Day 28: Network Diagrams and Topology

A physical topology displays actual device and wiring locations to help you efficiently locate and troubleshoot devices - we have bus, ring, mesh, star or extended star topologies. It maps the location of OSI Layer 1 devices and media. So it refers to the physical layout of devices and network media.
A logical map of the network topology groups hosts and devices by how they use the network. A logical topology map displays hostnames, address groups, network access and applications on a network. The logical topology identifies the Layer 1 devices but focuses on the Layer 3 addressing, access and upper-layer applications, regardless of location. It refers to the logical paths in which data accesses the media and transmits packets accross it. Ethernet uses a logical bus topology and either a physical bus or star topology.

The backbone for the Internet are IXPs (Internet Exchange Points) and NAPs (Network Access Points), ISPs use these to connect to each other.

An Ethernet address or media access control (MAC) address provides a unique identity for a host but does not provide information about the host's location, typically burned into the adapter and usually displayed in a hexadeximal format. The first 24 bits are vendor specific (OUI), the other are vendor assigned. The Internet Protocol (IP) address identifies the location of a host in a divided hierarchical network - remember: access, distribution and core layer.

A hub is a multiport device that simply regenerates a received signal to all ports except the port where the signal is received. The bandwith is shared and only one device can communicate at a time. All connected devices are in the same collission domain. Even with a collision will the hub forward the frame with errors out all ports where it'll be discarded by the NIC.

A switch is also a multiport device that reads each frame's MAC address, maintains a MAC table of which hosts are attached to which port, and forwards frames based on the destination MAC address. Bandwith is not shared between the switch creates temporary circuits, so each port is its own collision domain! When a MAC is not yet learned the swith'll flood the frame out all other ports. Frames with errors or with same source and destination will not be forwarded.

Switches have these advantages over bridges:

• a high-speed backplane that enables multiple simultaneous conversations to occur.
• data-buffering capabilities that store and forward packets to the correct ports or port.
• higher port densities versus bridges.
• lower latency than bridges. Layer 2 switches are implemented in hardware, allowing millions of bits per second to be transmitted at the same time.

A network with switches and hubs form a single broadcast domain. Broadcast messages (to all other hosts on a network) use all F's as the destination MAC address. When only the IP address of the destination is known , the sending host can use address resolution protocol (ARP) - also check my other post concerning gratuitious arp. ARP is a local broadcast sent to all devices on the local segment to find the MAC address of a host.

Remember these things about routers:

• they connect networks and route packets to their destination networks.
• routers can look at the MAC address to determine a frame's destination, but also decapsulate the frame to look at the destination IP address located in the header of the IP packet.
• routers look at the network portion of the destination IP address, re-encapsulate the packet and forward it to its destination.
• routers maintain a routing table of connected networks, it's referenced to determine which interface connects to thet destination network.
• routers do not forward frames with a broadcast MAC address, so each port is its own broadcast domain. It's clear now that routers divide broadcast domains.
• routers drop packets when it has no entry for a destination network (use a default route).

A Lan segment is a network connection made by a single unbroken network cable, they are limited by physical distance. You can extend it by using hubs, repeaters, bridges and switches.

Day 29: Layered Model Protocols

The IEEE 802.3 Committee develops the standards for Ethernet technologies, here are some important ones:

• DIX: Digital Intel and Xerox for 10Mbps over coaxial cable
• IEEE 802.3 10BASE-5:   10Mbs baseband over coaxial cable (thicknet), 500m distance
• IEEE 802.3a 10BASE-2: 10Mbs baseband over coaxial cable (thinnet), 200m distance
• IEEE 802.3i 10BASE-T:  10Mbs baseband over twisted-pair copper, 100m distance
• IEEE 802.3j 10BASE-F:  10Mbs baseband over fiber
• IEEE 802.3u 100BASE-T:     100Mbs baseband over twisted pair
• IEEE 802.3z 1000BASE-X:   1 Gbps baseband over fiber
• IEEE 802.3an 10G BASE-T: 10Gbps over twisted pair

The two most common Transport layer protocols are TCP (protocol number 6) and User Datagram Protocol (UDP, protocol number 17). UDP, in contrary to TCP does not acknowledge or retransmit segments. These transport layer protocols use ports to identify a service. The client  uses a destination port, source port (16 bits and unregistered in the 1025 to 65535 range), destination IP address and source IP address to create a socket that identificies the server and service. The combination of a port and Layer 3 IP address creates a socket.

• 21 - FTP, client makes request on server on port 21 (command), server responds with data on port 20 (data transfer)
• 22 - SSH
• 23 - Telnet
• 25 - SMTP
• 53 - DNS
• 67 - DHCP, messages from a client to a server are sent to the 'DHCP server' port (67), and DHCP messages from a server to a client are sent to the 'DHCP client' port (68)
• 69 - TFTP
• 80 - HTTP
• 110 - POP3
• 143 - IMAP4
• 161 - SNMP
• 443 - HTTPS, uses Secure Socket Layer (SSL)
• 520 - RIP

Many well-known applications have assignments to well-known ports, the range for these well-known or registered ports is 0 to 1023. Applications will use these as destination but a client will dynamically select a port as source from the range 1024 to 65535.
TCP is a connection-oriented protocol, while UDP is connectionless and more a best-effort attempt. TCP uses a three-way handshake, this is summarized in sending a SYN request, SYN-ACK reply and the ACK to conmplete the connection. TCP is reliable with acknowledgment, checksums, timers, retransmission, windowing, flow control, packet sequencing. UDP is unreliable and if needed other layers should implement reliability. Off course, this means that TCP has more overhead. Reliability is measured by the mean time between failures (MTBF) and mean time to repair (MTTR), redundant hardware/connections helps a lot.

Remember that DNS uses both UDP and TCP to send messages, the larger or more important exchanges of information (for example zone transfers), TCP will be used because of its reliability and ability to handle messages of any size.

Remember that IP is a connectionless protocol, uses hierarchical addressing, delivers data on a best-effort basis and has no built-in data recovery.

Session multiplexing is provided by the transport layer. It multiplexes several sessions onto one logical link and keeps track of which messages belong to which sessions (session layer). An example is a single computer with one IP address that has several websites open at once.

Windowing (flow control) allows the sender to transmit a specified number of unacknowledged segments. The window field is a number that implies the maximum number of unacknowledged bytes allowed outstanding at any time.

Ethernet 802.3 is based on the CSMA/CD process, specifies the physical layer and the MAC portion of the data link layer.

The NIC communicates with the network through a serial connection and communicates with the computer through a parallel connection.

Four functions of ICMP are flow control, detect unreachable destinations, redirect routes and check remote hosts.

Day 30: Layered Model Applications

Don't forget to distinguish between the Open Systems Interconnection (OSI) model and the Transmission Control Protocol/Internet Protocol (TCP/IP) model - stacks made up of layers.

The  TCP/IP model has four layers:

• Application layer (http, data)
• Transport layer (TCP, UDP, segments)
• Internet layer (IP, ICMP, ARP, RARP, packets)
• Network acces layer (frames, bits)

The OSI model has seven layers:

• Application (ftp, http, dns, dhcp, snmp, telnet, smtp, data)
• Presentation (mime, ssl, shells, ascii, .txt, also known as the translator, data)
• Session (SQL, API, RPC, NetBIOS, data)
• Transport (TCP, UDP, segments)
• Network (IP, NAT, packets)
• Data link (MAC, error correction, FDDI, HDLC, Frame Relay, frames)
• Physical (bits)

If you compare both models, its important to remember that the Network access layer of TCP/IP is the same as the first two OSI-layers (data link and physical)!
The OSI upper layers deal with the data's format, organization and communication. The lower layers implement protocols to transport and route data across a network.
Don't forget that a layered model has several benefits: helps design of protocols, interoperability of vendors, changing one technology without affecting other layers, common terminology to teach and learn.

The data link layer has two sublayers to provide physical media indepedence: the upper logical link control (LLC) layer  and the lower media access control (MAC) layer. The Ethernet protocol operates at the data link and physical layer of the OSI model!
LLC: what to do with a packet after it is receive.
MAC: how data is placed and transported over the physical wire.

The layers communicate with each other using service access points (SAP) and protocol data units (PDU).
Encapsulation wraps data with the necessary protocol information before network transmission.

Day 31: Network Components and Operation

We have a three-layer hierarchical model:

1. Access layer devices that connect hosts on a LAN to provide users with access (hubs, bridges and switches).
2. Distribution layer devices that provide connectivity between LANs, obviously we find routers here.
3. Core layer devices that provide high-speed connectivity between distribution layer devices.

A hub is an ethernet networking device with multiple ports that regenerates a signal it receives on one port to all other ports. The bandwith is shared by all devices and if two send at the same time we get collisions. Think of it as a multiport repeater.

The switch is a multiport networking device that looks at the destination physical address of a received frame on one port to forward the frame to the port where that host is connected. Communication is through temporary circuits, avoiding collisions.

A bridge is a two-port switch that can be used to divide a large, hub-based collision domain.

Routers look at the destination IP address of a received packet and forward the packet to its destination network. They also determine the best path for a packet to its destination network.

Interconnections are a physical component that provides a means for data to travel accross the network, this includes NICs, network media and connectors.
Remember that collaborations and databates are two of the most common network applications.
Batch applications are started and complete on their own without further interaction, Interactive apps are requested from a server by a user who then waits for a reply.
A physical topology defines the physical components of the network like cables, devices while the logical topology defines the data path of the network.
Passive attack refers to monitoring and gathering data, close-in is also gaining close proximity for a wireless tap. Active is trying to break or bypass security. Access attacks are exploiting known flaws (passwords, man-in-the-middle, trojan horses, etc.).
Always use SSH (or SSL and IPsec) because it encrypts all data, telnet sends it all in clear text.

About networks: a main office can have hundreds or thousands of people who depend on network access. Its a connected collection of devices that can communicate with each other and the purpose is to create a means to provide all workers with access to all information and components that are accessible by the network.
The purpose of network interconnections is to provide a means for data to travel from one point to another.
The main threath to a closed network is misuse by employees.

31 Days Before Your CCENT Certification

I took the ICND1 course at globalknowledge which was quite good and to reinforce everything I decided to follow the book "31 Days Before Your CCENT Certification". I'll try to post summaries for most of the days.

Other stuff I'll use are CBT Nuggets, CCNA Flash Cards, Packet Tracer, GNS3 and the Cisco Learning Network page.

There are loads of good sites which I'll try to share as well.

Ok, let's start!

Gratuitous ARP

Gratuitous ARP could mean both gratuitous ARP request or gratuitous ARP reply. Gratuitous in this case means a request/reply that is not normally needed according to the ARP specification (RFC 826) but could be used in some cases. A gratuitous ARP request is an Address Resolution Protocol request packet where the source and destination IP are both set to the IP of the machine issuing the packet and the destination MAC is the broadcast address ff:ff:ff:ff:ff:ff. Ordinarily, no reply packet will occur. A gratuitous ARP reply is a reply to which no request has been made.

Full explanation can be found at wireshark:
http://wiki.wireshark.org/Gratuitous_ARP

difference between banner login and banner motd

Both are shown before login but banner motd is shown first.

For banner login you need to have the login command. If you configure no login under the line config, the login banner will never show.

The following config:
banner login ^C
This is a login banner
^C
banner motd ^C
This is a MOTD banner
^C
!
line con 0
password cisco
login

will give this output when connecting to the console:

This is a MOTD banner

This is a login banner

User Access Verification
Password: