you want to

create, and established the users you want to belong to each one, it‘s time to bring your first

VLAN into existence!

Use packet tracer, with a cisco switch 2950, with 24 ports. Place a cisco switch 2950, on a

working window of a packet tracer, then using CLI commands, create three VLAN on the

switch, then name them sales, marketing and mis department

Switch>en

Switch#config t


Switch(config)#vlan 2

Switch(config-vlan)#name sales

Switch(config-vlan)#exit


Switch(config-vlan)#name marketing



97

Switch(config-vlan)#name mis


Switch(config)#exit

After you create the VLANs that you want, you can use the show vlan command to see them.

But notice that by default, all ports on the switch are in VLAN 1. To change the VLAN

associated with a port, you need to go to each interface and tell it which VLAN to be a part of.

Figure 3.11 Verifying VLAN’s in a switch

Remember that a created VLAN is unused until it is assigned to a switch port or ports, and that

all ports are always assigned in VLAN 1 unless set otherwise.

You can‘t change, delete, or rename VLAN 1, because it‘s the default VLAN and you just can‘t

change that—period. It‘s the native VLAN of all switches by default, and Cisco recommends

that you use this as your administrative VLAN. Native VLAN basically means that any packets

that aren‘t specifically assigned to a different VLAN will be sent down the native VLAN.To see

the VLAN database, use the show vlan command or the show vlan brief command:

98

Assigning switch ports to VLAN‘s

By using same type of cisco switch 2950, we can assign switch ports to three VLAN‘s we

created before, i.e. sales, marketing and mis department as follows, using CLI commands

Switch#config t


Switch(config)#int f0/2

Switch(config-if)#switchport access vlan 2

Switch(config-if)#int f0/3


Switch(config-if)#int f0/4


Switch(config-if)#exit

Switch(config)#exit

Switch#

If you want to verify your configuration, just use the show vlan or show vlan brief command to

show you the VLANs with port assignments:

Figure 3.12 : Verifying VLAN’s in a Swicth

99

Trunk links Trunks can carry multiple VLANs and originally gained their name after the

telephone system trunks that carry multiple telephone conversations.

Configuring Trunk ports

On the 2950, you use the switchport command:

Switch#config t

Switch(config)#int f0/12

Switch(config-if)#switchport mode trunk

Switch(config-if)#exit

Switch(config)#exit

You can verify your configuration with the show running-config command:

Figure 3.13 : Verifying VLAN’s membership

Let‘s take a look at Figure below and see what we can determine by looking at it. This figure

shows three VLANs, with two hosts in each of them.

100

Figure 3.14 : VLAN network

The router in Figure above is connected to the fa0/1 switch port, and VLAN 2 is configured on

port f0/6. Looking at the diagram, these are the things that Cisco expects you to know:

1. The router is connected to the switch using sub interfaces.

2. The switch port connecting to the router is a trunk port.

3. The switch ports connecting to the clients and the hub are access ports, not trunk ports.

The configuration of the switch would look something like this:

Draw the above networks in packet tracer

Figure 3.15 : Packet tracer network

101

CLI commands for VLAN will be as follows

Switch>en

Switch#config t

Switch(config)#hostname 2950

2950(config)#int f0/1

2950(config-if)#switchport mode trunk //creating f0/1 as a trunk mode

// no need to create VLAN 1 because, it is already created by default

2950(config-if)#int f0/2

2950(config-if)#switchport access vlan 1

2950(config-if)#int f0/3


// VLAN 3, must be created before assigning it

2950(config-if)#vlan 3 //creating VLAN3

2950(config-vlan)#exit

// assigning switch port to VLAN3





// creating VLAN2 before assigning switch port to it

2950(config-if)#vlan 2


//assigning switch port to VLAN 2

102



2950(config-if)#exit

2950(config)#exit

2950#

Before we configure the router, we need to design our logical network for all the three VLAN‘s

we created as follows. Use the network IP address 192.168.10.0/24

VLAN 1: 192.168.10.16/28

VLAN 2: 192.168.10.32/28

VLAN 3: 192.168.10.48/28

The configuration of the router would then look like this:

Router>en

Router#config t

Router(config)#int fa 0/0

Router(config-if)#no ip address


Router(config-if)#

//specifying subinterfaces/ default gateway of each VLAN in the router

Router(config-if)#int f0/0.1

Router(config-subif)#encapsulation dot1q 1

Router(config-subif)#ip address 192.168.10.17 255.255.255.240

Router(config-subif)#int f0/0.2


103


Router(config-subif)#int fa0/0.3



Router(config-subif)#exit

Router(config)#exit

Router#exit

The hosts in each VLAN would be assigned an address from their subnet range, and the default

gateway would be the IP address assigned to the router‘s sub interface in that VLAN.

Figure below shows a router connected to a 2950 switch with two VLANs. One host in each

VLAN is assigned an IP address. What are your router and switch configurations based on these

IP addresses?

Figure 3.16 : VLAN’s network

Since the hosts don‘t list a subnet mask, you have to look for the number of hosts used in each

VLAN to figure out the block size. VLAN 1 has 85 hosts and VLAN 2 has 115 hosts. Each of

these will fit in a block size of 128, which is a /25 mask or 255.255.255.128.

104

You should know by now that the subnets are 0 and 128, and the 0 subnet (VLAN 1) has a host

range of 1–126 and the 128 subnet (VLAN 2) has a range of 129–254. You can almost be fooled

since Host A has an IP address of 126, which makes it almost seem that Host A and B are in the

same subnet

Now, draw the above networks in cisco packet tracer

Figure 3.17 : VLAN network

Here is the switch configuration

Switch>en

Switch#config t

Switch(config)#hostname 2950

2950(config)#int fa0/1

2950(config-if)#switchport mode trunk

2950(config-if)#int fa0/2


2950(config-if)#vlan 2


2950(config)#int fa0/3

105


2950(config-if)#exit

2950(config)#exit

Here is the router configuration:

Router>en

Router#config t

Router(config)#int fa0/0



Router(config-if)#int fa0/0.1

Router(config-subif)#



Router(config-subif)#int fa0/0.2

Router(config-subif)#




Router(config)#exit

Router#

Router#exit

106

Setting IP address on a switch

Since VLAN 1 is typically the administrative VLAN, we‘ll use an IP address from that pool of

addresses. Here‘s how to set the IP address of the switch:

2950#config t

2950(config)#int vlan 1

2950(config-if)#ip address 172.16.10.2 255.255.255.128

2950(config-if)#no shutdown

Yes, you have to do a no shutdown on the VLAN interface.

3.23 VLAN Trunking Protocol (VTP)

The basic goals of VLAN Trunking Protocol (VTP) are to manage all configured VLANs across a

switched internetwork and to maintain consistency throughout that network. VTP allows an

administrator to add, delete, and rename VLANs—information that is then propagated to all

other switches in the VTP domain.

3.24 Advantages of VTP

Consistent VLAN configuration across all switches in the network

VLAN Trunking over mixed networks, such as Ethernet to ATM LANE or even FDDI

Accurate tracking and monitoring of VLANs

Dynamic reporting of added VLANs to all switches in the VTP domain

Plug-and-Play VLAN adding

But before you can get VTP to manage your VLANs across the network, you have to create a

VTP server. All servers that need to share VLAN information must use the same domain name,

and a switch can be in only one domain at a time. So this means that a switch can only share

VTP domain information with other switches if they‘re configured into the same VTP domain.

You can use a VTP domain if you have more than one switch connected in a network, but if

you‘ve got all your switches in only one VLAN, you don‘t need to use VTP. VTP information is

sent between switches via a trunk port.

VTP information is sent between switches via a trunk port. Switches advertise VTP-management

domain information, as well as a configuration revision number and all known VLANs with any

specific parameters. And there‘s also something called VTP transparent mode. In it, you can

configure switches to forward VTP information through trunk ports, but not to accept

information updates or update their VTP databases.

107

Switches detect the additional VLANs within a VTP advertisement and then prepare to receive

information on their trunk ports with the newly defined VLAN in tow. Updates are sent out as

revision numbers that are the notification plus 1. Any time a switch sees a higher revision

number, it knows the information that it‘s receiving is more current, and it will overwrite the

current database with that new information.

3.25 VTP modes of operation

There are three different modes of operation within a VTP domain. Figure below shows you all three:

Server This is the default for all Catalyst switches. You need at least one server in your VTP

domain to propagate VLAN information throughout the domain. The switch must be in server

mode to be able to create, add, or delete VLANs in a VTP domain. Changing VTP information

must also be done in server mode, and any change made to a switch in server mode will be

advertised to the entire VTP domain

Client In client mode, switches receive information from VTP servers, and they also send and

receive updates. But they can‘t make any changes. Plus, none of the ports on a client switch can

be added to a new VLAN before the VTP server notifies the client switch of the new VLAN.

Its also good to know that VLAN information sent from a VTP server is not stored in NVRAM.

This means that if the switch is reset or reloaded, the VLAN information will be deleted. Here‘s

a hint: If you want a switch to become a server, first make it a client so it receives all the correct

VLAN information, then change it to a server—much easier!

Transparent Switches in transparent mode don‘t participate in the VTP domain, but they‘ll still

forward VTP advertisements through any configured trunk links. These switches can‘t add and

delete VLANs because they keep their own database—one they do not share with other switches.

The purpose of Transparent mode is to allow remote switches to receive the VLAN database

from a VTP Server configured switch through a switch that is not participating in the same

VLAN assignments.

108

3.26 Configuring VTP on VLAN’s

You are a network administrator at Triumphant college. The college has three offices. Offices are

connected with each other via links. The college has two departments, Telecommunication and

Electrical. In each office we have one PC from each department. The college has one router.

You can use router's Ethernet port for inter VLAN communication.

LAB SET UP

To replicate given scenario create a topology in packet tracer, as shown in following diagram

Figure 3.18 : VLAN’s in cisco packet tracer

Configurations used in this topology are following

Note that, the first ip address of each network or VLAN is used as a default gate way for each

VLAN

From above data, we have two VLAN‘s to be configured, as shown below

10.0.0.0/24 network as VLAN 10

20.0.0.0/24 network as VLAN 20

We may first start assigning ip address statically in a packet trace, then we can continue with

switch configuration

109

By default all switches work as VTP server so we only need few commands to configure it. In

following commands we will

Set hostname to S1

Set domain name to rt

Set password to kifaru. (Password is case sensitive)

Configure VTP Server on switch0

Switch>en

Switch#config t

Switch(config)#hostname S1

S1(config)#vtp mode server

Device mode already VTP SERVER.

S1(config)#vtp domain rt

S1(config)#vtp password kifaru

Configure VTP Client

We will configure Office 2 Switch and Office 3 Switch as VTP client switch

Switch>en

Switch#config t


S2(config)#vtp mode server

S2(config)#vtp mode client



In Switch2

Switch>en

Switch#config t

110


S3(config)#vtp mode client



We have configured VTP server and VTP client. At this moment VTP client will not receive

VTP messages from server. We need to configure DTP (Dynamic Trunk Protocol) between

switches.

Office switch0

Switch>en

Switch#config t

S1(config)#int fa0/4

S1(config-if)#switchport mode trunk

S1(config-if)#exit

S1(config)#int fa0/1


S1(config-if)#exit

Office switch1

Switch>en

Switch#config t

S2(config)#int fa 0/1


S2(config-if)#exit



S2(config-if)#exit

111

Office switch2

Switch>en

Switch#config t



S3(config-if)#exit

So far up to this point, we have configured VTP server and VTP clients. We have also changed

necessary links in trunk. Now we will configure VLANs on VTP server and that will

automatically propagate VLANs in network.

Configure VLAN

Now go to office switch0, which is our VTP server`

Switch>en

Switch#config t

S1(config)#vlan 10

S1(config-vlan)#exit

S1(config)#vlan 20

S1(config-vlan)#exit

Then we must start assigning VLAN membership

Assign VLAN Membership

VLAN can be assigned statically or dynamically. But we will use static method to assign VLAN

membership. switchport access vlan [vlan number] command is used to assign VLAN to the

interface. Following commands will assign VLANs to the interfaces.

112

Office switch0

Switch>en

Switch#config t


S1(config-if)#switchport access vlan 10

S1(config-if)#int fa 0/3


S1(config-if)#exit

S1(config)#exit

Office switch1

Switch>en

Switch#config t





S2(config-if)#exit

S2(config)#exit

Office switch2

Switch>en

Switch#config t

S3(config)#interface fa 0/2


113



S3(config-if)#exit

S3(config)#exit

We have successfully assigned VLAN membership. It's time to test our configuration. To test

this configuration, we will use ping command. ping command is used to test connectivity

between two devices. As per our configuration, devices from same VLAN can communicate.

Devices from different VLANs must not be able to communicate with each other without router.

Configure Router on Stick

Typically routers are configured to receive data on one physical interface and forward that data

from another physical interface based on its configuration. Each VLAN has a layer 3 address that

should be configured as default gateway address on all its devices. In our scenario we reserved

IP address 10.0.0.1 for VLAN 10 and 20.0.0.1 for VLAN 20.

With default configuration we need two physical interfaces on router to make this intra VLAN

communication. Due to price of router, it‘s not a cost effective solution to use a physical

interface of router for each VLAN. Usually a router has one or two Ethernet interface. For

example if we have 50 VLANs, we would need nearly 25 routers in order to make intra VLANs

communications. To deal with situation we use Router on Stick.

Router on Stick is router that supports trunk connection and has an ability to switch frames

between the VLANs on this trunk connection. On this router, single physical interface is

sufficient to make communication between our both VLANs.

Access command prompt of Router

Run following commands in same sequence to configure Router on Stick

Router>en

Router#config t

Router(config)#int fa 0/0




Router(config)#int fa 0/0.10

114




Router(config)#int fa 0/0.20




Router(config)#exit

Router#exit

In above configuration we broke up single physical interface [Fast Ethernet 0/0] into two

logical interfaces, known as sub-interfaces. Router supports up to 1000 interfaces

including both physical and logical.

By default interface link works as access link. We need to change it into trunk link.

Encapsulation commands specify the trunk type and associate VLAN with sub-interface.

In next step we assigned IP address to our sub-interface.

That's all configuration we need to switch VLANs. Now we can test different VLAN

communications. To test intra VLANs communication open command prompt of PC and ping

the PC of other VLAN.

115

3.27 Virtual private Networks (VPN)

3.28 Traditional Connectivity before VPN

Before VPN, most business entities from different parts were interconnected together with

traditional leased lines, ATM of frame relay as WAN links, this had disadvantages in the sense

that now most of entities started to expand to a large geographical area, Hence it came the

necessity of VPN that took in place the function of these wan links

Figure 3.19 : Traditional connectivity before VPN

3.29 What is VPN?

Virtual Private Network is a type of private network that uses public telecommunication,

such as the Internet, instead of leased lines to communicate.

Became popular as more employees worked in remote locations.

Employees can access the network (Intranet) from remote locations.

Secured networks.

The Internet is used as the backbone for VPNs

Saves cost tremendously from reduction of equipment and maintenance costs.

Scalability

116

Remote Access Virtual Private Network

Figure 3.20 : Structure of VPN

3.30 Brief Overview of How it Works

Two connections – one is made to the Internet and the second is made to the VPN.

Datagrams – contains data, destination and source information.

Firewalls – VPNs allow authorized users to pass through the firewalls.

Protocols – protocols create the VPN tunnels.

Data is encrypted (cannot be deciphered without the key)

Virtual Point to Point Connection

To the user, it acts like a point to point connection

Data is packaged with a header

3.31 Four Critical Functions of VPN

Authentication – validates that the data was sent from the sender.

Access control – limiting unauthorized users from accessing the network.

Confidentiality – preventing the data to be read or copied as the data is being transported.

Data Integrity – ensuring that the data has not been altered

A virtual private network (VPN) is the extension of a private network that encompasses links

across shared or public networks like the Internet. It provides LAN access to end systems not

physically located on the LAN

An alternative to WAN (Wide Area Networks) which use leased lines to connect

117

Figure 3.21: VPN structure

A typical VPN might have a main LAN at the corporate headquarters of a company, other LANs

at remote offices or facilities and individual users connecting from out in the field.

3.31 Tunneling in VPN

A virtual point-to-point connection made through a public network. It transports encapsulated

datagrams.

Figure 3.22 : VPN tunneling

http://www.howstuffworks.com/lan-switch.htm

118

3.32 Types of VPN

There are Two Types:

i. Site to Site VPN

Connects two LANs over local ISP connections

Very useful if you need to connect a branch to a main hub (Big business)

Much less expensive than purchasing one dedicated line between the hub and branch

Intranet connects remote locations from one company

Extranet connects two companies (partners) into one shared Private Network

Figure 3.23 : Site to site VPN

ii. Remote Access VPN

Essentially provides LAN access through dial-up connection

Typically done by purchasing a NAS (Network Access Server) with a toll free

number

Can instead be done through normal ISP connection using the VPN software to

make a virtual connection to the LAN

119

3.33 Advantages of using VPN compared to traditional WAN links

► Expand Globally

► Costs reduced

No dedicated lines necessary

► Easier

► Technology is on the end systems, which makes it more scalable

► No single point of failure

► Easier Network Management

.

120

CHAPTER FOUR

4.0 Internet Data Centrers (IDC’s)

Telecommunication system is an important and integral part of modern society. In addition to

public switched telephone network (PSTN), it plays vital role in radio and television

networks, internet and Asynchronous transfer mode (ATM) networks. The switching system

provides various services to the subscribers

The switching system is a collection of switching elements arranged and controlled in such a

way as to setup a communication path between any two distant points.

Telecommunication is the communication of voice or data over long distances using public

switched telephone network (PSTN). PSTN consists of transmission component, switching

components and facilities for maintaining equipment, billing system and other internal

components.

PSTN also referred to as plain old telephone system (POTS). The switching technique used

in PSTN is circuit switching in general.

4.1 Plain old telephone service (POTS)

Is voice-grade telephone service employing analog signal transmission over copper loops . POTS

was the standard service offering from telephone companies from 1876 until 1988 when the

now-obsolete Integrated Services Digital Network (ISDN) Basic Rate Interface (BRI) was

introduced, followed by cellular telephone systems, and Voice over IP (VoIP). POTS remain the

basic form of residential and small business service connection to the telephone network in many

parts of the world. The term reflects the technology that has been available since the introduction

of the public telephone system in the late 19th century, in a form mostly unchanged despite the

introduction of Touch-Tone dialing, electronic telephone exchanges and fiber-optic

communication into the public switched telephone network (PSTN).

Prior to the mid-1960, the service logic as shown in figure below, was hardwired in the

switching systems. Typically network operators met with the switch vendors, discuss the type of

services the customers required, negotiate the switching features that provided the services, and

finally agreed upon the generic release date for feature availability

121

After this , the network operators planned for the deployment of the generic feature / service in

the switching fabric

Figure 4.1 : Plain Old telephone services

This process was compounded for the network operators with in the switching systems, from

multiple vendors. As the result, services were not offered ubiquitously across an operators

service area. So a customers in one end of the city, country or state, may not have had the same

service offering as a person in another part of the area

Also once, services were implemented, they were not easily modified to meet individual

customer‘s requirement. Often the network operators negotiated the change with the switch

vendors. As the results of this process, it took years to plan and implement the services

This approach to new services deployment, required detailed management of calling patterns,

providing new trunks groups to handle calling patterns. As customers calling habits changed

(Longer call length , larger calling area, and multiple lines in business and residences). The

demand on Network operators increased

Stored program Control (SPC)

In the 1965, stored program control (SPC) switching systems were introduced. SPC were a major

step forward because service logic was programmable, where in the past , service logic was

hardwired. As the result it was now easier to introduce new services

The SPC concepts permits the features like abbreviated dialing, call forwarding, call

waiting etc.

The SPC provides significant advantages to end users.

122

The SPC enables easier number changes, automated call tracing message unit accounting

(for billing) etc.

All switching systems manufactured for use as public switching systems now use

computers and software programming to control the switching of calls.

4.2 Characteristics of PSTN/POTS

POTS is characterized by several aspect

Bi-directional (full duplex) communications.

Using balanced signaling of voltage analogs of sound pressure waves on a two-wire

copper loop

Restricted to a narrow frequency range of 300 to 3300 Hz, called the voice band,

which is much less than the human hearing range of 20 - 20,000 Hz

Call-progress tones, such as dial tone and ringing signal.

Dial pulse signaling of addresses.

4.3 Limitation of POTS

In the old days, a human operator performed the switching process manually on a switchboard. If

an operator knew that the called party was presently visiting his neighbor, she might connect the

call directly to the neighbor‗s phone. There was some ―intelligence‖ in the network that

improved accessibility. In a modern telecommunications network this intelligence is

implemented with help of IN technology.

Plain old telephone service is a voice grade telephone service. It continues to be the basic

form of home and small business service connection to telephone networks around the globe.

Most of switching devices were not computerized

4.4 Common Channel signaling Network (CCSN)

Another aspect of traditional services offering was the call set up information. That is the

signaling and call supervision that take place between switching systems and the actual call.

When a call was set up , a signal and talk path used the same common trunk from originating

switching systems to the terminating switching systems. Often there were multiple of offices that

were involved in routing of a call. This process seized the trunks in all of the switching systems

involved. Hence if the terminating end was busy all of the trunks were set up unnecessary

The network took a major leap forward in the mid-1970, with the introduction of common

channel signaling network or SS7 in short

Signaling system number 7 (SS7) is a protocol that runs over CCS. The SS7 network consists of

packet data links and packet data switching systems, called signaling transfer points

123

The SS7 network shown in figure below, separate the call set up information and talk path from

common trunks that runs between switching systems. The call set up information travel outside

the common trunk over SS7 network . The type of information transferred included permission

for the call set up , and whether or not the called party was busy

Figure 4.2 : Common channel signaling

The SS7 network was designed, before the intelligent network (IN) concept was introduced.

However telephone operators realized that, there were many advantages to implement and using

SS7 network capabilities

4.5 Services that are supported by SS7

The SS7 network enables enhanced services such as:

Call setup, management and teardown

CallerID, call forwarding, 3-way calling, ...

Toll-free (800/888) and toll (900) services

Wireless roaming

Wireless subscriber authentication

124

4.6 SS7 Architecture

SS7 signaling is out-of-band, meaning that a signaling link is not in a voice channel. Out-

of-band signaling enables:

Faster call setup than would be possible with in-band signaling using

multifrequency tones

Support for intelligent network features such as database systems

4.7 Types of SS7 signaling points:

Service Switching Points (SSP‘s)

Signal Transfer Points (STP‘s)

Service Control Points (SCP‘s)

Addressing and routing

Signaling points are addressed by unique point codes

Message routing uses the source and destination point codes and routing tables at

each signaling point

Signaling Points

Figure 4.3 : Signaling points

125

Service Switching Points (SSP‘s)

SSP‘s are PSTN switches that originate or terminate calls, or route calls to other

switches (tandem switches)

SSP‘s exchange SS7 messages to set up, manage and release voice circuits

Service Control Points (SCP‘s)

SCP‘s are database servers that respond to requests from SSP‘s for call routing

information

Signal Transfer Points (STP‘s)

STP‘s are packet switches that serve as routers in the SS7 network Incoming SS7

messages are switched to outgoing links based on routing

information contained in the messages (not just based on the destination numbers)

A Signaling Point (SP) is a switching or, processing node in a signaling network, with the

functions of SS7 implemented.

All Signaling Points in a SS7 Signaling Network are identified by a unique code (14 bits

0r 24 bits) known as a Signaling Point Code.

A signaling point, at which a signaling message is generated, is called the Originating

Point.

A signaling point, to which a signaling message is destined, is called a Destination Point.

A signaling point, at which a message is received on one signaling link and then

transferred to another link, without processing the contents of the message, is called a

Signaling Transfer Point (STP).

Signaling Links

Figure 4.4 : Signaling Links

126

4.8 Types of SS7 Signaling Links

A (access) link

Connects end nodes to STP‘s

B (bridge) link

Interconnects primary STP‘s from different networks

C (cross) link

Connects STP‘s performing identical functions into a mated pair

D (diagonal) link

Interconnects secondary STP‘s

E (extended) link

Connects an SSP to a secondary STP; alternate access link

F (fully associated) link

Interconnects two end nodes

4.9 Advantages of Using SS7

SS7 has several advantages compared with traditional signaling systems. Some obvious

advantages are the following:

FAST - the time for call set up is reduced to less than one second in most cases.

HIGH CAPACITY - each signaling link can handle the signaling for several thousand

simultaneous calls.

ECONOMICAL - much less signaling equipment is required, compared to traditional

signaling systems.

RELIABLE - by using alternate signaling routes, the signaling network can be made

very secure.

FLEXIBLE - the system can contain many more signals, for example, and can be used

for other purposes than telephony.

127

Protocol Stack

Figure 4.5 :The OSI Reference Model and the SS7 Protocol Stack

Message Transfer Part (MTP)

The Message Transfer Part (MTP) is divided into three levels.

MTP Level 1

Physical and electrical interfaces of SS7 digital signaling links

E-1 (2048kb/s), DS-1 (1544 kb/s), DS-0 (64 kb/s), V.35 (64 kb/s),

DS-0A (56 kb/s)

MTP Level 2

Handles message transmission over a physical link

Includes flow control, packet sequencing, error detection, retransmission

MTP Level 3

Handles message routing between SSP‘s

128

Provides congestion control

4.10 SS7 Transport and Higher Layers

Telephone User Part (TUP)

Analog call circuit setup/teardown

ISDN User Part (ISUP)

Setup, management & release of trunk circuits

Signaling Connection Control Part (SCCP)

Transport layer for TCAP-based services such as 800/888 numbers, wireless

roaming, etc.

Provides subsystem numbers (like port numbers in TCP/UDP), which enable

addressing to specific applications at destination signaling points

Transaction Capabilities Application Part (TCAP)

Used for SCP-SSP communications concerning routing of 800/888/900 calls, to

encapsulate Mobile Application Part (MAP) messages containing customer profile

information for roving mobile subscribers, and for calling card calls

Telephone User Part (TUP)

Overview of Telephone User Part (TUP)

The Telephone User Part defines the necessary telephone signaling functions in SS7 for

international as well as national telephone traffic. It provides the same features for

telephone signaling as other ITU-T signaling systems.

The telephone signals are transferred in the signaling network as the form of signaling

messages, which are the contents in the SIF field in the Message Signal Units (MSUs).

ISDN User Part (ISUP)

Overview of ISUP

The ISDN User Part (ISUP) defines the protocol and procedures used to set-up, manage,

and release trunk circuits that carry voice and data calls over the public switched

telephone network (PSTN) or ISDN network. ISUP is capable of processing ISDN

specific information which is more complex than telephony signaling.

ISUP is used for both ISDN and non-ISDN calls. Calls that originate and terminate at the

same switch do not use ISUP signaling.

129

4.11 Commonly Used ISUP Signals

Initial Address Message (IAM)

An IAM is sent in the "forward" direction by each switch needed to complete the circuit

between the calling party and called party until the circuit connects to the destination switch. An

IAM contains the called party number in the mandatory variable part and may contain the calling

party name and number in the optional part.

Address Complete Message (ACM)

An ACM is sent in the "backward" direction to indicate that the remote end of a trunk circuit has

been reserved. The originating switch responds to an ACM message by connecting the calling

party's line to the trunk to complete the voice circuit from the calling party to the called party.

The originating switch also sends a ringing tone to the calling party's line.

Answer Message (ANM)

When the called party answers, the destination switch terminates the ringing tone and sends an

ANM to the originating switch. The originating switch initiates billing after verifying that the

calling party's line is connected to the reserved trunk.

Release Message (REL)

A REL is sent in either direction indicating that the circuit is being released due to the cause

indicator specified. An REL is sent when either the calling or called party "hangs up" the call

(cause = 16). An REL is also sent in the backward direction if the called party line is busy (cause

= 17).

Release Complete Message (RLC)

A RLC is sent in the opposite direction of the REL to acknowledge the release of the remote end

of a trunk circuit and end the billing cycle as appropriate.

130

Signaling Connection Control Part (SCCP)

Where is SCCP?

Figure 4.6 :Signal connection Control Part (SCCP)

4.12 What is SCCP?

In SS7 signaling system, SCCP and MTP layer three together are responsible for

signaling network layer function. SCCP expands the MTP functions in the following

points:

Enable to convey various non-circuit-related signaling messages.

Provide enhanced addressing and routing function, and enable to achieve the direct global

transmission between different SS7 networks by using GT (Global Title) addressing.

Expand the user part of MTP. SCCP supports up to 256 kinds of sub systems instead of

16 in MTP.

Enable to provide connectionless service and connection-oriented service.

131

4.13 Service Functions of SCCP Network

According to the various service requirements, SCCP provides four classes of service: two

connectionless services and two connection-oriented services.

The four classes are:

Class 0: Basic connectionless class.

Class 1: In-sequence delivery connectionless class.

Class 2: Basic connection-oriented class.

Class 3: Flow control connection-oriented class.

Transaction Capabilities Application Part (TCAP)

The main purpose of TCAP is to provide support for interactive applications in a

distributed environment.

TCAP is a general protocol which makes it easy to introduce new features in

telecommunication networks. It reduces the need for development of new protocols

whenever new features are introduced.

Applications of TCAP

Applications of TCAP:

Data Exchange between switching systems

Switching systems access network database center

Network databases establish remote operation dialogue

Examples of TCAP applications:

Mobile service applications

Free phone service (800-service)

Credit Card calling

Operation & Maintenance applications

132

Intelligent Network Application Part (INAP)

The functions of INAP

INAP defines operation criterion among the IN functional entities SSF, SCF, SRF and

SDF.

INAP is transmitted by SCCP UDT data, using connectionless services.

4.14 Intelligent networks (IN’s)

An intelligent network (IN), is a service independent telecommunication network. Its intelligence

is taken out of the switch and placed in a computer Nodes that are distributed throughout the

network. This provides the network operators with the means to develop and control services

more efficiently. New capabilities can be rapidly introduced into the network. Once introduced,

services are easily customized to meet individual customer needs.

4.15 Components of an Intelligent Network (IN)

The basic structure of an IN, illustrated in Figure below, is based on centralized intelligence

with central intelligence, control information is stored in a central place and the same

information is available for all exchanges in the network. Exchanges request information

when they need it for call handling

The great advantage of the IN concept is that when a new service is introduced or a service is

updated, all exchanges in the network are able to provide the modified service immediately.

Figure 4.7: Components of Intelligent Network

133

4.16 Structure of the IN

IN technology makes provision of new services efficient with the help of control data that are

centralized and available to all switches. Otherwise, service information would need to be

updated to all exchanges when a change is made. Figure above shows the main network

elements of an IN.

The service management system (SMS)

It provides tools for introduction of new services and service updates

The database (DB)

It contains control information, such as emergency numbers and corresponding

physical numbers, for the service control point (SCP), which controls service switching

point (SSP) exchanges.

The intelligent peripheral (IP)

Is a system that provides voice notifications when required

service transfer point (STP

Is an intermediate exchange, which routes signaling messages between the SSP and

STP.

A certain range of telephone numbers is reserved for IN services only. When a SSP, which

performs the functions of an exchange, detects an IN service number, it requests routing

information from the SCP. The SCP then provides information about how that call should be

handled.

In principle, we could implement all intelligence in the SCP and its database could store all the

routing information. This would require heavy signaling between the switching points and the

SCP. In practice, the services that do not require a centralized database are implemented in

switching points to reduce the load on the SCP and the signaling connections between and SSPs.

Some examples of IN services follow

Universal access number: A company with several offices in different parts of a country may

have the same number throughout the country. Each call is automatically connected to the office

closest to the calling subscriber (SSP transfers caller‘s number to SCP). The cost of the call is the

same no matter to which office the call is connected.

Premium rate services: Information provision over the phone, for instance, doctor and layer

services. The service provider charges subscribers via the telephone bill. The charge is dependent

on the called service number.

134

Free phone: Companies that want to provide free customer service use this service in which the receiver

pays for the call.

Credit card call: A service user can pay with his or her credit card by dialing his or her account number

and identity code.

The modern telecommunications networks using IN technology provide many other services and

a few new ones appear annually. An example of these is inexpensive home-to-mobile and

mobile-to-home calls for which you dial a specific number given by an operator.

Another example is a card service for which a serviceperson dials a specific service number and

security code and the network operator charges his or her employer instead of the telephone from

which he or she is calling.

One category of services implemented with the help of IN technology is value-added services.

This term refers to the services that give additional value, not just point-to-point telephone

conversation. Separate service providers, not the telecommunications service provider, often

provide these services.

Examples of value-added services are telebanking, telephone doctor or lawyer services, and

participation to TV games. IN technology provides flexible routing and service-specific charging

for these services.

4.17 Benefits of Intelligent Networks

The main benefits of IN, is the ability to improve existing services and develop new source of

revenue. To meet these objectives, providers requires to accomplish the following

Introduces new services rapidly –IN provide the capability to provision new services

or modify existing services throughout the network with physical intervention

Provide service customization –Service providers, requires the ability to change the

service logic rapidly and efficiently. Customers are also demanding control of their own

services to meet their individual needs

Establish vendor independence- A major criterion for the service providers, is that the

software must be developed quickly and inexpensively. To accomplish this, suppliers

must integrate commercially available softwares to create the application required by the

service providers

Create open interface- Open interface allow the service providers to introduce network

element quickly for individualized customers services. The softwares must interface with

other vendor‘s products while still maintain stringent network operation standards.

Services providers, are no longer relying on one or two vendors to provide equipments

and softwares to meet customers‘ requirements

135

4.18 Web Caching

A web cache (or HTTP cache) is an information technology for the temporary storage (caching)

of web documents, such as HTML pages and images, to reduce bandwidth usage, server load,

and perceived lag. A web cache system stores copies of documents passing through it;

subsequent requests may be satisfied from the cache if certain conditions are met. A web cache

system can refer either to an appliance, or to a computer program.

A Web cache sits between one or more Web servers (also known as origin servers) and a client

or many clients, and watches requests come by, saving copies of the responses — like HTML

pages, images and files (collectively known as representations) — for itself. Then, if there is

another request for the same URL, it can use the response that it has, instead of asking the origin

server for it again.

A client, such as a web browser, can also store web content for reuse. For example, if the back

button is pressed, the local cached version of a page may be displayed instead of a new request

being sent to the web server.

4.19 Types of Web Caches

There are two types of Web caches a browser cache and a proxy cache

Browser Caches

A browser cache is part of all popular Web browsers. The browser keeps a local copy of all

recently displayed pages, and when the user returns to one of these pages, the local copy is

reused.

If you examine the preferences dialog of any modern Web browser (like Internet Explorer, Safari

or Mozilla), you‘ll probably notice a ―cache‖ setting. This lets you set aside a section of your

computer‘s hard disk to store representations that you‘ve seen, just for you. The browser cache

works according to fairly simple rules. It will check to make sure that the representations are

fresh, usually once a session (that is, the once in the current invocation of the browser).

Proxy Caches

A proxy cache is a shared network device that can undertake Web transactions on behalf of a

client, and, like the browser, the proxy cache stores the content. Subsequent requests for this

content, by this or any other client of the cache will trigger the cache to deliver the locally stored

copy of the content, avoiding a repeat of the download from the original content source.

Consider the diagram below that shows how proxy caches working principles

When a browser wishes to retrieve a URL, it takes the host name component and translates that

name to an IP address. A HTTP session is opened against that address, and the client requests the

URL from the server.

https://en.wikipedia.org/wiki/Information_technology

https://en.wikipedia.org/wiki/Cache_%28computing%29

https://en.wikipedia.org/wiki/Web_document

https://en.wikipedia.org/wiki/Webpage

https://en.wikipedia.org/wiki/Digital_image

https://en.wikipedia.org/wiki/Bandwidth_%28computing%29

https://en.wikipedia.org/wiki/Web_server

https://en.wikipedia.org/wiki/Lag

https://en.wikipedia.org/wiki/System

https://en.wikipedia.org/wiki/Server_appliance

https://en.wikipedia.org/wiki/Web_browser

136

When using a proxy cache, not much is altered in the transaction. The client opens a HTTP

session with the proxy cache, and directs the URL request to the proxy cache instead.

Figure 4.8 : Proxy caches

If the cache contains the referenced URL it is checked for freshness by comparing with the

"Expires:" date field of the content, if it exists, or by some locally defined freshness factor. Stale

objects are revalidated with the server, and if the server revalidates the content, the object is

remarked as fresh. Fresh objects are delivered to the client as a cache hit. If the cache does not

have a local copy of the URL, or the object is stale, this is a cache miss. In this case the cache

acts as an agent for the client, opens its own session to the server named in the URL, and

attempts a direct transfer to the cache.

4.20 Benefits of Web caching and suitability for the deployment in the environment

Caches can help your Web site load faster, and save load on your server and Internet link.

The difference can be dramatic; a site that is difficult to cache may take several seconds

to load, while one that takes advantage of caching can seem instantaneous in comparison.

Users will appreciate a fast-loading site, and will visit more often.

Caches help the users from utilizing large internet bandwidth. Best of all, you don‘t have

to pay for them.

137

CHAPTER FIVE

5.0 Network Management

We can define network management as monitoring, testing, configuring, and troubleshooting

network components to meet a set of requirements defined by an organization. These

requirements include the smooth, efficient operation of the network that provides the predefined

quality of service for users. To accomplish this task, a network management system uses

hardware, software, and humans.

5.1 Function of the Network management system

We can say that the functions performed by a network management system can be divided into

five broad categories:

fault management,

configuration management,

accounting management

performance management,

security management

As shown in the figure below, you just need to remember the word FCAPS, where by each letter

represents the function of Network Management system

Figure 5.1 Function of Network Management

Configuration Management

A large network is usually made up of hundreds of entities that are physically or logically

connected to one another. These entities have an initial configuration when the network is set up,

but can change with time. Desktop computers may be replaced by others; application software

may be updated to a newer version; and users may move from one group to another. The

138

configuration management system must know, at any time, the status of each entity and its

relation to other entities.

Configuration Management monitors network and system configuration information and

stores it in a configuration management database.

The maintenance of this database allows network administrators to track hardware,

software, and other network resources

Configuration management can be divided into two subsystems: reconfiguration and

documentation.

i. Reconfiguration

Reconfiguration, which means adjusting the network components and features, can be a daily

occurrence in a large network. There are three types of reconfiguration: hardware

reconfiguration, software reconfiguration, and user-account reconfiguration.

Hardware reconfiguration covers all changes to the hardware. For example, a desktop

computer may need to be replaced. A router may need to be moved to another part of the

network. A subnetwork may be added or removed from the network. All these need the time

and attention of network management

Software reconfiguration covers all changes to the software. For example, new software

may need to be installed on servers or clients. An operating system may need updating.

Fortunately, most software reconfiguration can be automated. For example, updating an

application on some or all clients can be electronically downloaded from the server.

ii. Documentation

The original network configuration and each subsequent change must be recorded meticulously.

This means that there must be documentation for hardware, software, and user accounts.

Fault Management

Manages network problems to keep the network running reliably and efficiently.Fault

management process involves the following steps

o Detecting the problem symptoms.

o Isolating the problem.

o Fixing the problem automatically (if possible) or manually.

o Testing the fix on all important subsystems.

139

o Logging the detection and resolution of the problem.

Performance Management

Performance management, which is closely related to fault management, tries to monitor and

control the network to ensure that it is running as efficiently as possible. Performance

management tries to quantify performance by using some measurable quantity such as capacity,

traffic, throughput, or response time.

Performance management involves three basic steps:

1. Gathering data relating to key performance variables.

2. Analyzing data to determine the normal (baseline) performance levels.

3. Determining appropriate performance thresholds for each variable so that

exceeding these thresholds indicates a network problem worthy of attention.

Figure 5.2 : Network analyzers

140

Security Management

Security management is responsible for controlling access to the network based on the

predefined policy

Aids administrators in creating a secure network environment. This includes:

partitioning network resources into authorized and unauthorized areas,

mapping groups of users to those areas, and

Monitoring, policing, and logging user access to resources in those areas.

Security monitoring

Security event collection

Event analysis, correlation and alert generation

Alert handling

Accounting Management

Accounting management is the control of users' access to network resources through charges.

Under accounting management, individual users, departments, divisions, or even projects are

charged for the services they receive from the network. Charging does not necessarily mean cash

transfer; it may mean debiting the departments or divisions for budgeting purposes.

o Today, organizations use an accounting management system for the following reasons:

o It prevents users from monopolizing limited network resources.

o It prevents users from using the system inefficiently.

o Network managers can do short- and long-term planning based on the demand for

network use.

5.2 Simple network management protocol (SNMP)

The Simple Network Management Protocol (SNMP) is a framework for managing devices in an

internet using the TCPIIP protocol suite. It provides a set of fundamental operations for

monitoring and maintaining an internet.

http://www.firewall.cx/dmz.php

141

5.3 SNMP protocol Concept

SNMP uses the concept of manager and agent. That is, a manager, usually a host, controls and

monitors a set of agents, usually routers. Consider the diagram below

Figure 5.3 : SNMP protocol concept

SNMP is an application-level protocol in which a few manager stations control a set of agents.

The protocol is designed at the application level so that it can monitor devices made by different

manufacturers and installed on different physical networks.

In other words, SNMP frees management tasks from both the physical characteristics of the

managed devices and the underlying networking technology. It can be used in a heterogeneous

internet made of different LANs and WANs connected by routers made by different

manufacturers.

Managers and Agents

A management station, called a manager, is a host that runs the SNMP client program. A

managed station, called an agent, is a router (or a host) that runs the SNMP server program.

Management is achieved through simple interaction between a manager and an agent.

The agent keeps performance information in a database. The manager has access to the values in

the database. For example, a router can store in appropriate variables the number of packets

received and forwarded. The manager can fetch and compare the values of these two variables to

see if the router is congested or not.

The manager can also make the router perform certain actions. For example, a router periodically

checks the value of a reboot counter to see when it should reboot itself. It reboots itself, for

example, if the value of the counter is O. The manager can use this feature to reboot the agent

remotely at any time. It simply sends a packet to force a 0 value in the counter

142

Agents can also contribute to the management process. The server program running on the agent

can check the environment, and if it notices something unusual, it can send a warning message,

called a trap, to the manager.

In other words, management with SNMP is based on three basic ideas:

1. A manager checks an agent by requesting information that reflects the behavior of

the agent.

2. A manager forces an agent to perform a task by resetting values in the agent database.

3. An agent contributes to the management process by warning the manager of an

unusual situation.

5.4 Internet Management Components

To do management tasks, SNMP uses two other protocols: Structure of Management

Information (SMI) and Management Information Base (MIB). In other words, management

on the Internet is done through the cooperation of the three protocols SNMP, SMI, and MIB, as

shown in Figure below

Figure 5.5 : Internet management components

Let us elaborate on the interactions between these protocols.

Roles of SNMP

SNMP has some very specific roles in network management. It defines the format of

the packet to be sent from a manager to an agent and vice versa. It also interprets the result and

creates statistics (often with the help of other management software). The packets exchanged

contain the object (variable) names and their status (values). SNMP is responsible for reading

and changing these values.

SNMP defines the format of packets exchanged between a manager and an agent. It reads and

changes the status (values) of objects (variables) in SNMP packets.

143

Roles of SMI

SMI is a protocol that defines these rules. However, we must understand that SMI only defines

the rules; it does not define how many objects are managed in an entity or which object uses

which type. SMI is a collection of general rules to name objects and to list their types. The

association of an object with the type is not done by SMI.

SM1 does not define the number of objects an entity should manage or name the objects

to be managed or define the association between the objects and their values.

To use SNMP, we need rules. We need rules for naming objects. This is particularly important

because the objects in SNMP form a hierarchical structure (an object may have a parent object

and some children objects).

Part of a name can be inherited from the parent. We also need rules to define the type of the

objects. What types of objects are handled by SNMP? Can SNMP handle simple types or

structured types? How many simple types are available? What are the sizes of these types? What

is the range of these types? In addition, how are each of these types encoded?

We need these universal rules because we do not know the architecture of the computers that

send, receive, or store these values. The sender may be a powerful computer in which an integer

is stored as 8-byte data; the receiver may be a small computer that stores an integer as 4-byte

data.

Role of MIB

MIB creates a collection of named objects, their types, and their relationships to each other in an

entity to be managed.

For each entity to be managed, this protocol must define the number of objects, name them

according to the rules defined by SMI, and associate a type to each named object. This protocol

is MIB. MIB creates a set of objects defined for each entity similar to a database (mostly

metadata in a database, names and types without values).

144

5.5 Network and Internet security

The field of network and Internet security consists of measures to deter, prevent, detect, and

correct security violations that involve the transmission of information. That is a broad statement

that covers a host of possibilities.

To give you a feel for the areas covered in this section, consider the following examples of

security violations:

User A transmits a file to user B. The file contains sensitive information (e.g., payroll records)

that is to be protected from disclosure. User C, who is not authorized to read the file, is able to

monitor the transmission and capture a copy of the file during its transmission.

Figure 5.6 :Security threats

A network manager, D, transmits a message to a computer, E, under its management. The

message instructs computer E to update an authorization file to include the identities of a number

of new users who are to be given access to that computer. User F intercepts the message, alters

its contents to add or delete entries, and then forwards the message to computer E, which accepts

the message as coming from manager D and updates its authorization file accordingly.

Figure 5.7 :Modification

145

Rather than intercept a message, user F constructs its own message with the desired entries and

transmits that message to computer E as if it had come from manager D. Computer E accepts the

message as coming from manager D and updates its authorization file accordingly.

An employee is fired without warning. The personnel manager sends a message to a server

system to invalidate the employee‘s account. When the invalidation is accomplished, the server

is to post a notice to the employee‘s file as confirmation of the action. The employee is able to

intercept the message and delay it long enough to make a final access to the server to retrieve

sensitive information. The message is then forwarded, the action taken, and the confirmation

posted. The employee‘s action may go unnoticed for some considerable time.

A message is sent from a customer to a stockbroker with instructions for various transactions.

Subsequently, the investments lose value and the customer denies sending the message.

Although this list by no means exhausts the possible types of network security violations, it

illustrates the range of concerns of network security.

5.6 Computer Security

The protection afforded to an automated information system in order to attain the applicable

objectives of preserving the integrity, availability, and confidentiality of information system

resources

This definition introduces three key objectives that are at the heart of computer security:

i. Confidentiality: Preserving authorized restrictions on information access and disclosure,

including means for protecting personal privacy and proprietary information. A loss of

confidentiality is the unauthorized disclosure of information. This term covers two related

concepts:

Data confidentiality: Assures that private or confidential information is not made

available or disclosed to unauthorized individuals.

Privacy: Assures that individuals control or influence what information related to them

may be collected and stored and by whom and to whom that information may be

disclosed.

ii. Integrity: Guarding against improper information modification or destruction, including

ensuring information nonrepudiation and authenticity. A loss of integrity is the

unauthorized modification or destruction of information. This term covers two related

concepts:

Data integrity: Assures that information and programs are changed only in a

specified and authorized manner.

System integrity: Assures that a system performs its intended function in an

unimpaired manner, free from deliberate or inadvertent unauthorized manipulation

of the system.

146

iii. Availability: Assures that systems work promptly and service is not denied to authorize

users.

5.7 Challenges of computer security

1. Security is not as simple as it might first appear to the novice. The requirements seem

to be straightforward; indeed, most of the major requirements for security services can

be given self-explanatory, one-word labels: confidentiality, authentication,

nonrepudiation, or integrity. But the mechanisms used to meet those requirements can

be quite complex, and understanding them may involve rather subtle reasoning.

2. In developing a particular security mechanism or algorithm, one must always consider

potential attacks on those security features. In many cases, successful attacks are

designed by looking at the problem in a completely different way, therefore exploiting

an unexpected weakness in the mechanism.

3. Having designed various security mechanisms, it is necessary to decide where to use

them. This is true both in terms of physical placement (e.g., at what points in a

network are certain security mechanisms needed) and in a logical sense [e.g., at what

layer or layers of an architecture such as TCP/IP (Transmission Control

Protocol/Internet Protocol) should mechanisms be placed].

4. Security mechanisms typically involve more than a particular algorithm or protocol.

They also require that participants be in possession of some secret information (e.g.,

an encryption key), which raises questions about the creation, distribution, and

protection of that secret information. There also may be a reliance on communications

protocols whose behavior may complicate the task of developing the security

mechanism. For example, if the proper functioning of the security mechanism requires

setting time limits on the transit time of a message from sender to receiver, then any

protocol or network that introduces variable, unpredictable delays may render such

time limits meaningless.

5. Computer and network security is essentially a battle of wits between a perpetrator

who tries to find holes and the designer or administrator who tries to close them. The

great advantage that the attacker has is that he or she need only find a single weakness,

while the designer must find and eliminate all weaknesses to achieve perfect security.

6. There is a natural tendency on the part of users and system managers to perceive little

benefit from security investment until a security failure occurs.

7. Security requires regular, even constant, monitoring, and this is difficult in today‘s

short-term, overloaded environment.

8. Security is still too often an afterthought to be incorporated into a system after the

design is complete rather than being an integral part of the design process.

9. Many users and even security administrators view strong security as an impediment to

efficient and user-friendly operation of an information system or use of information.

147

5.8 Important terms to understand

Threat

A potential for violation of security, which exists when there is a circumstance, capability,

action, or event that could breach security and cause harm. That is, a threat is a possible danger

that might exploit vulnerability.

Attack

An assault on system security that derives from an intelligent threat; that is, an intelligent act that

is a deliberate attempt (especially in the sense of a method or technique) to evade security

services and violate the security policy of a system.

Security attack: Any action that compromises the security of information owned by an

organization.

Security mechanism: A process (or a device incorporating such a process) that is designed to

detect, prevent, or recover from a security attack.

Security service: A processing or communication service that enhances the security of the data

processing systems and the information transfers of an organization. The services are intended to

counter security attacks, and they

make use of one or more security mechanisms to provide the service.

Types of security attacks

A useful means of classifying security attacks, is in terms of passive attacks and active attacks

A passive attack attempts to learn or make use of information from the system but does not

affect system resources.

An active attack attempts to alter system resources or affect their operation.

5.9 Division of security problems

Security problem can be divided into following areas

ACCESS CONTROL

In the context of network security, access control is the ability to limit and control the

access to host systems and applications via communications links. To achieve this, each

entity trying to gain access must first be identified, or authenticated, so that access rights

can be tailored to the individual.

148

DATA CONFIDENTIALITY

Confidentiality is the protection of transmitted data from passive attacks (prevent a data

from being read by a third party). With respect to the content of a data transmission,

several levels of protection can be identified. The broadest service protects all user data

transmitted between two users over a period of time

For example, when a TCP connection is set up between two systems, this broad

protection prevents the release of any user data transmitted over the TCP connection.

AUTHENTICATION

The assurance that the communicating entity is the one that it claims to be

DATA INTEGRITY

The assurance that data received are exactly as sent by an authorized entity (i.e., contain

no modification, insertion, deletion, or replay).

A connection-oriented integrity service, one that deals with a stream of messages, assures

that messages are received as sent with no duplication, insertion, modification,

reordering, or replays. The destruction of data is also covered

under this service

NONREPUDIATION

Provides protection against denial by one of the entities involved in a communication of

having participated in all or part of the communication.

Nonrepudiation prevents either sender or receiver from denying a transmitted message.

Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent

the message. Similarly, when a message is received, the sender can prove that the alleged

receiver in fact received the message.

149

5.10 Classical encryption Techniques

There are important terms to understand in encryption techniques

i. Cryptography

The art or science encompassing the principles and methods of transforming an intelligible

message into one that is unintelligible, and then retransforming that message back to its

original form

ii. Plaintext,

This refers to an original message

iii. Ciphertext

This refers to the encoded message

iv. Enciphering or Encryption

The process of converting from plaintext to ciphertext

v. Deciphering or Decryption

This is a process of restoring the plaintext from the ciphertext

vi. Cryptography.

This refers to the many schemes used for encryption

5.11 Types of cryptosystems

Basically there are two types of cryptosystems

Symmetric cryptosystems

Important terms to understand under symmetric cryptosystems

Encryption algorithm: The encryption algorithm performs various substitutions and

transformations on the plaintext.

Secret key: The secret key is also input to the encryption algorithm. The key is a value

independent of the plaintext and of the algorithm. The algorithm will produce a different

output depending on the specific key being used at the time. The exact substitutions and

transformations performed by the algorithm depend on the key.

Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes

the ciphertext and the secret key and produces the original plaintext.

There are two requirements for secure use of conventional encryption:

150

1. We need a strong encryption algorithm. At a minimum, we would like the algorithm to be

such that an opponent who knows the algorithm and has access to one or more ciphertext

would be unable to decipher the ciphertext or figure out the key. This requirement is

usually stated in a stronger form:

Figure 5.8 Simplified model of symmetric encryption

The opponent should be unable to decrypt ciphertext or discover the key even if he or she is

in possession of a number of ciphertexts together with the plaintext that produced each

ciphertext.

2. Sender and receiver must have obtained copies of the secret key in a secure fashion and

must keep the key secure. If someone can discover the key and knows the algorithm, all

communication using this key is readable.

In symmetrical cryptosystems it is assumed that it is impractical to decrypt a message on the

basis of the ciphertext plus knowledge of the encryption/decryption algorithm. In other words,

there is no need to keep the algorithm secret; we need to keep only the key secret. This feature

of symmetric encryption is what makes it feasible for widespread use.

If both sender and receiver use the same key, the system is referred to as symmetric, or

conventional encryption

The fact that the algorithm need not be kept secret means that manufacturers can and have

developed low-cost chip implementations of data encryption algorithms. These chips are

widely available and incorporated into a number of products. With the use of symmetric

encryption, the principal security problem is maintaining the secrecy of the key.

151

Let us take a closer look at the essential elements of a symmetric encryption scheme, using

Figure below

Figure 5.9 Model of Symmetric Cryptosystem

A source produces a message in plaintext, X=[X1 ,X2 ,X3 ,………+XM ]. The elements of are

letters in some finite alphabet

Traditionally, the alphabet usually consisted of the 26 capital letters. Nowadays, the binary

alphabet {0, 1} is typically used. For encryption, a key of the form K=[K1 ,K2 ,K3 ,….Kj ] is

generated

If the key is generated at the message source, then it must also be provided to the destination

by means of some secure channel. Alternatively, a third party could generate the key and

securely deliver it to both source and destination.

With the message X and the encryption key K as input, the encryption algorithm forms the

ciphertext Y=[Y1,Y2 ,Y3 ,……YN ]. We can write this as Y=E(K,X)

This notation indicates that Y is produced by using encryption algorithm E as a function of the

plaintext X, with the specific function determined by the value of the key K .

The intended receiver, in possession of the key K, and is able to invert the transformation:

X=D (K,Y)

152

Asymmetric cryptosystems

If the sender and receiver use different keys, the system is referred to as asymmetric, two-key,

or public-key encryption.

5.12 Characteristics of cryptographic systems

Cryptographic systems are characterized along three independent dimensions:

1. The type of operations used for transforming plaintext to ciphertext. All encryption

algorithms are based on two general principles: substitution, in which each element in the

plaintext (bit, letter, group of bits or letters) is mapped into another element, and

transposition, in which elements in the plaintext are rearranged. The fundamental

requirement is that no information be lost (that is, that all operations are reversible). Most

systems, referred to as product systems, involve multiple stages of substitutions and

transpositions.

2. The number of keys used. If both sender and receiver use the same key, the system is

referred to as symmetric, single-key, secret-key, or conventional encryption. If the sender

and receiver use different keys, the system is referred to as asymmetric, two-key, or public-

key encryption.

3. The way in which the plaintext is processed. A block cipher processes the input one block

of elements at a time, producing an output block for each input block. A stream cipher

processes the input elements continuously, producing output one element at a time, as it

goes along.

5.13 Caesar Cipher Encryption technique

The earliest known, and the simplest, use of a substitution cipher was by Julius Caesar. The

Caesar cipher involves replacing each letter of the alphabet with the letter standing three places

further down the alphabet. For example,

Plaintext: meet me after the toga party

Ciphertext: PHHW PH DIWHU WKH WRJD SDUWB

A substitution technique is one in which the letters of plaintext are replaced by other letters or by

numbers or symbols.1 If the plaintext is viewed as a sequence of bits, then substitution involves

replacing plaintext bit patterns with ciphertext bit patterns.

Note that the alphabet is wrapped around, so that the letter following Z is A. We can define the

transformation by listing all possibilities, as follows:

Plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z

ciphertext: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

153

Let us assign a numerical equivalent to each letter:

Then the algorithm can be expressed as follows. For each plaintext letter p , substitute the

ciphertext letter C :

C= E (3, p) = (p+3) mod 26

A shift may be of any amount, so that the general Caesar algorithm is

C= E (k, p) = (p + k) mod 26

Where takes on a value in the range 1 to 25. The decryption algorithm is simply

P= D (k, C) = (C - k) mod 26

Rules when using Caesar Cipher Encryption technique

Plaintext is always in lowercase; ciphertext is in uppercase; key values are in italicized

lowercase.

We define a mod n to be the remainder when a is divided by n. For example, 11 mod 7 = 4

If it is known that a given ciphertext is a Caesar cipher, then a brute-force cryptanalysis is easily

performed: simply try all the 25 possible keys. Figure below shows the results of applying this

strategy to the example ciphertext. In this case, the plaintext leaps out as occupying the third line.

154

References

1) Forouzan A.B. (2007). ―Data Communication and Networking‖, Fourth Edition, Alan R.

Apt

2) Mark A.D & Antoon W.R (2008). ―Network Fundamentals, CCNA Exploration

Companion Guide”, Second Edition, Cisco Press

3) Todd L. (2009). ―Network+ study Guide‖, Second Edition, Wiley publishing

4) Todd L. (2005). “Cisco Certified Network Associate study guide‖. Fifth Edition, Neil

Edde

5) William S. (2009). ―Cryptography and Network Security‖, Fifth Edition, Academic

Authors Association

computer network iiib

Documents

network addresses

port addresses

logical addresses

physical addresses

ipv4 addresses

logical addressing

classless addressing

user datagram protocol