1.1k likes | 1.15k Vues
Network Fundamentals. Generalized network training starting with the very basic and moving into complex concepts and configurations. Presented by @alt_bier aka Richard Gowen Solution Architect, PepsiCo Global Network Engineering Co-Founder of the Plano Hacker Space TheLab.ms.
E N D
Network Fundamentals Generalized network training starting with the very basic and moving into complex concepts and configurations. Presented by @alt_bier aka Richard Gowen Solution Architect, PepsiCo Global Network Engineering Co-Founder of the Plano Hacker Space TheLab.ms
What is a “Network”? The basic definition of a network is a way to get ‘stuff’ between two or more ‘things’ using a defined transport model. Examples: Postal System, Phone System, Railroads, Highways/Roads. A computer network fits this definition as it allows computers to transmit information between each other using a defined transport model. In fact, correlations have been made between computer networks and Highways given the similarities of the two (e.g. “The Information Super-Highway”).
Computer Networking Models Computer Networking Models, also called protocol stacks, are represented in layers to help us understand where things happen and where they might go wrong. There are several models that have been used over the years (e.g. DOD 3-layer, Simplified 4-layer). However, the OSI 7-layer model is the current standard that is used to describe computer networks. The OSI (Open Systems Interconnection) model defines seven layers / protocols that are used in computer networking. Each layer is dependent upon the layer below it and thus all layers are stacked to provide information transport.
Protocol Concepts Protocols are sets of rules that define how to perform various tasks. • What do you want to do? (Application) • How do you need it displayed? (Presentation) • How important is it? (Prioritization) • Where are you going? (Addressing) • How do you get there? (Media types, Routes) • Did you get there? (Acknowledgments, Error checking)
The Physical Layer – OSI Layer 1 Network Components Operating At This Layer Fiber Optics Telecom Circuits Wireless Copper Wire
Physical – Layer 1 – Copper Wire This layer defines the physical media and protocols that are used to connect devices together on the network. • Twisted pair copper wire (Cat5, Cat5e, Cat6, etc.). • Twisted pair copper wire (twists reduce interference) use RJ45 connectors (RJ11 for phone) with a distance limitation of usually 100 meters based on cable category and bandwidth configuration • Unshielded twisted pair (UTP) is the most common as it is used for most network applications. • Shielded twisted pair (STP) has extra covering that protects the transmission line from electromagnetic interference leaking into or out of the cable. • Cat5e has more twists than Cat5, works better at high speeds. Cat6 is even better. • Common Terms: 10BaseT, 100BaseT, 1000BaseT. The “T” is for Twisted pair, number is speed, base is “baseband” which references signal modulation. (1000BaseT = Gigabit over copper)
Physical – Layer 1 – Fiber Optics • Fiber Optic cable (Multi-Mode, Single-Mode). • Glass fiber in cladding that allows transmission of various wavelengths (in nanometers) of light • Major fiber types are Multi-Mode and Single-Mode each with several standards (OM1-4, OS1-2) • Single-Mode fiber is a strand of glass with a diameter of 8.3 to 10 microns that is designed for a single path of propagation for wavelengths of 1310nm or 1550nm over distances up to 50 km • Multi-Mode fiber has a larger diameter of between 50 to 100 microns (62.5um is typical) that is designed for multiple paths of propagation of 850nm or 1300nm over distances up to 900 meters • Single-Mode fiber has higher transmission rates (>10Gbps) and longer distance at a higher cost • Connectors include SC (Square), LC (Lucent), FC (Fiber-Channel), ST (Stab-Twist), & more
Physical – Layer 1 – Wireless • Wireless (802.11a, b, g, n, ac, etc.). • Uses radio waves in the 2.4Ghz (802.11b and g and n) and 5Ghz (802.11a and n and ac) bands to transmit data. These are unregulated frequencies, so other things (cordless phones, etc.) can use these frequencies, hopefully one is smart enough to hop frequencies to clear the other. • Wireless access points can operate in both the 2.4Ghz and 5Ghz bands if they have the proper radios/antennae. WAP’s can operate autonomously or in a mesh coordinated via a controller. • Bandwidth per device varies with standard (e.g. 802.11b = 11Mbps, 802.11ac >100Mbps)
Physical – Layer 1 – Carrier Circuits • Telecommunication Carrier Circuits (ISDN, SMDS, DSL, SONET, MetroE, MPLS, etc.). • Leased lines from telecommunication carriers vary in type, protocol, and bandwidth. • Integrated Services Digital Network (ISDN) - Separate signal D channel (delta@16kbps) from data B channels (bearer@64kbps) provisioned as Basic Rate Interface (2B+1D) or Primary Rate Interface (23B+1D) • Switched Multimegabit Data Service (SMDS) - Switched digital service from carrier with multiple speeds: T1 (1.544 Mbps), T3 (44.736 Mbps), etc. • Digital Subscriber Line (DSL) – Deliver digitized signals over telephone lines. Higher data speeds available than ISDN and SMDS. Two types: Symmetric / Asymmetric (SDSL / ADSL) • Synchronous optical network (SONET) – High bandwidth optical service from carrier w/ multiple speeds: OC1 (51.48Mbps), OC3 (155.52Mbps), OC12 (622.08Mbps), etc. • Metro-Ethernet (MetroE) – Carrier provided Ethernet service using Metropolitan Area Network (MAN) technology available in 10Mbps, 100Mbps, and 1000Mbps port speeds with fractional data rates optional • Multi-Protocol Label Switching (MPLS) – A data-carrying technique for high-performance networks that can utilize a number of existing carrier services such as SMDS, SONET, and Metro Ethernet. While not a physical media type on its own, it is often called out as such based on marketing terms.
Physical – Layer 1 – Power over Ethernet (PoE) Mode A Power over Ethernet (PoE) describes any of several standard or ad-hoc systems which pass electric power along with data on twisted pair copper cabling. This allows a single cable to provide both data connection and electric power to devices. PoE has three modes, A, B, and 4-pair available. Mode A delivers power on the data pairs of 100BASE-TX or 10BASE-T Mode B delivers power on the spare pairs. 4-pair delivers power on all four pairs. PoE can also be used on 1000BASE-T Ethernet, in which case there are no spare pairs and all power is delivered using a phantom technique. Mode B
Physical – Layer 1 – Bandwidth and Latency Two common network terms at the physical layer that are often confused are bandwidth and latency. Bandwidth is a measure of the amount of traffic that can travel on a given network medium. This can be compared to the number of lanes on a highway. More bandwidth/lanes means more traffic can use the network/highway before it becomes congested. Latency is a measure of the time it takes to get from one place to another on a network. Certain things like congestion can affect latency but there will always be a minimum latency based on the distance. For example, if it takes 15 hours to drive from Chicago to Dallas congestion may increase this to 17 hours. However, adding more lanes to the highway does not reduce this time below 15 hours. The speed of light is the determining factor for the theoretical minimum latency for a specified distance.
The Data Link Layer – OSI Layer 2 Network Components Operating At This Layer Host Network Interface Card Modem / Repeater Hub (deprecated) Bridge (deprecated) Network Access Control Switch Wireless Access Point
Data Link – Layer 2 The data link layer takes the 1’s and 0’s handed it by the Network layer and turns them into some kind of signal that can go over the Physical layer (electrical current, light pulses, microwaves, etc.) It also takes this signal and turns it back into 1’s and 0’s to pass up the stack on the receiving end. These transmissions are sent in a unit of data called a “Frame” which varies in size based on the protocol used (e.g. ATM = 53Bytes, Ethernet = 1522Bytes). Frames can only be sent between devices on the same local layer 2 network which is also known as a broadcast domain (since broadcast frames are not forwarded by bridges or switches). This was the original meaning of the term Local Area Network (LAN). Although in modern network terminology LAN refers to all layer 2 and layer 3 networks in a specific location (office, data center, etc.). Older hubs and switches were limited to hosting a single layer 2 network on them. While modern day switches use a feature called the Virtual Local Area Network (VLAN) to host multiple layer 2 networks on a single device. Data link protocols: Token Ring, FDDI, ATM, and the most common of all the data link protocols: Ethernet (standard IEEE 802.3).
Data Link – Layer 2 – Addressing and Topology An addressing scheme is required to allow traffic forwarding between devices. In Ethernet this is called the Media Access Control address (or MAC address). It’s a 6 Byte (48 bit) hexadecimal address that is unique to that Ethernet adaptor and contains both a vendor identification and a serial number. Ethernet was designed for multiple devices using shared media in a Bus topology. Modern Ethernet switches provide dedicated media per device in a Star topology. However, the Ethernet protocol continues to support shared media with CSMA/CD (Carrier Sense, Multiple Access, Collision Detect). Protocols like Token-Ring and Fiber Distributed Data Interface (FDDI) use a Ring topology for device access.
Data Link – Layer 2 – Hubs & Bridges Hubs are multiport devices that connect the segments of a LAN. When a frame arrives at one port, it is passed along or "broadcast" to all of its other ports. It doesn't matter if the frame is only destined for one port as it has no way of distinguishing which port a frame should be sent to. Broadcasting to every port ensures that it will reach its destination. This can lead to poor performance if the LAN (i.e. broadcast domain) is too large. While hubs as devices have been deprecated from networks this functionality still exists in other devices like switches. Bridges are devices that create a single aggregate network from multiple networks. This function is called network bridging. Bridging is distinct from routing as routing allows different networks to communicate while separate and bridging connects networks as if they are a single network. While bridges as devices have been deprecated from networks this functionality exists in other devices like switches.
Data Link – Layer 2 – Switches & Wireless Access Points Switches are multiport devices used to connect the segments of a LAN or multiple LAN’s and will forward frames similar to hubs and bridges. A single modern day switch can perform the same service as several older hubs and bridges by combining all of their functionality and by using VLAN’s to create several independent broadcast domains on the same device. Some switches can also process packets at the network layer (layer 3) by incorporating routing. Wireless Access Points (WAP) are devices that allow wireless capable devices to gain access to wired networks. The WAP will have a wired connection to a LAN and through a wireless standard allow wireless devices to connect to a Wireless LAN (WLAN) that provides access to the wired LAN. WAPs feature radio transmitters and antennae, which facilitate wireless connectivity. The particular wireless standard that is used by a WAP determines the protocols and frequencies used. All WAPs can forward frames to the LAN like a bridge and most WAPs can also process packets by incorporating routing.
Data Link – Layer 2 – Bridge Loops & Spanning Tree When it comes to network design, redundant links can provide a level of fault tolerance. Unfortunately, redundant links in layer 2 networks can cause bridge loops. In a bridged LAN, a bridging loop occurs when there are multiple paths that can cause frames to continuously loop around your network. This can cause network issues. Spanning Tree Protocol (STP) is a network protocol that was developed to deal with bridge loops as it builds a logical loop-free topology for Ethernet networks. As the name suggests, STP creates a tree within a network of bridges, and disables links that are not part of the tree, leaving a single active path between any two bridges. This spanning tree is built collectively by all the bridges using the following rules: 1) select a root bridge, 2) find lowest cost path to the root, 3) disable all other paths to root. These rules require knowledge of the entire network. The bridges use special data frames called Bridge Protocol Data Units (BPDUs) to pass data about bridge IDs and path costs. When a device is first attached to a switch port, it will not immediately start to forward data. It will go through a number of states while it processes BPDUs and determines the topology. STP port states: • Blocking - A port that could cause a loop if it were active. No data is sent or received over a blocking port. • Listening - The switch processes BPDUs and awaits possible new information that would cause it to return to the blocking state. It does not populate the MAC address table and it does not forward frames. • Learning - Port doesn’t forward frames, it learns source addresses and populates the MAC address table. • Forwarding - A port receiving and sending data, normal operation. STP still monitors incoming BPDUs that would indicate it should return to the blocking state to prevent a loop.
Data Link – Layer 2 – Network Access Control Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network. NAC as a solution spans several layers. Port-based Network Access Control (PNAC) operates at layer 2. IEEE 802.1X is a standard providing authentication for devices wishing to attach to a LAN or WLAN. It defines the encapsulation of the Extensible Authentication Protocol (EAP) over IEEE 802, also known as "EAP over LAN" or EAPOL. EAPOL authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client device that wishes to attach to the LAN/WLAN. The authenticator is a network device, such as a switch or WAP; and the authentication server is a host running RADIUS and EAP protocols. The authenticator acts like a security guard to a protected network. The supplicant is not allowed access through the authenticator to the protected side of the network until the supplicant’s identity has been validated. A supplicant device can be initially placed on an authorization VLAN until it has been validated at which point it can be dynamically moved to either a trusted VLAN, a remediation VLAN, or a guest VLAN based on the authentication validation.
Data Link – Layer 2 – Hierarchical Model A common hierarchical model that is used within a local switched network is known as the Hierarchical Internetworking Model. This model simplifies the task of building a reliable, scalable, network because it focuses on the three functional areas of the network: Core layer: This layer is considered the backbone of the network and includes the high-end switches or routers and high-speed cables such as fiber cables. This layer of the network does not route traffic at the LAN but rather to and from the local network and remote networks. This layer is concerned with speed and reliable delivery of packets. Distribution layer: This layer includes layer 3 switches. This layer ensures that packets are properly routed between subnets and VLANs in the LAN. Access layer: This layer includes hubs and switches. This layer ensures that frame and encapsulated packets are delivered to end user computers.
The Network Layer – OSI Layer 3 Network Components Operating At This Layer Router Layer-3 Switch Multi-Service Switch Load Balancer Wireless Access Point Firewall Intrusion Detection & Prevention Network Access Control Voice / Video Gateway Wireless Controller
Network – Layer 3 When you link computers up, via layers 1 and 2 you get a local network. When you link networks up, you get an internetwork. You need the Network layer (layer 3) to get data between all the local networks of your internetwork. One internetwork’s so well known, it drops the “work” and gets a capital “I.” Network Layer transmissions are sent in a unit of data called a “Packet”. Network packets can be routed unlike data link frames. This means they can be passed from one local network to another. A device can only get data link layer frames on its local network interface. So, network layer packets have to be stuffed inside the data link layer frames. This is called “encapsulation” and is why a layered model is handy for reference. Network Layer Protocols: Internet Protocol (IP), Internet Control Message Protocol (ICMP), and several others, some that aren’t used much any more (AppleTalk, Netware IPX, etc.). Internet Protocol (IP) is used on the Internet as well as most other networks. It was designed for huge, ever-expanding networks of networks.
Network – Layer 3 – IP Version 4 Internet Protocol Version 4 (IPv4) is the original basis for the Internet and is still the majority network protocol used even with the launch of IPv6 in 2009. Every connected host has a four octet address expressed in dotted decimal format: [0-255].[0.255].[0-255].[0-255] (e.g. 192.168.10.1) Hosts send packets to IP addresses that are routed to those destinations. Classful addressing: In IPv4 the class of a network can be A, B, or C and this affects how the network is sub-netted. In a Class A network the first octet is reserved for network addresses and the remaining 3 octets are for host addresses. In a Class B network 2 octets are network and 2 are host. In a Class C network 3 octets are network and 1 is for hosts. In all classes the lowest host address is reserved for network identification and the highest host address is reserved for broadcast. (e.g. Class C network 192.168.10.0 has 254 host addresses from 1-254 and a broadcast address of 192.168.10.255) The broadcast address is intended for sending traffic to every host on that network. Variable-length subnet masking (VLSM) and Classless Inter-Domain Routing (CIDR):These provide methods of carving up subnets beyond the classful boundaries by using a subnet mask to identify how many bits of an IP address reference network vs hosts. (e.g. network 192.168.10.0/25 has 126 hosts 1-126 with broadcast 192.168.10.127)
Network – Layer 3 – IP Version 6 Internet Protocol Version 6 (IPv6) is a new version of IP that was officially launched in 2012 and is recently starting to gain adoption as the IPv4 address space is exhausted. IPv6 expands addressing beyond the IPv4 32-bit value to a 128-bit value address. Given this larger address space a new way to express these addresses was developedAn IPv6 address is represented as eight groups of four hexadecimal digits, each group representing 16 bits (two octets, a group sometimes also called a hextet). The groups are separated by colons (:). An example of an IPv6 address is:2001:0db8:85a3:0000:0000:8a2e:0370:7334Leading zeroes in a group may be omitted, but each group must retain at least one hexadecimal digit. Thus, the example address may be written as:2001:db8:85a3:0:0:8a2e:370:7334One or more consecutive groups of zero value may be replaced with two consecutive colons (::) Thus, the example address can be further simplified:2001:db8:85a3::8a2e:370:7334 Network address ranges are written in CIDR notation. A network is denoted by the first address in the block (ending in all zeroes), a slash (/), and a decimal value equal to the size in bits of the prefix. For example, the network written as 2001:db8:1234::/48 starts at address 2001:db8:1234:0:0:0:0:0 and ends at 2001:db8:1234:ffff:ffff:ffff:ffff:ffff. IPv6 functions similar to IPv4 in most respects and serves the same purpose of allowing networks to be interconnected and packets to be routed to IP addresses.
Network – Layer 3 – Private Network Address Space In the Internet addressing architecture, a private network is a network that uses private IP address space, following the standards set by RFC 1918 for IPv4, and RFC 4193 for IPv6. These addresses are commonly used for home, office, and enterprise local area networks. Addresses in the private space are not allocated to any specific organization and anyone may use these addresses without approval from a regional Internet registry. However, IP packets addressed from them cannot be transmitted through the public Internet. So if such a private network needs to connect to the Internet, it must do so via a network address translator (NAT) gateway, or a proxy. Private IPv4 address spaces shown as largest CIDR block (subnet mask): • 10.0.0.0/8 (255.0.0.0) • 172.16.0.0/12 (255.240.0.0) • 192.168.0.0/16 (255.255.0.0) Private IPv6 address spaces shown as largest CIDR block: • fd00::/8 Another type of private networking is the link-local address range used in autoconfiguration. • In IPv4, link-local addresses are codified in RFC 6890 and RFC 3927. The block 169.254.0.0/16 is reserved for this purpose, with the exception of the first and the last /24 subnets in the range. • In IPv6, link-local addresses are codified in RFC 4862. Their use is mandatory, and an integral part of the IPv6 standard. The RFC 4291 sets aside the block fe80::/10 for IP address autoconfiguration. The local loopback mechanism uses private networks as well. In IPv4 the address block 127.0.0.0/8 is reserved for loopback. In IPv6 there is just a single address reserved which is ::1.
Network – Layer 3 – Network Address Translation Network address translation (NAT) is a method of remapping one IP address space into another by modifying network address information in IP packet headers while they are in transit across a routing device. This was originally used for ease of rerouting traffic in IP networks without readdressing every host. In more advanced NAT implementations featuring IP masquerading, it has become a popular and essential tool in conserving global address space allocations in face of IPv4 address exhaustion by sharing one Internet-routable IP address of a NAT gateway for an entire private network. IP masquerading is a technique that hides an IP address space, usually of private IP addresses, behind a single IP address in another, usually public address space. The address to be hidden is changed into a single (public) IP address as "new" source address of the outgoing packet so it appears as originating from the routing device itself. Because of the popularity of this technique to conserve IPv4 address space, the term NAT has become virtually synonymous with IP masquerading. The simplest type of NAT provides a one-to-one translation of IP addresses. In this type of NAT, only the IP addresses, IP header checksum and any higher level checksums that include the IP address are changed. Basic NATs can be used to interconnect two IP networks that have incompatible addressing. The majority of NATs map multiple private hosts to one publicly exposed IP address. In a typical configuration, a local network uses a designated "private" IP address subnet.
Network – Layer 3 – IP Address Resolution As indicated earlier our machines do not communicate directly at the Network layer but rather encapsulate these packets into Data Link layer frames. So, how do we determine what MAC address at Layer 2 to send an IP address at Layer 3 to? This process is called address resolution where destination Layer 3 IP addresses are resolved to a destination Layer 2 MAC address. In IPv4 the protocol that provides this service is the Address Resolution Protocol (ARP) An ARP request is made asking who has an IP address. The reply will contain the IP address of the router that replied and also the MAC address of the local device that sent that reply. This is saved in an ARP table so future traffic to that destination will not require an ARP request. ARP tables age out to allow for changes in the network. In IPv6 this same ARP functionality is included in the Neighbor Discovery Protocol (NDP) which handles this as well as a number of other auto-discovery tasks for IPv6. While it is possible to use IP addresses natively in higher layers, it can be inconvenient. This is where the concept of names arise as it is easier to type google.com in a browser than 172.217.12.78 or 2607:f8b0:4000:813::200e The Domain Name Service (DNS) and the Windows Internet Name Service (WINS) provide this type of address resolution by taking a name request and replying with the associated IP address. To use DNS or WINS a device must be configured to point to DNS and/or WINS servers that will provide this resolution.
Network – Layer 3 – IP Host Configuration Unlike a MAC address which is physically assigned to a network interface, an IP network must be configured on a host for it to communicate at Layer 3. The minimum configuration would include the hosts specific IP address, the subnet mask, and the gateway IP address (this is the IP of a host that knows how to route to other IP networks also known as a router) Additional configurable items include DNS server IP addresses, WINS server IP addresses, a host name, a domain name, NTP Time server IP addresses, and more. IP host configuration can be done manually or can be auto-configured using the Dynamic Host Configuration Protocol (DHCP). In IPv4 a DHCP server enables computers to request their IP addresses and all other networking parameters. In IPv6 networks stateless autoconfiguration is provided by the Neighbor Discovery Protocol which give a host its IP address. However, if other information is required the DHCPv6 protocol provides this.
Network – Layer 3 – Addressing Methods IP Addressing Methods: Who do we want to talk to? In networking there are several ways that one device can address its traffic to send to one or many devices on the network. We previously discussed broadcast in the data link layer and this concept carries forward to the network layer. However, there are more ways to address traffic being sent on a network. Unicast addressing uses a one-to-one association between a sender and destination: each destination address uniquely identifies a single receiver endpoint. Broadcast addressing uses a one-to-all association; a single packet from one sender is routed to all of the possibly multiple endpoints associated with the broadcast address. The network automatically replicates packets as needed to reach all the recipients within the scope of the broadcast (usually a subnet). Multicast addressing uses a one-to-many-of-many or many-to-many-of-many association; packets are routed simultaneously in a single transmission to many recipients. It differs from broadcast in that the destination address designates a subset, not necessarily all, of the accessible nodes. Anycast addressing is a one-to-one-of-many association where packets are routed to any single member of a group of potential receivers that are all identified by the same destination address. The routing algorithm selects the single receiver from the group based on which is the nearest according to some distance measure.
Network – Layer 3 – IP Routing IP Routing: How do we get packets from here to there? Every IP address that is not on your local IP network (as determined by your subnet mask) will not be accessible for you to communicate directly with. But a router that is on your local network should be able to take that packet and pass it along for you, routing the traffic from your local IP network to a remote IP network. By default every host on an IP network is configured with a gateway IP address that is a router which will allow it to communicate to non-local IP addresses. Routers keep tables of networks, often large tables. These tables can be configured beyond the routers connected network routes manually with static routes or dynamically using routing protocols. Most routers also have a gateway IP address similar to a hosts that is called a default route for any traffic not in it’s tables. In this way routers can pass IP packets along from router to router until it reaches a router that is directly connected to the destination IP network and the packet is delivered to the destination host. Ping and Traceroute are two basic useful tools in identifying routing issues on a network.Ping will send a small packet to a destination IP address to determine if it is reachable and how long in milliseconds it took to get a reply. Traceroute asks all the routers along the path between source and destination for a reply and times the responses and records the path of routers taken to get to the destination.
Network – Layer 3 – Routers Routers are network devices that forward network packets between networks. A Router can be a dedicated network device or a function added to a multi-purpose network device such as a Layer-3 Switch. A router is connected to two or more networks. When a packet comes in on one of its network interfaces, the router reads the network address in the packet to determine the ultimate destination. Then, using its routing table, it forwards the packet to the next router on its journey or to its destination (if connected to the destination network). Routers allow for network communication beyond the limits of a single location. This wider expanse of internetwork communication is called a Wide Area Network (WAN) A Layer 3 router topology which is called the logical topology, is similar to but independent of the layer 1/2 aka. physical topology. You may see a mesh topology of routers at layer 3 that sit upon star topology layer 1/2 network. Network layer topologies include Bus, Star, Ring, Linear, Tree, and Mesh (partial & full). Routing protocols specify how routers distribute information that enables them to select which routes to send traffic. Routing algorithms determine the specific choice of route. Each router has knowledge only of networks attached to it directly. A routing protocol shares this information throughout the network. This way, routers gain knowledge of the topology of the network.
Network – Layer 3 – Routing Protocols There are three major classes of routing protocols in widespread use on IP networks: • Interior gateway protocols type 1, link-state routing protocols • Examples: Open Shortest Path First (OSPF) and Intermediate System to Intermediate System (IS-IS) • The concept of link-state routing is that every node constructs a map of connectivity, in the form of a graph, showing which nodes are connected to which other nodes. Each node calculates the next best logical path from it to every possible destination in the network • Interior gateway protocols type 2, distance-vector routing protocols • Examples: Routing Information Protocol (RIP), RIPv2, Interior Gateway Routing Protocol (IGRP) and Enhanced Interior Gateway Routing Protocol (EIGRP) . • A distance-vector routing protocol requires routers inform its neighbors of topology changes periodically. The term distance vector refers to the fact that it manipulates vectors (arrays) of distances to other nodes in the network. • Exterior gateway protocols, path-vector routing protocols • While Interior Gateway Protocols (IGP’s) route within an autonomous system, routing protocols that route between autonomous systems are referred to as Exterior Gateway Protocols (EGP’s) • Example: Border Gateway Protocol (BGP), which is the most widely used EGP is a path vector routing protocol. (Not all EGP’s use path-vector routing) • Path vector routing maintains path information that is updated dynamically. It is different from the distance vector routing and link state routing as each entry in the routing table contains the destination network, the next router and the path to reach the destination. Path Vector Routing Example
Network – Layer 3 – Routing Over Redundant Paths If there was only one road leading to a destination and there was an accident on that road you would be forced to wait for it to clear to proceed. However, most destinations have more than one way to get to them. The same is true with routed networks. While a redundant path may exist it may not be the preferred method of getting to your destination. If your primary path is a highway and your redundant path is along surface streets with several stops lights, you would usually prefer the primary highway path. This redundant surface street path would be available in the case of an accident on the primary path. It may not be the preferred path, but it is better than no path. The network equivalent of this example would be a site with a private circuit and an internet circuit both of which can connect a remote site to a data center. The private circuit would be preferred unless there was a problem with it in which case the internet circuit can be used. This concept of primary and secondary but less preferred network connections is often called an active-passive design. In an active-passive design the redundant path would only be used in the case of a failure on the primary path. If both paths were equally preferred they could both be used in an active-active design.
Network – Layer 3 – Performance Routing (PfR) Performance Routing (PfR) is a network term that refers to a process that monitors the network paths and changes the way traffic routes dynamically based on the performance and policies. In short, it uses redundant paths for certain traffic when it makes sense to, not just during a failure. So just like a driver not authorized for HOV lanes on the highway may choose to take surface roads to avoid congestion, PfR will choose to route some traffic on a redundant circuit if the primary is congested. Quality of Service (QoS) would still work on an MPLS connection the way it normally would and traffic with Class of Service (CoS) classifications higher than best effort could continue to prefer an MPLS circuit over an Internet circuit. PfR can help prevent congestion on the primary MPLS circuit by routing certain traffic via the redundant Internet circuit. Products like Cisco’s Intelligent Wide Area Network (IWAN) utilize PfR to make the best use of all the available networks.
Network – Layer 3 – Load Balancing Load balancing in networking is the process of distributing traffic and workload across multiple resources, such as servers, network links, or storage. Load balancing aims to optimize resource use, maximize throughput, minimize response time, and avoid overload of any single resource. Load balancers are devices that distribute network or application traffic across a number of devices. Load balancers are used to increase capacity and reliability of services. Simple load balancing operates at layer 3 where traffic destined to a single specific IP address can be forwarded by the load balancer to multiple separate IP addresses. There are several algorithms that can be used to load balance traffic: • Round robin • Weighted round robin • Least connections • Least response time This network layer load balancing is typically seen with network devices rather than services or applications (e.g. load balancing traffic across two redundant firewalls). Most modern load balancers operate at either layers 3-4 (a network service load balancer) or at layers 3-7 (an application load balancer). These more advanced load balancing features will be reviewed later in those layers.
Network – Layer 3 – Wireless Controllers and WAPs Wireless LAN Controllers are used in combination with the Lightweight Access Point Protocol (LWAPP) or the newer protocol for Configuration And Provisioning of Wireless Access Points (CAPWAP) to manage WAPs in large quantities. The CAPWAP standard provides for configuration management as well as device management over layer-3, allowing for configurations and firmware to be pushed to WAPs. Wireless networks put two different types of data on a wired network: data on the data plane (the majority of the data sent and received by wireless clients), and data on the control plane (the management data that makes large wireless networks possible). Without the control plane, WAPs would be individual islands of coverage with no coordination or centralized management. These WAPs are said to be autonomous. The control plane is the magic that lets a collection of WAPs work as a single network. The controller gathers the control plane data and sends out orders to individual WAPs. Depending on the type of controller and how the network is configured, the WLAN controller may also process all data plane traffic as well.
Network – Layer 3 – Firewalls and Access Controls Firewalls are network security devices that monitor and control the incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted, secure internal network and another outside network, such as the Internet, that is assumed not to be secure or trusted. Given the function of firewalls they are usually also routers. The first firewalls were called packet filters since they operated solely at layer 3 and made decisions based only upon the source and destination IP addresses. These types of security rules can still be implemented. But, most modern firewalls can also operate at higher layers giving them more information with which to base access decisions on. Other network devices can also implement security access controls on traffic. Almost any modern router for example can implement a basic layer 3 packet filter and some can implement more complex rules. Access Control Lists (ACLs) can be implemented on a variety of network devices including routers and switches.
Network – Layer 3 – Virtual Private Networks A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryption. Secure VPN protocols provide methods for establishing encrypted point-to-point tunnels between endpoints. Here are some examples of Secure VPN protocols: • Internet Protocol Security (IPsec) • Transport Layer Security (SSL/TLS) VPN tunneling protocols provide methods for establishing point-to-point tunnels between endpoints without encryption. Here are some examples of VPN tunneling protocols: • Generic Routing Encapsulation (GRE) • Layer 2 Tunneling Protocol (L2TP) • Point-to-Point Tunneling Protocol (PPTP)
The Transport Layer – OSI Layer 4 Network Components Operating At This Layer Firewall Intrusion Detection & Prevention Load Balancer Multi-Service Switch Network Flow Monitor Proxy
Transport – Layer 4 The transport layer provides protocols that facilitate host-to-host communication services. It provides services such as connection-oriented data stream support, reliability, flow control, and multiplexing. Transport Layer transmissions are sent in a unit of data called a “Datagram”. Just like L3 packets are encapsulated in L2 frames, the L4 datagrams are encapsulated in L3 packets. The Transmission Control Protocol (TCP) is used for connection-oriented transmissions, whereas the User Datagram Protocol (UDP) is connectionless and used for simpler messaging transmissions. Other prominent protocols in this layer are the Datagram Congestion Control Protocol (DCCP) and the Stream Control Transmission Protocol (SCTP).
Transport – Layer 4 – TCP TCP is a connection-oriented protocol. It creates a virtual connection between two hosts to send data. TCP is a complex protocol, due to its stateful design incorporating reliable transmission and data stream services. TCP provides reliable, ordered, flow controlled, and error-checked delivery of a stream of octets between applications running on hosts. TCP provides host-to-host connectivity at the transport layer. An application does not need to know the mechanisms for sending data to another host, such as the required packet fragmentation on the transmission medium. The TCP protocol handles all handshaking and transmission details and presents an abstraction of the network connection to the application. TCP is used extensively by many applications available by internet, including the World Wide Web (WWW), E-mail, File Transfer Protocol, Secure Shell, peer-to-peer file sharing, and streaming media applications. TCP is optimized for accurate delivery rather than timely delivery and can incur relatively long delays while waiting for out-of-order messages or re-transmissions of lost messages. Therefore, it is not particularly suitable for real-time applications such as Voice over IP. For these, protocols like the Real-time Transport Protocol (RTP) operating over UDP are recommended.
Transport – Layer 4 – UDP UDP a connectionless, unreliable transport protocol. It does not add anything to the services of IP except to provide process-to-process communication instead of host-to-host communication. UDP is suitable for purposes where error checking and correction are either not necessary or are performed in the application layer. A number of UDP's attributes make it especially suited for certain applications: • It is transaction-oriented, suitable for simple query-response protocols such as the Domain Name System (DNS) or the Network Time Protocol (NTP). • It is simple, suitable for bootstrapping or other purposes without a full protocol stack, such as the DHCP and Trivial File Transfer Protocol (TFTP). • It is stateless, suitable for very large numbers of clients, such as in streaming media applications such as IPTV. • The lack of retransmission delays makes it suitable for real-time applications such as Voice over IP, online games, and many protocols built on top of the Real Time Streaming Protocol. • It works well in unidirectional communication and is suitable for broadcast information such as in many kinds of service discovery and shared information such as broadcast time or Routing Information Protocols.
Transport – Layer 4 – TCP & UDP Ports TCP and UDP use port numbers to identify sending and receiving application end-points on a host, often called sockets. Each side of a connection has an associated 16-bit unsigned port number (0-65535) reserved by the sending or receiving application. Arriving datagrams are identified as belonging to a specific connection by its sockets, that is, the combination of source host address, source port, destination host address, and destination port. Port numbers are categorized into three basic categories: well-known ports, registered ports, and dynamic/private ports. The well-known ports are assigned by the Internet Assigned Numbers Authority (IANA) and are typically used by system-level or root processes. Well-known applications running as servers and passively listening for connections typically use these ports. Some examples: SSH (22), TELNET (23), SMTP (25), HTTP(80), HTTPS(443)
Transport – Layer 4 – Firewalls and Security Controls Firewalls are network security devices that monitor and control the incoming and outgoing network traffic based on predetermined security rules. A firewall establishes a barrier between a trusted network and another untrusted network. While firewalls can operate exclusively at layer 3, most firewalls operate at higher layers giving them more information with which to base access decisions on. Stateful inspection firewalls require access to layer 4 session state information and port numbers to make access decisions that take these into account. This allows for an access rule to be crafted allowing host A to access host B for only HTTP (80) without needing to specify a corresponding return rule for the high ports (>1024) returning data from host B to A. The layer 4 session state information provides that data to the firewall so it can dynamically allow this return traffic for only this session using only the return ports that are needed and only while it is in a state where the session is active. Other security controls that operate at layer 4 include Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). Both IDS and IPS work using known patterns of bad behavior called signatures.Most signatures are in layers 5-7, some are specific to layer 4. Where IDS will simply alert on intrusions it detects, IPS will actively block these intrusions.
Transport – Layer 4 – Firewall Rules You create firewall rules to allow this devices to send traffic to, or receive traffic from, programs, system services, computers, or users. Firewall rules can be created to take one of several actions for all connections that match the rule's criteria: • Allow the connection • Allow the connection only if secured (IPSec) • Block the connection (normal ICMP messages) • Drop the connection (no ICMP messages sent) Rules can be created for either inbound traffic or outbound traffic. You can specify which type of network adapter the rule will be applied to: local area network (LAN), wireless, remote access, such as a virtual private network (VPN) connection, or all types. You can also configure different rules to be applied when different profiles are used. Firewall rule priority: Most firewalls apply their rules in a top down list match (called a waterfall method) where the first rule in the list that matches is applied. This allows for rules to be constructed that would look to conflict but are actually looking to catch matches at different points in the rule set.
Transport – Layer 4 – Load Balancers & Proxy Servers As previously discussed load balancers are devices that distribute network or application traffic across a number of devices. There are several algorithms that can be used to load balance traffic: Round robin, Weighted round robin, Least connections, Least response time, and more At layer 4 load balancers have visibility of network information such as application ports and session state. Load balancers can use this information to provide targeted application load balancing to servers that host that application. For example, a web service that is running on TCP port 80 on multiple servers. An application load balancer can perform other functions including higher layers such as a service called SSL offload. This would have a load balancer accept and terminate HTTPS connections at TCP port 443 using the TLS certificate for that web site and then it will forward these connections on to servers listening on HTTP port 80 to get the content. In this manner the load balancer is acting like a proxy for the web content and taking the load of encryption/decryption off of the web servers. Proxy servers are devices that are dedicated to this form of traffic shaping without attempting to balance loads. A proxy server can be used to proxy application traffic thru it for multiple reasons including forwarding between private and public networks without NAT, inspecting traffic heading for certain destinations, reduced complexity of firewall rules (the proxy could be the only source address in a security rule), and more.
Quality of Service (QoS) Another common network term that is often misunderstood is Quality of Service (QoS). QoS provides a method to ensure that critical or time sensitive traffic can still get through a network when that network is congested. Prior to the introduction of QoS the only way to deal with congestion was to add more bandwidth which is like adding more lanes to a highway. QoS prioritizes certain traffic on the network over other traffic like a Heavily Occupied Vehicle (HOV) lane on a highway does. And just like an HOV lane on a highway only provides benefit if there is congestion on the normal lanes, QoS only provides benefit on the network if the network is congested. It is important to note that QoS is only usable on private networks, and is not available for use on Internet (or other public) network connections
Class of Service (CoS) and Queueing Two other common network terms that are related to QoS are Class of Service (CoS), and Queueing. Class of Service refers to the way that available bandwidth is allocated to various traffic categories when there is congestion. These CoS categories can be defined to guarantee a percentage of bandwidth to each traffic type during congestion. For CoS we expand on the HOV lane analogy we used for QOS with multiple HOV lanes for the different traffic types and a best effort lane for everything else. Traffic is only forced into these lanes when there is congestion. Queueing refers to the way that traffic enters and exits the network. The network queues can prioritize traffic based on CoS categories. This is similar to on-ramps / off-ramps on a highway and the stop lights that prevent too many cars from entering/exiting at the same time.
The Session, Presentation, and Application Layers – OSI Layers 5-7 Network Components Operating At This Layer Firewall Intrusion Detection & Prevention Voice / Video Control Content Filters and Content Delivery Data Leakage Prevention
Layers 5-7 – The Application Layers The OSI layers 5 thru 7 (Session, Presentation, and Application) are usually referred to collectively as the Application Layers by network professionals given that most of what is important to them happens below these layers. The Session Layer 5 provides three basic functions for applications: creation of a session for data transfer, maintenance of data transfer, and release of sessions when data transfer is complete. In some ways session layer services are more like tools than protocols that are being made available to the higher layers via Application Program Interfaces (APIs). The Presentation Layer 6 is responsible for the delivery and formatting of information to and from the Application layer. This relieves the application layer from concern of syntactical differences in data representations. For example, this layer might have to convert text encoded with the EBCDIC standard to the ASCII standard. The Application Layer 7 is the interface between applications and the network. A web browser or mail client are examples of applications that use this layer.
Layers 5-7 – Content Filters and Content Delivery Content Filtering is the process of blocking network access to content based on rules or signatures for security or other reasons. It usually works by defining specific rules and/or signatures identifying the content that should be blocked and then when the rules are met or signatures are seen access to the specific resource is denied. An example of content filtering is on a web proxy server where certain web sites or images may need to be blocked to prevent inappropriate images or malicious files from being accessed. Content Delivery is the process of bringing content closer to the devices that will access it to increase network performance to this content. This can be localized within a network where a Content Delivery device might be placed at a remote office to pre-fetch some of the most used content from a data center to reduce WAN bandwidth and increase performance. This can also be deployed globally using an entire network of globally diverse Content Delivery devices to provide better access to a previously regional resource. This is referred to as a Content Delivery Network (CDN) and is available as a service on the Internet from several companies.