NWS Char 4: Network Protocols and Routing
routing metrics
(information about each route) when examining routes
latency
Delay, or latency, on a potential path, which results in slower performance
EIGRP (Enhanced Interior Gateway Routing Protocol)
EIGRP (Enhanced Interior Gateway Routing Protocol), an IGP, was developed in the mid-1980s by Cisco Systems. It is an advanced distance-vector protocol that combines some of the features of a link-state protocol and so is sometimes referred to as a hybrid protocol. With a fast convergence time and low network overhead, it's easier to con- figure and less CPU-intensive than OSPF. EIGRP also offers the benefits of supporting multiple protocols and limiting unnecessary network traffic between routers
IPv4 Packet Fields
Table 4-3
ARP table
The database of IP-to-MAC address mappings is called an ARP table or ARP cache, and is kept on a computer's hard drive. Each OS can use its own format for the ARP table. A sample ARP table is shown in Figure 4-12.
Ethernet II
The most important Data Link layer standard, Ethernet, is adaptable, capable of running on a variety of network media, and offers excellent throughput at a reasonable cost. Because of its many advantages, Ethernet is, by far, the most popular network technology used on modern LANs.Ethernet II is the current Ethernet standard and was developed by DEC, Intel, and Xerox (abbreviated as DIX) before IEEE began to standardize Ethernet. Unlike higher-layer protocols, Ethernet adds both a header and a trailer to the payload it inherits from the layer above it. This creates a frame around the payload. (Fields of ethernet frame in table 4-8)
UDP (User Datagram Protocol)
UDP (User Datagram Protocol) is an unreliable, connectionless protocol. The term unreliable does not mean that UDP can't be used reliably. Instead, it means that UDP does not guarantee delivery of data, and no connec- tion is established by UDP before data is transmitted. UDP provides no handshake to establish a connection, acknowledgment of transmissions received, error checking, sequencing, or flow control and is, therefore, more efficient and faster than TCP.Instead of conversing with someone on a phone call, this would be more like talking on a radio show where you send out your signal whether anyone is listening or not. UDP is useful when a great volume of data must be transferred quickly, such as live audio or video transmissions over the Internet.
tracert
utility uses ICMP echo requests to trace the path from one net- worked node to another, identifying all intermediate hops between the two nodes.
ARP (Address Resolution Protocol)
works in conjunction with IPv4 to discover the MAC address of a node on the local network and to maintain a database that maps local IP addresses to MAC addresses. ARP is a Layer 2 protocol that uses IP in Layer 3
MTU (maximum transmission unit)
) is the largest size, in bytes, that routers in a message's path will allow at the Network layer. Therefore, this defines the maximum payload size that a Layer 2 frame can encapsulate. For Ethernet, the default MTU is 1500 bytes, a value that is generally considered the Internet standard. However, other Layer 2 technologies might allow higher MTUs, or require lower MTUs. Because of the overhead present in each frame and the time it takes for the NIC to manage a frame, the use of larger frame sizes on a network generally results in faster throughput
How routers work
A router joins two or more networks and passes packets from one network to another. Routers are responsible for determining the next network to which a packet should be forwarded on its way to its destination. A typical router has an internal processor, an operating system, memory, input and output jacks for different types of network connectors (depending on the network type), and, usually, a management console interface
s IS-IS (Intermediate System to Intermediate System)
Another IGP, which is also a link-state routing protocol, is IS-IS (Intermediate System to Intermediate System). IS-IS uses a best-path algorithm similar to OSPF's. It was originally codified by ISO, which referred to routers as "intermediate systems," thus the protocol's name. Unlike OSPF, however, IS-IS is designed for use on core routers only. Also, IS-IS is not handcuffed to IPv4 like OSPF is, so it's easy to adapt to IPv6. Service providers generally prefer to use IS-IS in their own networks because it's more scalable than OSPF, but OSPF is still more common
7 Layers of TCP/IP Core Protocols
Layers 7, 6, and 5—Data and instructions, known as payload, are generated by applications running on source host Layer 4—A Transport layer protocol, usually TCP or UDP, adds a header Includes a port number to identify the receiving app Layer 3—Network layer adds it own header and becomes a packet Layer 2—Packet is passed to Data Link layer on NIC, which encapsulates data with its own header and trailer, creating a frame Layer 1—Physical layer on the NIC receives the frame and places the transmission on the network
routing path types
Static routing and dynamic routing
route command
The route command allows you to view a host's routing table. Here are some varia- tions for different operating systems: • Linux or UNIX—Enter route at the shell prompt. • Windows—Enter route print at the command prompt. • Cisco's IOS—Enter show ip route at the CLI in enable mode. You'll have a chance to practice using Cisco commands in a few projects in later chapters. Routing tables on workstations typically contain no more than a few, unique entries, including the default gateway and loopback address. However, routing tables on Internet backbone routers, such as those operated by ISPs, maintain hundreds of thousands of entries
collision
When the transmissions of two nodes interfere with each other, a collision happens. After a collision, each node waits a random amount of time and then resends the transmis- sion.
best path
the most efficient route to the message's destination calculated by the router, based upon the information the router has available to it
jumbo frame
• Some special-purpose networks use a proprietary version of Ethernet that allows for a jumbo frame, in which the MTU can be as high as 9198 bytes, depending on the type of Ethernet architecture used
gateway of last resort
, which is the router that accepts unroutable messages from other routers.
TCP three-way handshake
-The TCP three-way handshake establishes a session before TCP transmits the actual data, such as an HTTP request for a web page. Think about how a handshake works when meeting a new acquaintance. You reach out your hand, not knowing how the other person will respond. If the person offers his hand in return, the two of you grasp hands and you can then proceed with the conversation. F TCP uses a three-step process called a three-way handshake to establish a TCP connection.Only after TCP establishes this connection does it transmit the actual data, such as an HTTP request for a web page.
three characteristics of TCP
-connection-oriented—Before TCP transmits data, it ensures that a con- nection or session is established, similar to making sure someone is listening on the other end of a phone call before you start talking. TCP uses a three-step process called a three-way handshake to establish a TCP connection. -sequencing and checksums-In the analogy of a phone call, you might ask the other person if he can hear you clearly, and repeat a sentence as necessary. In the same vein, TCP sends a character string called a checksum; TCP on the des- tination host then generates a similar string. If the two checksums fail to match, the destination host asks the source to retransmit the data. In addition, because messages don't always arrive in the same order they were created, TCP attaches a chronological sequence number to each segment so the destination host can, if necessary, reorder segments as they arrive. -flow control—You might slow down your talking over the phone if the other person needs a slower pace in order to hear every word and understand your message. Similarly, flow control is the process of gauging the appropriate rate of transmission based on how quickly the recipient can accept data. For example, suppose a receiver indicates its buffer can handle up to 4000 bytes. The sender will issue up to 4000 bytes in one or many small packets and then pause, wait- ing for an acknowledgment, before sending more data
tcpdump
A packet sniffer is very similar and many people use the terms interchangeably
dynamic routing
A router automatically calculates the best path between two networks and accumulates this information in its routing table. If congestion or failures affect the network, a router using dynamic routing can detect the prob- lems and reroute messages through a different path. When a router is added to a network, dynamic routing ensures that the new router's routing tables are updated
CSMA/CD (Car- rier Sense Multiple Access with Collision Detection).
All nodes connected to a hub compete for access to the network. The MAC (media access control) method used by nodes for arbitration on the network is CSMA/CD (Car- rier Sense Multiple Access with Collision Detection). Take a minute to think about the full name Carrier Sense Multiple Access with Collision Detection: • Carrier Sense refers to an Ethernet NIC listening and waiting until no other nodes are transmitting data. • Multiple Access refers to several nodes accessing the same network media. • Collision Detection refers to what happens when two nodes attempt a transmission at the same time
hops
Although this field was originally meant to represent units of time, on modern net- works it represents the number of times a packet can still be forwarded by a router, or the maximum number of router hops it has remaining.
default route
If it doesn't find a matching entry, the router looks for 0.0.0.0 in the first column. This route is the default route—the route to use if no other route is a match.
hop limit
Indicates the number of times the packet can be forwarded by routers on the network, similar to the TTL field in IPv4 packets. When the hop limit reaches 0, the packet is discarded
internetwork
Internet Protocol) belongs to the Network layer of the OSI model. It specifies where data should be delivered, identifying the data's source and destination IP addresses. IP is the protocol that enables TCP/IP to internetwork—that is, to traverse more than one LAN segment and more than one type of network through a route
neighbor discovery
Routers learn about all the devices on their networks through a process called neighbor discovery. This process can go awry when changes are made to the network, or when a problem is developing but is only producing sporadic symptoms.
convergence time
Routing protocols are also rated on the time it takes to recog- nize a best path in the event of a change or network outage.
TCP three-way handshake (steps)
Step 1, SYN (request for a connection)—Computer A issues a message to computer B with the following information: • In its Sequence number field, computer A selects and sends a random number that will be used to synchronize communication. In Figure 4-4, for example, this number is 937013558. • Its SYN bit is set to 1, which means the SYN flag is activated. This indicates the desire to communicate and synchronize sequence numbers. It's as if computer A is offering a hand to computer B to see if there will be a response. • The ACK bit is usually set to 0 for this first transmission because there is no information yet from computer B to acknowledge. Step 2, SYN/ACK (response to the request)—When computer B receives this message, it responds with a segment containing the following information: • The ACK and SYN bits are both set to 1, essentially saying, "Yes, I'm here and I'm listening." • The Acknowledgment number field contains a number that equals the sequence number computer A originally sent, plus 1. As Figure 4-4 illus- trates, computer B sends the number 937013559. In this manner, computer B signals to computer A that it has received the request for communication and further, it expects computer A to respond again with the sequence num- ber 937013559. • In its Sequence number field, computer B sends its own random number (in Figure 4-4, this number is 3043958669) Step 3, ACK (connection established)—Computer A issues a segment with the following information: • The sequence number is 937013559 because this is what computer B indicated it expects to receive. • The Acknowledgment number field equals the sequence number that computer B sent, plus 1. In our example, this number is 3043958670. • The ACK bit is set to 1. The connection has now been established, and in the next message, computer A will begin data transmission.
IPv6 Packet Fields
Table 5-5--. in Table 4-3, you'll notice some similarities and some differences. For example, both packets begin with a 4-bit Version field. Other fields, such as the TTL in IPv4 and the hop limit in IPv6, are similar, but slightly different. One striking difference between the two versions is that IPv6 packets accommodate the much longer IPv6 addresses. Also, there is no Fragment offset field in IPv6 packets. This is because IPv6 hosts adjust their packet sizes to fit the requirements of the network before sending IPv6 messages.
pathping
The Windows utility pathping combines elements of both ping and tracert to provide deeper information about network issues along a route. It sends multiple pings to each hop along a route, then compiles the information into a single report. To see a sample of the type of information pathping provides, try the following command
RIPv2 (Rout- ing Information Protocol version 2)
The latest version, RIPv2 (Rout- ing Information Protocol version 2), generates less broadcast traffic and functions more securely than RIPv1. Still, RIPv2 cannot exceed 15 hops, and it is also considered an outdated protocol
routing protocols
To determine the best path, routers communicate with each other through routing protocols
ICMP (Internet Control Message Protocol)
Whereas IP helps direct data to its correct destination, ICMP (Internet Con- trol Message Protocol) is a Network layer, core protocol that reports on the success or failure of data delivery. It can indicate when part of a network is congested, when data fails to reach its destination, and when data has been discarded because the allotted Time to Live has expired (that is, when the data has traveled its allotted number of hops).
routing table
a database that holds information about where hosts are located and the most efficient way to reach them. A router has two or more network ports and each port connects to a different network; each network connection is assigned an interface ID, and logically, the router belongs to every network it connects to. A router relies on its routing table to identify which network a host belongs to and which of the router's interfaces points toward the best next hop to reach that network.
RIP (Routing Information Protocol)
a distance-vector routing protocol, is the oldest routing protocol. Here are some notable considerations when using RIP on a network. Advantages: • simplicity—Quick and easy configuration. • stability—Prevents routing loops from continuing indefinitely by limiting the number of hops a message can take between its source and its destination to 15. If the number of hops in a path exceeds 15, the network destination is considered unreachable. Disadvantages: • limited metrics—Only considers the number of hops between nodes when determining the best path. • excessive overhead—Broadcasts routing tables every 30 seconds to other routers, regard- less of whether the tables have changed. • poor convergence time—Might take several minutes for new information to propagate to the far reaches of the network. • limited network size—Does not work well in very large network environments where data might have to travel through more than 15 routers to reach its destination (for example, on a metro network). • slower and less secure—Outdated by newer routing protocols
AS (autonomous system
a group of net- works, often on the same domain, that are operated by the same organization.
protocol analyzer
a program that collects and examines network messages
Layer 3 switch
a switch that is capable of interpreting Layer 3 (ntwork) data and works much like a router. It supports the same routing protocols and makes routing decisions. Layer 3 switches were designed to work on large LANs, similar to core routers, except they're faster and less expensive. The primary difference is the way the hardware is built, but, in fact, it's often difficult to distinguish between a Layer 3 switch and a router. In some cases, the difference comes down to what the manufacturer has decided to call the device in order to improve sales. As you learn more about how routers work, keep in mind that Layer 3 and Layer 4 switches can work the same way.
Routing Cost
a value assigned to a particular route as judged by the network administrator; the more desirable the path, the lower its cost
Layer 4 (transport) switches
are capable of interpreting Layer 4 data. They operate anywhere between Layer 4 and Layer 7 and are also known as content switches or application switches. Among other things, the ability to interpret higher- layer data enables switches to perform advanced filtering, keep statistics, and provide security functions. As you learn more about how routers work, keep in mind that Layer 3 and Layer 4 switches can work the same way.
Core routers, also called interior routers
are located inside networks within the same autonomous system. An AS (autonomous system) is a group of net- works, often on the same domain, that are operated by the same organization. For example, Cengage, the company that published this book, might have several LANs that all fall under its domain, with each LAN connected to the others by core routers. An AS is sometimes referred to as a trusted network because the entire domain is under the organization's control. Core routers communicate only with routers within the same AS.
IGPs (interior gateway protocols)
are routing protocols used by core routers and edge routers within autonomous systems. IGPs are often grouped according to the algorithms they use to calculate best paths: ❍ Distance-vector routing protocols calculate the best path to a destination on the basis of the distance to that destination. Some distance-vector routing protocols factor only the number of hops to the destination, whereas others take into account route latency and other network traffic characteristics. Distance-vector routing protocols periodically exchange their route information with neighboring routers. However, routers relying on this type of routing protocol must accept the data they receive from their neighbors and cannot independently assess network conditions two or more hops away. RIP, RIPv2, and EIGRP are distance-vector routing protocols
EGPs (exterior gateway protocols)
are routing protocols used by edge routers and exterior routers to distribute data outside of autonomous systems. The one EGP protocol we discuss in this chapter, which is the only EGP currently in use, is BGP
Edge routers, or border routers
connect an autonomous system with an out- side network, also called an untrusted network. For example, the router that connects a business with its ISP is an edge router
Dynamic ARP table entries
created when a client makes an ARP request for information that could not be satisfied by data already in the ARP table; once received, the new information is recorded in the table for future reference.
netstat
displays TCP/IP statistics and details about TCP/IP components and connections on a host. Information that can be obtained from the netstat command includes: • the port on which a TCP/IP service is running • which network connections are currently established for a client • how many messages have been handled by a network interface since it was activated • how many data errors have occurred on a particular network interface
Link-state routing protocols
enable routers to communicate beyond neighboring routers, after which each router can independently map the network and determine the best path between itself and a message's destination node. These protocols tend to adapt more quickly to changes in the network, but can also be more complex to configure and troubleshoot. OSPF and IS-IS are link-state routing protocols.
OSPF (Open Shortest Path First)
points. If excessive traffic levels or an outage prevent data from following the most direct path, a router might determine that the most efficient path actually goes through additional routers. • shared data—Maintains a database of the other routers' links. If OSPF learns of the failure of a given link, the router can rapidly compute an alternate path. • low overhead, fast convergence—Demands more memory and CPU power for cal- culations, but keeps network bandwidth to a minimum with a very fast conver- gence time, often invisible to users. • stability—Uses algorithms that prevent routing loops. • multi-vendor routers—Supported by all modern routers. It is commonly used on autonomous systems that rely on a mix of routers from different manufacturers.
Exterior router
refers to any router outside the organization's AS, such as a router on the Internet backbone. Sometimes a technician might refer to her own edge router as an exterior router because it communicates with routers outside the AS. But keep in mind that every router communicating over the Internet is an edge router for some organization's AS, even if that organization is a large tele- communications company managing a portion of the Internet backbone
spoofing
s. Additionally, a MAC address can be impersonated, which is a security risk called spoofing
Command Line utilities
table 4-15
collision domain
the portion of a network in which collisions can occur. Hubs con- necting multiple computers in a star-bus topology resulted in massive collisions.
Static ARP table entries
those that someone has entered manually using the ARP utility. This ARP utility, accessed via the arp command in both Windows and Linux, provides a way of obtaining information from and manipulating a device's ARP table.
BGP (Border Gateway Protocol)
which has been dubbed the "protocol of the Internet." Whereas OSPF and IS-IS scouting parties only scout out their home territory, a BGP scouting party can go cross-country. BGP spans multiple autono- mous systems and is used by edge and exterior routers on the Internet. Here are some special characteristics of BGP: • path-vector routing protocol—Communicates via BGP-specific messages that travel between routers over TCP sessions. • efficient—Determines best paths based on many different factors. • customizable—Can be configured to follow policies that might, for example, avoid a certain router, or instruct a group of routers to prefer one particular route over other available routes. BGP is the most complex of the routing protocols mentioned in this chapter. If you maintain networks for an ISP or large telecommunications company, you will need to understand BGP.
static routing
—A network administrator configures a routing table to direct mes- sages along specific paths between networks. For example, it's common to see a static route between a small business and its ISP. However, static routes can't account for occasional network congestion, failed connections, or device moves, and they require human intervention
overhead
—A routing protocol is rated on its overhead, or the burden placed on the underlying network to support the protocol
AD (administrative distance)
—Each routing protocol is assigned a default AD, which is a number indicating the protocol's reliability, with lower values being given higher priority. This assignment can be changed by a network administra- tor when one protocol should take precedence over a previously higher-rated protocol on that network.
probes
• Both utilities limit the TTL of these repeated trial messages, called probes, thereby triggering routers along the route to return specific information about the route being traversed. In fact, by default they send three probes with each iteration so averages can be calculated from the three responses at each step
Router Functions (and optional functions)
• Connect dissimilar networks, such as a LAN and a WAN, which use different types of routing protocols. • Interpret Layer 3 and often Layer 4 addressing and other information (such as quality of service indicators). • Determine the best path for data to follow from point A to point B. The best path is the most efficient route to the message's destination calculated by the router, based upon the information the router has available to it. • Reroute traffic if the path of first choice is down but another path is available. In addition to performing these basic functions, routers may perform any of the fol- lowing optional functions: • Filter broadcast transmissions to alleviate network congestion. • Acting as a simple firewall, prevent certain types of traffic from getting to a net- work, enabling customized segregation and security. • Support simultaneous local and remote connectivity. • Provide high network fault tolerance through redundant components such as power supplies or network interfaces. • Monitor network traffic and report statistics. • Diagnose internal or other connectivity problems and trigger alarms
Routing Metrics used to determine best path
• Hop count, which is the number of network segments crossed • Theoretical bandwidth and actual throughput on a potential path • Delay, or latency, on a potential path, which results in slower performance • Load, which is the traffic or processing burden sustained by a router in the path • MTU, which is the largest IP packet size in bytes allowed by routers in the path without fragmentation (excludes the frame size on the local network