Chapter 3
Chapter 3
Chapter 3
“FUNDAMENTALS OF WANs”
The other big difference between the two is this: You pay for and own LANs, but you lease WANs. With
LANs, you buy the cables and LAN switches and install them in spaces you control. WANs physically pass
through other people’s property, and you do not have the right to put your cables and devices there.
From a basic point of view, a leased line WAN works a lot like an Ethernet crossover cable connecting two
routers, but with few distance limitations. Each router can send at any time (full duplex) over the leased line,
for tens, hundreds, or even thousands of miles.
To connect LANs using a WAN, the internetwork uses a router connected to each LAN, with a WAN link
between the routers. First, the enterprise’s network engineer would order some kind of WAN link. A router at
each site connects to both the WAN link and the LAN, as shown in the figure below. Note that a crooked line
between the routers is the common way to represent a leased line when the drawing does not need to show any
of the physical details of the line.
In fact, conceptually it acts as if you had a full-duplex crossover Ethernet link between two routers, as shown in
Figure 3-2. The leased line uses two pairs of wires, one pair for each direction of sending data, which
allows full-duplex operation.
A leased line does not actually exist as a single long cable between the two sites. Instead, the telco installs a
large network of cables and specialized switching devices to create its own computer network. The telco
network creates a service that acts like a crossover cable between two points, but the physical reality is hidden
from the customer.
Figure 3-3 gives a little insight into the cabling that could exist inside the telco for a short leased line. Telco’s
put their equipment in buildings called central offices (CO). The telco installs cables from the CO to most every
other building in the city, expecting to sell services to the people in those buildings one day. The telco would
then configure its switches to use some of the capacity on each cable to send data in both directions, creating the
equivalent of a crossover cable between the two routers.
First, each site has customer premises equipment (CPE), which includes the router, serial interface card,
and CSU/DSU. Each router uses a serial interface card that acts somewhat like an Ethernet NIC, sending and
receiving data over the physical link. The physical link requires a function called a channel service unit/data
service unit (CSU/DSU). The CSU/DSU can either be integrated into the serial interface card in the router or sit
outside the router as an external device. Figure 3-4 shows the CPE devices, along with the cabling.
The four-wire cable from the telco plugs in to the CSU/DSU, typically using an RJ-48 connector that has the
same size and shape as an RJ-45 connector. Telcos offer a wide variety of speeds for leased lines. However, you
cannot pick the exact speed you want; instead, you must pick from a long list of predefined speeds. Slower-
speed links run at multiples of 64 kbps (kilobits per second), while faster links run at multiples of about
1.5 Mbps (megabits per second).
First, the serial cables normally used between a router and an external CSU/DSU are called data terminal
equipment (DTE) cables. To create a physical WAN link in a lab, you need two serial cables: one serial DTE
cable, plus a similar but slightly different matching data communications equipment (DCE) cable. The DCE
cable has a female connector, while the DTE cable has a male connector, which allows the two cables to be
attached directly. The DCE cable also does the equivalent task of an Ethernet crossover cable by swapping the
transmit and receive wire pairs, as shown in Figure 3-5.
Finally, to make the link work, the router with the DCE cable installed must do one function normally done by
the CSU/DSU. The CSU/DSU normally provides a function called clocking, in which it tells the router
exactly when to send each bit through signaling over the serial cable. A router serial interface can provide
clocking, and the more recent router software versions automatically supply clocking when the router senses a
DCE cable is plugged into the serial port.
1. To send the IP packet to Router R1 next, PC1 encapsulates the IP packet in an Ethernet frame that has the
destination MAC address of R1.
2. Router R1 de-encapsulates (removes) the IP packet from the Ethernet frame, encapsulates the packet
into an HDLC frame using an HDLC header and trailer, and forwards the HDLC frame to Router R2 next.
3. Router R2 de-encapsulates (removes) the IP packet from the HDLC frame, encapsulates the packet
into an Ethernet frame that has the destination MAC address of PC2, and forwards the Ethernet frame to PC2.
In summary, a leased line with HDLC creates a WAN link between two routers so that they can forward packets
for the devices on the attached LANs.
Leased lines have many benefits that have led to their relatively long life in the WAN marketplace. These lines
are simple for the customer, are widely available, are of high quality, and are private. However, they do
have some negatives as well compared to newer WAN technologies, including a higher cost and typically
longer lead times to get the service installed.
As time passed, the IEEE improved Ethernet standards in ways that made Ethernet a reasonable WAN
technology. For example, the 1000BASE-LX standard uses single-mode fiber cabling, with support for a 5-
km cable length; the 1000BASE-ZX standard supports an even longer 70-km cable length.
The customer connects to an Ethernet link using a router interface. The (fiber) Ethernet link leaves the customer
building and connects to some nearby SP location called a point of presence (PoP). Instead of a telco switch
as shown in Figure 3-3, the SP uses an Ethernet switch.
The one Ethernet WAN service goes by two names: Ethernet emulation and Ethernet over MPLS
(EoMPLS). Ethernet emulation is a general term, meaning that the service acts like one Ethernet link. EoMPLS
refers to Multiprotocol Label Switching (MPLS), which is one technology that can be used inside the SP’s
cloud.
The middle of the Internet, called the Internet core, exists as LANs and WANs owned and operated by Internet
service providers (ISP).
Businesses tend to use one set of WAN technologies as Internet access links, while home-based consumers use
others. Businesses often use leased lines, connecting a router at the business to a router at the ISP.
Consumers often use technologies like DSL and cable for Internet access links.
Digital Subscriber Line:
It uses the same single-pair telephone line used for a typical home phone line. Each home has one phone
line that runs from a nearby telco CO to the home. As shown on the left side of Figure 3-15, the telephone
wiring splits out and terminates at several wall plates, often with RJ-11 ports that are a slightly skinnier cousin
of the RJ-45 connector.
At the CO, each line connects to a port on a telco switch. This switch supports the ability to set up voice calls,
take them down, and forward the voice through the worldwide voice network, called the public switched
telephone network, or PSTN.
To add DSL service at the home in Figure 3-15, two changes need to be made. First, you need to add DSL-
capable devices at the home. Second, the telco has to add DSL equipment at the CO.
The home-based router on the left must be able to send data to/from the Internet. To make that happen, the telco
CO uses a product called a DSL access multiplexer (DSLAM). The DSLAM splits out the data over to the
router on the lower right, which completes the connection to the Internet. The DSLAM also splits out the
voice signals over to the voice switch on the upper right.
DSL supports asymmetric speeds, meaning that the transmission speed from the ISP toward the home
(downstream) is much faster than the transmissions toward the ISP (upstream). Asymmetric speed work
better for consumer Internet access from the home, because clicking a web page sends only a few hundred
bytes upstream into the Internet, but can trigger many megabytes of data to be delivered downstream to
the home.
Cable Internet:
The telephone line has been replaced with coaxial cable from the CATV company, and the DSL modem has
been replaced by a cable modem.
Generally speaking, while both offer high speeds, cable Internet typically runs at faster speeds than DSL,
with DSL providers keeping their prices a little lower to compete. Both support asymmetric speeds, and both
provide an “always on” service, in that you can communicate with the Internet without the need to first take
some action to start the Internet connection.
SUMMARY OF CHAPTER 4
“FUNDAMENTALS OF IPv4 ADDRESSING AND ROUTING”
IP focuses on the job of routing data, in the form of IP packets, from the source host to the destination host. IP
does not concern itself with the physical transmission of data, instead relying on the lower TCP/IP layers to do
the physical transmission of the data. Instead, IP concerns itself with the logical details, rather than physical
details, of delivering data. In particular, the network layer specifies how packets travel end to end over a
TCP/IP network, even when the packet crosses many different types of LAN and WAN links.
The host operating system (OS) has TCP/IP software, including the software that implements the network layer. Hosts use
that software to choose where to send IP packets, often to a nearby router. Those routers make choices of where to
send the IP packet next.
The term path selection is sometimes used to refer to the routing process shown in Figure 4-1. At other times, it refers to
routing protocols, specifically how routing protocols select the best route among the competing routes to the same
destination.
To send the IP packet to the default router, the sender sends a data-link frame across the medium to the nearby
router; this frame includes the packet in the data portion of the frame. That frame uses data link layer
(Layer 2) addressing in the data-link header to ensure that the nearby router receives the frame.
The default router is also referred to as the default gateway.
All routers use the same general process to route the packet. Each router keeps an IP routing table. This table
lists IP address groupings, called IP networks and IP subnets. When a router receives a packet, it compares
the packet’s destination IP address to the entries in the routing table and makes a match. This matching
entry also lists directions that tell the router where to forward the packet next.
The network layer logic in a host or router must hand off the packet to the data link layer protocols, which,
in turn, ask the physical layer to actually send the data. The data link layer adds the appropriate header and
trailer to the packet, creating a frame, before sending the frames over each physical network.
The network layer thinks about the bigger view of the goal, like “Send this packet to the specified next
device...,” while the data link layer thinks about the specifics, like “Encapsulate the packet in a data-link
frame and transmit it.”
An example of how the router determines which data-link address to use is the IP Address Resolution
Protocol (ARP). ARP dynamically learns the data-link address of an IP host connected to a LAN. For
example, at the last step, at the bottom of Figure 4-2, Router R3 would use ARP once to learn PC2’s MAC
address before sending any packets to PC2.
Because the routers build new data-link headers and trailers, and because the new headers contain data-
link addresses, the PCs and routers must have some way to decide what datalink addresses to use. An
example of how the router determines which data-link address to use is the IP Address Resolution Protocol
(ARP). ARP dynamically learns the data-link address of an IP host connected to a LAN. For example, at the
last step, at the bottom of Figure 4-2, Router R3 would use ARP once to learn PC2’s MAC address before
■ The process of routing forwards Layer 3 packets, also called Layer 3 protocol data units
(L3 PDU), based on the destination Layer 3 address in the packet.
■ The routing process uses the data link layer to encapsulate the Layer 3 packets into Layer
2 frames for transmission across each successive data link.
IP defines specific rules about which IP address should be in the same IP network or IP subnet. Numerically, the addresses
in the same group have the same value in the first part of the addresses.
The routing process also makes use of the IPv4 header, as shown in Figure 4-3. The header lists a 32-bit source IP address,
as well as a 32-bit destination IP address. The header of course has other fields, a few of which matter for other
discussions in this book. The book will refer to this figure as needed, but otherwise, be aware of the 20-byte IP header and
For routing logic to work on both hosts and routers, each needs to know something about the TCP/IP internetwork. Hosts
need to know the IP address of their default router so that hosts can send packets to remote destinations. Routers,
however, need to know routes so that routers know how to forward packets to each and every IP network and IP
subnet.
Although a network engineer could configure (type) all the required routes, on every router, most network engineers
instead simply enable a routing protocol on all routers. If you enable the same routing protocol on all the routers in a
TCP/IP internetwork, with the correct settings, the routers will send routing protocol messages to each other. As a result,
all the routers will learn routes for all the IP networks and subnets in the TCP/IP internetwork.
IPv4 Addressing
Any device that has at least one interface with an IP address can send and receive IP packets and is called an IP
host.
■ All IP addresses in the same group must not be separated from each other by a router.
■ IP addresses separated from each other by a router must be in different groups.
Classes A, B, and C define unicast IP addresses, meaning that the address identifies a single host interface. Class D defines
multicast addresses, used to send one packet to multiple hosts. Class E originally defined experimental addresses. (Class
E addresses are no longer defined as experimental, and are simply reserved for future use.)
IP Subnetting:
Subnetting defines methods of further subdividing the IPv4 address space into groups that are smaller than
a single IP network. IP subnetting defines a flexible way for anyone to take a single Class A, B, or C IP
network and further subdivide it into even smaller groups of consecutive IP addresses. In fact, the name subnet
is just shorthand for subdivided network.
Figure 4-8 wastes many IP addresses, because each Class B network has 216 – 2 host addresses—far more
than you will ever need for each LAN and WAN link. For example, the Ethernet on the left uses an entire Class
B network, which supports 65,534 IP addresses that begin with 150.1. However, a single LAN seldom grows
past a few hundred devices, so many of the IP addresses in Class B network 150.1.0.0 would be wasted.
Even more waste occurs on the point-to-point serial links, which need only two IP addresses.
Figure 4-9 illustrates a more common design today, one that uses basic subnetting. As in the previous figure, this figure
needs five groups of addresses. However, in this case, the figure uses five subnets of Class B network 150.9.0.0.
Subnetting allows the network engineer for the TCP/IP internetwork to choose to use a longer part of the addresses that
must have the same value. Subnetting allows quite a bit of flexibility, As a result of using subnetting, the network
engineer has saved many IP addresses. First, only a small part of Class B network 150.9.0.0 has been used so far. Each
subnet has 254 addresses, which should be plenty of addresses for each LAN, and more than enough for the WAN links.
Hosts actually use some simple routing logic when choosing where to send a packet. If you assume that the
design uses subnets (which is typical), this two-step logic is as follows:
Step 1. If the destination IP address is in the same IP subnet as I am, send the packet directly to that
destination host.
Step 2. Otherwise, send the packet to my default gateway, also known as a default router. (This router has an
interface on the same subnet as the host.)
For example, consider Figure 4-10 and focus on the Ethernet LAN on the left. When PC1 sends an IP packet to
PC11 (150.9.1.11), PC1 first considers some match related to subnetting. PC1 concludes that PC11’s IP address
is in the same subnet as PC1, so PC1 ignores its default router (Core, 150.9.1.1), sending the packet directly to
Alternatively, when PC1 sends a packet to PC2 (150.9.4.10), PC1 does the same kind of subnetting math, and
realizes that PC2 is not on the same subnet as PC1. So, PC1 forwards the packet (Step 2) to its default gateway,
address (150.150.4.10). PC1 needs to send the packet to R1 (PC1’s default router) because the destination address is on a
different subnet. PC1 places the IP packet into an Ethernet frame, with a destination Ethernet address of R1’s Ethernet
address. PC1 sends the frame on to the Ethernet. (Note that the figure omits the data-link trailers.)
Step B. R1 processes the incoming frame and forwards the packet to R2. Because the incoming Ethernet frame has a
destination MAC of R1’s Ethernet MAC, R1 copies the frame off the Ethernet for processing. R1 checks the frame’s FCS, and
no errors have occurred (Step 1). R1 then discards the Ethernet header and trailer (Step 2). Next, R1 compares the packet’s
destination address (150.150.4.10) to the routing table and finds the entry for subnet 150.150.4.0—which includes
addresses 150.150.4.0 through 150.150.4.255 (Step 3). Because the destination address is in this group, R1 forwards the
packet out interface Serial0 to next hop Router R2 (150.150.2.7) after encapsulating the packet in a High-Level Data Link
Step C. R2 processes the incoming frame and forwards the packet to R3. R2 repeats the same general process as R1 when
R2 receives the HDLC frame. R2 checks the FCS field and finds that no errors occurred (Step 1). R2 then discards
the HDLC header and trailer (Step 2). Next, R2 finds its route for subnet 150.150.4.0—which includes the address range
150.150.4.0–150.150.4.255— and realizes that the packet’s destination address 150.150.4.10 matches that route (Step 3).
Finally, R2 sends the packet out interface Fast Ethernet 0/0 to next-hop router 150.150.3.1 (R3) after encapsulating the
Step D. R3 processes the incoming frame and forwards the packet to PC2. Like R1 and R2, R3 checks the FCS, discards the
old data-link header and trailer, and matches its own route for subnet 150.150.4.0. R3’s routing table entry for 150.150.4.0
shows that the outgoing interface is R3’s Ethernet interface, but there is no next-hop router because R3 is connected
directly to subnet 150.150.4.0. All R3 has to do is encapsulate the packet inside a new Ethernet header and trailer, with a
destination Ethernet address of PC2’s MAC address, and forward the frame.
■ To dynamically learn and fill the routing table with a route to each subnet in the internetwork.
■ If more than one route to a subnet is available, to place the best route in the routing table.
■ To notice when routes in the table are no longer valid, and to remove them from the routing table.
■ If a route is removed from the routing table and another route through another neighboring router is available, to add
the route to the routing table. (Many people view this goal and the preceding one as a single goal.)
■ To work quickly when adding new routes or replacing lost routes. (The time between losing the route and finding a
Routing protocols all use some similar ideas to allow routers to learn routing information from each other.
Step 1. Each router, independent of the routing protocol, adds a route to its routing table for each subnet directly
Step 2. Each router’s routing protocol tells its neighbors about the routes in its routing table, including the directly
Step 3. After learning a new route from a neighbor, the router’s routing protocol adds a route to its IP routing table, with
the next-hop router of that route typically being the neighbor from which the route was learned.
Step A. Subnet 150.150.4.0 exists as a subnet at the bottom of the figure, connected to Router R3.
Step B. R3 adds a connected route for 150.150.4.0 to its IP routing table (Step 1); this happens without help from the
routing protocol.
Step C. R3 sends a routing protocol message, called a routing update, to R2, causing R2 to learn about subnet 150.150.4.0
(Step 2).
Step D. R2 adds a route for subnet 150.150.4.0 to its routing table (Step 3).
Step E. R2 sends a similar routing update to R1, causing R1 to learn about subnet 150.150.4.0 (Step 2).
Step F. R1 adds a route for subnet 150.150.4.0 to its routing table (Step 3). The route lists R1’s own Serial0 as the outgoing
For example, when you open a web browser and type in the hostname www.google.com, your computer does not send an
IP packet with destination IP address www.google.com; it sends an IP packet to an IP address used by the web server for
Google. TCP/IP needs a way to let a computer find the IP address used by the listed hostname, and that method uses the
At Step 1, PC11 sends a DNS message—a DNS query—to the DNS server. At Step 2, the DNS server sends back a DNS
reply that lists Server1’s IP address. At Step 3, PC11 can now send an IP packet to destination address 10.1.2.3, the
DNS defines protocols, as well as standards for the text names used throughout the world, and a worldwide set of
distributed DNS servers. The domain names that people use every day when web browsing, which look like
www.example.com, follow the DNS naming standards. Also, no single DNS server knows all the names and matching IP
addresses, but the information is distributed across many DNS servers. So, the DNS servers of the world work together,
forwarding queries to each other, until the server that knows the answer supplies the desired IP address information.
On Ethernet LANs, whenever a host or router needs to encapsulate an IP packet in a new Ethernet frame, the host or
router knows all the important facts to build that header— except for the destination MAC address. However, the hosts
and routers do not know those neighboring devices’ MAC addresses beforehand.
TCP/IP defines the Address Resolution Protocol (ARP) as the method by which any host or router on a LAN can
dynamically learn the MAC address of another IP host or router on the same LAN. ARP defines a protocol that includes
the ARP Request, which is a message that asks the simple request “if this is your IP address, please reply with your MAC
address.” ARP also defines the ARP Reply message, which indeed lists both the original IP address and the matching MAC
address.
ICMP Echo and the ping Command:
Ping (Packet Internet Groper) uses the Internet Control Message Protocol (ICMP), sending a message called an ICMP echo
request to another IP address. The computer with that IP address should reply with an ICMP echo reply. If that works,
you successfully have tested the IP network. In other words, you know that the network can deliver a packet from one host
to the other and back. ICMP does not rely on any application, so it really just tests basic IP connectivity—Layers 1, 2, and 3
END OF CHAPTER 4
SUMMARY OF CHAPTER 5
“Fundamentals of TCP/IP Transport and Applications”
The OSI transport layer (Layer 4) defines several functions, the most important of which are error recovery and flow
control.
Most data-link protocols notice errors (a process called error detection) but then discard frames that have errors.
TCP provides retransmission (error recovery) and helps to avoid congestion (flow control), whereas UDP does not. As a
result, many application protocols choose to use TCP.
By providing fewer services, UDP needs fewer bytes in its header compared to TCP, resulting in fewer bytes of overhead
in the network. UDP software does not slow down data transfer in cases where TCP can purposefully slow down. Also,
some applications, notably today Voice over IP (VoIP) and video over IP, do not need error recovery, so they use UDP. So,
UDP also has an important place in TCP/IP networks today.
TCP relies on IP for end-to-end delivery of the data, including routing issues. In other words, TCP performs only part of
the
functions necessary to deliver the data between applications. Also, the role that it plays is directed toward providing
services for the applications that sit at the endpoint computers.
The message created by TCP that begins with the TCP header, followed by any application data, is called a TCP segment.
Alternatively, the more generic term Layer 4 PDU, or L4PDU, can also be used.
Multiplexing by TCP and UDP involves the process of how a computer thinks when receiving data.
The computer might be running many applications, such as a web browser, an email package, or an Internet VoIP
application (for example, Skype). TCP and UDP multiplexing tell the receiving computer to which application to give the
received data.
Jessie needs to know which application to give the data to, but all three packets are from the same Ethernet and IP
address. You might think that Jessie could look at whether the packet contains a UDP or TCP header, but as you see in the
figure, two applications (wire transfer and web) are using TCP.
TCP and UDP solve this problem by using a port number field in the TCP or UDP header, respectively. Each of Hannah’s
TCP and UDP segments uses a different destination port number so that Jessie knows which application to give the data
to.
■ An IP address
■ A transport protocol
■ A port number
So, for a web server application on Jessie, the socket would be (10.1.1.2, TCP, port 80) because, by default, web servers
use the well-known port 80. When Hannah’s web browser connects to the web server, Hannah uses a socket as well—
possibly one like this: (10.1.1.1, TCP, 1030). Why 1030? Well, Hannah just needs a port number that is unique on Hannah,
so Hannah sees that port 1030 is available and uses it. In fact, hosts typically allocate dynamic port numbers starting at
1024 because the ports below 1024 are reserved for well-known applications.
Multiplexing, based on sockets, ensures that the data is delivered to the correct applications.
Port numbers are a vital part of the socket concept. Well-known port numbers are used by servers; other port numbers
are used by clients. Applications that provide a service, such as FTP, Telnet, and web servers, open a socket using a well-
known port and listen for connection requests. Because these connection requests from clients are required to include
both the source and destination port numbers, the port numbers used by the servers must be well-known. Therefore,
each service uses a specific well-known port number.
On client machines, where the requests originate, any locally unused port number can be allocated. The result is that each
client on the same host uses a different port number, but a server uses the same port number for all connections. For
example, 100 web browsers on the same host computer could each connect to a web server, but the web server with 100
clients connected to it would have only one socket and, therefore, only one port number (port 80, in this case). The server
can tell which packets are sent from which of the 100 clients by looking at the source port of received TCP segments. The
server can send data to the correct web client (browser) by sending data to that same port number listed as a destination
port. The combination of source and destination sockets allows all participating hosts to distinguish between the data’s
source and destination. Although the example explains the concept using 100 TCP connections, the same port-numbering
concept applies to UDP sessions in the same way.
Popular TCP/IP Applications
The World Wide Web (WWW) application exists through web browsers accessing the content
available on web servers. You can actually use WWW to manage a router or switch. You enable a web server function in
the router or switch and use a browser to access the router or switch
The Domain Name System (DNS) allows users to use names to refer to computers, with DNS being used to find the
corresponding IP addresses. DNS servers being controlled by networking personnel and DNS client functions being part of
most any device that uses TCP/IP today. The client simply asks the DNS server to supply the IP address that corresponds to
a given name.
Simple Network Management Protocol (SNMP) is an application layer protocol used specifically for network device
management. Network Management Products can be used to query, compile, store, and display information about a
network’s operation. To query the network devices, Cisco Prime software mainly uses SNMP protocols.
Traditionally, to move files to and from a router or switch, Cisco used Trivial File Transfer Protocol (TFTP). TFTP defines a
protocol for basic file transfer—hence the word trivial. Alternatively, routers and switches can use File Transfer Protocol
(FTP), which is a much more functional protocol, to transfer files.