Remi @ Honeywell.pdf

Full Transcript

Physical Categories In A Computer Network 07 February 2024 11:16 The physical components are categorized as personal computers, interconnections, switches, routers, and WLAN devices. Routers are devices that interconnect networks and choose the best paths between networks. Switches are devices that provide network attachment to the end systems and intelligent switching of the data within the local network. Computers serve as end points in a network, using which users can send and receive data. Interconnections consist of components that provide a means for data to travel from on point to another point in the network. This category includes components such as: Network Interface Cards (NICs) that translate computer data into a format that can transmit over the local network. Network media such as cables or wireless media that provide the means by which the signals are transmitted from one networked device to another and connectors that provide the connection points for the media. WLAN devices connect network devices, computers, and other endpoints to the network without cables. The minimum requirement for wireless access to the network is an endpoint with WLAN NIC and an access point that is to the wired network. EPKS L1 Page 1 Network Topologies 07 February 2024 13:43 Computers or devices in a network are connected in a logical manner. The layout patten of the interconnections between computers in a network is called as the Network Topology. It can also be defined as the virtual structure of a network. In a network topology, devices are referred to as nodes. Typically, network topologies are illustrated using these nodes and connections with cables. Network topology is the layout of the interconnections between computers in a network. Star Topology Star topology is the most commonly used topology in Ethernet LANs. In this topology, all computers are connected to a central connection point such as a hub, switch or a router. All data on the star network goes though the central point before continuing to its destination. Each device is connected to the central device with its own wire. An advantage of this topology is that if a cable connection breaks or stops working, the rest of the network remains unaffected. A disadvantage of this topology is that if the central connection point goes down, the entire network could collapse. In addition to Star topology, there is an extended Star topology which includes an additional network device connected to the main network devices. The problem with the pure extended-star topology is that, if the central node point fails, large portions of the network can become isolated. Bus Topology In a Bus Topology, all the devices are effectively connected by one single cable. This cable proceeds from one computer to the next, like a bus-line going through a city. This single cable called a trunk, or backbone. The main cable segment must end with a terminator, that absorbs the signal, when it reaches the end of the line or wire. If there is no terminator, the electrical signal representing the data bounces back at the end of the wire, causing errors in the network. Bus topology implies a shared medium and if the shared media fails, the network fails. Ring Topology In Ring Topology, all the devices in a network are connected in the form of a ring or circle. Unlike the Bus Topology, a Ring Topology has no beginning or end that needs to be terminated. In one implementation, a free "token" travels around the ring, stopping at each device. If a device wants to transmit data, it adds that data and the destination address to the token. The token then continues around the ring until it finds the destination device, which takes the data from the token. The advantage of using ring topology is that there are no collisions of data packets. Ring topology is susceptible to a single failure which stops the entire ring from functioning. There are couple of iterations to ring topology, namely, the single- ring topology and the dual-ring topology. In a Single-ring topology, all devices in the network share a single cable. Data travels only in one direction where each device waits to turn data over the network. EPKS L1 Page 2 In Dual-ring topology, two rings allow data to be sent in both directions. This setup creates redundancy or fault tolerance, that is, if one ring fails, data will be transmitted on the other ring. Example of a Dual-Ring Topology is Optical ring Wireless Topology Wireless Topology, extends a wired LAN to include wireless devices. This topology uses a combination of wired and wireless devices. Wireless devices such as laptops, tablets or mobile phones can communicate with the wired LAN through a , base station known either as an Access Point or Wireless Access Point. The Access point allows , wireless devices such as laptops, tablets or mobile phones to connect with the network. The access point acts as a bridge between a wireless and wired LAN, and all transmissions between wireless stations and a wired network client go through the access point. Ad-Hoc wireless technology is a type of wireless technology. In this type, devices communicate directly between themselves without using an access point. Mesh Topology Mesh topology provides a multiple path network. Mesh topology must be implemented using switches, but implementation is not possible with hubs. Multiple paths between switches provide additional functionality, that is, Redundancy and load balancing. It is suited for UTP Installations and ideal for large critical installations. The Internet is a great example of Mesh topology. On the flip side, mesh topology introduces complexity and result in network loop problems. EPKS L1 Page 3 Shared Resources In A Network 07 February 2024 14:04 A network is a web of computing devices linked to each other wherein they can communicate and collaborate by sharing information, hardware, and software. Authorized users can use other computers on the network to access and share information and data. This includes special group projects, databases, and so on. Similarly, printers and scanners in a network can be shared by multiple users. Instead of purchasing and installing a software program on each computer, it can be installed on the server. All the users can then access the program from a single location. A computer network allows users to communicate with other users on the same network by transmitting data on the cables used to connect them. A network also allows the backup and retrieval of information. A centralized node is used to schedule and store system backups. These backups can be restored on other nodes in the network whenever required. EPKS L1 Page 4 Media Considerations 07 February 2024 13:43 Transmission Speed and Bandwidth Media Length Media length is the maximum distance over which a certain type of media can be used. If the signal travels long distances, it becomes unstable. Different cables types affect the distance the media can travel. The first factor is Transmission speed and Bandwidth. Transmission speed is measured by the number of data bits that can traverse the in one second. Bandwidth refers to the width of the range of electrical or amount of channels that the media can support As bandwidth increases, more information per unit of time can pass through the channels. In simple terms bandwidth is the capacity and speed is the rate. In a copper cable, signal attenuation occurs which means that the data signal weakens while traversing the media. In a Shielded Twisted Pair cable, shielding is used to increase the distance that the signal can travel. Interference In a Fiber-optic cable, the strength of the signal suffers from chromatic dispersion which refers to the arrival of different colours or wavelengths in a light beam arriving at slightly different times. Installation & Repair Installation and repair is another factor while selecting cables and connectors. Some media are easier to manage and install than others. For example, a fiber-optic cable is far more complex to install and troubleshoot than twisted-pair. Plenum Cables are also difficult to install. Plenum spaces are the open spaces above the ceiling or below the floor that are used for air circulation. For example, a raised computer room floor. Cables to be used in such places must be plenum-rated. EPKS L1 Page 5 Cabling: Transmission Mechanisms 07 February 2024 14:08 Data transmission Process of sending digital/analog data over a communication medium to a single/multiple computing, network, communication, or electronic devices. Baseband Transmission Broadband Transmission 1. Digital signalling is used over a single channel. 2. Signal flow is in the form of discrete pulses of electricity/light. 3. Supports single transmission via a single channel system at any given time. 4. Used over shorter distances. 5. Bi-directional transmission,.i.e. same channel is used to send and receive signals. Frequency division multiplexing is not supported. EPKS L1 Page 6 1. 2. 3. 4. 5. Analog signalling and a range of frequencies are used. Signal flow is in form of electromagnetic or optical waves. Supports multiple transmissions over different frequencies. Used over longer distances. Uni-directional transmission,.i.e. to send and receive transmission, two cables are required. 6. Frequency division multiplexing is supported. Modes of Communication 07 February 2024 14:25 Communication mode refers to the mechanism of transferring data between two devices connected over a network. It is also known as the transmission mode. There are three types of communication modes, namely, Simplex mode, half-duplex mode and full-duplex mode. These modes direct the direction of the flow of information. Communication mode refers to the mechanism of transferring data between two devices connected over a network. It is also known as the transmission mode. There are three types of communication modes, namely, Simplex mode, half-duplex mode and full-duplex mode. These modes direct the direction of the flow of information. Simplex In the simplex mode, communication takes place in only one direction. There can be a sender device and multiple receiving devices, Imagine the simplex mode to be more like a one-way road in which the traffic travels only in one direction and no vehicle from opposite direction is allowed to enter. The entire bandwidth of the media is used for transmitting the signal. Now, that you have an idea about the simplex communication mode. A television broadcast is an example of simplex transmission mode. Information flows only from the TV transmitter to multiple receivers i.e. the television viewers. Half-duplex In a Half-duplex communication mode, communication between the sender and receiver occurs in both directions but not at the same time. So, if the sender sends the message at time 1, the receiver cannot respond until the sender is done sending the message. Once the sender is done, the receiver can respond at time 2. Hence, although the half-duplex transmission is bidirectional, data can be sent in one direction at a time. Think of half duplex communication to be still like a one way road, in which a vehicle traveling in the opposite direction of the traffic has to wait till the road is empty. EPKS L1 Page 7 Hence, although the half-duplex transmission is bidirectional, data can be sent in one direction at a time. Think of half duplex communication to be still like a one way road, in which a vehicle traveling in the opposite direction of the traffic has to wait till the road is empty. Thus, data flows in only one direction at a time. Note that the transmitting device uses the entire bandwidth of the media. Communication over a Walkie-talkie is the best example of a half-duplex communication mode. Walkie- talkies are battery-powered transceivers that allow users to send and receive messages one at a time. Suppose that two people are conversing with each other via walkie-talkies. The first person has to press a button of the device and speak. The second person cannot speak until the first person is done and the button on the first device is released. Once the first person is done released, the second person needs to press the button to speak with the first person. Note that other walkie-talkies in the vicinity can receive the signal. Full-duplex In the Full-duplex communication mode, the communication between the sender and receiver can occur simultaneously. The full duplex transmission mode is similar to a two-way road where traffic can flow in both directions at the same time. This communication mode is bi-directional and has double the bandwidth of the half-duplex communication mode. A telephone network is an example of the full-duplex communication modes because both speakers can communicate at the same time. EPKS L1 Page 8 LAN Cables Publish 07 February 2024 14:25 Cables EPKS L1 Page 9 EPKS L1 Page 10 EPKS L1 Page 11 EPKS L1 Page 12 EPKS L1 Page 13 Media Connectors 07 February 2024 14:25 Media Connectors EPKS L1 Page 14 EPKS L1 Page 15 Networking Components 07 February 2024 14:25 A computer network is a group of two or more computers that connect with each other to share a resource. Sharing of devices and resources is the purpose of a computer network. In computer networking, there are several types of networks that range from simple to complex level. In order to connect computers with each other or to the existing network or planning to install from scratch, the required devices and rules or protocols are same. Types of Network Components A hub does not perform any processing on the Ethernet frame nor perform any error checks. This creates security concerns and also creates unnecessary traffic affecting bandwidth. This method of operation is inefficient as data was intended only for one of the devices in the network. There are two different types of hubs known as passive and active hubs. The critical differentiator is power requirement. A passive hub does not require power because a signal is not regenerated signal before forwarding data, whereas in active hubs, a signal is regenerated before forwarding data. A switch has multiple ports and accepts ethernet connections from network devices. It is similar to a hub but with advanced features. The switch uses the physical addresses in each incoming message so that the message can be delivered to the right destination or port. Switches are preferred over hubs because unnecessary traffic is reduced on the network. In the case of a switch, if computer A wants to transmit data only to computer C, data will be transmitted only to computer C and not to any other device like the hub will transmit the data to all devices in the network. This reduces security concerns and does not create unnecessary traffic affecting bandwidth. A router is a device that routes or forwards data from one network to another based on their IP address. The destination address of the packet is examined and the packet is forwarded based on a configured or learnt routing table. When a network is divided into two segments with the use of hubs, broadcast messages are sent to every computer on the other network, thus causing unnecessary traffic. The introduction of a bridge allows the division of the two networks. A bridge is a networking device used to connect different segments or collision domains. It filters data based on the MAC address and allows data packets to pass only if it matches the MAC address of the destination. A bridge has a record of the MAC addresses of all the network interface cards connected to it and blocks data from crossing unless it meets the requirement. A gateway is a device that connects multiple networks and passes data packets from one discrete network to another. In simple terms, any device that translates one data format to another is called a Gateway. In many cases, the gateway functionality is incorporated in different devices. Some example of gateways are routers translating data from one network protocol to another, a bridge converting between two networking systems, or a software application converting between two dissimilar formats. Media converters are simple devices used to connect two devices or LANs that are not entirely relatable, due to different speeds, operation types, modes or media types (twisted pair, fiber, coax). Users can convert media types such as single and multi-mode fiber to ethernet, fiber to coaxial, single mode fiber to multimode fiber and so on. Among media converters, the most often used type is a device that works as a transceiver, which converts the electrical signal utilized in copper unshielded twisted pair (UTP) network cabling to light waves used for fiber optic cabling. A transceivers is a networking device that has a transmitter and a receiver in the same package. It applies to wireless devices such as mobile phones or walkie-talkies. These devices are available in two forms, chip transceivers and module transceivers. Module transceivers are external and installed separately. Different types of transceivers include Radio Frequency, Fiber-optic, Ethernet, and Wireless. EPKS L1 Page 16 These devices are available in two forms, chip transceivers and module transceivers. Module transceivers are external and installed separately. Different types of transceivers include Radio Frequency, Fiber-optic, Ethernet, and Wireless. A firewall is a protective system that lies between the computer network and the internet. It is a common method to secure a network. Firewalls manage the flow of network traffic between a trusted internal network and untrusted external network like the internet. Firewall can either be a hardware or software. Hardware Firewall A hardware firewall is a physical device that filters incoming and outgoing traffic for the entire network. These firewalls can be implemented with limited configuration and protects systems behind the firewall from outside sources. They can be combined with other network devices. For example, broadband routers and wireless access points have the firewall functionality builtin. EPKS L1 Page 17 Software Firewall A software firewall is an application or program that protects a single computer from unauthorized access. Software firewalls are installed on the computer and can be customized according to user preferences. Routing Table 08 February 2024 12:58 A router is a networking device that forwards data packets between computer networks. Data packets are forwarded by using the process of selecting a path across multiple networks called routing. When a data packet arrives at a router from the source, the destination IP address of the packet is examined, and the path is decided. This decision is made based on routing tables. In computer networking, a routing table, is a data table stored in a router or a network host. It contains the information necessary to forward a packet along the best path towards its destination. A basic routing table includes route information such as the network destination, netmask, gateway, Interface and metric. These routing tables must be update and complete. Static routing and Dynamic routing are two ways by which a router is configured to get information for the routing table. Static In Static routing, a network administrator manually enters pre-configured routes and route information in the routing tables. Suppose, a data packet is to be sent from router A to router E. The administrator has configured that the best path for the data packet to Router E is via router C. What happens if router C fails? The data packet will not be sent ahead. The network administrator will have to modify the routing table to another route for the data packet to be sent from Router A to Router E. In addition, the administrator has to intervene in case of a change in the layout, or topology. Dynamic In dynamic routing, routers use special routing protocols to create a route for the data packet. The purpose of these protocols, is to enable routers to pass on information about themselves to other routers. Using this information, routers build routing tables. If router C fails, the network administrator will not need to manually create any route for the data packet. Instead, the routers are assigned with routing protocols. This enables routers to pass on the information to the other routers, thus creating an alternate route for the data packet to reach its destination. There are two types of protocols available for dynamic routing, i. e. distance vector protocol and link state protocol. EPKS L1 Page 18 EPKS L1 Page 19 Spanning Tree Protocol 08 February 2024 12:58 Spanning Tree protocol or STP is defined as a network protocol that builds a loop-free logical topology for computer networks. It is a feature used to prevent traffic loops when using redundant switches. Networks are designed to be fault tolerant by installing multiple switches. If a switch fails, it is bypassed and other switches in the network are used to reach the destination address. This setup may lead to issues such as broadcast traffic loops in the network. Let us understand the concept of broadcast loops through an example. In this example, switches are linked together to form a mesh network. Without STP, a network loop is formed causing a number of issues. When a switch receives a broadcast message from the host system, the message is forwarded out of every port except the one that received it. If Switch A receives a broadcast message, it is forwarded to Switch B and D. Similarly to Switch A, switches B and D. forward the broadcast message from all their ports except the port that receives the message. This message is then received by switch A which forwards it again, thus creating a network loop. Broadcast message are sent all the time over the network this clogging the network. This is known as a broadcast storm. This results in the switch failure, network slow down and so on. This is where the Spanning Tree Protocol plays an important role. Switching loops can be prevented in networks using the Spanning Tree ProtocoL The protocol provides a mechanism for a switch to learn the network topology, elect a root switch, and selectively block ports, to form a loop free spanning tree. In the illustration, Switch A is elected as the root switch, while ports on Switch C are blocked. Spanning Tree protocol allows redundancy without creating an infinite loop. A popular algorithm for Spanning Tree Protocol is the Dijkstras Algorithm. Dijkstra's Algorithm Dijkstra's algorithm or the Shortest Path Dijkstra's algorithm is used to find the shortest paths between nodes. BPDU's are exchanged across switches to detect network loops. These BPDU's contain information about the root Switch, the ID of the sending bridge, and distance between the root and sender. When a failure occurs in the switched network, all switches recalculate the Spanning Tree and block traffic on all ports. Once the STP has been recalculated, traffic is again forwarded out to all non-blocked ports. Once a tree is built and BPDU exchange has settled down, the network is in a state of convergence. This means that all switches have the same topological information about the network. EPKS L1 Page 20 Network Protocols 08 February 2024 12:58 Computers follow network protocols to communicate with other computers in a network. Network protocols are formal standards and policies comprised of rules, procedures, and formats that define communication between computers or devices. You can also say that a network protocol is the "language" of the network and a method by which two dissimilar systems communicate. TCP Transmission Control Protocol is a popular protocol used in digital networks and ensures the end-to- end delivery of data between distinct nodes. When computers communicate with each other over the network, the communication has to be reliable and the data has to be sent successfully. In the absence of TCP, the webpage you are viewing, would be without any order and might be missing some elements. Similarly, while downloading a file, it might not get downloaded completely and the information or data would be of little or minimal use to you. In the presence of TCP. the webpage is displayed correctly and the requested file is downloaded successfully. The TCP Protocol has several characteristics. It is a connection-oriented protocol A connection is established and maintained until, required messages are exchanged by the application programs at each end. The TCP Protocol segments traffic which means that a message is divided in individual packets and these packets are managed and reassembled at the receiving end. TCP ensures guarantee of delivery. In addition, the protocol guarantees the successful delivery of messages. If the receiving computer acknowledges the receipt of packets, it means that the message has been delivered successfully. For flow control, TCP uses window sizes to protect buffer space and routing devices. TCP supports multiplexing that allows receiving hosts to decide the correct application, for which the data is destined, based on the port number. UDP UDP stands for User Datagram Protocol. This protocol is also used for sending and receiving data. This protocol is connectionless, which means that a session is not established and the delivery of the message is not guaranteed. In addition, the reordering or recovery of data is not possible. The applications employing UDP are tolerant of the lost data, for example, the Domain Name System or DNS utilize UDP. Hence, if a user requests an IP and fails, another session can be initiated to retrieve the data. ARP ARP stands for Address Resolution Protocol. It converts an IP address to its corresponding MAC address. So, how does ARP work? Consider a network in which computer A wants to transfer data to computer B. The IP address of computer B is known but in order to communicate the MAC address should also be known. To find the MAC Address of computer B, computer A checks its ARP cache. The ARP Cache holds the ARP entries i.e. the IP address and matching MAC address for each interface. If the MAC Address for computer B is not located, computer A sends out a broadcast message on the network and asking for the MAC Address of the computer with the specific IP address. Computer B with the given IP address sends an ARP reply, allowing the initiating device i.e. computer A to update its cache and deliver messages. The computer A will store the information about computer B in its ARP cache. In a nutshell, the ARP cache is used for an efficient network. ICMP ICMP stands for Internet Control Message Protocol. It is used by network devices, including routers, to send error messages and operational information indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP uses nine message formats, the formats are divided into two categories such as error reporting and query messages. Common types of ICMP messages. Error Reporting Query Messages EPKS L1 Page 21 not be reached. ICMP uses nine message formats, the formats are divided into two categories such as error reporting and query messages. Common types of ICMP messages. Error Reporting Destination Unreachable Time Expected Source Quench Redirect Parameter Problem Query Messages Echo Timestamp Address Mask Request/Reply Router Advertisement and Selection FTP FTP stands for File Transfer Protocol. It is a standard protocol used to transfer files between a computer and server over the network such as the Internet. If someone wants to make files from their computer available for download, they would have to upload the files to the FTP Server. Due to this, anyone across the world can connect to the FTP server and download the required files using the FTP Protocol. The FTP Server can be setup on the user's computer itself. Files can be transferred using an internet browser or the FTP Client. HTTPS HTTP stands for Hypertext Transfer Protocol and is a method used to transfer or convey information on the Internet. Similarly, Hypertext Transfer Protocol Secure is an extension of the Hypertext Transfer Protocol and is used for secure communication over a computer network, and is widely used on the Internet. EPKS L1 Page 22 OSI Models 08 February 2024 12:58 Every device on the network utilize network hardware and software and need to communicate using a common language. A computerhost needs to communicate in a way that the other host computer can understand. Open System Interconnection or OSI is a reference model is used to define how applications communicate over a network. It provides a means of describing how data is transmitted over a network. It was developed by theInternational Organization for Standardization or ISO in 1984. It is considered as the architectural model for inter-computer communication. Say that you want to send a letter or a package to a friend. There are a number of elements involved in this process. To start with, you write the letter and then put it in an envelope. You write your address on the back and the receiver's address in the front of the envelope. You then stick a stamp on the letter and then either post it in the nearby post box or take it to the local post- office. The postal staff processes the envelope and sends it to the appropriate delivery van. The letter is sent to the destination post office which is then delivered to your friend by the mailman. Each layer is selfcontained and a task assigned to each layer is performed independently. This is how the OSI Reference Model works. The OSI Reference Model provides a means of describing how data is transmitted over a network. The model addresses the hardware, software, and data transmission. The model separates network functions into seven categories. This separation of networking functions is called layering. The layers are typically described from the top level down. The layers are The Application layer is Layer 7 of the model and is closest to the user. The Application layer provides network services to the user. The services are protocols that work with the data the client is using. It allows the user to interact with the application or ne twork whenever the user reads messages, transfers files or browses the internet. The Application layer provides services only to the other O SI layers; not to applications outside the OSI model. Presentation Layer or layer 6 performs the task of converting data from one format to another. The presentation layer ensures that the information sent by the application layer of one system is readable by the application layer of another system. For example, a computer program interacts with another computer. Computer 1 uses extended binary coded decimal interchange code (EBCDIC) and the othe r one is using ASCII to represent the same characters. Session Layer establishes, manages, and terminates sessions between two communicating hosts. The session layer also synchroni zes dialog between the presentation layers of the two hosts and manages their data exchange. For example, web servers have many u sers, which means there are multiple communication processes running at a given time. It is important to keep track of which user communicates on which path. In addition to session regulation, the session layer offers provisions for efficient data transfe r, class of service (COS), and exception reporting of issues at the session layer, presentation layer, and application layer. The transport layer provides reliable message delivery from source to destination. Transport layer is responsible for error d etection and its recovery. It also controls information flow for a reliable service. The boundary between the transport layer and the sess ion layer can be thought of as the border between application protocols and dataflow protocols. Application, presentation, and session laye rs are concerned with application issues, the lower four layers are concerned with data transport issues. The network layer provides connectivity and path selection between two host systems that may be located on geographically sep arated networks. The growth of the Internet has increased the number of users that access information from sites around the world. T he network layer is the layer that manages the connectivity of these users by providing logical addressing. The data link layer defines how data is formatted for transmission, and how access to the physical media is controlled. It de tects and possibly corrects errors that may occur in the physical layer. There are two sublayers, the Medium access control layer, and the Logical Link control layer. The Medium access control layer is responsible for controlling how devices in a network, gain access to a medium, and permission to transmit data. The Logical link control layer is responsible for identifying, and encapsulating network layer p rotocols, and controls error checking and frame synchronization. The lowest layer of the OSI reference model is the physical layer. It is responsible for the actual physical connection betwe en the devices. The physical layer defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating the physical link for bit transmission between end devices. Physical layer specifications are defining character istics such as voltage levels, timing of voltage changes, physical data rates, maximum transmission distances, physical connectors, and othe r similar attributes. EPKS L1 Page 23 Network Service 08 February 2024 12:58 A data center is a facility which includes a large number of network servers and other networking equipment. Each network server facilitates network operations by providing a host of network services. A network service is defined as an application running at the network application layer and above, providing data storage, manipulation, presentation, communication or other capabilities. These services are accessed by client computers via the network. In computer networking, there are a number of services that enable users to work efficiently. Some important network services are Name resolution, Network Address Translation or NAT, internet connection sharing, and Dynamic host configuration protocol or DHCP. Name Resolution In the computer world, when transmitting data, computers communicate with each other using IP addresses., not names. This process is known as Name resolution. For example, if computer A requests the domain name such as www.honeywell.com.This domain name must be resolved to the IP address and then to the MAC address of computer B hosting the domain. Now, there are two ways to resolve Fully qualified domain names or FQDN to IP addresses such as the Local IP hosts file and Domain Name System resolution or DNS. Local IP hosts file The IP hosts file is a method used to map hostnames to IP addresses. Users can edit the text file and given domain name. Note that performing this action affects the users own computer without affecting how the domain is resolved worldwide. On a Windows computer, the IP hosts file is available at the path displayed on the screen. Considering the earlier example, the IP hosts file on a computer is checked for a name resolution match. If an entry exists in the hosts file, the name resolution is Successful. On the other hand, if the entry does not exist in the hosts file or is absent, the name resolution is passed on to a DNS server. In case the DNS name resolution is not setup for the device, the name resolution fails and data is not transmitted. Domain Name System It uses a dedicated DNS server and a publicly accessible database of host names. You can consider a DNS server to be the Internet's equivalent of a phone book. A DNS Server resolves domain names to IP addresses. As we saw earlier, name resolution requests are sent to the DNS server that is configured locally. DNS servers are hierarchal and contain database entries for the domain they belong to or manage. Note that if a DNS request comes in for a host on a different domain, it is forwarded to the DNS server for that particular domain. The second DNS Server will reply back with the information in its cache to the first DNS Server. This information will be cached on the server and then the request for the domain name will be complete. The user will then be able to access the domain name. Network Address Translation NAT stands for Network Address Translation and translates the IP addresses of the computers in a local network to a single IP address. This IP address Is used by a network device usually a router that connects the computers to the internet. In its most basic implementation, only one registered IP address is needed on the external interface of the system, that acts as the gateway between an internal private network and an external public network, such as, the Internet. EPKS L1 Page 24 Internet Connection Sharing Internet Connection Sharing or ICS is a simple mechanism for a small office network or a home network to connect to the internet through a single Internet connection and IP address. In the example displayed on the screen, on computer A, open the Network Connections properties window, and right-click on available WiFi or Ethernet connection and then click Properties. Next, the Wifi or Ethernet Properties dialog box is displayed. Click the Sharing tab and then enable the option to allow other network users to connect through this computer's internet connection. Next, the other computers in the network have to be configured to allow or enable this shared internet connection. Dynamic Host Configuration Protocol DHCP stands for Dynamic Host Configuration Protocol Every device on the computer network needs to have an IP address for communication purposes. It is an identifier for a device on a network. There are two methods to assign an IP address, you can either assign astatic IP address or a dynamic IP address. In the static IP addressing method, a device or computer is assigned an IP address manually by the network administrator. The network administrator opens the Internet Protocol Version 4 Properties window and assigns the IP address, Subnet mask, default gateway, and the DNS server IP addresses. This might work in an network where there are a small number of computers, but in a large network with hundreds of computers, this might be a challenging task. The network administrator has to be mindful that unique IP addresses are assigned to all computers otherwise there could be an issue of IP conflicts due to duplicate IP addresses. These computers may be unable to access the network. In the Dynamic IP addressing method, a computer is assigned a IP address automatically from a DHCP server. For example, on the IPv4 or IPv6 Properties window, if the option Obtain an IP address automatically is enabled., the computer sends a request to obtain an IP address from the server which as a list of addresses available for assignment. The DHCP Server assigns the information such as the IP Address, Subnet Mask, Default Gateway or Router Address, the DNS Server Address, and the Windows Internet Names service server Address. This can be verified by entering the IPConfig slash all command in the command prompt. As you can see, the DHCP is enabled on the computer and all other details are assigned to the computer. EPKS L1 Page 25 EPKS L1 Page 26 WAN Topologies 08 February 2024 12:58 WAN Switching Methods Switched communication networks are those in which data transferred from source to destination is routed between various intermediate nodes. The switching technique provides communication pathways between two endpoints and manages how data flows between them. Circuit switching and packet switching are two common techniques. Circuit Switching Circuit Switching requires a dedicated physical connection between the sending and receiving devices. The defining example of circuit switching is the traditional telephone network. The defining example of circuit switching is the traditional telephone network. Consider the nodes to be telephone exchanges. During a telephone conversation, the parties have a dedicated link between them for the duration of the conversation. When person A calls person B, different circuits are tried to find an available channel. Before the conversation begins, a connection must be established. Once the channel is the full bandwidth is guaranteed and connection is available as long as the call lasts. When either party disconnects, the circuit is broken and the data path is Lost. Note that dedicated channels can cause delays because a channel is unavailable until one side disconnects. Packet Switching EPKS L1 Page 27 In Packet switching, messages are broken down into smaller pieces data packets. Each data packet is assigned a source address, a destination address , and intermediate node addresses. The data packets do not always use the same path or route to get to their intended destination. The internet is a prime example of the network There are two types of Packet Switching, namely, Virtual—Circuit packet switching and Datagram packet switching. Virtual-Circuit Packet Switching As we saw earlier, there are two types of Packet Switching, Virtual- Circuit Packet Switching and Datagram Packet Switching. In virtual-circuit packet switching, a logical connection between the source and destination device is established and all data packets are sent through this route. This remains active for as long as the two devices are available or can be used to send packets once. After the sending process has completed, the line can be closed. Datagram Packet Switching Whereas in Datagram Packet Switching, packets are sent independently and can take different paths throughout the network. This method ensures that packets take the easiest possible routes to their destination and avoid high-traffic. EPKS L1 Page 28 VLAN Topology 08 February 2024 13:00 A Local Area Network is a computer network that connects computers or peripheral devices within a limited area such as a building, school, university and so on. In the screen, LAN 1 and LAN 2 represent different networks in a company premises. LAN 1 is dedicated to the Engineering department whereas LAN 2 is part of the guest network. Now, computers on LAN 2 should not be able to access any computers or devices in LAN 1. Therefore, both these networks are physically separated and are connected to network hardware such as switches. With the advent of Virtual Local Area networks, a logical separation or segmentation of networks is possible. VLANs are logical groupings of devices on a single switch across a multi-site Wide Area Network or WAN. The difference between the LAN and VLAN is that the same networking hardware can be used for two different networks. So, from our earlier example, although the computers from the engineering department and the guest network are connected to the same switch, the network traffic is logically separated. The collision and broadcast domains are also kept separate. In addition, computers from VLAN 1 cannot access computers in VLAN 2 and vice versa. All this is possible because the logical separation is done within the switch. Broadcast control First advantage of VLAN is Broadcast Control. Broadcasts are required for the normal functioning of a network and many protocols and applications depend on broadcast communication to function properly. If a large LAN is segmented into smaller VLANs, broadcast traffic reduces as each broadcast is sent to the relevant VLAN only. Security VLANs provide enhanced network security. In a VLAN network environment, with multiple broadcast domains, network administrators have control over each port, the user and the resources that they are allowed to use. A malicious user cannot connect their workstation into any switch port and access the network traffic. Lower Cost Segmenting a large VLAN to smaller VLANs is cheaper than creating a routed network with routers because, normally routers are costlier than switches. Physical Layer Transparency VLANs are transparent on the physical topology and medium over which the network is connected. Types of VLAN EPKS L1 Page 29 EPKS L1 Page 30 Securing Networks 08 February 2024 13:00 Computer and network security are of prime importance in today's digital world. Network can be defined as protection against data theft, misuse, and unauthorized access in a computer network system. There are different methods to secure networks such as firewalls, encryption, and proxy servers and so on. Firewalls Firewall is the most common method for securing a network. Firewalls manage the flow of network traffic between a trusted internal network and untrusted external network like the internet. Firewalls can be classified based on the level where the filtering of the information occurs such as Packet- filtering, Circuit-level, and the Application Gateway. Packet- filtering Firewall Packet-filtering firewall is the simplest type of a firewall system. It operates at the network layer of the OSI model In this method, each data packet is and it is then either to allow the packet to pass through or block it. The criteria to allow or block a data packet is based on the rules defined by the network administrator in the Access Control Lists or ACLs. These ACLs are created based on the source and destination IP addresses, source and destination port number, Protocol I D, and MAC Address. In case a data packet arrives at the firewall and complies with the rules in the ACL it is in the network If a data packet that is does not match the criteria, it is dropped. So, if according to the ACL displayed on the screen, if the data packet arrives from the Source IP of 192.10.10.10, it will not be allowed to enter the network. Circuit-level Firewall EPKS L1 Page 31 The Circuit-level firewall operates at the session layer. These firewalls validate User Datagram Protocol or UDP and Transmission Control Protocol or TCP sessions before opening a connection or circuit. In this method, a table of valid connections is maintained and when session information matches an entry in the table, the data is to pass through. Application Gateway Firewall The Application Gateway firewalls have sophisticated rules and closely control the traffic that passes through. For example, user authentication systems control the systems on the internal network that can be accessed by a user from an external network. Data Encryption Data Encryption is the process of encoding information in such a way that only authorized recipients are allowed to access the data. In simple terms, the sender encrypts data with an algorithm and an encryption This results in ciphertext, which is decrypted using a decryption algorithm and a thus allowing the recipient to read the message. Commonly used encryption methods are IP Security (IPSec), Sockets Layer (SSL), Triple Data Encryption Standard (3DES) and Pretty Good Privacy (PGP). Proxy Server Proxy Servers provide management and control over Internet access. Lets understand this through an example Suppose client 1 with an IP address 'PI requests some information from the internet. The proxy server receives the request and uses its own IP address, IPS 1 to request the information from the internet. When the page or information is by the proxy server, it caches the information before forwarding it to client 1. The next time any client requests the same information, the proxy server EPKS L1 Page 32 forwarding it to client 1. The next time any client requests the same information, the proxy server uses the cache information to process the request instead of forwarding the to the internet. Users can implement proxy servers to perform Network Address Translation or NAT functions. In addition, proxy servers allow Internet access and cache requests. Perform NAT Functions To execute commands on behalf of clients that have private IP addresses. Allow Internet access To allow internet access to be controlled by filtering the requests made by clients and either allow or disallow them. Cache Requests Cashing refers to storing pages that it retrieves as files on disk, if the same pages are requested again, they can be provided more quickly from the cache than from the source location on the Internet. EPKS L1 Page 33 Network Utilities 08 February 2024 13:00 Troubleshooting Utilities: Ping The Ping command is commonly used network utility to troubleshoot connectivity issues. It is used to test network connectivity and name resolution. The Ping command allows users to send a signal to another device on the network to check if it is active. If it is active, it will send a response to the sender. At the command prompt, type ping space, the host IP address and then press Enter. Four data packets will be sent out to the destination IP address. Data packets are sent back to the source computer as a reply, these replies are termed as Echo Reply requests. If the destination IP address sent a reply, it implies that there is network connectivity between the source and the destination computer. On the other hand, if there was no reply, it suggests that there is a network connectivity issue. Users can also use the ping command to test DNS name resolution issues. We can use the ping command using the domain name. At the command prompt, type ping space with the domain name www.google.com and then press Enter. If destination domain name sent a reply, it indicates that the name resolution by DNS is working as expected. TRACERT The Tracert or trace route command is used to find the exact path taken by the data packet to the destination. When a data packet leaves the source computer, it traverses through a number of routers till it reaches its destination. At the command prompt, type tracert space and the domain name or IP address of the destination host. In this example, the domain name that we are accessing is www.google.com. The data packets reports back router details such as the number of hops, the router IP address and the time that it took between each hop. Using the tracert command, users can identify the exact router or computer that is creating an issue in the network. So, if the data packet cannot move beyond router 3 on the network, the anomaly is reported back to the source computer. If you try to troubleshoot a broken path, the readout starts to timeout with asterisks as shown in the image. To view a full list of additional commands, type tracert at the command prompt. PATHPING The Pathping command combines the functionality of the ping and the traceroute commands. It provides information about network latency and network loss at intermediate hops between the source and destination. At the command prompt, type pathping and the IP address or domain name of the destination, and then press Enter. The command sends echo request messages to each router between the source and destination over a period of time. Results are then computed based on the packets returned from each router. ARP ARP is a standard networking protocol that resolves IP addresses to MAC addresses. It is essential part of how networks communicate. TCP/IP hosts use ARP to determine the physical address that corresponds with the specific IP address. It can be used to check the devices connected to the computer. At the Command Prompt, type arp space— a switch. The interface address at the top is the IP address of the computer. The rest of the table are details about the IP addresses connected to the computer resolved to their MAC addresses. To view some additional commands, simply type arp at the command prompt. NETSTAT The Netstat command is used to display current network connections to the computer. A typical netstat output is displayed on the screen. It shows the protocol used, the local IP address, the destination of the request as an external IP address, and the status. At the command prompt, type Netstat —p TCP to display all active connections for TCP only. IPCONFIG EPKS L1 Page 34 IPCONFIG IPCONFIG is a simple command that displays all current TCP IP Network settings for your computer. At the command prompt, type ipconfig/all to display the full TCP IP configuration for all adapters. To view a full list of additional ipconfig commands, type ipconfig ? From the command line. NSLOOKUP The NSLOOKUP or name server lookup is a command that displays information used to diagnose Domain Name System infrastructure. Information such as domain names, IP addresses, or specific DNS records. At the command prompt, type NSLOOPKUP -p TCP to display all active connections for TCP only. For a list of NSLOOKUP commands, type NSLOOKUP in the command prompt, press enter, and then type the question mark (?). ROUTE Using the ROUTE command, users can display or modifies the entries in the local IP routing table. There are a number of additional route commands. At the command prompt, type Route to view a list of additional route commands. Type Route space Print to view the entries in the local IP routing table to print to route or routes. EPKS L1 Page 35 IEEE802 Standards 08 February 2024 13:00 EPKS L1 Page 36 Characteristics of IEEE802 Standards 08 February 2024 13:00 Speed There are a host of factors that contribute to the speed of a network. The IEEE 802 standard defines the maximum speed of a networking system. Speed is measured in megabits per second (Mbps). For faster networks, speed is in Gigabits per second. Access Method The access method is a way of sharing a common transmission medium which could be a cable or a wireless link between several hosts. Access methods govern the way in which systems access the network media and send data are to ensure that systems on the network can communicate with each other. Access methods that everyone gets an opportunity to use the network. Carrier-sense multiple access or CSMA is a access control protocol where the absence of traffic is verified before transmitting on the network media. Some network access methods such are CSMA CD, CSMA CA, and Token Passing. CSMA/CD Carrier sense multiple access with collision is an access method used on early Ethenet networks. It is typically used in wired installations. In the network diagram, there are four computers sharing a network media i.e a network cable to send data. If a computer wants to send data, it will sense or listen to the state of the network cable before transmitting data. If the network is idle, the computer will transmit data. But if two computers send data at the same time, a data collision occurs resulting in data loss. CSMA CD operates by dealing with transmissions after the data collision. After the collision, each computer waits for a short interval of time to transmit the data again. The time that each computer waits before sending the data has to be random and different from each other. This will allow both computers to send data success fully. Thus, in the CSMA/CD method, the occurrence of a data collision is successfully detected. EPKS L1 Page 37 CSMA/CA Carrier multiple access with collision avoidance works by preventing data collisions. In this method, each computer broadcasts a signal about its intent to transmit data signals before sending the actual data signal. Data is only when the network media is idle. If the media is not clear or another computer on the network is transmitting data, the first computer will wait for a chosen period of time before transmitting data. After the end of the time period, the first computer will try to send data again. CSMA CA is widely used in wireless networks. It is a slower media access method than the CSMA CD. Token Passing In the token passing method, a token or a control signal is passed between nodes in the network for the authorization to send data. Note that each network has a solitary token and the computer that possesses the token has the permission to transmit data. Once a computer has completed data transmission, the token is passed on to the next computer in the network. Topology The topology dictates the physical and logical layout of the network. The topologies include bus, star, ring, mesh, and wireless. Note that each IEEE 802 LAN standard can be implemented by using the topology specified within the standard. Media Each IEEE specification defines the method used to transport data from one point to another. Common network media types include twisted-pair cable, coaxial cable, infrared, radio frequency, and fiber- optic cable. EPKS L1 Page 38 Ethernet Frames 08 February 2024 13:00 When a computer communicates with another an Ethernet network, data is shared using packets. Each data packet contains an frame along with other information. Hence, we can say that data sent over the is carried by the An frame is part of a data packet along with the information to transport and deliver that particular data packet Note that the structure of an Ethernet Frame is defined in the IEEE 802.3 standard. Depending on the network protocol, four types of Ethernet Frame Formats exist, namely the IEEE 802.3, Ethernet Version 2, Ethernet IEEE 8023 Subnetwork Access Protocol or SNAP, and Ethernet IEEE 8023 raw. The size of the Ethernet Frame varies between 64 bytes to 1518byte including the data Note that to communicate across the Ethernet network, the frame format of the communicating nodes must be the same but multiple frame formats can co—exist on a single Ethernet network. Ethernet frame consists of a number of fields that vary in and function on the frame format. Destination Address The Destination Address is a six—byte field that specifies the network adapter to which the data frame is being sent. The destination address in the Ethernet Frame classifies the of frame as Unicast, Multicast, and Broadcast. In Unicast frame type, a device sends a frame which is forwarded by the network to a specific add address. In Multicast frame type, a sends a frame, and the network copies the packet and forwards it to multiple devices subscribed to a multicast group. In Broadcast frame type, a device sends a frame which is forwarded to every device on the network. Source Address The source address is a six-byte field that specifies the adapter from which the message originated from. Length Length is a two-byte field that indicates the length of the data in the frame. Ita also defines the type of protocol inside the frame, for example IPV4 or IPV6. DSAP Destination SAP or DSAP is a 1-byte long field that represents the logical addresses of the network layer entity intended to receive the message. SSAP EPKS L1 Page 39 SSAP Source SAP or SSAP is a 1-byte long field that represents the logical address of the network layer entity that has created the message. Control The control field is a single-byte long field that specifies the type of logical link control frame. Data The data field ranges from 46 to 1500 bytes and contains the actual data. FCS The frame check sequence or FCS is a 32-bit cyclic redundancy check(CRC) that allows detection of corrupted data within the entire frame as received on the receiver side. EPKS L1 Page 40 Ethernet Timing 08 February 2024 13:00 Ethernet is a networking protocol that allows computers in a local area network to share files, browse the internet, and access printers, and other hardware connected to the network. The communication in the network takes place through ethernet cables. Out-of-spec" cabling produces out- of-spec networks that affects network performance. But, it is not the only one factor in ensuring an Ethernet network is designed within specification. For Ethernet transmission to be within the IEEE specification compliant network, time factors such as the Round Trip Collision Delay and Inter Packet Gap Shrinkage are considered. Round Trip Collision Delay Round-trip Collision delay is the time it takes for a data packet to go from the starting point to a destination and back again to the starting point. This time depends on link characteristics in the network such as traffic levels, distance, number of hops, and the connecting hardware. This calculation is important in determining the delay of a packet crossing a collision domain. A collision domain is described as a part of the network where packet collisions can occur. On a shared network, when two devices transmit data simultaneous, it can lead to packet collisions. In the example, collisions occur on every interface connected to the switch. If the round trip delay is excessive, a computer can transmit a data packet even before receiving an message. This situation does not adhere to the IEEE802.3 standards. Note that the overall delay of a network must not exceed 575 bits. Inter Packet Gap Shrinkage Ethernet devices must allow a minimum idle period between transmission of data packets. This allows the receiving device to prepare for the reception of the next data packet. This time between the transmission of packets is known as Inter-Packet gap. The purpose of the inter-packet gap is to allow enough time for the Ethernet device to The standard interpacket gap is a 96 bit time delay between data packet transmissions. Note that 96 bit time, is the time it takes to transmit 96 bits of data on the transmission medium. Therefore, Interpacket gap shrinkage refers to the time reduction between the transmissions of data packets. EPKS L1 Page 41 6 EPKS L1 Page 42 MAC Address 09 February 2024 11:30 Consider that two computers are connected through a wired or wireless connection and a user, Joe who is sitting at computer 1 wants to transfer some data to another user, Raj at computer 2. Now, we know that it takes both network software and hardware such as cables, routers and so on to transfer data from computer 1 to computer 2. In addition, data travels between addresses and hence along with an IP address which is the network software part, there is the hardware address as well. Joe knows that data is to be transferred to Raj, but how does computer 1 identify computer 2? The answer is the MAC address. Media Access Control address or the MAC address is a unique identifier that is assigned or embedded into a network interface. It is also referred to as the physical or hardware address of a device. Every device in a network has a unique MAC address in addition to an IP address and no two devices can have the same MAC address. MAC addresses are used on local Ethernet networks. When the network administrator is troubleshooting some network issues on a computer, identifying the MAC address is one of the first things to be done. Finding MAC address on a windows computer Open the Command Prompt window and type in the command ipconfig /all. This command allow users to obtain detailed information about the connections. Under the Ethernet adapter information along with the IP Address, the physical address is The physical address is the MAC address of your device. Dissecting the MAC Address The MAC address contains all numbers but alphabets only from A to F and is typically represented as six groups of two hexadecimal digits. A Mac address can be broken up into two parts. The first six EPKS L1 Page 43 six groups of two hexadecimal digits. A Mac address can be broken up into two parts. The first six digits are known as the OUI or the Organizational Unit Identifier. It helps to identify W the manufacturer of the device such as Dell, Linksys, Belkin and so on. The last six digits are unique and to the Network interface card. The MAC Address is hard coded into every Ethernet capable device NIC by the manufacturer. As we have seen earlier, each device has a unique MAC address. Data packets in the network are transferred from one MAC address to another. While a packet, the network adapter of a device compare the destination MAC address of the data packet with its own MAC address. If the two MAC addresses match, the data packet is accepted at the destination node. Broadcast Address A related concept to the MAC address is the broadcast address. It is an address used to indicate that the information being sent out is to be delivered to all devices in the Local area network. To send a broadcast, the destination MAC address should be set all ones. When to a value, the MAC Address translates to the address displayed on the screen. Address Resolution Protocol We discussed that a computer transfers data using the MAC address along with the IP address of the receiving device But how does the sending device know the MAC address of the receiving device? The answer is the Address Resolution Protocol or ARP request. ARP is a network protocol used to find out the MAC address of a device from an IP address. Lets consider the scenario on the screen. The user at computer 1 wants to transmit a data packet to a computer with the IP address 10.1024 in the network. Computer 1 is unaware of the computer with that particular IP address. A broadcast message is sent to the network using the ARP protocol, the message states that Which device has the IP address 10.10.2.4, please respond with the MAC address?' As this is a broadcast message, it is sent to the broadcast MAC address that we saw earlier„ All devices in the network receive the message. Computer 4 will send a message using the ARP protocol saying that it has the requested I P address. The message also includes its own MAC address. EPKS L1 Page 44 IP Addressing & Subnetting 09 February 2024 11:30 The Internet Protocol describes how two computers can communicate with each other, and is used by every computer on the internet. For two computers to communicate Over a network, it is necessary for them to identify each other in a unique manner. This is where an IP Address comes in. It is defined as an address used to uniquely identify a computer on an IP network. An address on the internet is just a number similar to a phone number or a street address. When computers send data to another computer, the recipient's IP address and the sender's I P address are included. This allows the receiving computer to reply to the sender's request. Dissecting of an IP address An example of an I P version 4 address is displayed on the screen. An IP version 4 address is a 32-bit number written as four numbers separated by periods. Each group of numbers separated by periods is known as an Octet. The number range in each octet is from O to 255. An IP address consists of two parts, the first part identifies the network and the second part identifies the host. Note that it is the Class of the address that determines the parts that belong to the network address and the Host address. This applies to both IP version 4 and version 6. For the IP version 4 address on the screen, the subnet mask is 255.2552550. This means that the first three octets, that is, 192.1682, is the network address and last octet, that is, the number 3 is host address. Another point to note is that two computers on a physical subnet, can communicate with each other only when, they are on the same Log iCal subnet. For example, computer A can communicate with computer B, but not with computer C. Decimal to Binary Conversion Computers or network devices do not read IP addresses in the standard numeric format. As we know, computers understand numbers only in a binary format and the binary format uses a series of ones and zeros. Let us convert the IP address that is in a decimal format to its binary format. As we saw earlier, each group of number in an I P address separated by periods is called an Octet and each I Pv4 address is made up of four sets of eight binary bits or The bits in each octet are represented by a number. This is known as the eight-bit Octet chart and is displayed on the screen. EPKS L1 Page 45 Subnetting Subnetting is defined as the division of a large network into smaller networks for reorganization and security purposes. It is a process by which, the host portions of an IP address are used to create more networks rather than just using the default subnet mask. A node in a sub-network can see all packets transmitted by any other node in the network. To understand Subnetting, let us view the classes of IP addresses. The tables displayed on the screen show the various classes for IP address and their corresponding default subnet masks. For example, an IP address of 192.1682.3 that belongs to class C has a default subnet mask of 255.255.255.0. Calculating Number of Hosts and Networks in an IP Address IP address separates the network address from host address. The network bits are represented by the I's in the mask, and the host bits are represented by O's. You can perform a bit-wise logical AND operation on the I P address with the subnet mask to obtain the network address. Let us see how to calculate the hosts and networks in a I P address. The calculation involves four steps. We will use the IP address and subnet mask displayed on the screen for the calculation. Consider an example of IP address 199.168372 with subnet 255255255.224. The first step is to determine the Class of 'P. In this case the IP address 199.168.3.72 belongs to Class C and as we saw earlier, the default subnet mask for Class C is 255255.2550. The second step, is to remove the default subnet mask. After this we end up with the number 224. This number must be converted to its binary format which is displayed on the screen. The third step is to count up the number of I's in the mask, let us denote this number by In the binary address, the number of ones is 3. Therefore, for EPKS L1 Page 46 the mask, let us denote this number by In the binary address, the number of ones is 3. Therefore, for the number of networks use the formula, two raised to n.i.e three which is equal to 8. The fourth step is to count the number of o's in the mask, let us denote this number by In the binary address, the number of zeros is 5, i.e. m is equal to 5. Therefore, number of hosts is to 2 raise to m minus 2, which is equal to 30. So, we have calculated the number of networks as 8 and the number of Hosts as 30. Determine the Network Address - Boolean Method Let us determine the network address using the Boolean Method of Calculation, by following the steps displayed on the screen. For this calculation, we will consider the IP address of 192.168.2.3. First, write down the IP address in the binary format. Next, write down the subnet mask in the binary format. Now, perform a bit-wise logical AND operation on the IP address with the subnet mask to obtain the network address. The network address is 192.16820 EPKS L1 Page 47 Routing Protocols 09 February 2024 11:30 A routing protocol is a method for determining the best route to send packets from a source towards the destination. In order for a data packet to travel across a network and reach its destination, it needs a map to determine the best path to take. Routing protocols collect information about the current network status and map out the best path for the data packets to reach a specific destination. There are two main classes of routing protocols in computer networks such as Distancevector routing Protocol and Link-state routing protocol. Distance-vector In the Distance-vector routing protocol, the best route for data packets is determined based on the distance. The distance to the destination is derived from the number of hops. A Hop is the number of routers the data packets has to go through to reach the destination. For example, for the data packet to travel from its source Router A to its destination Router E, it has to travel two hops. One from Router A to Router C, and the from Router C to Router E. In the distance-vector protocol method, routers broadcast their routing information to other routers. Receiving routers check the information against the existing information and update their routing tables accordingly. This occurs every 30 to 60 seconds regardless of the change in the routing information. Note that users can configure routers to send a triggered update in case a change in the network topology is detected. The process by which, routers learn of a change in the network topology, is known as convergence. But as networks grow larger, these periodic updates create large amounts of unnecessary network traffic. As routers only know about the next hop in the journey, incorrect information can be propagated between routers, creating routing loops. Linked-state Link-state is a routing protocol used by routers to share information and map out the best path for the data packets on a network. In this protocol, each router sends out link-state advertisements or LSAs containing information about the network they are connected to. These LSAs allow the routers to construct a map of the connectivity in the network in the form of a graph displaying the connections. When the network maps on each router are complete the routers update each other at a given time. EPKS L1 Page 48 When the network maps on each router are complete the routers update each other at a given time. Note that updates are also sent, if a change in the topology is detected. Open Shortest Path First (OSPF) for TCP/IP and NetWare Link State Netware Link-State Protocol (NLSP) for IPX/SPX are examples of link-state routing protocols. In the Link-State protocol, fast convergence is possible and changes are reported immediately. Routing loops are avoided in this form of routing protocol. This design enables optimization of resource. On the other hand, there is significant demand for resources such as memory or CPU. The configuration and design is complex. EPKS L1 Page 49 Zones & Conduits 09 February 2024 11:30 ISA-99 is a complete security life- cycle program for industrial automation and control systems. It introduces the concepts of zones and conduits as a way to segment and isolate the various subsystems in a control system. Zones As per ISA-99, a Zone is defined as a group of logical or physical assets that share common security requirements based on the factors including criticality and consequence. The Zones are defined as per the common functionalities of the devices like Operational function Process level Security requirements and security capabilities Zones and node memberships are automatically created based on the node's IP address and independent zones are created for each subnet. Each zone is defined with a single security policy. Conduit EPKS L1 Page 50 EPKS L1 Page 51 09 February 2024 11:30 The Secure Communication supported Experion nodes are: The effect of secure communication feature on the Windows node is negligible and the C300 CPU usage will increase by 8% if 14 secure connections are established with the Windows node. EPKS L1 Page 52 A non-secure zone is prone to malicious attacks by an unauthorized entity, which can manipulate the communication between the source and the destination. Malicious attacks are transferred from higher level to lower level. Criticality of the data transferred, that is security and of the data is higher at lower levels. Hence establishing a secure communication is important while communicating between these levels. Components User Interface: It provides the interfaces for managing the nodes and configuring policies for the area. Security Agent is a node with communication components Policy Agent installed on it. PA interfaces with the Manager and establishes the certificates and policies for the node on which it resides. Security Manager Proxy is a node with Policy Decision Point (without a configuration database) and Policy Agent components installed on it. It supports communication between the Security Manager and the nodes in a Security Area, when the Security Manager and the nodes are separate FTE communities or network subnets. Installation prerequisites EPKS L1 Page 53 Security Manager is always an experion server node or EAS. The Policy Decision Point, Certificate Authority and Policy Agent are installed on it. The PDP is responsible for storing the user configuration data and distributing node certificates and node policies to the node that sends a to be secured. The CA is responsible for node certificates generation. EPKS L1 Page 54 Security Area 09 February 2024 11:30 bg EPKS L1 Page 55 EPKS L1 Page 56 Security Area & Security Zone 12 February 2024 11:28 Here is an Experion system where the Security Manager is located at Level 2 in a single FTE community along with other nodes of the Area. As you can see, no Sect rity Manager Proxies exist. The BOOTP is enabled on Server pair of only one cluster in the FTE community. BootP informs the controllers about the Security Manager. The controllers and Windows nodes communicates with the Security Manager to receive the node certificates and policies. EPKS L1 Page 57 IP addresses of the Security Manager and Security Manager Proxies should be added to the Manager routing setup utility of the Servers and Console Stations to be secured. Example for assigning the IP addresses is as shown in the table. Hereyou can sæ an Experion system where the Security Manager is located at Level 2 with a two single cluster FTE communities. The Sect rity Manager is located at Level 2 on Server ESV-I B. The FTEI community with the Manager has no proxies. The FTE2 community that does not contain the Security Manager has the Security Manager Proxy (alternate) pair. Each FTE community enables BOOTP on the cluster Server pair. The BOOTP server informs the controllers about Manager and Security Manager proxy. Controllers and Windows nodes in the FTEI community contacts the Manager directly. The Manager provides the certificates and policies to the controllers and nodes. Controllers and Windows nodes in the FTE2 community contacts the Manager through Security Manager Proxy. The Security Manager provides the EPKS L1 Page 58 Manager provides the and policies to the nodes and controllers through Security Manager Proxy. IP addresses of the Security Manager and Security Manager Proxies should be added to the Manager routing setup utility of the Servers and Console Stations to be secured. Example for assigning the IP addresses is as shown in the table. Hereyou can sæ an Experion system, where the Security Manager is located at Level 3 on a System Server with a single FTE community. The Experion server at Level 3 is named as ESV-B. The Experion redundant servers in the EPKS L1 Page 59 Experion redundant servers in the left cluster are named as ESV-IA and ESV-IB. The Experion redundant servers in the right cluster are named as ESV-2A and ESV-2B. It is a single FTE community and contains a Secvrity Manager Proxy and Security Manager Proxy (alternate) pair for each of the two Experion clusters at level 2 in the community. The BOOTP is enabled on Server pair of only one cluster in the FTE community. BOOTP server informs the controllers about Intorms the controllers a Manager Proxy. All Controllers within community, communicates with Security Manager through Security Manager Proxy who's BOOTP is Manager provides the certificates and policies to the controllers through Sect rity Manager Proxy. Windows nodes communicate with Manager through Security Manager Proxy of there respective cluster. Security Manager provides the certificates and policies to the nodes through Security Manager Proxy. IP addresses of the Security Manager and Security Manager Proxies should be added to the Sæurity Manager routing setup utility of the Servers and Console Stations to be secured. Example for EPKS L1 Page 60 Stations to be secured. Example for assigning the IP addresses is as shown in the following table. Here you see an Experion system where, the Security Manager is located at level 3 on the System Server. The Experion server at Level 3 is named as ESV-B. It has two FTE communities and contains Experion redundant servers. The Experion redundant servers in the left cluster are named as ESV-IA and ESV-I B. The Experion redundant servers in the right cluster are named as ESV-2A and ESV-2B. The system contains a Security Manager Proxy and Security Manager Proxy (alternate) pair for each of the two Experion clusters in the community. The BOOT P is enabled on Server pair of both the clusters in the FTE communities. BOOT P server informs the controllers about Manager Proxy. Controllers communicate with Manager through Security Manager Proxy of there respective clusters. Security Manager provides the certificates and policies to the controllers through Manager Proxy. The Windows nodes communicate with the Security Manager through Manager Proxy of there EPKS L1 Page 61 Manager Proxy of there respective clusters, and Manager provides the certificates and policies to the nodes through Manager Proxy. IP addresses of the Security Manager and Security Manager Proxies should be added to the Manager routing setup utility of the Servers and Console Stations to be secured. Example for assigning the IP addresses is as shown in the following table. EPKS L1 Page 62 Experion Local Control Network ELCN 12 February 2024 11:28 integration involves both Classic LCN and FTE and it requires one LCN connætion to each TPS connected node Like ESVT, ES-T, ACE-T, E-APP. ELCN eliminates the coax LCN cable connection to Experion—TPS nodes. Instead of a for every Experion TPS node, only one redundant ELCN Bridge pair is connected to claccic LCN. ELCN Bridge connects classic coax-based LCN and ELCN FTE ELCN Bridge hdps facilitate migration of cic LCN nodes to ELCN nodes. For ELCN Nodes, use can choose physical or virtual platform or have a com bination of both. ELCN Bridge and nodes like AM, ENIM, EHB, EPLCG are hosted on common hardware platformUEA. ELCN Nodes hosted on the UEA platform (like AM and ENI M) are known as "Appliance Nodes". ELCN Appliance Nodes ükeAM—R, EPLCG, EHB are connected to FTE at Level 2. UEA AM-R module provide the same redundancy as of classic AM-R. EPLCG- ELCN Programmable Logic Controller provide UEA platform for physical interface between Experion FTE and PLC device like Modicon and Allen that are connected to classic PLCG box. UEA based EHB platform provide same functionally as of cic EHB. The History Module is an added ELCN Node in PC Server platform. It can be either physical or EPKS L1 Page 63 The History Module is an added ELCN Node in PC Server platform. It can be either physical or virtual Classic NIM was a Level 1 node, but Appliance ENIM is a Level 2 node because of Built-ln CF9. REVIEW THIS DIDN’T UNDERSTAND EPKS L1 Page 64 Experion Plant Network Level 12 February 2024 11:28 Honeywell's best practice for a large installation: Level 1 Level 1 nodes are the heart of the control system. This network segment contains the following: Controllers FTEB-based I/O Series A or Series C FIM nodes PGM EUCN nodes Let us now look at the Level 1 best practices: The best practice for Levell nodes is to place them on a separate switch pair or a qualified Control Firewall pair. C300 nodes must be connected to qualified control firewalls. This allows critical peer-to-peer EPKS L1 Page 65 C300 nodes must be connected to qualified control firewalls. This allows critical peer-to-peer traffic that cannot tolerate a communication delay longer than 250 milliseconds followed by an FTE cable fault. It also gives controllers a level of isolation from other nodes during catastrophic failure or network disturbance Arrange the critical elements of control to be to the Level 1 switch pair. As this level includes controller nodes, the critical control traffic must have adequate bandwidth. Complying with the best practices in this section ensure you have sufficient bandwidth. https://hwlms.server.tracorp.com/resources/22996/Control_Firewall.pdf Level 2 Level 2 nodes are primary server, view and advanced control nodes for the process control system. These nodes are essential for operation of the process, but not as critical to control as the Level 1 nodes. For example servers, stations, ACE nodes, and PHD nodes. EPKS L1 Page 66 L2 to L1 Connectivity L2 to L1 connectivity which forms a complete FTE community. Level 3 Best Practices EPKS L1 Page 67 L3 to L2 connectivity Level 3.5 EPKS L1 Page 68 Level 4 Level 4 Best Practices: Level 4 is a different security and networking environment, and hence Honeywell strongly recommends that Level 3 and Level 4 be separated by a firewall. Firewall: The firewall implements a restrictive security policy for traffic between Level 4 and Level 3. The firewall should deny all access to the PCN unless it is explicitly A best practice is to use I P address source and destination filtering. Only specific nodes on the enterprise network are permitted to communicate with specific nodes on the PCN. Permitted traffic must be limited to, Server - Server traffic only for example: Experion Server or PHD. The router-to—firewall connection should be a single point of connectivity. This will enable higher security and improved management The connection to the firewall isolates Enterprise LAN Broadcast and Multicast traffic while enabling connectivity between the PCN and Enterprise EPKS L1 Page 69 EPKS L1 Page 70 Fault Tolerant Ethernet FTE 12 February 2024 13:34 Fault Tolerance Ethernet or FTE delivers a robust networking solution for Experion PKS. It is to providing not only fault tolerance, but also the performance, and security required for industrial control applications. It combines expertise in designing robust control networks with Ethernet technology in a patented advanced networking solution. Note that FTE is not just an IT network but leverages IT technology to lower cost of FTE network infrastructure, Connection to IT networks, Connection to 3rd party Ethernet devices, and Maintenance and support. The screen outlines the benefits provided by FTE. Single network provides rapid response Honeywell's FTE solution employs a single network providing a rapid response time. A Server or Station is not required to re-establish the network connection resulting in a switchover time that is typically under a second. Full hardware redundancy in a single network FTE provides full hardware redundancy in a single network. EPKS L1 Page 71 FTE provides full hardware redundancy in a single network. A single network is simple to manage because its configuration and performance are consistent. Users can employ analytical, diagnostic, and security tools to access all the network from a single connection and obtain a perspective of the entire communication system. Typically, nodes can switch faster between ports on the same network than ports on different networks. Designed for Determinism and Security FTE is designed for determinism and security. The FTE network ensures that each device only sends and receives message traffic appropriate for its type, so that all devices can have the required bandwidth. Remember that security is designed into the FTE network, not added on. The Series C Control Firewall blocks inappropriate messages from reaching Level 1 control and I/O devices. FTE switches are configured so that only servers can be accessed from a higher level network. Firewall or router configuration ensures that only designated plant information network or PIN nodes can access Experion servers. Flexibility and Performance EPKS L1 Page 72 The FTE network is known for its flexibility and performance. Each switch port can be configured for 10 or 100 Mbps as for its node it is a fully-switched network without hubs and multiple messages can be processed at the same time. For example, a 24-port FTE switch can support up to 12 simultaneous device to device conversations. The FTE network can be implemented with copper or fiber optic cabling. Both 100 and 1000 Mbps connections are available for uplinks between switches for distances ranging up to 70 km. FTE Equipment EPKS L1 Page 73 EPKS L1 Page 74 EPKS L1 Page 75 Working of the FTE 12 February 2024 14:15 FTE Tree Let us look at the diagram to understand it. You can see the interconnection between nodes and switches and it is this connection between each FTE node and the switch in the redundant pair that forms an FTE All the ports on the NIC connected to Switch "A" form the Yellow tree Whereas, all "B" ports on the NIC connected to Switch B form the Green tree. The pair of redundant switches at the highest level requires one crossover cable to interconnect the Yellow and the Green tree. Note that each FTE node uses one IP address. The IP address of the Lower MAC ID is assigned to the FTE Virtual Adapter. The NIC adapters supported on FTE is recommended to be dual port adapters. FTE Community As illustrated on the an FTE community is formed by combining multiple clusters. In the diagram, three clusters are combined to form an FTE community. Each cluster is connected to cluster switches. An FTE network has a minimum of one pair of cluster switches whereas larger networks could have several Cluster Switch pairs. These clusters a rejoined together with a pair of backbone switches. The Backbone switches are then connected by a crossover cable. Note that all FTE and Heartbeat nodes within a community must have the same multicast address. The multicast address is used for sending FTE test messages. Nodes in a cluster EPKS L1 Page 76 Nodes in a cluster A cluster can have three types of nodes. FTE nodes, Heartbeat Nodes and Non-FTE Nodes. An FTE node can be connected to the Process Control Network or PCN twice and has the FTE driver software installed. In addition, the node is displayed on the FTE Status display. The Heartbeat node has a single connection to the Process Control Network. You need to install the System Management Runtime Software package on these nodes, which enables you to view the node on the FTE Status display. A Non-FTE node is similar to the Heartbeat nodes. These nodes also have single connection to Process Control Network, but no software packages are installed on them. Note that you cannot view these nodes on the FTE Status display. Now, that we have understood different FTE related terms, let us Look at the working of the FTE. FTE provides multiple communication paths between the nodes by the virtue of hardware. An FTE topology contains two parallel trees of switches and cabling at the top to form one fault-tolerant network. As we saw earlier, an FTE network consists of FTE nodes and Ethernet nodes or Non-FTE nodes. Let us understand how the FTE operates when you consider different types such as with Ethernet nodes, with FTE and Ethernet nodes, and with FTE nodes only. With Ethernet Nodes In case of Ethernet nodes, there is only one communication path. There are two Ethernet nodes. One is connected to Cluster 1 Switch A and the other to Cluster 2 Switch B. Due to the presence of the Crossover cable between the Backbone Switches, a communication path exists between both the Ethernet nodes. EPKS L1 Page 77 The communication path starts from Ethernet Node 1 - Cluster 1 Switch A - Backbone Switch A Crossover cable - Backbone Switch B - Cluster 2 Switch B and ends at Ethernet Node 2 With FTE and Ethernet Nodes When you have FTE and Ethernet nodes, two communication paths exist In the illustration shown on the screen, the Ethernet node is connected to Cluster 1 Switch A, while the FTE node is connected to both Cluster Switches. The first communication path between an FTE and Ethernet node is Ethernet Node 1 - Cluster 1 Switch A - Backbone Switch A - Crossover Cable - Backbone Switch B - Cluster 2 Switch B, and FTE2 B. The second communication path between an FTE and Ethernet node, is from Ethernet Node 1 Cluster 1 Switch A - Backbone Switch A - Cluster 2 Switch A and ends at FTE2 A. With FTE Nodes Four communication paths exist between FTE nodes. The first communication path between FTE nodes is from FTEI A - Cluster 1 Switch A - Backbone Switch A - Cluster 2 Switch A, and ends at FTE 2 A. The second communication path between FTE nodes is from FTE 1 A - Cluster 1 Switch A - Backbone EPKS L1 Page 78 The second communication path between FTE nodes is from FTE 1 A - Cluster 1 Switch A - Backbone Switch A - Crossover cable - Backbone Switch B - Cluster 2 Switch B, and ends at FTE 2 B. The third communication path between FTE nodes is from FTE 1 B - Cluster 1 Switch B - Backbone Switch B - Crossover Cable - Backbone Switch A - Cluster 2 Switch A, and ends at FTE 2 A. The fourth communication path between FTE nodes is from FTEI B - Cluster Switch B - Backbone Switch B - Cluster Switch B, and ends at FTE 2 B. EPKS L1 Page 79 FTE Status Display 12 February 2024 15:23 Communication between nodes in te FTE network So, how does a user view the status of available communication paths between two FTE nodes? The answer is the FTE Status Display. The FTE Status Display is a component of the System Management Display software which operates within the Microsoft Management Console or MMC environment. It is the interface where users view the network health of all FTE and heartbeat nodes. Invoking user interface To invoke the FTE Status Display, click the Start button and then Select the Honeywell Tools Select the FTE and Heartbeat Node Status Display option from the list. User Interface FTE status display, shows the status of all possible paths of communication. Let us now take a look at the different fields in the user interface of the FTE Status display. Invoking the FTE Status Auxiliary Display You can also launch the FTE Status Display from the Experion Station application. From the main page, navigate to the System Status display and then click the Show Location button. Click the FTE Status link to view the FTE Status Display. This display is also known as the FTE Status Auxiliary Display. FTE Status and Auxiliary Displays EPKS L1 Page 80 The screen shows the FTE Status Display and the FTE Status Auxiliary Display. Note that the Change Host button is available only on the former. You can also view the status of Heartbeat nodes in FTE Status display. Enable the option "Also Display Heartbeat Nodes" from the FTE Status display to see the status of Heartbeat nodes. The Heartbeat nodes show Device Index as O and number of interfaces as 1. Effect of FTE Path Disconnections Yellow Disconnected From ESVT7PA You have disconnected the Yellow path of the sending node ESVT7PA. In this scenario, the receiving node is ESVT7PB. As displayed in the screenshot, A to A and A to B of ESVT7PA goes "SILENT" which means ESVT7PB's A port cannot hear from ESV T 7 PA's A port and also ESVT7PB's B port cannot hear from ESVT7PA's A port. The Not Applicable notification indicates that a node is a Heartbeat node and only has port A. Crossover Cable Disconnected EPKS L1 Page 81 You have disconnected the Crossover cable between the FTE switches. In this scenario, FTE nodes show A to B and B to A as 'Silent.' Heartbeat nodes only have an A port, whether connected to Green or Yellow. In this case, OPCI is connected to the Yellow switch, hence the status of A to A is "OK" and A to B is "SILENT" whereas OPC2 is connected to Green and shows A to B as "OK" and A to A as "SILENT". Green Disconnected From ESVT7PB You have disconnected the Green path of the sending node ESVT7PB. In this case, the receiving node is ESVT7PA. As displayed in the screenshot, A to B and B to B of all nodes shows "SILENT". Also, B to A of ESVT7PB shows "SILENT" which means that ESVT7PB's B port cannot hear from other nodes' A or B ports. In addition, ESVT7PB's A port cannot hear from its B port and ESVT7PB's B port cannot hear from its A port. EPKS L1 Page 82 Experion Student Guide 07 February 2024 14:41 Experion Student Guide EPKS L1 Page 83 EPKS L1 Page 84 EPKS L1 Page 85 EPKS L1 Page 86 EPKS L1 Page 87 EPKS L1 Page 88 EPKS L1 Page 89 EPKS L1 Page 90 EPKS L1 Page 91 EPKS L1 Page 92 EPKS L1 Page 93 EPKS L1 Page 94 EPKS L1 Page 95 EPKS L1 Page 96 EPKS L1 Page 97 EPKS L1 Page 98 EPKS L1 Page 99 EPKS L1 Page 100 EPKS L1 Page 101 EPKS L1 Page 102 EPKS L1 Page 103 EPKS L1 Page 104 EPKS L1 Page 105 EPKS L1 Page 106 EPKS L1 Page 107 EPKS L1 Page 108 EPKS L1 Page 109 EPKS L1 Page 110 EPKS L1 Page 111 EPKS L1 Page 112 EPKS L1 Page 113 EPKS L1 Page 114 EPKS L1 Page 115 EPKS L1 Page 116 EPKS L1 Page 117 EPKS L1 Page 118 EPKS L1 Page 119 EPKS L1 Page 120 EPKS L1 Page 121 EPKS L1 Page 122 EPKS L1 Page 123 EPKS L1 Page 124 EPKS L1 Page 125 EPKS L1 Page 126 EPKS L1 Page 127 EPKS L1 Page 128 EPKS L1 Page 129 EPKS L1 Page 130 EPKS L1 Page 131 EPKS L1 Page 132 EPKS L1 Page 133 EPKS L1 Page 134 EPKS L1 Page 135 EPKS L1 Page 136 EPKS L1 Page 137 EPKS L1 Page 138 EPKS L1 Page 139 EPKS L1 Page 140 EPKS L1 Page 141 EPKS L1 Page 142 EPKS L1 Page 143 EPKS L1 Page 144 EPKS L1 Page 145 EPKS L1 Page 146 EPKS L1 Page 147 EPKS L1 Page 148 Software & Hardware Component of FTE 12 February 2024 15:58 An FTE Node communicates on the network through the use of an FTE intermediate driver. An FTE driver is installed on all fault- tolerant Ethernet nodes. It operates between the TCP/IP layer and the vendor drivers. To monitor an FTE network, you can invoke the FTE Status Server display and the FTE Status Auxiliary display. So, which software's are installed on the different nodes in an Experion environment? The FTE driver must be installed on an FTE node, Note that the FTE driver package is installed from the optional software packages on the Experion installation DVD and from the TPS software CD for TPS systems. It is installed automatically on Experion nodes when FTE is as the network type. The System Management runtime software must be installed on the Heartbeat node. No FTE-specific software is required to be installed on a non- FTE node. A separate installation of the FTE driver is required only on non-Experion nodes. The screen shows the FTE Status Server Display and the FTE Status Auxiliary Display. Note that the "Change Host" button is available only on the former. You can also view the status of Heartbeat nodes in both type of displays. Enable the Option "Also Display Heartbeat Nodes" to see the status of Heartbeat nodes. The Heartbeat nodes show Device Index as O and number of interfaces as 1. Hardware Components and Other Requirements Switches EPKS L1 Page 149 FTE Qualified NICs FTE Qualified SFPs FTE Qualified GBICs EPKS L1 Page 150 FTE Devices - Other Platform requirements and Slot placement EPKS L1 Page 151 EPKS L1 Page 152 FTE Switch Configuration Tool 12 February 2024 16:26 Lunching the Tool You can launch the FTE Switch Configuration tool either from the Start menu or the Configuration Studio interface. Start Menu To launch the tool from the Start menu, click Start and then click the Honeywell Experion Tools folder. Next, click the FTE Switch Configuration Tool option. Configuration Studio In the Configuration Studio window, click System Name and then under Network, click On the right pane, from the Devices Tasks, click the Launch FTE switch configuration tool option. EPKS L1 Page 153 Introduction to Virtualization 13 February 2024 09:11 Basics of Virtualization EPKS L1 Page 154 EPKS L1 Page 155 EPKS L1 Page 156 EPKS L1 Page 157 EPKS L1 Page 158 EPKS L1 Page 159 EPKS L1 Page 160 EPKS L1 Page 161 EPKS L1 Page 162 EPKS L1 Page 163 EPKS L1 Page 164 EPKS L1 Page 165 EPKS L1 Page 166 EPKS L1 Page 167 EPKS L1 Page 168 EPKS L1 Page 169 EPKS L1 Page 170 EPKS L1 Page 171 EPKS L1 Page 172 EPKS L1 Page 173 EPKS L1 Page 174 EPKS L1 Page 175 EPKS L1 Page 176 EPKS L1 Page 177 EPKS L1 Page 178 EPKS L1 Page 179 EPKS L1 Page 180 EPKS L1 Page 181 EPKS L1 Page 182 EPKS L1 Page 183 EPKS L1 Page 184 EPKS L1 Page 185 EPKS L1 Page 186 IP Address Ranges for FTE Communities 13 February 2024 09:16 Before discussing the recommendations for IP addressing in FTE networks, let us look at some IP Addressing concepts. A typical network is illustrated on the screen. The network could either be for a home environment, or a small business environment. Several devices are connected to an intermediate d