aUnit 1-Basic Network Connectivity and Communications

Network Components
Every computer on a network is called a host or end device.
Servers are computers that provide information to end devices:
• email servers
• web servers
• file server

Clients are computers that send requests to the servers to retrieve information:
• web page from a web server
• email from an email server

Peer-to-Peer
It is possible to have a device be a client and a server in a Peer-to-Peer Network.
This type of network design is only recommended for very small networks.

End Devices
An end device is where a message originates from or where it is received. Data originates with an end device, flows through the network, and arrives at an end
device.

Intermediary Network Devices

An intermediary device interconnects end devices. Examples include switches, wireless access points, routers, and firewalls.
A Switch is the most common central connecting device. Switches are used to connect your
Local area network while routers are used to connect networks.
Management of data as it flows through a network is also the role of an intermediary device, including:
• Regenerate and retransmit data signals.
• Maintain information about what pathways exist in the network.
• Notify other devices of errors and communication failures.
Network Media
Communication across a network is carried through a medium which allows a message to travel from source to destination.

Network Representations and Topologies

Network Representations
Network diagrams, often called topology diagrams, use symbols to represent devices
within the network. Important terms to know include:
• Network Interface Card (NIC)
• Physical Port
• Interface

Note: Often, the terms port and interface are used interchangeably

Topology Diagrams
Physical topology diagrams illustrate the physical location of intermediary devices
and cable installation.

Logical topology diagrams illustrate devices, ports, and the addressing scheme of
the network.
.

Internet Connections
Internet Access Technologies
There are many ways to connect users and organizations to the internet:
• Popular services for home users and small offices include broadband cable, broadband digital subscriber line (DSL), wireless WANs, and mobile services.
• Organizations need faster connections to support IP phones, video conferencing and data center storage.
• Business-class interconnections are usually provided by service providers (SP) and may include: business DSL, leased lines, and Metro Ethernet.

Home and Small Office Internet Connections

Businesses Internet Connections
Corporate business connections may require:
• higher bandwidth
• dedicated connections
• managed services

The Converging Network

Before converged networks, an organization would have been separately cabled for telephone, video, and data. Each of these networks would use different
technologies to carry the signal. Each of these technologies would use a different set of rules and standards.
The Converging Network
Converged data networks carry multiple services on one link including:
• data
• voice
• video

Converged networks can deliver data, voice, and video over the same network
infrastructure. The network infrastructure uses the same set of rules and standards.

Reliable Network
Network Architecture refers to the technologies that support the infrastructure that moves data across the network.
There are four basic characteristics that the underlying architectures need to address to meet user expectations:
• Fault Tolerance
• Scalability
• Quality of Service (QoS)
• Security

Fault Tolerance
A fault tolerant network limits the impact of a failure by limiting the number of affected devices. Multiple paths are required for fault tolerance.
Reliable networks provide redundancy by implementing a packet switched network:
• Packet switching splits traffic into packets that are routed over a network.
• Each packet could theoretically take a different path to the destination.

This is not possible with circuit-switched networks which establish dedicated circuits.

Scalability
A scalable network can expand quickly and easily to support new users and applications without impacting the performance of services to existing users.
Network designers follow accepted standards and protocols in order to make the networks scalable.

Quality of Service
Voice and live video transmissions require higher expectations for those services being delivered.
Have you ever watched a live video with constant breaks and pauses? This is caused when there is a higher demand for bandwidth than available –and QoS isn’t
configured.
• Quality of Service (QoS) is the primary mechanism used to ensure reliable delivery of content for all users.
• With a QoS policy in place, the router can more easily manage the flow of data and voice traffic.
Network Security
There are two main types of network security that must be addressed:
• Network infrastructure security
• Physical security of network devices
• Preventing unauthorized access to the devices
• Information Security
• Protection of the information or data transmitted over the network

Three goals of network security:

• Confidentiality –only intended recipients can read the data
• Integrity –assurance that the data has not be altered with during transmission
• Availability –assurance of timely and reliable access to data for authorized users

Network Security
Security Threats
• Network security is an integral part of networking regardless of the size of the network.
• The network security that is implemented must take into account the environment while securing the data, but still allowing for quality of service that is
expected of the network.
• Securing a network involves many protocols, technologies, devices, tools, and techniques in order to secure data and mitigate threats.
• Threat vectors might be external or internal.

External Threats:
• Viruses, worms, and Trojan horses
• Spyware and adware
• Zero-day attacks
• Threat Actor attacks
• Denial of service attacks
• Data interception and theft
• Identity theft

Internal Threats:
• lost or stolen devices
• accidental misuse by employees
• malicious employees

Security Solutions
Security must be implemented in multiple layers using more than one security solution.
Network security components for home or small office network:
• Antivirus and antispyware software should be installed on end devices.
• Firewall filtering used to block unauthorized access to the network.

Larger networks have additional security requirements:

• Dedicated firewall system
• Access control lists (ACL)
• Intrusion prevention systems (IPS)
• Virtual private networks (VPN)

The study of network security starts with a clear understanding of the underlying switching and routing infrastructure.

Cisco IOS Access

Operating Systems
• Shell-The user interface that allows users to request specific tasks from the computer. These requests can be made either through the CLI or GUI interfaces.
• Kernel-Communicates between the hardware and software of a computer and manages how hardware resources are used to meet software requirements.
• Hardware-The physical part of a computer including underlying electronics.

GUI
• A GUI allows the user to interact with the system using an environment of graphical icons, menus, and windows.
• A GUI is more user-friendly and requires less knowledge of the underlying command structure that controls the system.
• Examples of these are: Windows, macOS, Linux KDE, Apple iOS and Android.
• GUIs can fail, crash, or simply not operate as specified. For these reasons, network devices are typically accessed through a CLI.

Purpose of an OS
Access Methods
• Console–A physical management port used to access a device in order to
provide maintenance, such as performing the initial configurations.
• Secure Shell (SSH) –Establishes a secure remote CLI connection to a device,
through a virtual interface, over a network. (Note: This is the recommended
method for remotely connecting to a device.)
• Telnet–Establishes an insecure remote CLI connection to a device over the
network. (Note: User authentication, passwords and commands are sent
over the network in plaintext.)

Terminal Emulation Programs

• Terminal emulation programs are used to connect to a network device by
either a console port or by an SSH/Telnet connection.
• There are several terminal emulation programs to chose from such as PuTTY,
Tera Term and SecureCRT.

Basic Device Configuration

Device Names
• The first configuration command on any device should be to give it a unique hostname.
• By default, all devices are assigned a factory default name. For example, a Cisco IOS switch is "Switch.”

• Guideline for naming devices:

• Start with a letter
• Contain no spaces
• End with a letter or digit
• Use only letters, digits, and dashes
• Be less than 64 characters in length

Password Guidelines
• The use of weak or easily guessed passwords are a security concern.
• All networking devices should limit administrative access by securing privileged EXEC, user EXEC, and remote
Telnet access with passwords. In addition, all passwords should be encrypted and legal notifications provided.
Password Guidelines:
• Use passwords that are more than eight characters in length.
• Use a combination of upper and lowercase letters, numbers, special characters, and/or numeric sequences.
• Avoid using the same password for all devices.
• Do not use common words because they are easily guessed.

Configure Passwords
Securing user EXEC mode access:
• First enter line console configuration mode using the line console 0 command in global configuration mode.
• Next, specify the user EXEC mode password using the password password command.
• Finally, enable user EXEC access using the login command.

Securing privileged EXEC mode access:

• First enter global configuration mode.
• Next, use the enable secret password command.

Securing VTY line access:

• First enter line VTY configuration mode using theline vty0 15 commandin global configuration mode.
• Next, specify the VTY password using thepasswordpasswordcommand.
• Finally, enable VTY access using thelogincommand.

Note: VTY lines enable remote access using Telnet or SSH to the device. Many Cisco switches support up to 16 VTY lines that are numbered 0 to 15.

Encrypt Passwords
 The startup-config and running-config files display most passwords in plaintext.
 To encrypt all plaintext passwords, use the service password-encryption global
config command.

 Use the show running config command to verify that the passwords on the device
are now encrypted.
Communications Protocols
• All communications are governed by protocols.
• Protocols are the rules that communications will follow.
• These rules will vary depending on the protocol.

Rule Establishment
• Individuals must use established rules or agreements to govern the conversation.
• The first message is difficult to read because it is not formatted properly. The second shows the message properly formatted

Common computer protocols must be in agreement and include the following requirements:
• Message encoding
• Message formatting and encapsulation
• Message size
• Message timing
• Message delivery options

Message Encoding is the process of converting information into another acceptable form for transmission. Decoding reverses this process to interpret the
information.
Message Formatting and Encapsulation
•When a message is sent, it must use a specific format or structure.
•Message formats depend on the type of message and the channel that is used to deliver the message.
Encapsulation is the place one message inside another message for transfer from the source to the destination

Message Timing
Message timing includes the following:
Flow Control – Manages the rate of data transmission and defines how much information can be sent and the speed
at which it can be delivered.
Response Timeout – Manages how long a device waits when it does not hear a reply from the destination.

Message Delivery Options

Message delivery may one of the following methods:
• Unicast –one to one communication
• Multicast –one to many, typically not all
• Broadcast –one to all

Protocol Suites
Network Protocol Suites
Protocols must be able to work with other protocols.
Protocol suite:
• A group of inter-related protocols necessary to perform a communication function
• Sets of rules that work together to help solve a problem

The protocols are viewed in terms of layers:

• Higher Layers
• Lower Layers-concerned with moving data and provide services to upper layers

Layered Network models prevents technology in one layer from affecting other layers.
Protocol Suites such as TCP/IP and OSI provide a set of rules required for specific types of communications to occur.

Evolution of Protocol Suites

There are several protocol suites.
• Internet Protocol Suite or TCP/IP-The most common protocol suite and maintained
by the Internet Engineering Task Force (IETF)
• Open Systems Interconnection (OSI) protocols-Developedby the International
Organization for Standardization (ISO) and the International Telecommunications Union (ITU)
The OSI is a seven layer model that describes the process of data communication
•AppleTalk-Proprietary suite release by Apple Inc.
•Novell NetWare-Proprietary suite developed by Novell Inc.

TCP/IP Protocol Example

•TCP/IP protocols operate at the application, transport, and internet layers.
•The most common network access layer LAN protocols are Ethernet and WLAN (wireless LAN).

TCP/IP Protocol Suite

• TCP/IP is the protocol suite used by the internet and includes many protocols.
• TCP/IP is:
• An open standard protocol suite that is freely available to the public and can
be used by any vendor
• A standards-based protocol suite that is endorsed by the networking industry
and approved by a standards organization to ensure interoperability
The Benefits of Using a Layered Model
Complex concepts such as how a network operates can be difficult to explain
and understand. For this reason, a layered model is used. Two layered models
describe network operations:
•Open System Interconnection (OSI) Reference Model
•TCP/IP Reference Model

These are the benefits of using a layered model:

• Assist in protocol design because protocols that operate at a specific layer
have defined information that they act upon and a defined interface to the
layers above and below
• Foster competition because products from different vendors can work
together
• Prevent technology or capability changes in one layer from affecting other
Layers above and below
• Provide a common language to describe networking functions and capabilities
Data Encapsulation
Segmenting Messages
Segmenting is the process of breaking up messages into smaller units. Multiplexing is the processes of taking multiple streams of segmented data and
interleaving them together.
Segmenting messages has two primary benefits:
• Increases speed-Large amounts of data can be sent over the network without tying up a communications link.
• Increases efficiency-Only segments which fail to reach the destination need to be retransmitted, not the entire data stream.

Sequencing messages is the process of numbering the segments so that the message may be reassembled at the destination. TCP is responsible for sequencing
the individual segments.

Protocol Data Units

Encapsulation is the process where protocols add their information to the data.
• At each stage of the process, a PDU has a different name to reflect its new functions.
• There is no universal naming convention for PDUs, in this course, the PDUs are named according to the protocols of the TCP/IP suite.
• PDUs passing down the stack are as follows:
1. Data (Data Stream)
2. Segment
3. Packet
4. Frame
5. Bits (Bit Stream)

Data Access
Addresses
Both the data link and network layers use addressing to deliver data from source to destination.
Network layer source and destination addresses-Responsible for delivering the IP packet from original source to the final destination.
Data link layer source and destination addresses –Responsible for delivering the data link frame from one network interface card (NIC) to another NIC on the
same network.

Layer 3 Logical Address

The IP packet contains two IP addresses:
• Source IP address-The IP address of the sending device, original source of the packet.
• Destination IP address-The IP address of the receiving device, final destination of the packet.
An IP address contains two parts:
- Network portion (IPv4) or Prefix (IPv6)
• The left-most part of the address indicates the network group which the IP address is a member.
• Each LAN or WAN will have the same network portion.
- Host portion (IPv4) or Interface ID (IPv6)
• The remaining part of the address identifies a specific device within the group.
• This portion is unique for each device on the network.

When devices are on the same network the source and destination will have the same number in
network portion of the address.
• PC1 –192.168.1.110
• FTP Server –192.168.1.9

When devices are on the same Ethernet network the data link frame will use the actual
MAC address of the destination NIC. MAC addresses are physically embedded into the
Ethernet NIC and are local addressing.
• The Source MAC address will be that of the originator on the link.
• The Destination MAC address will always be on the same link as the source, even if the
ultimate destination is remote.

Data Link Addresses

• Since data link addressing is local addressing, it will have a source and destination for each segment or hop of the journey to the destination. At this level the
unit of measurement is a frame.
Unit 2-Ethernet Concepts
Physical Components
Physical Layer Standards address three functional areas:
• Physical Components
• Encoding
• Signaling

The Physical Components are the hardware devices, media, and other connectors that transmit the signals that represent the bits.
• Hardware components like NICs, interfaces and connectors, cable materials, and cable designs are all specified in standards associated with the physical layer.

Encoding
• Encoding converts the stream of bits into a format recognizable by the next device in the network path.
• This ‘coding’ provides predictable patterns that can be recognized by the next device.
• Examples of encoding methods include Manchester (shown in the figure), 4B/5B, and 8B/10B.
Signaling
• The signaling method is how the bit values, “1” and “0” are represented on the physical medium.
• The method of signaling will vary based on the type of medium being used.

Bandwidth
• Bandwidth is the capacity at which a medium can carry data.
• Digital bandwidth measures the amount of data that can flow from one place to another in a given amount of time; how many bits can be transmitted in a
second.
• Physical media properties, current technologies, and the laws of physics play a role in determining available bandwidth.

Bandwidth Terminology
Latency
 • Amount of time, including delays, for data to travel from one given point to another
Throughput
• The measure of the transfer of bits across the media over a given period of time

Goodput
• The measure of usable data transferred over a given period of time
• Goodput = Throughput -traffic overhead
Wireless Media
Properties of Wireless Media
It carries electromagnetic signals representing binary digits using radio or microwave frequencies. This provides the greatest mobility option. Wireless
connection numbers continue to increase.

Some of the limitations of wireless:

• Coverage area-Effective coverage can be significantly impacted by the physical characteristics of the deployment location.
• Interference-Wireless is susceptible to interference and can be disrupted by many common devices.
• Security-Wireless communication coverage requires no access to a physical strand of media, so anyone can gain access to the transmission.
• Shared medium-WLANs operate in half-duplex, which means only one device can send or receive at a time. Many users accessing the WLAN simultaneously
results in reduced bandwidth for each user.

Types of Wireless Media

The IEEE and telecommunications industry standards for wireless data communications
cover both the data link and physical layers. In each of these standards, physical layer
specifications dictate:
• Data to radio signal encoding methods
• Frequency and power of transmission
• Signal reception and decoding requirements
• Antenna design and construction
Wireless Standards:
• Wi-Fi (IEEE 802.11) -Wireless LAN (WLAN) technology
• Bluetooth (IEEE 802.15) -Wireless Personal Area network (WPAN) standard
• WiMAX (IEEE 802.16) -Uses a point-to-multipoint topology to provide broadband wireless access
• Zigbee (IEEE 802.15.4) -Low data-rate, low power-consumption communications, primarily for Internet of Things (IoT) applications

Wireless LAN
In general, a Wireless LAN (WLAN) requires the following devices:
•Wireless Access Point (AP) -Concentrate wireless signals from users and connect to the existing copper-based network infrastructure
•Wireless NIC Adapters -Provide wireless communications capability to network hosts

There are a number of WLAN standards. When purchasing WLAN equipment, ensure compatibility, and interoperability.
Network Administrators must develop and apply stringent security policies and processes to protect WLANs from unauthorized access and damage.
The Data Link Layer
• The Data Link layer is responsible for communications between end-device network interface cards.
• It allows upper layer protocols to access the physical layer media and encapsulates Layer 3 packets (IPv4 and IPv6) into Layer 2 Frames.
• It also performs error detection and rejects corrupts frames.

IEEE 802 LAN/MAN Data Link Sublayers

IEEE 802 LAN/MAN standards are specific to the type of network (Ethernet, WLAN, WPAN, etc).

The Data Link Layer consists of two sublayers. Logical Link Control (LLC)and Media Access Control (MAC).
• The LLC sublayer communicates between the networking software at the upper layers and the device hardware at the lower layers.
• The MAC sublayer is responsible for data encapsulation and media access control.

Providing Access to Media

Packets exchanged between nodes may experience numerous data link layers and media transitions.
At each hop along the path, a router performs four basic Layer 2 functions:
• Accepts a frame from the network medium.
• De-encapsulates the frame to expose the encapsulated packet.
• Re-encapsulates the packet into a new frame.
• Forwards the new frame on the medium of the next network segment.
Half-duplex communication
Both devices can transmit and receive on the media but cannot do so simultaneously. WLANs and legacy bus topologies with Ethernet hubs use the half-duplex
mode. Half-duplex allows only one device to send or receive at a time on the shared medium.

Full-duplex communication
Both devices can simultaneously transmit and receive on the shared media. The data link layer assumes that the media is available for transmission for both
nodes at any time. Ethernet switches operate in full-duplex mode by default, but they can operate in half-duplex if connecting to a device such as an Ethernet
hub.

In summary, half-duplex communications restrict the exchange of data to one direction at a time. Full-duplex allows the sending and receiving of data to happen
simultaneously. It is important that two interconnected interfaces, such as a host NIC and an interface on an Ethernet switch, operate using the same duplex
mode. Otherwise, there will be a duplex mismatch creating inefficiency and latency on the link.

Access Control Methods

Contention-based access
All nodes operating in half-duplex, competing for use of the medium. Examples are:
 • Carrier sense multiple access with collision detection (CSMA/CD) as used on legacy bus-topology Ethernet.
• Carrier sense multiple access with collision avoidance (CSMA/CA) as used on Wireless LANs.

Controlled access
• Deterministic access where each node has its own time on the medium.
• Used on legacy networks such as Token Ring and ARCNET.

CSMA/CD
• Used by legacy Ethernet LANs.
• Operates in half-duplex mode where only one device sends or receives at a time.
• Uses a collision detection process to govern when a device can send and what happens if multiple devices send at the same time.

CSMA/CD collision detection process:

• Devices transmitting simultaneously will result in a signal collision on the shared media.
• Devices detect the collision.
• Devices wait a random period of time and retransmit data.

Contention-Based Access –CSMA/CA

CSMA/CA
• Used by IEEE 802.11 WLANs.
• Operates in half-duplex mode where only one device sends or receives at a time.
• Uses a collision avoidance process to govern when a device can send and what happens if multiple devices send at the same time.

CSMA/CA collision avoidance process:

• When transmitting, devices also include the time duration needed for the transmission.
• Other devices on the shared medium receive the time duration information and know how long the medium will be unavailable.

Ethernet Frames
Ethernet Encapsulation
• Ethernet operates in the data link layer and the physical layer.
• It is a family of networking technologies defined in the IEEE 802.2 and 802.3 standards.

Data Link Sublayers

The 802 LAN/MAN standards, including Ethernet, use two separate sublayers of the data link layer to operate:
• LLC Sublayer: (IEEE 802.2) Places information in the frame to identify which network layer protocol is used for the frame.
• MAC Sublayer: (IEEE 802.3, 802.11, or 802.15) Responsible for data encapsulation and media access control, and provides data link layer addressing.

MAC Sublayer
The MAC sublayer is responsible for data encapsulation and accessing the media.

Data Encapsulation
IEEE 802.3 data encapsulation includes the following:
1. Ethernet frame-This is the internal structure of the Ethernet frame.
2. Ethernet Addressing-The Ethernet frame includes both a source and destination MAC address to deliver the Ethernet frame from Ethernet NIC to Ethernet \
NIC on the same LAN.
3. Ethernet Error detection-The Ethernet frame includes a frame check sequence (FCS) trailer used for error detection.

MAC Sublayer
Media Access
• The IEEE 802.3 MAC sublayer includes the specifications for different Ethernet communications standards over various types of media including copper and
fiber.
• Legacy Ethernet using a bus topology or hubs, is a shared, half-duplex medium. Ethernet over a half-duplex medium uses a contention-based access method,
carrier sense multiple access/collision detection (CSMA/CD).
• Ethernet LANs of today use switches that operate in full-duplex. Full-duplex communications with Ethernet switches do not require access control through
CSMA/CD.

Ethernet MAC Addresses

MAC Address and Hexadecimal
• An Ethernet MAC address consists of a 48-bit binary value, expressed using 12 hexadecimal values.
• Given that 8 bits (one byte) is a common binary grouping, binary 00000000 to 11111111 can be represented in hexadecimal as the range 00 to FF,
• When using hexadecimal, leading zeroes are always displayed to complete the 8-bit representation. For example the binary value 0000 1010 is represented in
hexadecimal as 0A.
• Hexadecimal numbers are often represented by the value preceded by0x(e.g., 0x73) to distinguish between decimal and hexadecimal values in
documentation.
• Hexadecimal may also be represented by a subscript 16, or the hex number followed by an H (e.g., 73H).
Switch Fundamentals
• A Layer 2 Ethernet switch uses Layer 2 MAC addresses to make forwarding decisions. It is completely unaware of the data (protocol) being carried in the data
portion of the frame, such as an IPv4 packet, an ARP message, or an IPv6 ND packet. The switch makes its forwarding decisions based solely on the Layer 2
Ethernet MAC addresses.
• An Ethernet switch examines its MAC address table to make a forwarding decision for each frame, unlike legacy Ethernet hubs that repeat bits out all ports
except the incoming port.
• When a switch is turned on, the MAC address table is empty
Note: The MAC address table is sometimes referred to as a content addressable memory (CAM) table.

Examine the Source MAC Address

Every frame that enters a switch is checked for new information to learn. It does this by examining the source MAC address of the frame and the port number
where the frame entered the switch. If the source MAC address does not exist, it is added to the table along with the incoming port number. If the source MAC
address does exist, the switch updates the refresh timer for that entry. By default, most Ethernet switches keep an entry in the table for 5 minutes.

Note: If the source MAC address does exist in the table but on a different port, the switch treats this as a new entry. The entry is replaced using the same MAC
address but with the more current port number.
Find the Destination MAC Address
If the destination MAC address is a unicast address, the switch will look for a match between the destination MAC address of the frame and an entry in its MAC
address table. If the destination MAC address is in the table, it will forward the frame out the specified port. If the destination MAC address is not in the table,
the switch will forward the frame out all ports except the incoming port. This is called an unknown unicast.

Note: If the destination MAC address is a broadcast or a multicast, the frame is also flooded out all ports except the incoming port.

As a switch receives frames from different devices, it is able to populate its MAC address table by examining the source MAC address of every frame. When the
MAC address table of the switch contains the destination MAC address, it is able to filter the frame and forward out a single port.
Unit 3 – Communicating Between Networks
Network Layer Characteristics
The Network Layer
 Provides services to allow end devices to exchange data
 IP version 4 (IPv4) and IP version 6 (IPv6) are the principle network layer communication protocols.
 The network layer performs four basic operations:
• Addressing end devices
• Encapsulation
• Routing
• De-encapsulation

IP Encapsulation
• IP encapsulates the transport layer segment.
• IP can use either an IPv4 or IPv6 packet and not impact the layer 4 segment.
• IP packet will be examined by all layer 3 devices as it traverses the network.
• The IP addressing does not change from source to destination.

Note: NAT will change addressing, but will be discussed in a later module.

Characteristics of IP
IP is meant to have low overhead and may be described as:
• Connectionless
• Best Effort
• Media Independent

IP is Connectionless
• IP does not establish a connection with the destination before sending the packet.
• There is no control information needed (synchronizations, acknowledgments, etc.).
• The destination will receive the packet when it arrives, but no pre-notifications are sent by IP.
• If there is a need for connection-oriented traffic, then another protocol will handle this (typically TCP at the transport layer).
IP is Best Effort
• IP will not guarantee delivery of the packet.
• IP has reduced overhead since there is no mechanism to resend data that is not received.
• IP does not expect acknowledgments.
• IP does not know if the other device is operational or if it received the packet.
Media Independent
IP is unreliable:
• It cannot manage or fix undelivered or corrupt packets.
• IP cannot retransmit after an error.
• IP cannot realign out of sequence packets.
• IP must rely on other protocols for these functions.
IP is media Independent:
• IP does not concern itself with the type of frame required at the data link layer or the
media type at the physical layer.
• IP can be sent over any media type: copper, fiber, or wireless.
The network layer will establish the Maximum Transmission Unit (MTU).
• Network layer receives this from control information sent by the data link layer.
• The network then establishes the MTU size.
Fragmentation is when Layer 3 splits the IPv4 packet into smaller units.
• Fragmenting causes latency.
• IPv6 does not fragment packets.
• Example: Router goes from Ethernet to a slow WAN with a smaller MTU

IPv4 Packet
IPv4 Packet Header
IPv4 is the primary communication protocol for the network layer. The network header has many purposes:
• It ensures the packet is sent in the correct direction (to the destination).
• It contains information for network layer processing in various fields.
• The information in the header is used by all layer 3 devices that handle the packet

IPv4 Packet Header Fields

The IPv4 network header characteristics:
• It is in binary.
• Contains several fields of information
• Diagram is read from left to right, 4 bytes per line
• The two most important fields are the source and destination.

Protocols may have may have one or more functions.

The Destination IPv4 address will always remain the same during data transmission

Routers quickly examines a packet’s destination address in order to forward information

From a source to destination.
Significant fields in the IPv4 header:

Recall that IPv4 is a 32-bit address written in a dotted decimal notation and can range from 0.0.0.0 – 255.255.255.255
Examples of IPv4 address:

IPv6 Packets
Limitations of IPv4
IPv4 has three major limitations:
• IPv4 address depletion –We have basically run out of IPv4 addressing.
• Lack of end-to-end connectivity –To make IPv4 survive this long, private addressing and NAT were created. This ended direct communications with public
addressing.
• Increased network complexity –NAT was meant as temporary solution and creates issues on the network as a side effect of manipulating the network
headers addressing. NAT causes latency and troubleshooting issues.
IPv6 Overview
• IPv6 was developed by Internet Engineering Task Force (IETF).
• IPv6 overcomes the limitations of IPv4.
• Improvements that IPv6 provides:
• Increased address space –based on 128 bit address, not 32 bits
• Improved packet handling –simplified header with fewer fields
• Eliminates the need for NAT –since there is a huge amount of addressing,
there is no need to use private addressing internally and be mapped to a shared public address

IPv4 Packet Header Fields in the IPv6 Packet Header

• The IPv6 header is simplified, but not smaller.
• The header is fixed at 40 Bytes or octets long.
• Several IPv4 fields were removed to improve performance.
• Some IPv4 fields were removed to improve performance:
• Flag
• Fragment Offset
• Header Checksum
Significant fields in the IPv6 header:

IPv6 packet may also contain extension headers (EH).

EH headers characteristics:
• provide optional network layer information
• are optional
• are placed between IPv6 header and the payload
• may be used for fragmentation, security, mobility support, etc.
Note: Unlike IPv4, routers do not fragment IPv6 packets.
How a Host Routes
Host Forwarding Decision
• Packets are always created at the source.
• Each host devices creates their own routing table.
• A host can send packets to the following:
• Itself –127.0.0.1 (IPv4), ::1 (IPv6)
• Local Hosts –destination is on the same LAN
• Remote Hosts –devices are not on the same LAN

• The Source device determines whether the destination is local or remote

• Method of determination:
• IPv4 –Source uses its own IP address and Subnet mask, along with the destination IP address
• IPv6 –Source uses the network address and prefix advertised by the local router
• Local traffic is dumped out the host interface to be handled by an intermediary device. Therefore destinations on the same LAN are forwarded directly to its
Recipient by the switch.
• Remote traffic is forwarded directly to the default gateway on the LAN.

Default Gateway
The default gateway is the network device (i.e., router or Layer 3 switch) that can route traffic to other networks. If you use the analogy that a network is like a
room, then the default gateway is like a doorway. If you want to get to another room or network you need to find the doorway.
A router or layer 3 switch can be a default-gateway.
Features of a default gateway (DGW):
• It must have an IP address in the same range as the rest of the LAN.
• It can accept data from the LAN and is capable of forwarding traffic off of the LAN.
• It can route to other networks.
If a device has no default gateway or a bad default gateway, its traffic will not be able to leave the LAN.
A default gateway is required to send traffic outside of the local network. Traffic cannot be forwarded outside the local network if there is no default gateway,
the default gateway address is not configured, or the default gateway is down.

A Host Routes to the Default Gateway

• The host will know the default gateway (DGW) either statically or through DHCP in IPv4.
• IPv6 sends the DGW through a router solicitation (RS) or can be configured manually.
• A DGW is static route which will be a last resort route in the routing table.
• All device on the LAN will need the DGW of the router if they intend to send traffic remotely.

Host Routing Tables

• On Windows, route print or netstat-r to display the PC routing table
• Three sections displayed by these two commands:
 • Interface List –all potential interfaces and MAC addressing
• IPv4 Routing Table - Lists all known IPv4 routes, including direct connections, local network, and local default routes.
• IPv6 Routing Table - Lists all known IPv6 routes, including direct connections, local network, and local default routes.

Introduction to Routing
Router Packet Forwarding Decision
What happens when the router receives the frame from the host device?

Most networks also contain routers, which are intermediary devices. Routers also contain routing tables. When a host sends a packet to another host, it consults
its routing table to determine where to send the packet. If the destination host is on a remote network, the packet is forwarded to the default gateway, which is
usually the local router.

What happens when a packet arrives on a router interface?

The router examines the destination IP address of the packet and searches its routing table to determine where to forward the packet. The routing table
contains a list of all known network addresses (prefixes) and where to forward the packet. These entries are known as route entries or routes. The router will
forward the packet using the best (longest) matching route entry.
IP Router Routing Table
The routing table of the router contains network route entries listing all the possible known network destinations.
There three types of routes in a router’s routing table:
• Directly Connected –These routes are automatically added by the router, provided the interface is active and has addressing.
• Remote–These are the routes the router does not have a direct connection and may be learned:
• Manually –with a static route
• Dynamically –by using a routing protocol to have the routers share their information with each other
• Default Route –this forwards all traffic to a specific direction when there is not a match in the routing table

Static Routing
Static Route Characteristics:
• Must be configured manually
• Must be adjusted manually by the
administrator when there is a change in the topology
• Good for small non-redundant networks
• Often used in conjunction with a dynamic routing
protocol for configuring a default route

Static routes are route entries that are manually configured. The figure shows an example
of a static route that was manually configured on router R1. The static route includes the
remote network address and the IP address of the next hop router. STATIC ROUTING

If there is a change in the network topology, the static route is not

automatically updated and must be manually reconfigured.

Dynamic Routing
Dynamic Routes Automatically:
• Discover remote networks
• Maintain up-to-date information
• Choose the best path to the destination
• Find new best paths when there is a topology change
Dynamic routing can also share static default routes with the other routers.

DYNAMIC ROUTING
A dynamic routing protocol allows the routers to automatically
learn about remote networks, including a default route, from
other routers. Routers that use dynamic routing protocols
automatically share routing information with other routers and compensate for any topology changes without involving the network administrator. If there is a
change in the network topology, routers share this information using the dynamic routing protocol and automatically update their routing tables.

Dynamic routing protocols include OSPF and Enhanced Interior Gateway Routing Protocol (EIGRP). The figure shows an example of routers R1 and R2
automatically sharing network information using the routing protocol OSPF.

Note: It is common for some routers to use a combination

of both static routes and a dynamic routing protocol.

Introduction to an IPv4 Routing Table

The show ip route command shows the following route sources:
• L-Directly connected local interface IP address
• C–Directly connected network
• S–Static route was manually configured by an administrator
• O–OSPF
• D–EIGRP

This command shows types of routes:

• Directly Connected –C and L
• Remote Routes –O, D, etc.
• Default Routes –S*
The routing table displays all of the known IPv4 destination routes for R1.

A directly connected route is automatically created when a router interface is configured with IP address information and is activated. The router adds two route
entries with the codes C (i.e., the connected network) and L (i.e., the local interface IP address of the connected network). The route entries also identify the exit
interface to use to reach the network. The two directly connected networks in this example are 192.168.10.0/24 and 209.165.200.224/30.

Routers R1 and R2 are also using the OSPF dynamic routing protocol to exchange router information. In the example routing table, R1 has a route entry for the
10.1.1.0/24 network that it learned dynamically from router R2 via the OSPF routing protocol.

A default route has a network address of all zeroes. For example, the IPv4 network address is 0.0.0.0. A static route entry in the routing table begins with a code
of S*, as highlighted in the example.

MAC and IP
Destination on Same Network
There are two primary addresses assigned to a device on an Ethernet LAN:
• Layer 2 physical address (the MAC address)–Used for NIC to NIC communications on the same Ethernet network.
o MAC/Hardware/Physical Address (48-bits)
• Layer 3 logical address (the IP address)–Used to send the packet from the source device to the destination device.
o IPv4 (32-bits)
o IPv6 (64-bits)

Layer 2 addresses are used to deliver frames from one NIC to another NIC on the same network. If a destination IP address is on the same network, the
destination MAC address will be that of the destination device.

Destination on Remote Network

When the destination IP address is on a remote network, the destination MAC address is that of the default gateway.
• ARP is used by IPv4 to associate the IPv4 address of a device with the MAC address of the device NIC.
• ICMPv6 is used by IPv6 to associate the IPv6 address of a device with the MAC address of the device NIC.
Routers examine the destination IPv4 address to determine the best path to forward the IPv4 packet. When the router receives the Ethernet frame, it de-
encapsulates the Layer 2 information. Using the destination IPv4 address, it determines the next-hop device, and then encapsulates the IPv4 packet in a new
data link frame for the outgoing interface.

ARP
ARP Overview
To send a packet to another host on the same local IPv4 network, a host must know the IPv4 address and the MAC address of the destination device. Device
destination IPv4 addresses are either known or resolved by device name. However, MAC addresses must be discovered.
A device uses ARP to determine the unknown destination MAC address of a local device when it knows its IPv4 address. ARP provides two basic functions:
• Resolving IPv4 addresses to MAC addresses
• Maintaining an ARP table of IPv4 to MAC address mappings

ARP Functions
When a packet is sent to the data link layer to be encapsulated into an Ethernet frame, the device refers to a table in its memory to find the MAC address that is
mapped to the IPv4 address. This table is stored temporarily in RAM memory and called the ARP table or the ARP cache.

To send a frame, a device will search its ARP table for a destination IPv4 address and a corresponding MAC address.
• If the packet’s destination IPv4 address is on the same network, the device will search the ARP table for the destination IPv4 address.
• If the destination IPv4 address is on a different network, the device will search the ARP table for the IPv4 address of the default gateway.
• If the device locates the IPv4 address, its corresponding MAC address is used as the destination MAC address in the frame.
• If there is no ARP table entry is found, then the device sends an ARP request.

ARP Request
An ARP request is sent when a device needs to determine the MAC address that is associated with an IPv4 address, and it does not have an entry for the IPv4
address in its ARP table.
ARP messages are encapsulated directly within an Ethernet frame. There is no IPv4 header. The ARP request is encapsulated in an Ethernet frame using the
following header information:
 Destination MAC address – This is a broadcast address FF-FF-FF-FF-FF-FF requiring all Ethernet NICs on the LAN to accept and process the ARP request.
 Source MAC address – This is MAC address of the sender of the ARP request.
 Type - ARP messages have a type field of 0x806. This informs the receiving NIC that the data portion of the frame needs to be passed to the ARP process.

Because ARP requests are broadcasts, they are flooded out all ports by the switch (Note: when a layer 2 device received a broadcast frame, it forwards to all
ports except the port on which it received the frame.), except the receiving port. All Ethernet NICs on the LAN process broadcasts and must deliver the ARP
request to its operating system for processing. Every device must process the ARP request to see if the target IPv4 address matches its own. A router will not
forward broadcasts out other interfaces.
Only one device on the LAN will have an IPv4 address that matches the target IPv4 address in the ARP request. All other devices will not reply.

ARP Reply
Only the device with the target IPv4 address associated with the ARP request will respond with an ARP reply. The ARP reply is encapsulated in an Ethernet frame
using the following header information:
 Destination MAC address – This is the MAC address of the sender of the ARP request.
 Source MAC address – This is the MAC address of the sender of the ARP reply.
 Type - ARP messages have a type field of 0x806. This informs the receiving NIC that the data portion of the frame needs to be passed to the ARP process.
Only the device that originally sent the ARP request will receive the unicast ARP reply. After the ARP reply is received, the device will add the IPv4 address and
the corresponding MAC address to its ARP table. Packets destined for that IPv4 address can now be encapsulated in frames using its corresponding MAC
address.
If no device responds to the ARP request, the packet is dropped because a frame cannot be created.

Entries in the ARP table are time stamped. If a device does not receive a frame from a particular device before the timestamp expires, the entry for this device is
removed from the ARP table.

Additionally, static map entries can be entered in an ARP table, but this is rarely done. Static ARP table entries do not expire over time and must be manually
removed.

Note: IPv6 uses a similar process to ARP for IPv4, known as ICMPv6 Neighbor Discovery (ND). IPv6 uses neighbor solicitation and neighbor advertisement
messages, similar to IPv4 ARP requests and ARP replies.

Removing Entries from an ARP Table

• Entries in the ARP table are not permanent and are removed when an ARP cache timer expires after a specified period of time.
• The duration of the ARP cache timer differs depending on the operating system.
• ARP table entries can also be removed manually by the administrator.

ARP Tables on Networking Devices

For each device, an ARP cache timer removes ARP entries that have not been used for a specified period of time. The times differ depending on the operating
system of the device. For example, newer Windows operating systems store ARP table entries between 15 and 45 seconds, as illustrated in the figure.

Commands may also be used to manually remove some or all of the entries in the ARP table. After an entry has been removed, the process for sending an ARP
request and receiving an ARP reply must occur again to enter the map in the ARP table.
• The show ip arp command displays the ARP table on a Cisco router.
• The arp –a command displays the ARP table on a Windows 10 PC.

ARP Issues –ARP Broadcasting and ARP Spoofing

• ARP requests are received and processed by every device on the local network.
 • Excessive ARP broadcasts can cause some reduction in performance.
• ARP replies can be spoofed by a threat actor to perform an ARP poisoning attack.
• Enterprise level switches include mitigation techniques to protect against ARP attacks.

IPv6 Neighbor Discovery

IPv6 Neighbor Discovery Messages
If your network is using the IPv6 communications protocol, the Neighbor Discovery protocol, or ND, is what you need to match IPv6 addresses to MAC
addresses.
IPv6 Neighbor Discovery (ND) protocol provides:
• Address resolution
• Router discovery
• Redirection services
• ICMPv6 Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages are used for device-to-device messaging such as address resolution.
• ICMTPv6 Router Solicitation (RS) and Router Advertisement (RA) messages are used for messaging between devices and routers for router discovery.
• ICMPv6 redirect messages are used by routers for better next-hop selection.

Note: The fifth ICMPv6 ND message is a redirect message which is used for better next-hop selection. This is beyond the scope of this course.

IPv6 Neighbor Discovery –Address Resolution

• IPv6 devices use ND to resolve the MAC address of a known IPv6 address.
• ICMPv6 Neighbor Solicitation messages are sent using special Ethernet
and IPv6 multicast addresses.