CIT19 Reviewer PDF
Document Details
Tags
Summary
This document outlines the layers of the OSI (Open Systems Interconnection) model. It describes the functions of each layer, such as the Application layer's interface between software applications and the network, and the Presentation layer's data translation. It also introduces the TCP/IP model.
Full Transcript
Osi Reference Model ** Application Layer** The Application Layer provides the interface between the software application on a system and the network. It does not include the application itself, but provides services that an application requires. One of the easiest ways to understand this layer's f...
Osi Reference Model ** Application Layer** The Application Layer provides the interface between the software application on a system and the network. It does not include the application itself, but provides services that an application requires. One of the easiest ways to understand this layer's function is to look at how a Web Browser such as Internet Explorer or Firefox works. When it needs to fetch a webpage, it uses the **HTTP** protocol to send the request and receive the page contents. This protocol resides at the application layer and can be used by an application such as IE or FF to get webpages **Presentation Layer** This layer presents data to the Application layer.It is responsible for data translation and encoding. It will take the data from the Application layer and translate it into a generic format for transfer across the network. At the receiving end the Presentation layer takes in generically formatted data and translates into the format recognized by the Application layer. An example of this is an **EBCDIC** to **ASCII** translation. This layer is also involved in data compression, decompression, encryption, and decryption. **Session Layer** In a host, different applications or even different instances of the same application might request data from across the network. It is the Sessions layer's responsibility to keep the data from each session separate. It is responsible for setting up, managing and tearing down sessions. It also provides dialog control and coordinates communication between the systems. **Transport Layer** The transport layer is concerned with the actual end-to-end transfer(connections) of the data across the network. This layer establishes a logical connection between the two communicating hosts and provides reliable or unreliable data delivery and can provide flow control and error recovery. Although not developed under the OSI Reference Model and not strictly conforming to the OSI definition of the Transport Layer **Network Layer** Provides Logical addressing and provides path determination using logical addressing Two types of protocols are used for these functions -- **routed protocols** are used for logical addressing and forwarding while **routing protocols** are used for path determinations. There are many routed protocols and routing protocols available. Some of the common ones are discussed in great detail later the book. Routers function at this layer. Remember that routers only care about the destination network. They do not care about the destination host itself. The task of delivery to the destination host lies on the Data Link Layer. **Data Link Layer** Data Link layer deals with data moving within a local network using physical addresses. Each host has a logical address and a physical address. The physical address is only locally significant and is not used beyond the network boundaries (across a router). This layer also defines protocols that are used to send and receive data across the media. The Data Link layer determines when the media is ready for the host to send the data and also detects collisions and other errors in received data. Switches function at this layer. **Physical Layer** This layer deals with the physical transmission medium itself. It activates, maintains and deactivates the physical link between systems (host and switch for example). This is where the connectors, pin-outs, cables, electrical currents etc. are defined. Essentially this layer puts the data on the physical media as bits and receives it in the same way. Hubs work at this layer. **Data Encapsulation** In the previous sections you learned about various layers of the OSI reference model. Each layer has its distinct function and it interacts with the corresponding layer at the remote end. For example, the transport layer at the source will interact with the transport layer of the destination. For this interaction, each layer adds a header in front of the data from the previous layer. This header contains control information related to the protocol being used at that layer. This process is called **encapsulation**. This header and the data being sent from one layer to the next lower layer is called a **Protocol Data Unit (PDU)** TCP/Ip model **Application Layer** The Application Layer of the TCP/IP Model consists of various protocols that perform all the functions of the OSI model's Application, Presentation and Session layers. This includes interaction with the application, data translation and encoding, dialogue control and communication coordination between systems. The following are few of the most common Application Layer protocols used today: **Telnet **-- Telnet is a terminal emulation protocol used to access the resourses of a remote host. A host, called the Telnet server, runs a telnet server application (or daemon in Unix terms) that receives a connection from a remote host called the Telnet client. This connection is presented to the operating system of the telnet server as though it is a terminal connection connected directly (using keyboard and mouse). It is a text-based connection and usually provides access to the command line interface of the host. Remember that the application used by the client is usually named telnet also in most operating systems. You should not confuse the *telnet* application with the Telnet protocol. **HTTP** -- The Hypertext Transfer Protocol is foundation of the World Wide Web. It is used to transfer Webpages and such resources from the Web Server or HTTP server to the Web Client or the HTTP client. When you use a web browser such as Internet Explorer or Firefox, you are using a web client. It uses HTTP to transfer web pages that you request from the remote servers. **FTP **-- File Transfer Protocol is a protocol used for transferring files between two hosts. Just like telnet and HTTP, one host runs the FTP server application (or daemon) and is called the FTP server while the FTP client runs the FTP client application **SMTP** -- Simple Mail Transfer Protocol is used to send e-mails. When you configure an email client to send e-mails you are using SMTP. The mail client acts as a SMTP client here. SMTP is also used between two mails servers to send and receive emails. However the end client does not receive emails using SMTP. The end clients use the **POP3** protocol to do that. **TFTP** -- Trivial File Transfer Protocol is a stripped down version of FTP. Where FTP allows a user to see a directory listing and perform some directory related functions, TFTP only allows sending and receiving of files. It is a small and fast protocol, but it does not support authentication. Because of this inherent security risk, it is not widely used. **DNS** -- Every host in a network has a logical address called the **IP address** Domain Name Service (DNS) helps map a name such as www.cisco.com to the IP address of the host where the site resides. **DHCP** --. The host gets this logical address either by manual configuration or by a protocol such as Dynamic Host Configuration Protocol (DHCP). Using DHCP, a host can be provided with an IP address automatically. **Transport Layer** The protocols discussed above are few of the protocols available in the Application layer. There are many more protocols available. All of them take the user data and add a header and pass it down to the Transport layer to be sent across the network to the destination. The TCP/IP transport layer's function is same as the OSI layer's transport layer. It is concerned with end-to-end transportation of data and setups up a logical connection between the hosts. Two protocols available in this layer are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). TCP is a **connection oriented** and **reliable** protocol that uses **windowing** to control the flow and provides **ordered delivery** of the data in segments. On the other hand, UDP simply transfers the data without the bells and whistles. Though these two protocols are different in many ways, they perform the same function of transferring data and they use a concept called **port numbers** to do this. The following sections cover port numbers before looking into TCP and UDP in detail. Port Numbers A host in a network may send traffic to or receive from multiple hosts at the same time. The system would have no way to know which data belongs to which application. TCP and UDP solve this problem by using port numbers in their header. Common application layer protocols have been assigned port numbers in the range of 1 to 1024. These ports are known as well-known ports. Applications implementing these protocols *listen* on these port numbers. TCP and UDP on the receiving host know which application to send the data to based on the port numbers received in the headers. On the source host each TCP or UDP session is assigned a random port number above the range of 1024. So that returning traffic from the destination can be identified as belonging to the originating application. Combination of the IP address, Protocol (TCP or UDP) and the Port number forms a **socket** at both the receiving and sending hosts. Since each socket is unique, an application can send and receive data to and from multiple hosts. Figure 1-10 shows two hosts communicating using TCP. Notice that the hosts on the left and right are sending traffic to the host in the center and both of them are sending traffic destined to Port 80, but from different source ports. The host in the center is able to handle both the connections simultaneously because the combination of IP address, Port numbers and Protocols makes each connection different. **Figure 1-10** *Multiple Sessions using Port Numbers* \* *10 Table 1-1 shows the transport layer protocol and port numbers used by different common application layer protocols. **Table 1-1** *Well-known Port Numbers* **Application Protocol** **Transport Protocol** **Port Number** -------------------------- ------------------------ ----------------- **HTTP** TCP 80 **HTTPS** TCP 443 **FTP (control)** TCP 21 **FTP (data)** TCP 20 **SSH** TCP 22 **Telnet** TCP 23 **DNS** TCP, UDP 53 **SMTP** TCP 25 **TFTP** UDP 69 Transport Control Protocol (TCP) TCP is one of the original protocols designed in the TCP/IP suite and hence the name of the model. When the application layer needs to send large amount of data, it sends the data down to the transport layer for TCP or UDP to transport it across the network. TCP first sets up a virtual-circuit between the source and the destination in a process called **three-way handshake**. Then it breaks down the data into chunks called **segments**, adds a header to each segment and sends them to the Internet layer. The TCP header is 20 to 24 bytes in size and the format is shown in Figure 1-11. It is not necessary to remember all fields or their size but most of the fields are discussed below. **Figure 1-11** *TCP header* !(media/image2.png) When the Application layer sends data to the transport layer, TCP sends the data across using the following sequence: **Connection Establishment** -- TCP uses a process called three-way handshake to establish a connection or virtual-circuit with the destination. The three-way handshake uses the **SYN** and **ACK** flags in the Code Bits section of the header. This process is necessary to initialize the sequence and acknowledgement number fields. These fields are important for TCP and will be discussed below. **Figure 1-12** *TCP three-way handshake* 12 As shown in Figure 1-12, the source starts the three-way handshake by sending a TCP header to the destination with the SYN flag set. The destination responds back with the SYN and ACK flag sent. Notice in the figure that destination uses the received sequence number plus 1 as the Acknowledgement number. This is because it is assumed that 1 byte of data was contained in the exchange. In the final step, the source responds back with only the ACK bit set. After this, the data flow can commence. **Data Segmentation **-- The size of data that can be sent across in a single Internet layer PDU is limited by the protocol used in that layer. This limit is called the **maximum transmission unit (MTU).** The application layer may send data much larger than this limit; hence TCP has to break down the data into smaller chucks called segments. Each segment is limited to the MTU in size. Sequence numbers are used to identify each byte of data. The sequence number in each header signifies the byte number of the first byte in that segment. **Flow Control -- **The source starts sending data in groups of segments. The Window bit in the header determines the number of segments that can be sent at a time. This is done to avoid overwhelming the destination. At the start of the session the window in small but it increases over time. The destination host can also decrease the window to slow down the flow. Hence the window is called the **sliding window**. When the source has sent the number of segments allowed by the window, it cannot send any further segments till an acknowledgement is received from the destination. Figure 1-13 shows how the window increases during the session. Notice the Destination host increasing the Window from 1000 to 1100 and then to 1200 when it sends an ACK back to the source. **Figure 1-13** TCP Sliding Window and Reliable delivery \* *!(media/image4.png) **Reliable Delivery with Error recovery -- **When the destination receives the last segment in the agreed window, it has to send an acknowledgement to the source. It sets the ACK flag in the header and the acknowledgement number is set as the sequence number of the next byte expected. If the destination does not receive a segment, it does not send an acknowledgement back. This tells the source that some segments have been lost and it will retransmit the segments. Figure 1-13 shows how windowing and acknowledgement is used by TCP. Notice that when source does not receive acknowledgement for the segment with sequence number 2000, it retransmits the data. Once it receives the acknowledgement, it sends the next sequence according to the window size. ** Ordered Delivery -- **TCP transmits data in the order it is received from the application layer and uses sequence number to mark the order. The data may be received at the destination in the wrong order due to network conditions. Thus TCP at the destination orders the data according to the sequence number before sending it to the application layer at its end. This order delivery is part of the benefit of TCP and one of the purposes of the Sequence Number. **Connection Termination -- **After all data has been transferred, the source initiates a four-way handshake to close the session. To close the session, the FIN and ACK flags are used. User Datagram Protocol (UDP) The only thing common between TCP and UDP is that they use port numbers to transport traffic. Unlike TCP, UDP neither establishes a connection nor does it provide reliable delivery. UDP is **connectionless** and **unreliable** protocol that delivers data without overheads associated with TCP. The UDP header contains only four parameters (Source port, Destination Port, Length and Checksum) and is 8 bytes in size. At this stage you might think that TCP is a better protocol than UDP since it is reliable. TCP has a higher overhead with a larger header and acknowledgements. The source also holds data till it receives acknowledgement. This creates a delay. Some applications, especially those that deal with voice and video, require fast transport and take care of the reliability themselves at the application layer. Hence in lot of cases UDP is a better choice than TCP. **Internet Layer** Once TCP and UDP have segmented the data and have added their headers, they send the segment down to the Network layer. The destination host may reside in a different network far from the host divided by multiple routers. It is the task of the Internet Layer to ensure that the segment is moved across the networks to the destination network. The Internet layer of the TCP/IP model corresponds to the Network layer of the OSI reference model in function. It provides logical addressing, path determination and forwarding. The **Internet Protocol (IP*)*** is the most common protocol that provides these services. Also working at this layer are routing protocols which help routers learn about different networks they can reach and the **Internet Control Message Protocol (ICMP)** that is used to send error messages across at this layer. Almost half of the book is dedicated IP and Routing protocols so they will be discussed in detail in later chapters, but the following sections discuss these protocols in brief. Internet Protocol (IP) The Internet layer in the TCP/IP model is dominated by IP with other protocols supporting its purpose. Each host in a network and all interfaces of a router have a logical address called the IP address. All hosts in a network are grouped in a single IP address *range* similar to a street address with each host having a unique address from that range similar to a house or mailbox address. Each network has a different address range and routers that operate on layer 3 connect these different networks. As IP receives segments from TCP or UDP, it adds a header with source IP address and destination IP address amongst other information. This PDU is called a **packet***.* When a router receives a packet, it looks at the destination address in the header and forwards it towards the destination network. The packet may need to go through multiple routers before it reaches the destination network. Each router it has to go through is called a **hop***.* \* ***Figure 1-14** *Packet flow in internetwork* 14 Consider the Internetwork shown in Figure 1-14 to understand the routing process better. When Host1 needs to send data to Host2, it does not get routed because the hosts are in the same network range. The Data Link layer takes care of this. Now consider Host1 sending data to Host3. Host1 will recognize that it needs to reach a host in another network and will forward the packet to Router1. Router1 checks the destination address and knows that the destination network is toward Router2 and hence forwards it to Router2. Similarly Router 2 forwards the packet to Router3. Router3 is directly connected to the destination network. Here the data link layer takes care of the delivery to the destination host. As you can see, the IP address fields in the IP header play a very important role in this process. In fact IP addresses are so important in a network that the next Chapter is entirely dedicated to it! **Figure 1-15** *IPv4 Header* !(media/image6.png) There are various versions of the Internet Protocol. Version 4 is the one used today and version 6 is slowly starting to replace it which is why it's presence has increased on the CCNA Routing & Switching 200-120 exam compared to previous CCNA exam versions. Figure 1-15 shows the header structure of IPv4. The following fields make up the header: **Version** -- IP version number. For IPv4 this value is 4. ** Header Length -- **This specifies the size of the header itself. The minimum size is 20 bytes. The figure does not show the rarely used options field that is of a variable length. Most IPv4 headers are 20 bytes in length. **DS Field --** The differentiated Services field is used for marking packets. Different Quality-Of-Service (QoS) levels can be applied on different markings. For example, data belonging to voice and video protocols have no tolerance for delay. The DS field is used to mark packets carrying data belonging to these protocols so that they get priority treatment through the network. On the other hand, peer-to-peer traffic is considered a major problem and can be marked down to give in best effort treatment. ** Total Length -- **This field specifies the size of the packet. This means the size of the header plus the size of the data. ** Identification -- **When IP receives a segment from TCP or UDP; it may need to break the segment into chucks called **fragments** before sending it out to the network. Identification fields serves to identify the fragments that make up the original segment. Each fragment of a segment will have the same identification number. ** Flags -- **Used for fragmentation process. ** Fragment Offset --** This field identifies the fragment number and is used by hosts to reassemble the fragments in the correct order. ** Time to Live -- **The Time to Live (TTL) value is set at the originating host. Each router that the packet passes through reduces the TTL by one. If the TTL reaches 0 before reaching the destination, the packet is dropped. This is done to prevent the packet from moving around the network endlessly. ** Protocol -- **This field identifies the protocol to which the data it is carrying belongs. For example a value of 6 implies that the data contains a TCP segment while a value of 17 signifies a UDP segment. Apart from TCP and UDP there are many protocols whose data can be carried in an IP packet. ** Header Checksum --** This field is used to check for errors in the header. At each router and at the destination, a cyclic redundancy check performed on the header and the result should match the value stored in this field. If the value does not match, the packet is discarded. ** Source IP address --** This field stores the IP address of the source of the packet. ** Destination IP address --** This field stores the IP address of the destination of the packet. **Figure 1-16** *Source and Destination IP address* 16 Figure 1-16 shows how Source and Destination IP address is used in an IP packet. Notice how the source and destination addresses changed during the exchange between HostA and HostB Routing Protocols In Figure 1-14, Router1 knew that it needed to send the packet destined to Host3 toward Router2. Router2 in turn knew that the packet needed to go toward Router3. To make these decisions, the routers need to build their **routing table**. This is a table of all networks known by it and all the routers in the internetwork. The table also lists the next router towards the destination network. To build this table dynamically, routers use routing protocols. There are many routing protocols and their sole purpose is to ensure that routers know about all the networks and the best path to any network. Chapter 4 and Chapter 5 discuss the routing process and some routing protocols in detail. Internet Control Message Protocol (ICMP) ICMP is essentially a management protocol and messaging service for IP. Whenever IP encounters an error, it sends ICMP data as an IP packet. Some of the reasons why an ICMP message can be generated are: ** Destination Network Unreachable -- **If a packet cannot be routed to the network in which the destination address resides, the router will drop the packet and generate an ICMP message back to the source informing that the destination network is unreachable. **Time Exceeded -- **If the TTL of a packet expiries (reduces to zero), the router will drop it and generate an ICMP message back to the source informing it that the time exceeded and the packet could not be delivered. **Echo Reply* -- ***ICMP can be used to check network connectivity. Popular utility called *Ping* is used to send *Echo Requests* to a destination. In reply to the request, the destination will send back an Echo reply back to the source. Successful receipt of Echo reply shows that the destination host is available and reachable from the source. **Network Access Layer** The Network Access layer of the TCP/IP model corresponds with the Data Link and Physical layers of the OSI reference model. It defines the protocols and hardware required to connect a host to a physical network and to deliver data across it. Packets from the Internet layer are sent down the Network Access layer for delivery within the physical network. The destination can be another host in the network, itself, or a router for further forwarding. So the Internet layer has a view of the entire Internetwork whereas the Network Access layer is limited to the physical layer boundary that is often defined by a layer 3 device such as a router. The Network Access layer consists of a large number of protocols. When the physical network is a LAN, **Ethernet** at its many variations are the most common protocols used. On the other hand when the physical network is a WAN, protocols such as the **Point-to-Point Protocol (PPP)** and **Frame Relay** are common. In this section we take a deep look at Ethernet and its variations. WAN protocols are covered in detail in Chapter 11. Before we explore Ethernet remember that: Network Access layer uses a physical address to identify hosts and to deliver data. - The Network Access layer PDU is called a **frame**. It contains the IP packet as well as a protocol header and trailer from this layer. - The Network Access layer header and trailer are only relevant in the physical network. When a router receives a frame, it strips of the header and trailer and adds a new header and trailer before sending it out the next physical network towards the destination. **ETHERNET TECGNOLOGIES AND CABBLING** Ethernet in the term used for a family of standards that define the Network Access layer of the most common type of LAN used today. The various standards differ in terms of speeds supported, cable types and the length of cables. **The Institute of Electrical and Electronics Engineers (IEEE)** is responsible for defining the various standards since it took over the process in 1980. To make it easier to understand Ethernet, its functions will be discussed in terms of the OSI reference models' Data Link and Physical layers. (Remember that Network Access Layer is a combination of these two layers). IEEE defines various standards at the physical layer while it divides the Data Link functions into the following two sublayers: - The 802.3 **Media Access Control (MAC)** sublayer - The 802.2 **Logical Link Control (LLC)** sublayer Even though various physical layer standards are different and require changes at the layer, each of them use the same 802.3 header and the 802.2 LLC sublayer. The following sections look at the collision detection mechanism used by Ethernet and how Ethernet functions at both the layers. Collision Detection in Ethernet Ethernet is a **contention media access** method that allows all hosts in a network to share the available bandwidth. This means that multiple hosts try to use the media to transfer traffic. If multiple hosts send traffic at the same time, a collision can occur resulting in loss of the frames that collided. Ethernet cannot prevent such collision but it can detect them and take corrective actions to resolve. It uses the **Carrier Sense Multiple Access with Collision Detection (CSMA/CD)*** *protocol to do so. This is how CSMA/CD works: 1. Hosts looking to transmit a frame listen until Ethernet is not busy. 2. When Ethernet is not busy, hosts start sending the frame. 3. The source listens to make sure no collision occurred. 4. If a collision occurs, the source hosts send a jamming signal to notify all hosts of the collision. 5. Each source host randomizes a timer and waits that long before resending the frame that collided. CSMA/CD works well but it does create some performance issues because: 1. * *Hosts must wait till the Ethernet media is not busy before sending frames. This means only one host can send frames at a time in a collision domain (such as in the case of a network connected to a hub). This also means that a host can either send or receive at one time. This logic is called **half-duplex***.* 2. \* *During a collision, no frame makes it across the network. Also, the offending hosts must wait a random time before they can start to resend the frames. Many networks suffered this sort of performance degradation due to the use of hubs until switches became affordable. In fact, statistics showed that anything over 30 percent utilization caused performance degradation in Ethernet. Remember that switches break collision domains by providing a dedicated port to each host. This means that hosts connected to a switch only need to wait if the switch is sending frames destined to the host itself. Half and Full Duplex Ethernet **Half Duplex** in which a host can only send or receive at one time. In a hub-based network, hosts are connected in a half-duplex mode because they must be able to detect collisions. When hosts are connected to a switch, they can operate at **Full duplex***. *This means they can send and receive at the same time without worrying about collisions. This is possible because full duplex uses two pairs of wire instead of one pair. Using the two pairs, a point-to-point connection is created between the transmitter of the host to the receiver of the switch and vice versa. So the host sends and receives frames via different pairs of wires and hence need to listed to see if it send frames or not. You should note that CSMA/CD is disabled at both ends when full duplex is used. **Figure 1-17** *Full Duplex* \* *!(media/image8.png) Apart from eliminating collisions, each device actually gets to use twice the bandwidth available because it now has same bandwidth on both pairs of wire and each pair is used separately for sending and receiving. Figure 1-17 shows how the transmitter on the host's interface card is connected to the receiver on the switch interface while the receiver on the host interface is connected to the transmitter on the switch interface. Now traffic sent by the host and traffic sent to the host both have a dedicated path with equal bandwidth. If each path has a bandwidth of 100Mbps, the host gets 200Mpbs of dedicated bandwidth to the switch. In case of half-duplex, there would have been only a single path of 100Mbps that would have been used for both receiving and sending traffic. Ethernet at the Data Link Layer Ethernet at Data Link layer is responsible for addressing as well as framing the packets received from Network Layer and preparing them for the actual transmission. ** Ethernet Addressing** Ethernet Addressing identifies either a single device or a group of devices on a LAN and is called a **MAC address**. MAC address is 48 bits (6 bytes) long and is written is hexadecimal format. Cisco devices typically write it in a group of four hex digits separated by period while most operating systems write it in groups of two digits separated by a colon. For example, Cisco devices would write a MAC address as 5022.ab5b.63a9 while most operating systems would write it as 50:22:ab:5b:63:a9. A **unicast** address identifies a single device. This address is used to identify the source and destination in a frame. Each LAN interface card has a globally unique MAC address. The IEEE defines the format and the assignment of addresses. **Figure 1-18** *48bit MAC address* \* *18 To keep addresses unique, each manufacturer of LAN cards is assigned a code called the **organizationally unique identifier (OUI)***. *The first half of every MAC address is the OUI of the manufacturer. The manufacturer assigns the second half of the address while ensuring that the number is not used for any other card. The complete MAC address is then encoded into a ROM chip in the card. Figure 1-18 shows the composition of a MAC address. MAC address can also identify a group of devices. These are called *group addresses*. IEEE defines the following two types of group addresses: - **Broadcast Address* ***-- This address has a value of FFFF.FFFF.FFFF and means that all devices in the network should process the frame. - **Multicast Address** -- Multicast addresses are used when a frame needs to go to a group of hosts in the network. When IP multicast packets need to travel over Ethernet a multicast address of 0100.5exx.xxxx is used where xx.xxxx can be any value. ** Ethernet Framing** When the Data Link layer receives a packet from the Network layer for transmission, it has to encapsulate the packet in frames. These frames are used to identify the source and destination device by the switch. It also tells the receiving host how to interpret the bits received by the physical layer. **Figure 1-19** *IEEE Frame (1997)* \* *!(media/image10.png) The framing used by Ethernet has changed few times over the year. Xerox defined the original frame. When IEEE took over Ethernet in early 1980s it defined a new frame. In 1997 IEEE finalized the Ethernet frame that took a few components from the Xerox definition and a few from IEEE's original frame. The finalized frame is shown in Figure 1-19. Table 1-2 lists the fields in the frame, their size and a brief description. **Table 1-2** *Frame Fields* **Field** **Length in bytes** **Description** ------------------------- --------------------- ------------------------------------------------------------------------------------------------------------------------------------ **Preamble** 7 It is used for synchronization. It tells the received device where the header starts. **SFD** 1 Start Frame Delimiter (SFD) tells the receiving device that the next byte is the destination address **Destination Address** 6 Identifies the intended destination of the frame. **Source Address** 6 Identifies the source of the frame. **Length** 2 Contains the length of the data field of the frame. (This field can either be length or type but not both) **Type** 2 Identifies the Network layer protocol whose data is contained in the frame. (This field can either be length or type but not both) **Data** 46-1500 The Network layer data. **FCS** 4 Stores the CRC value which is used to check for errors in transmission. The Length/Type field is something you need to understand a little more about. The type field is very important because it tells the receiving end about the protocol whose data is contained in the frame. If the value of the field is less than a hex value of 0600 (decimal value 1536), it signifies that the field is used as a length field in that frame. For cases where this field is used as a length field, either one or two additional headers are added after the Ethernet 802.3 header, but before the layer 3 header. When IP packets are being carried, the Ethernet frame has the following two additional headers: - An IEEE 802.2 Logical Link Control (LLC) header. - An IEEE Subnetwork Access Protocol (SNAP) header. Figure 1-20 shows an Ethernet frame with these two additional headers. **Figure 1-20** *802.3 Frame with LLC and SNAP header* 20 Ethernet at the Physical Layer Ethernet was originally implemented by a group comprised of Digital, Xerox and Intel (DIX). IEEE then took over and created the 802.3 standard. This was a 10Mbps Ethernet that used co-axial cables. IEEE then extended the 802.3 committee to two new committees known as the 802.3u (FastEthernet) and 802.3ab (Gigabit Ethernet on category 5 cable). Then it created another committee known as the 802.3ae (10Gbps over fiber and co-axial). On the other hand the *Electronics Industries Association and the newer Telecommunication Industries* *Alliance *(*EIA/TIA*) is the standards body that creates the physical layer specifications for Ethernet. It specifies that a **registered jack (RJ)*** connector* with a 4 5 wiring sequence on an **unshielded twisted-pair (UTP)** cabling should be used with Ethernet. This cable comes in categories where higher category has less of the following two problems associated with them: - **Attenuation **-- This is the loss of signal strength as it travels the length of the cable. It is measured in decibels. - **Crosstalk **-- This is the unwanted signal interference from adjacent pairs in the cable. ** **What this means is that category 5 cable has lesser attenuation and crosstalk than category 3 cables. Now that you know about the standards bodies involved and what they have done, it is time to look at the various Ethernet standards. Table 1-3 lists the original 3 standards. Remember that each standard is different in terms of Speed, Cable and the Maximum Length of cables. **Table 1-3** *Original Ethernet Standards* Name Speed Cable Type Max Cable length Connector Description ------------- -------- ------------ ------------------ ----------- -------------------------------------------------------------------------------------------------------------------------------------------------------- **10Base2** 10Mbps Coaxial 185 meters AUI Known as *thinnet*, it can support up to 30 hosts in a single segment. A single collision domain across the network. **10Base5** 10Mbps Coaxial 500 meters AUI Known as *thicknet*, it can support up to 100 users in a single segment. A single collision domain across the network. **10BaseT** 10Mbps UTP 100 meters RJ45 The first standard to use UTP cable with RJ45. A single host can be connected to a segment or wire. It required use of hubs to connect multiple hosts. Table 1-4 shows the extended Ethernet Standards. **Table 1-4** *Extended Ethernet Standards* **Name** **Speed** **Cable Type** **Maximum Cable Length** **Connector** --------------------------------- ----------- ------------------------------------ -------------------------- -------------------- **100BaseTX (IEEE 802.3u)** 100 Mbps UTP cat. 5, 6 or 7 two-pair wiring 100 meters RJ45 **100BaseFX** **(IEEE 802.3u)** 100Mbps Multimode Fiber 412 meters ST or SC connector **1000BaseCX (IEEE 802.3z)** 1000Mpbs Copper twisted pair called twinax 25 meters DE-9 or 8P8C **1000BaseSX(IEEE 802.3z)** 1000Mbps Multimode Fiber 220 meters ST or SC connector **1000BaseLX(IEEE 802.3z)** 1000Mpbs Single mode Fiber 5km ST or SC connector **1000BaseT(IEEE 802.3ab)** 1000Mpbs Cat 5 UTP 100 meters RJ45 Ethernet Cabling When connecting different kinds of devices to each other, different kinds of cabling is used. The following three types of Ethernet cablings exist: - Straight-through cable (a normal patch cable) - Crossover cable - Rolled cable The three cabling types are discussed below: **Straight-Though **-- A UTP cable has 8 wires. A straight-through uses 4 out of these 8 wires. Figure 1-21 shows the configuration of the wire on both ends in a straight-through cable. Notice that only wires 1, 2, 3 and 6 are used and they connect straight to corresponding number on the other end. **Figure 1-21** *Wire configuration in Straight-Through cable* \* *!(media/image12.png) **Note: **If you are wondering why the wire configuration is important remember that the transmitter on one end needs to connect to the receiver on the other end. If wiring configuration is incorrect, bits sent from one end will not be received at the other end. **Crossover **-- Crossover cable also uses the same four wires that are used in straight-through cable but different pins are connected here. Figure 1-22 shows the configuration of the wires in a crossover cable. **Figure 1-22** *Wire configuration in Crossover cable* 22 Crossover cable is used to connect: - Host to Host - Switch to Switch - Hub to Hub - Switch to Hub - Router to a host Any easy way to remember this is that similar devices are connected to each other using crossover cables. **Rolled Cable **-- A rolled cable cannot be used for any Ethernet connection. It is used for connecting to a router's or a switch's console port from your host's serial communication (com) port. Every Cisco router and switch has a console port that is used for initial configuration. All 8 wires are used in this cable and each wire connects to the opposite number on the end (1 to 8, 2 to 7, 3 to 6 etc). Figure 1-23 shows the wire configuration. **Figure 1-23 ***Wire configuration in Crossover cable* !(media/image14.png) **Exam Alert: **Cable types and where they are used is a very important topic not only for the CCNA Exam as you will see questions on it, but also for your networking career as well. \* * **Data Encapsulation in TCP/IP Model** The last thing you need to know about TCP/IP model is the Data encapsulation process and PDUs. As in case of the OSI reference model, the data is encapsulated in a header (and trailer in case of Network layer) to create a Protocol Data Unit (PDU) and is passed down to the next layer. Though you are aware of the process, you must know the names of each layer's PDU. The PDU in TCP/IP model are: - Transport Layer -\> Segment - Internet Layer -\> Packet - Network Access Layer -\> Frame **Figure 1-24 ***Data encapsulation in TCP/IP Model* \* *24 **CISCO CORE LAYERS** These layers are logical and not physical. They have specific functions in an internetwork which are discussed below: **The Core Layer** -- This layer is the backbone of an internetwork. It is the simplest yet the most critical layer whose sole function is to transport large amount of data fast. It gets data from the distribution layer and sends it back to the distribution layer after transportation. Speed and fault tolerance are the two major requirements of this layer because it has to transport large amount of data and any fault at this layer will impact every user. Considering the functions of this layer, the following should be avoided at this layer: - Any thing that can slow down the traffic. For example, packet filtering, inter-VLAN routing etc. - Direct user connections - Direct server connections - Complex service policies While designing the core, the following should be kept in mind: - Routing protocol should have low convergence time. - Network Access layer technologies should be fast with low latency - Redundancy should be built into this layer. **The Distribution Layer **-- This layer acts as an interface between the Core and the Access layers. The primary function of the distribution layer is to provide routing, filtering, and WAN access and to determine how packets can access the core, if needed. Path determination is the most important function at the layer. It has to select the fastest way an access request can be completed. This layer also acts as the convergence point for all access layer switches. Hence it is generally the best place to apply most of the policies. The following are generally done at this layer: - Routing between subnets and VLANs and route distribution between routing protocols - Implementation of security policies, including firewalls, address translations, packet filtering, etc. - Breaking broadcast domains **The Access Layer **-- This layer is the edge of the network where wide variety of devices such as PCs, printers, iPads etc. connects to the network. Common resources needed by users are available at this layer while access request to remote resources are sent to the distribution layer. This layer is also known as the *desktop layer*. The following are generally done at this layer: - Access control and policies in addition to what exists in the distribution layer. - Dynamic configuration mechanisms - Breaking collision domains - Ethernet switching and static routing ![](media/image16.png) - Bit -- A bit is a single digit with a value of 0 or 1. - Byte -- A byte is composed of 8 bits. - Octet -- An octet is also made up of 8 bits. Throughout this chapter the terms byte and octet are interchangeable. - Network Address -- This refers to a remote network in terms of routing. All hosts in the remote network fall within this address. For example, 10.0.0.0, 172.16.0.0 and 192.168.1.0 - Broadcast Address -- This is the address used to send data to all hosts in a network. The broadcast address 255.255.255.255 refers to all hosts in all networks while an address such as 192.168.1.255 refers to all hosts in a particular network. An IP address is 32 bits in length. To make the address easier to read, it is divided into four sections of 8 bits each divided by a period. Each section is therefore, 1 byte (also called octet) long. To further make it easier to read and remember, the binary numbers are converted to decimal. For example, an IP address such as 11000000100000000000110000000001 is divided to make it 11000000.10000000.00001100.00000001. When this address is converted to decimal, it will become 192.128.12.1. This format of IP address is called the dotted decimal format. Some applications also covert the address to hexadecimal format instead of decimal format. However this is not commonly seen and as far as the CCNA exam is concerned, you need to only work with the dotted decimal format. Topics in this chapter require binary to decimal conversions. Table 2-1 shows the decimal value of each bit location in a byte. To easily convert from binary to decimal, add up the decimal value corresponding to the bit place that is "on" (1). For example, a binary value of 10110000 can be easily converted to decimal by adding the decimal value of each bit that is 1. That gives us 128+32+16 = 176. Table 2-2 shows the decimal value for the most common binary numbers you will encounter in this chapter. Table 2-1 *Decimal Value for each bit place in a byte* ----- ---- ---- ---- --- --- --- --- 128 64 32 16 8 4 2 1 ----- ---- ---- ---- --- --- --- --- Table 2-2 *Decimal Values for common binary numbers * *Binary Value* *Decimal Value* ---------------- ----------------- *10000000* *128* *11000000* *192* *11100000* *224* *11110000* *240* *11111000* *248* *11111100* *252* *11111110* *254* *11111111* *255* An IP address does not only represent the host address. In fact it represents the network where the host resides and the host it self. In effect, the IP address consists of two parts: 1. 1. The Network component -- Defines network (or subnet), in an internetwork, the host resides in. 2. 2. The Host component -- Defines the host itself in the network. Each combination of the network component and the host component should be unique in the entire Internetwork. To make it easy to identify which portion of the address is network component and which one is the host component, addresses are broken down into 5 classes discussed below: - Class A -- The first byte (8 bits) is the network component and the remaining three bytes (24 bits) are host component (network.host.host.host). This class is for an internetwork with small number of networks and large number of hosts per network. - Class B -- The first two bytes (16 bits) are the network component and the remaining three bytes are host components (network.network.host.host). This class bridges the gap between Class A and Class C by providing for medium number of networks with medium number of hosts. - Class C -- The first three bytes (24 bits) are the network component and the last byte (8 bits) is the host components (network.network.network.host). This class provides for large number of networks with fewer hosts per network. - Class D -- Used for multicasting. - Class E -- Reserved addresses In a binary address the first 5 bits of the address and the first octet in a dotted decimal address shows the class of address. Table 2-3 shows the first 5 bits and the first octet range of each class of address. Table 2-3 *Address range for different classes of address* Class First 5 bits in binary First Octet range ------- ------------------------ ------------------------------------------------------ A 0xxxx 0-127 (actually 1-126 because 0 and 127 are reserved B 10xxx 128-191 C 110xx 192-223 D 1110x 224-239 E 1111x 240-254 Notice that first few bits in each class have a fixed value. For example a class A address should have the first bit set to 0. Similarly class C should have first 2 bits set to 1 and the third bit set to 0. Another point to note is that though the class A range is from 0 to 127, the address 0.0.0.0 is reserved to mean "any network" and 127.0.0.1 is reserved as a loopback address which refers to the host itself. So the class A network is restricted to the 1-126 range. Exam Alert: Class of addresses and their address range is a very important topic. You will have to remember the range associated with each class. Before moving ahead, spend some time to figure out the class of some addresses given below. Also try to figure out which portion is the network and which portion is the host part: 1. 1. 9.140.2.87 -- This is a Class A address because the first octet lies in 1-126 range. 9 is the network part while 140.2.87 is the host part because class A addresses have a network.host.host.host format. 1. 2. 172.30.4.190 -- This is a Class B address because the first octet lies in 128-191 range. 172.30 is the network part while 4.190 is the host part because class B addresses have a network.network.host.host format. 1. 3. 194.144.5.10 -- This is a Class C address because the first octet lies in the 192-223 range. 194.144.5 is the network part while 10 is the host part because class C addresses have a network.network.network.host format. 1. 4. 45.22.187.1 -- This is again a class A address with 45 being the network part and 22.187.1 being the host part. Some IP address such as 127.0.0.1 have a special meaning. Table 2-4 lists such addresses and what they represent. Table 2-4 *Reserved IP addresses* Address What it represents Where can it be used --------------------------- ---------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------ Network address of all 0s Represents "this network". For example 0.0.0.120 For sending broadcast messages to the network. Network address of all 1s Represents "all networks". For sending broadcast messages to all networks. Node address of all 0s Represents a network address or all hosts in the network. Example 10.0.0.0 or 172.16.0.0 Routers route traffic based on network address. Node address of all 1s Represents all hosts in a network. Also called the broadcast address. Example 172.16.255.255 or 192.168.10.255 Used to send broadcasts to all hosts in a network. Entire address of 0s Represents "any network". Used by routers to designate the default route. Entire IP set to all 1s. Represents all hosts in network. Used to send broadcast messages 127.0.0.1 Represents the loopback address which is essentially the host itself To send traffic from the host to itself. If you want to connect to a webserver running on the host itself, you will use this address in the browser. **SUBNETTING** Subnetting allows you to borrow some host bits and use them to create more networks. These networks are commonly called **subnets** and are smaller in size. But since each network has a network address and a broadcast address, some addresses get wasted. To further understand how subnetting is useful consider a Class C address. Each class C address has 2^8^-2 or 254 host addresses available. If you wanted 2 networks with 100 addresses and used 2 class C networks, you would waste 308 addresses. Instead of using two class C networks, you can subnet one to provide you two networks of 126 addresses each. This way lesser number of addresses would be wasted. While some of the benefits of subnetting are discussed above, the following list discusses all the benefits associated with it: - **Reduced broadcasts -- **While broadcasts are necessary, too many of them can bring down a network and the number of broadcasts is proportionate to the size of the network. So subnetting a network to smaller subnetworks, helps reduce broadcasts since routers do not forward broadcasts. - **Increased Network Performance -- **The direct result of reduced broadcasts is a network that has more bandwidth available to the hosts. More bandwidth and lesser hosts result in a better performance of the network. - **Easier Management -- **Managing and troubleshooting a large network is cumbersome and difficult. Subnetting breaks a network into smaller subnetworks, making it easier to manage each of them. - **Scalability -- **A single large network spanning a large geographical location will be more difficult and costlier to manage. WAN links connecting different locations are costly and having broadcasts choking the network can result is wasted money. Hence breaking down a large network makes is easier to scale a network across geographical locations. Now that you understand the concept and benefit of subnetting, consider the problem that arises with it. In case of class based subnetting, the first octet of the dotted decimal address tells which part of the address is the network component and which one is the host component. But when host bits are borrowed for subnetting, the class based boundaries do not apply and it is not possible to say which bits are network bits. To overcome this, a third component of IP addresses were added. These are called the **subnet masks**. Subnets masks, like IP addresses, are 32 bit long. The value of subnet mask represents which bits of the IP address are network components and which are host component. A value of 1 in a subnet mask shows that the corresponding bit in the IP address is a network component while a value of 0 shows that the corresponding bit is a host component. The following examples will help clarify this further: 1. An IP address of 192.168.10.1 with a subnet mask of 255.255.255.0 (11111111.11111111.11111111.00000000) shows that the first three octets of the IP address are the network component while the last octet is the host component. 2. An IP address of 172.16.100.1 with a subnet mask of 255.255.128.0 (11111111.1111111.100000000.00000000) shows that one bit from the third octet has been borrowed from the host component. Hence the network component is now 17 bits long instead of the default 16 bit in a class B address. 3. An IP address of 10.1.1.1.1 with a subnet mask of 255.255.0.0 (11111111.11111111.00000000.0000000) shows that the entire second octet has been borrowed from the host component and now the network component is 16 bits long instead of the default 8 bit of a class A address. One restriction that applies to subnet masks is that all network bits (1) and all host bits (0) should be contiguous. So a subnet mask of 11001100.11110000.11110000.00001111 is not valid because the network and host bits are not contiguous. Table 2-5 shows the valid subnet mask values is an octet. **Table 2-5 ***Valid subnet mask values in an octet* **Binary Value** **Decimal Value** ------------------ ------------------- **00000000** 0 **10000000** 128 **11000000** 192 **11100000** 224 **11110000** 240 **11111000** 248 **11111100** 252 **11111110** 254 **11111111** 255 Subnets masks are commonly represented in two ways: 1. Dotted Decimal -- 10.1.1.1 255.255.0.0 2. Classless Inter-Domain Routing (CIDR) notation -- 10.1.1.1/16 Remember that any mask not given in Table 2-5 is not valid for an octet. By now you may have figured out that the default subnet mask of class A is 255.0.0.0 or /8, the default mask of class B is 255.255.0.0 or /16 and the default mask of class C is 255.255.255.0 or /24. Table 2-6 shows the default masks of each class. These default masks cannot be changed. For example, you cannot use a mask of 255.255.0.0 for a class C address. If you try to use an invalid mask such as this, every device will produce an error. For each class, the minimum mask is the default mask and it cannot be reduced. Class A has to have a minimum mask of 255.0.0.0, class B has to have a minimum mask of 255.255.0.0 and class C has to have a minimum mask of 255.255.255.0. **Table 2-6** *Default Subnet masks* **Class** **Format** **Default Subnet Mask** ----------- ------------------------------ ------------------------- **A** network.host.host.host 255.0.0.0 **B** network.network.host.host 255.255.0.0 **C** network.network.network.host 255.255.255.0 Remember that an IP address without mask or a mask without IP address does not mean anything. A mask of /24 does not mean that the address is a class C address. Even a class A or class B address can have a mask of /24 after subnetting. Table 2-7 provides a list of dotted decimal subnet mask value and the corresponding CIDR value. **Table 2-7 ***Subnet Mask values* **Dotted Decimal Value** **CIDR notation** -------------------------- ------------------- **255.0.0.0** /8 **255.128.0.0** /9 **255.192.0.0** /10 **255.224.0.0** /11 **255.240.0.0** /12 **255.248.0.0** /13 **255.252.0.0** /14 **255.254.0.0** /15 **255.255.0.0** /16 **255.255.128.0** /17 **255.255.192.0** /18 **255.255.224.0** /19 **255.255.240.0** /20 **255.255.248.0** /21 **255.255.252.0** /22 **255.255.254.0** /23 **255.255.255.0** /24 **255.255.255.128** /25 **255.255.255.192** /26 **255.255.255.224** /27 **255.255.255.240** /28 **255.255.255.248** /29 **255.255.255.252** /30 Before moving to actual subnetting, you need to remember the powers of 2 i.e. the value of 2 multiplied as many times as the given exponent. For example 2^4^ = 2 x 2 x 2 x 2 = 16. Table 2-8 lists the first 14 values. It is not necessary to remember them all, but do remember that each value is twice the previous one. The more you remember these values, the easier it will be to subnet on your CCNA exam **Table 2-8 ***Powers of Two* **Exponent** **Value** -------------- ----------- **2^1^** 2 **2^2^** 4 **2^3^** 8 **2^4^** 16 **2^5^** 32 **2^6^** 64 **2^7^** 128 **2^8^** 256 **2^9^** 512 **2^10^** 1024 **2^11^** 2048 **2^12^** 4096 **2^13^** 8192 **2^14^** 16384 Now that you know what subnetting is and how subnet masks are used, it is time to create subnets. When planning to subnet, you need to know three things: 1. Total number of subnets that you need 2. Total number of hosts per subnet that you need 3. Available network and subnet mask (which will be subnetted) Armed with answers to this, you need to find the following: 1. Subnet Mask to be used across the network 2. Valid subnets 3. Network address for each subnet 4. Broadcast address for each subnet 5. Valid host addresses in each subnet. For this section I will take a sample requirement of 8 networks with 30 hosts each with one class C network of 192.168.10.0 255.255.255.0 available. Now that you have the requirement, first thing you need to find is the new subnet mask that can satisfy the requirement. To find the subnet mask, follow the steps given below: 1. Find the exponent of 2 whose value is more than or equal to the number of subnets required. Lets call this 2^sn^. For our example, we need 8 subnets and 2^3^ equals to 8. So our 2^sn^ is 2^3^. 2. Find the exponent of 2 whose value minus 2 is more than or equal to the maximum number of hosts required in a subnet. Lets call this (2^h^-2) For our example, we need a maximum of 30 hosts in a subnet and 2^5^-2 gives us 30 hosts per subnet. 3. Make sure sn + h from the above two steps does not exceed the number of host bits available in the network available. If the sum of sn and h exceed the available host bits then you will require another network of the same class or a network of a higher class. In our example we have 8 bits of host addresses available in 192.168.10.0 255.255.255.0 network. Our sn+h is 3+5 that gives us 8. 4. Convert the available mask to the CIDR notation and add sn to it to get the new subnet mask. For our example the mask 255.255.255.0 can be converted to /24. On adding 3 we get a mask of /27. Converting from /27 to the dotted decimal format is easy. /24 is 255.255.255.0 or 11111111.1111111.1111111.00000000. /27 will be 11111111.1111111.1111111.11100000. You need not worry about the first 3 octets since they are already known to be 255.255.255. For the last octet add the decimal value for each network bit. In our case it will be 128+64+32 = 224. So the new subnet mask is 255.255.255.224. Table 2-7 also provides a list of dotted decimal and networking bits value. The most difficult part is now over. To find the rest of the 4 answers, follow the steps given below: 1. Valid subnets -- To find the valid subnets deduct the interesting octet value from 256. Interesting octets are those octets that have host bits. Available subnets will be in multiples of the resultant value up to 256. In our case the fourth is the interesting octet. Deducting 224 from 256 gives us 32. So the available subnets are 0,32, 64, 96, 128, 160, 192, 224. 2. Network Address of each subnet -- The network address is the very first address of each subnet. So for our valid subnets, the network address would be 192.168.10.0, 192.168.10.32, 192.168.10.64, 192.168.10.96, 192.168.10.128, 192.168.10.160, 192.168.10.192 and 192.168.10.224 Class C network with a mask of /26. It will give you subnets 0, 64, 128 and 192 if subnet-zero is allowed, else it will only give you subnets 64 and 128. 3. Broadcast Address of each subnet -- The last address of a subnet is the broadcast address. Simply deduct 1 from the next network address to find the broadcast address of a subnet. For our example subnets the valid broadcast addresses are: Definition of Terms Gathering & Verifying Information - Using show commands - Running config - Startup config - Version - Interface information - Using pipes **CISCO ROUTERS, SWITCHES & IOS** DNS & DHCP Resolving Names - Ip name-server \ - Ip host \\ Cisco Ios as Dhcp server - Ip dhcp pool \ - Network\\ - Default-router\ - Dns-server\ - Ip dhcp excluded-address\\ Another method SAVING, ERASING & BACKING UP CONFIGS Saving commands - Copy running-config Erase Commands - Erase startup-config - Reload Backing up configs - TFTP copy run TFTP - FTP copy run FTP - Configure the username and password - Config\# ip ftp username\ - Config\# ip ftp password\ PASSWORD RECOVERY - Boot up the device - Interrupt the boot up process using ctrl-c - Change configure registry (confeg) to 0\*2142 - Reboot - Copy start run - Change the enable password - Save CDP Neighbor Cisco Discovery Protocol(CDP) is a proprietary protocol designed by cisco to help finding information about neighboring devices Enable cdp globally: cdp run Enable cdp on an interface: cdp enable **IP HELPER ADDRESS** set a device as dhcp relay agent - **D**iscover -- udp broadcast - Offer - udp unicast - Request- udp broadcast - Acknowledge -- udp unicast Ip helper-address Ip address dhcp automatically look for dns server IP ROUTING Types of Routing - Routing table is stored in routing information base (rib) - Consists of destination address, subnet mask & next hop towards the destination - Possible routes -- save din routing information base - Dynamic static route contains all possible route, and the best route will be storer in forwarding information base 3 ways a Router learn routes: 1\. Static Route Route is manually added by an administrator Best in small network Advantages: no overhead(use less bandwidth and cpu) , and adds a certain degree of security Disadvantages : prior knowledge of the network, every change should be done manually, unmanageable in large networks Static Routing Config: ip route \[destination\]\[netmask\]\[next hop\]\[exit interface\] 2\. Default Route All routers are configured to send all packets towards a single router, very useful method for small networks or networks with a single entry and exit point, used in addition to static or dynamic routing sends packets destined to any unknown destination to a single next hop add , useful when a bulk of destination networks have to routed Default Routing Note: when a more specific route to a destination exists in the routing table, the router will use that route and NOT the default route Ip route 0.0.0.0.0.0.0.0\[next hop\] 3\. Dynamic Route Algorithms are used to automatically propagate routing information Best in large networks, greater cpu and bandwidth usage, every routing protocol defines its own for communication between routers and selecting the best route ROUTING PROTOCOL Classified as IGP & EGP IGP(Interior) - exchange routing information within internetworks that fall under a single administrative domain(AS) Classes of Routing Protocol Distance Vector -uses distance to measure the cost of a route, periodically send their entire routing table \- slower to converge, consume a lot more bandwidth & cpu Link state -form a neighbor relation with other routes before sharing routing information -exchange connectivity related information(link states) -updates are sent out only when there is a change -converge faster than a distance vector EGP(Exterior )- exchange routing information between different administrative ![](media/image18.png) Administrative Distance -trustworthiness of routing information received by a router -used when multiple routing protocol is present on a single router -value from 0 to 255.lowest value will be selected \- any route with an AD value of 255 will never be used Routing Metrics -a metric(cost) of a route is calculated differently by each protocol -used when single routing protocol with multiple paths is running on a router -more than one path to a destination metrics is used Hybrid -use aspects of both distance vector and link state protocols. Ex EIGRP Routing Loops 1\. Maximum hop count- set to 15 2\. Split Horizon -- prohibiting a router from advertising a route back onto the interface from which it was learned 3\. Route Poisoning - \\lost route is advertised with hop count of more than the maximum hop count 4\. Hold Downs -prevents a router from learning new info about a failed route until time expires Routing Destination -the process of distributing routes learned from one source to another -useful when networks are expanding, merging or in a phase of transition ![](media/image20.png)