Networking Technology for Information Professionals Module 2
Why are the Class D and Class E IPv4 address ranges not available for general use?
Class D addresses begin with octets 224 through 239 and are used for multicast transmissions, in which one host sends messages to multiple hosts. An example of this is when a host transmits a videoconference over the Internet to multiple participants. Class E addresses, which begin with 240 through 254, are reserved for research.
What are the different categories of routers, and how do they compare?
* Core routers, also called interior routers, are located inside networks within the same autonomous system. An AS (autonomous system) is a group of networks, often on the same domain, that are operated by the same organization. An AS is sometimes referred to as a trusted network because the entire domain is under the organization's control. Core routers communicate only with routers within the same AS. * Edge routers, or border routers, connect an autonomous system with an outside network, also called an untrusted network. For example, the router that connects a business with its ISP is an edge router. * Exterior router refers to any router outside the organization's AS, such as a router on the Internet backbone. Sometimes a technician might refer to her own edge router as an exterior router because it communicates with routers outside the AS. But keep in mind that every router communicating over the Internet is an edge router for some organization's AS, even if that organization is a large telecommunications company managing a portion of the Internet backbone.
How can a network switch be said to operate at Layer 4 of the OSI model?
A Layer 4 switch is capable of interpreting Layer 4 data. They operate anywhere between Layer 4 and Layer 7 and are also known as content switches or application switches. Among other things, the ability to interpret higher layer data enables switches to perform advanced filtering, keep statistics, and provide security functions. In general, however, a Layer 4 switch is still optimized for fast Layer 2 data handling.
What is the difference between a port and a socket?
A port is a number assigned to a process, such as an application or a service, that can receive data. Whereas an IP address is used to find a computer, a port is used to find a process running on that computer. TCP and UDP ports ensure that data is transmitted to the correct process among multiple processes running on the computer. A socket consists of both a host's IP address and a process's TCP or UDP port, with a colon separating the two values. For example, the standard port for the Telnet service is TCP 23. If a host has an IP address of 10.43.3.87, the socket address for Telnet running on that host is 10.43.3.87:23.
What is the difference between unicast, multicast, and anycast addresses?
A unicast address specifies a single node on a network. This differs from a multicast address, which is delivered to all nodes in a targeted, multicast group. An anycast address can identify multiple destinations, with packets delivered to the closest destination. For example, a DNS name server might send a DNS request to a group of DNS servers that have all been assigned the same anycast address. A router handling the request examines routes to all the DNS servers in the group and routes the request to the closest server.
ARP tables might contain two different types of entries. What are they, and how are they created?
ARP tables can contain two types of entries: dynamic and static. *Dynamic ARP table entries are created when a client makes an ARP request for information that could not be satisfied by data already in the ARP table; once received, the new information is recorded in the table for future reference. *Static ARP table entries are those that someone has entered manually using the ARP utility. This ARP utility, accessed via the arp command in both Windows and Linux, provides a way of obtaining information from and manipulating a device's ARP table.
What are some of the basic functions of a network router?
Although any one router can be specialized for a variety of tasks, all routers can do the following: * Connect dissimilar networks, such as a LAN and a WAN, which use different types of routing protocols. * Interpret Layer 3 and often Layer 4 addressing and other information (such as quality of service indicators). * Determine the best path for data to follow from point A to point B. The best path is the most efficient route to the message's destination calculated by the router, based upon the information the router has available. * Reroute traffic if the path of first choice is down but another path is available.
How might an organization configure a DNS server for use on their network?
An organization might utilize these four common types of DNS server configurations: * primary DNS server-The authoritative name server for the organization, which holds the authoritative DNS database for the organization's zones. This server is contacted by clients, both local and over the Internet, to resolve DNS queries for the organization's domains. * secondary DNS server-The backup authoritative name server for the organization. When a secondary DNS server needs to update its database, it makes the request to the primary server for the update; this process is called a zone transfer. * caching DNS server-A server that accesses public DNS data and caches the DNS information it collects. This server receives DNS queries from local network clients and works to resolve them by contacting other DNS servers for information. Caching DNS servers do not store zone files (which is why they must rely on their caches and resolution efforts), and therefore do not participate in zone transfers. * forwarding DNS server-An optional server that receives queries from local clients but doesn't work to resolve the queries. Typically, a forwarding server will maintain its own DNS cache from previous queries, and so it might already have the information the client needs. If not, the forwarding server forwards the query to another server to resolve. Several forwarding servers might be strategically placed throughout the organization's network to reduce network traffic on slow links.
How is an IPv6 address written and displayed?
IPv6 addresses are written and displayed as follows:* An IPv6 address has 128 bits that are written as eight blocks (also called quartets) of hexadecimal numbers separated by colons, like this: 2001:0000:0B80:0000:0000:00D3:9C5A:00CC.* Each block is 16 bits. For example, the first block in the preceding IP address is the hexadecimal number 2001, which can be written as 0010 0000 0000 0001 in binary.* Leading zeroes in a four-character hex block can be eliminated. This means our sample IP address can be written as 2001:0000:B80:0000:0000:D3:9C5A:CC.* If blocks contain all zeroes, they can be eliminated and replaced by double colons (::). To avoid confusion, only one set of double colons is used in an IP address. This means our sample IP address can be written two ways: 2001::B80:0000:0000:D3:9C5A:CC or 2001:0000:B80::D3:9C5A:CC
How does IPv6 utilize Neighbor Discovery Protocol to detect neighboring devices?
IPv6 devices use NDP (Neighbor Discovery Protocol) in ICMPv6 messages to automatically detect neighboring devices, and to automatically adjust when neighboring nodes fail or are removed from the network. NDP eliminates the need for ARP and some ICMP functions in IPv6 networks, and is much more resistant to hacking attempts than ARP.
IPv6 has two different types of unicast addresses. How do these two types differ from each other?
IPv6 unicast addresses come in two types: * global addresses-Can be routed on the Internet and is similar to public IPv4 addresses. Most begin with the prefix 2000::/3, although other prefixes are being released. The /3 indicates that the first three bits are fixed and are always 001. * link local addresses-Can be used for communicating with nodes in the same link, and is similar to an autoconfigured APIPA address in IPv4. It begins with FE80::/10. The first 10 bits of the reserved prefix are fixed (1111 1110 10), and the remaining 54 bits in the 64-bit prefix are all zeroes. Therefore, a link local address prefix is sometimes written as FE80::/64. Link local addresses are not allowed past the local link or on the Internet.
What is a subnet mask, and how is it used?
It is a 32-bit number that helps one computer find another. The 32 bits are used to indicate what portion of an IP address is the network portion, called the network ID or network address, and what part is the host portion, called the host ID or node ID. Using this information, a computer can determine if another computer with a given IP address is on its own or a different network.
What is MAC address spoofing?
MAC address spoofing is the impersonation of an MAC address by an attacker. On a network where access is limited to certain devices based on their MAC address, an attacker can spoof an approved device's MAC address and gain access to the network. This is a relatively easy attack to carry out, which is why MAC address filtering is not considered a reliable way to control access to a network.
What are the three different types of port number ranges as defined by IANA?
Port numbers range from 0 to 65535 and are divided by IANA into three types: * well-known ports-Range from 0 to 1023 and are assigned by IANA to widely used and well-known utilities and applications, such as Telnet, FTP, and HTTP. * registered ports-Range from 1024 to 49151 and can be used temporarily by processes for nonstandard assignments for increased security. Default assignments of these registered ports must be registered with IANA. * dynamic and private ports-Range from 49152 to 65535 and are open for use without restriction.
How are routing paths determined?
Routing paths are determined in one of two ways: * static routing-A network administrator configures a routing table to direct messages along specific paths between networks. For example, it's common to see a static route between a small business and its ISP. However, static routes can't account for occasional network congestion, failed connections, or device moves, and they require human intervention. * dynamic routing-A router automatically calculates the best path between two networks and accumulates this information in its routing table. If congestion or failures affect the network, a router using dynamic routing can detect the problems and reroute messages through a different path. When a router is added to a network, dynamic routing ensures that the new router's routing tables are updated.
What are some examples of routing metrics that can be used to determine the best path for a network?
Some examples of routing metrics used to determine the best path may include: * Hop count, which is the number of network segments crossed * Theoretical bandwidth and actual throughput on a potential path * Delay, or latency, on a potential path, which results in slower performance * Load, which is the traffic or processing burden sustained by a router in the path * MTU, which is the largest IP packet size in bytes allowed by routers in the path without fragmentation (excludes the frame size on the local network) * Routing cost, which is a value assigned to a particular route as judged by the network administrator; the more desirable the path, the lower its cost * Reliability of a potential path, based on historical performance * A network's topology
There are several interior gateway protocols, but only one current exterior gateway protocol. What is this protocol, and what characteristics does it have?
The Border Gateway Protocol (BGP) is the only current exterior gateway protocol, and has been dubbed the "protocol of the Internet." Whereas OSPF and IS-IS scouting parties only scout out their home territory, a BGP scouting party can go cross-country. BGP spans multiple autonomous systems and is used by edge and exterior routers on the Internet. Here are some special characteristics of BGP: * path-vector routing protocol-Communicates via BGP-specific messages that travel between routers over TCP sessions. * efficient-Determines best paths based on many different factors. * customizable-Can be configured to follow policies that might, for example, avoid a certain router, or instruct a group of routers to prefer one particular route over other available routes.
How is the TTL (Time to Live) field utilized in IPv4?
The TTL field indicates the maximum duration that the packet can remain on the network before it is discarded. Although this field was originally meant to represent units of time, on modern networks it represents the number of times a packet can still be forwarded by a router, or the maximum number of router hops it has remaining.The TTL for packets varies and can be configured; it is usually set at 32 or 64. Each time a packet passes through a router, its TTL is reduced by 1. When a router receives a packet with a TTL equal to 0, it discards that packet and sends a TTL expired message via ICMP back to the source host.
What are the two different variations of network address translation (NAT)?
The two variations of NAT are: * SNAT-Using SNAT (Static Network Address Translation or Source Network Address Translation), the gateway assigns the same public IP address to a host each time it makes a request to access the Internet. Small home networks with only a single public IP address provided by its ISP use SNAT. * DNAT or Destination NAT-Using DNAT (Destination Network Address Translation), hosts outside the network address a computer inside the network by a predefined public IP address. When a message sent to the public IP address reaches the router managing DNAT, the destination IP address is changed to the private IP address of the host inside the network. The router must maintain a translation table of public IP addresses mapped to various hosts inside the network.
What are the two different types of DNS requests?
There are two types of DNS requests: * recursive query-A query that demands a resolution or the answer "It can't be found." For example, the initial request the resolver makes to the local server is a recursive query. The local server must provide the information requested by the resolver, as in "The buck stops here." * iterative query-A query that does not demand resolution. For example, when the local server issues queries to other servers, the other servers only provide information if they have it.