What is Network?

A computer network is
- a system of interconnected devices.

- communicate using some common standards called the Internet

protocol suite or TCP/IP.

What if we want to expand our network?

- we can use network devices, such as routers, switches, or hubs, to connect two or
more computers together:

Types of Computer Networks

Listed below are the most common types of computer networks:

 Local Area Network (LAN) – LANs are commonly used in small to medium size
companies, households, buildings, etc., with limited space.
 Personal Area Network (PAN) – PAN covers a short distance of 10 meters.
Bluetooth is an example of PAN.
 Metropolitan Area Network (MAN) – MANs are used in a single geographic region,
such as a city or town.
 Wide Area Network (WAN) – WANs cover larger areas like different states and
countries.
 Wireless Local Area Network (WLAN) – Wireless LAN is used for wireless
networks, connecting wired and wireless devices.

Local area network (LAN)

- Network of devices in a limited area (a house, office, building, etc.).
- usually capable of achieving high data transfer rate (up to 10 Gbps!) at low cost.
- Examples of this type of network are a small office network inside a single building
or your home network.
- A typical SOHO (small office/home office) LAN consist of PCs, printers, switches,
routers, and cabling that connects all these devices together.
- Some of the most popular LAN technologies are Ethernet, Token Ring and FDDI.
Most LAN networks use TCP/IP to communicate. Twisted-pair cabling is usually
used in a LAN.
- Ethernet is - wired LAN technology.
o It defines wiring, signaling, connectors, frame formats, protocol rules,
etc.
o Most modern LANs also support the wireless LAN (WLAN) technology,
defined by the IEEE 802.11 standards.
o WLANs use radio waves instead of wires or cables for links between
devices.

TCP/IP vs OSI Model

- There are two network models :-
o One is the OSI model, and the other is the TCP/IP model.

OSI Model
- OSI (Open System Interconnection) model

- created by the International Organization for Standardization (ISO).

- The OSI model provides a framework for creating and implementing

networking standards and devices and describes how network
applications on different computers can communicate through the network
media.

- has seven layers

-
 - The layers are usually numbered from the last one, meaning that the
Physical layer.

Here is a brief description of each of the layers of the OSI model.

- Physical Layer – defines how to move bits from one device to another. It
details how cables, connectors, and network interface cards are supposed to
work and how to send and receive bits.
- Data Link Layer – encapsulates a packet in a frame. A frame contains a
header and a trailer that enable devices to communicate.
o A header (most commonly) contains a source and destination MAC
address. A trailer contains the Frame Check Sequence field, which
detects transmission errors. The data link layer has two sublayers:
o Logical Link Control – used for flow control and error detection.
o Media Access Control – used for hardware addressing and controlling
the access method.
- Network Layer – defines device addressing, routing, and path determination.
Device (logical) addressing is used to identify a host on a network (e.g. by its
IP address).
- Transport Layer – segments big chunks of data received from the upper
layer protocols. Establishes and terminates connections between two
computers. Used for flow control and data recovery.
- Session Layer – defines establishing and terminating a session between the
two systems.
- Presentation Layer – defines data formats. Compression and encryption are
defined at this layer.
- Application Layer – this layer is the closest to the user. It enables network
applications to communicate with other network applications.

The following table shows which protocols reside on which layer of the OSI
model:

o MIME (Multipurpose Internet Mail Extensions) is an

extension of the original Simple Mail Transport Protocol
(SMTP) email protocol. It lets users exchange different
kinds of data files, including audio, video, images and
application programs, over email.
- TLS/SSL
TLS: Transport Layer Security
TLS is an updated, more secure version of SSL. We still refer
to our security certificates as SSL because it’s a more common
term, but when you buy SSL from DigiCert, you get the most
trusted, up-to-date TLS certificates.
-
- What is SSL and why is it important?
- Secure Sockets Layer (SSL) certificates, sometimes called
digital certificates, are used to establish an encrypted
connection between a browser or user’s computer and a
server or website.
- SSL: SECURE SOCKETS LAYER
- SSL is standard technology for securing an internet
connection by encrypting data sent between a website
and a browser (or between two servers). It prevents
hackers from seeing or stealing any information
transferred, including personal or financial data.
- HTTPS: Hyper Text Protocol Secure
- HTTPS appears in the URL when a website is secured by
an SSL/TLS certificate. Users can view the details of the
certificate, including the issuing authority and the
corporate name of the website owner, by clicking the lock
symbol on the browser bar.
o NetBIOS (Network Basic Input/Output System) is a network
service that enables applications on different computers to
communicate with each other across a local area network (LAN).

o Point-to-Point Protocol (PPP) is a TCP/IP protocol that is used to

connect one computer system to another. Computers use PPP to
communicate over the telephone network or the Internet. A PPP
connection exists when two systems physically connect through
a telephone line.

o HDLC (High-level Data Link Control) is a group of protocols or

rules for transmitting data between network points (sometimes
called nodes). In more technical terms, HDLC is a bit-oriented,
 synchronous data link layer protocol created by the International
Organization for Standardization (ISO).

TCP/IP Model
- it describes general guidelines for designing and implementing computer
protocols. It consists of four layers: Network Access, Internet, Transport, and
Application:

The following picture shows the comparison between the TCP/IP

vs. OSI model:

- Network Access Layer – defines the protocols and hardware required to

deliver data across a physical network.
- Internet Layer – defines the protocols for logically transmitting packets over
the network.
- Transport Layer – defines protocols for setting up the level of transmission
service for applications. This layer is responsible for the reliable transmission
of data and the error-free delivery of packets.
- Application Layer – defines protocols for node-to-node application
communication and provides services to the application software running on a
computer.

Differences Between TCP/IP vs OSI Model

- The obvious difference in the number of layers.
- OSI model prescribes the steps needed to transfer data over a network, and it
is very specific in it, defining which protocol is used at each layer and how.
- The TCP/IP model is not that specific. It can be said that the OSI model
prescribes and TCP/IP model describes.
TCP/IP suite of protocols
- It provides an end-to-end connectivity by specifying how data should be
packetized, addressed, transmitted, routed and received on a TCP/IP
network.

- This functionality is organized into four abstraction layers.

- the Transmission Control Protocol (TCP) and the Internet Protocol (IP).

Some of the protocols included in the TCP/IP suite are:

- ARP (Address Resolution Protocol) – used to associate an IP address with
a MAC address.
- IP (Internet Protocol) – used to deliver packets from the source host to the
destination host based on the IP addresses.
- ICMP (Internet Control Message Protocol) – used to detects and reports
network error conditions. Used in ping.
- TCP (Transmission Control Protocol) – a connection-oriented protocol that
enables reliable data transfer between two computers.
- UDP (User Datagram Protocol) – a connectionless protocol for data transfer.
Since a session is not created before the data transfer, there is no guarantee
of data delivery.
- FTP (File Transfer Protocol) – used for file transfers from one host to
another.
- Telnet (Telecommunications Network) – used to connect and issue
commands on a remote computer.
- DNS (Domain Name System) – used for host names to the IP address
resolution.
- HTTP (Hypertext Transfer Protocol) – used to transfer files (text, graphic
images, sound, video, and other multimedia files) on the World Wide Web.

The following table shows which protocols reside on

which layer of the TCP/IP model:

Encapsulation in OSI and TCP/IP Models

- The term encapsulation is used to describe a process of adding headers and
trailers around some data. This process can be explained with the four-layer
TCP/IP model, with each step describing the role of the layer. For example,
here is what happens when you send an email using your favourite email
program (such as Outlook or Thunderbird):
1. the email is sent from the Application layer to the Transport layer.
2. the Transport layer encapsulates the data and adds its own header with its own
information, such as which port will be used and passes the data to the Internet layer
3. the Internet layer encapsulates the received data and adds its own header, usually
with information about the source and destination IP addresses. The Internet layer
than passes the data to the Network Access layer
4. the Network Access layer is the only layer that adds both a header and a trailer. The
data is then sent through a physical network link.

Here is a graphical representation of how each layer add its own

information:

Each packet (header + encapsulated data) defined by a particular layer has a

specific name:

 Frame – encapsulated data defined by the Network Access layer. A frame can have
both a header and a trailer.
 Packet – encapsulated data defined by the Network layer. A header contains the
source and destination IP addresses.
 Segment – encapsulated data as defined by the Transport layer. Information such
as the source and destination ports or sequence and acknowledgment numbers are
included in the header.

Cisco IOS Operating System Overview

- IOS (Internetwork Operating System) is a multitasking operating system
used on most Cisco Systems routers and switches.

- IOS has a command-line interface

- The IOS operating system is used to configure routing, switching,

internetworking and other features supported by Cisco IOS devices.

Accessing the Cisco IOS

There are three most common ways to access the Cisco IOS:

1. Console Access – this type of access is usually used to configure newly acquired
devices. These devices usually don’t have an IP address configured, and therefore
can not be accessed through the network. This port can be connected to a computer
using a rollover cable, a special type of cable with pins on one end and reversed on
the other end of the cable. The rollover cable is a serial cable, which means that you
can’t just plug it into an Ethernet port on your computer. You will need an adapter
that converts an interface on your computer (usually a 9-pin serial interface) into RJ-
45.
 2. Telnet Access -Telnet is a terminal emulation program that enables you to
access IOS through the network and configure the device remotely. The device that
is being configured needs to have a Telnet server installed and an IP address
configured.

Telnet uses a well-known TCP port 23. One of the biggest disadvantages of this
protocol is that it sends all data as clear text, which includes the passwords! This is
the reason why this type of access is usually not used anymore. Instead, SSH is
usually used.

3. SSH Access – like Telnet, this access type enables you to configure devices
remotely, but it adds an extra layer of security by encrypting all communications
using public-key cryptography. SSH uses the well-known TCP port 22.

IOS Modes

IOS has many different modes. There are three main modes and many sub-modes.
We will describe the three main modes and one sub-mode.

 User EXEC Mode – the default mode for the IOS CLI. This is the mode that a user is placed
in after accessing the IOS. Only basic commands (like ping or telnet) are available in this
mode.
 Privileged EXEC Mode – is accessed by typing the enable command from the user EXEC
mode. This mode can be password protected. In this mode, a user can view and change a
device’s configuration.
 Global Configuration Mode – this mode can be accessed by typing the configure
terminal command from the privileged EXEC mode. It is used to change the device’s
configuration.

A global configuration mode can have many sub-modes.

Ports on an IOS device

Cisco uses the term interface to refer to physical ports on an IOS device.

To display basic information about the device interfaces in IOS, use the show ip
interface brief command from the privileged exec mode.
Router#sh ip int brief
Interface IP-Address OK? Method Status
Protocol
FastEthernet0/0 192.168.0.1 YES manual
administratively down down
FastEthernet0/1 unassigned YES unset
administratively down down
Vlan1

Here is a brief description of each column:

 Interface – displays the type of the interface, in this case Fast Ethernet 0/0. The first
zero specifies the physical slot on the router, while the second zero specifies the port
number.
 IP-Address – displays the interface’s IP address.
 OK? – YES in this column signifies that the IP address is currently valid.
 Method – manual in this column means that the interface has been manually
configured. DHCP means that the interface has been configured using DHCP.
 Status – up indicates that the interface is administratively up.
 Protocol – up indicates that the interface is operational.

To configure a specific interface, use the interface TYPE SLOT/PORT command

from the global config mode. This puts us in the interface submode, where we can
configure various interface options:
Router(config)#interface f0/0

Router(config-if)#speed 100

By default, all ports on a Cisco switch are up and running as soon as you power-on
the device. This means that all you need is to connect your devices and the switch
and you are good to go. This isn’t the case with Cisco routers, however. You need
to manually enable each interface on a router with the no shutdown interface mode
command:
Router(config)#int f0/0

Router(config-if)#no shutdown

Auxiliary Port on a Cisco router

Most Cisco routers include an additional auxiliary (Aux) port as a backup async port.
This port is commonly used as a dial-up port for remote router management. It is
connected to a modem and enables an administrator to make a phone call to
connect to the router’s CLI.

The configuration of the aux port resembles the the console port configuration:
Router(config)#line aux 0

Router(config-line)#password cisco

Router(config-line)#login

Cisco Console Rollover Cable

A rollover cable is usually shipped with each Cisco device. This cable connects a
serial port on your computer to the console port of the device and it is used for the
device’s initial configuration.

Get help in IOS

You can use the question mark to display a list of commands available in the prompt
you are in:
Router#?

Exec commands:

<1-99> Session number to resume

auto Exec level Automation

clear Reset functions

clock Manage the system clock

configure Enter configuration mode

connect Open a terminal connection

copy Copy from one file to another

debug Debugging functions (see also 'undebug')

delete Delete a file

dir List files on a filesystem

disable Turn off privileged commands

disconnect Disconnect an existing network connection

enable Turn on privileged commands

erase Erase a filesystem

exit Exit from the EXEC

logout Exit from the EXEC

mkdir Create new directory

more Display the contents of a file

no Disable debugging informations

ping Send echo messages

reload Halt and perform a cold restart

--More--

If the output spans more than one page, press the spacebar to display the following
page of commands, or press Enter to go one command at a time. To quit the output,
press q.

To display only commands that start with a particular character or a string of

characters, type the letters and then press the question mark:
Router#de?
debug delete

In the picture above you can see that we’ve displayed all commands that start
with de.

If the command is more than one word long, you can use the question mark to
display the next command in a string:
Router#debug ?

aaa AAA Authentication, Authorization and Accounting

custom-queue Custom output queueing

eigrp EIGRP Protocol information

frame-relay Frame Relay

ip IP information

ipv6 IPv6 information

ntp NTP information

ppp PPP (Point to Point Protocol) information

standby Hot Standby Router Protocol (HSRP)

Router#debug eigrp ?

fsm EIGRP Dual Finite State Machine events/actions

packets EIGRP packets

In the picture above you can see that we’ve displayed all commands that can follow
the command debug. We then displayed all commands that can follow the
commands debug eigrp.

You can also autocomplete a command. Just type the first few characters and
press Tab. If there is only a single match, IOS will complete the command.

You don’t have to type an entire word to finish a command. Just can type just the
first letter or a couple of letters, and if there is only a single match, IOS will
understand what are you trying to accomplish. For example, you can type sh ip int
b instead of the longer version, show ip interface brief:
Router#sh ip int b

Interface IP-Address OK? Method Status

Protocol

GigabitEthernet0/0 unassigned YES NVRAM

administratively down down
GigabitEthernet0/1 unassigned YES NVRAM
administratively down down

GigabitEthernet0/2 192.168.0.1 YES manual up

down

Vlan1 unassigned YES NVRAM

administratively down down

Note that we were able to execute the command above because each set of
characters had only one match in the list of commands. If we’ve typed sh ip in
b instead, IOS would not have understood our intention:
Router#sh ip in b

% Ambiguous command: "sh ip in b"

Pipe character in IOS

OS supports the use of the pipe character (represented with the | character) to filter
the output of the show and more commands. The pipe function takes the output of
the command and sends it to another function, such as begin or include. This way,
you can filter the output to find the section of the output that interests you. Here are a
few examples:
R1#show running-config | begin interface

PIPE Feature & Commands in Cisco IOS

R1#sh run | ?
append Append redirected output to URL (URLs supporting append operation only)
begin Begin with the line that matches

exclude Exclude lines that match

include Include lines that match

redirect Redirect output to URL

section Filter a section of output

tee Copy output to URL

 Running and Startup Configuration
Cisco devices store commands in two configuration files:

 startup configuration
 running configuration

- A running configuration resides in a device’s RAM

- if a device loses power, all configured commands will be lost.

- A startup configuration is stored in the nonvolatile memory of a device, which

means that all configuration changes are saved even if the device loses
power.
- To copy your running configuration into the startup configuration you need to
type the command copy running-configuration startup-configuration.
- Router#copy running-config startup-config
- Destination filename [startup-config]?
- Building configuration...
- [OK]
- Router#

Transport Layer Explanation – Layer 4 of the

OSI Model
Did you ever wonder how the raw data (message) that the application from our
desktop is transmitted over the Internet? By using the OSI model as a reference, we
are able to understand how the raw data are transmitted from one host and received
from another end-hosts without error. The OSI model has seven (7) layers. In this
article, we will concentrate on Layer 4, which is the Transport Layer.

The upper layers, the Application Layer, Presentation Layer, and Session Layer, are
responsible for preparing and sending the raw data.

In contrast, the lower layers, the Network Layer, Data Link Layer, and Physical
Layer, are responsible for encapsulating the raw data by using headers so that the
network devices like routers and switches can understand and direct the traffic to the
right device.

Contributions of the Transport Layer on Data Transmission

Transport Layer is responsible for end-to-end communication over the network and
provides service to upper-layer protocols (application layer). Simply, it is responsible
for tracking the conversations (raw data) between multiple applications that are
passing through the network.
NOTE
Transport Layer provides the logical communication between applications that runs on different
hosts by simply adding a transport header on the raw data. The Protocol Data Unit (PDU) is now
called a Segment.

Networking devices, like routers and switches, and end devices, like desktops and
servers, have limitations on the amount of data that can be inserted in an IP packet.
Because of that, the Transport Layer segments and reassemble the data
(messages) between the sender and the receiver.

Whenever the hosts send a message into the network (internet), the Transport Layer
prepares and separates the raw data (message) into smaller pieces of data for
delivery. When received on the other hosts, the Transport Layer reassembles those
smaller pieces of data and sends them to the upper layers.

The Application Layer has a lot of protocols that recognize the function of each data.
Email traffic uses SMTP and POP3 protocols, while HTTP and HTTPS are the
protocols used for web browsing. Each protocol is formatted differently based on its
purpose.

If a different protocol is received on a specific application, then the application will

drop the data. If the web server is receiving an SMTP protocol, then the data will be
dropped as the web server is expecting to receive an HTTP or HTTPS protocol. The
role of the Transport Layer is to ensure that the data is transmitted and delivered to
the intended application.

Transport Layer Protocols – TCP and UDP

Every protocol uses a unique decimal number to ensure that the data is sent and
received on the intended application as it passes through the network or Internet.
The commonly used Transport Layer protocols responsible for message delivery
are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

TCP is a connection-oriented protocol which means it guarantees the delivery of the

message, while UDP is a connectionless protocol that sends the data without error
correction. Under the TCP and UDP are port numbers that are used to distinguish
the specific type of application. A specific port number is attached when sending the
data so that the data will be received exactly to the intended application. The below
diagram shows a segment in which the raw data is encapsulated by transport header
(source and destination port).

TCP (Transmission Control Protocol) Explained

One of the main protocols in the TCP/IP suite is Transmission Control Protocol
(TCP). TCP provides reliable and ordered delivery of data between applications
running on hosts on a TCP/IP network. Because of its reliable nature, TCP is used
by applications that require high reliability, such as FTP, SSH, SMTP, HTTP, etc.

TCP is connection-oriented, which means that, before data is sent, a connection

between two hosts must be established. The process used to establish a TCP
connection is known as the three-way handshake. After the connection has been
 established, the data transfer phase begins. After the data is transmitted, the
connection is terminated.

One other notable characteristic of TCP is its reliable delivery. TCP uses sequence
numbers to identify the order of the bytes sent from each computer so that the data
can be reconstructed in order. If any data is lost during the transmission, the sender
can retransmit the data.

Because of all of its characteristics, TCP is considered to be complicated and costly

in terms of network usage. The TCP header is up to 24 bytes long and consists of
the following fields:

 source port – the port number of the application on the host sending the data.
 destination port – the port number of the application on the host receiving the data.
 sequence number – used to identify each byte of data.
 acknowledgment number – the next sequence number that the receiver is expecting.
 header length – the size of the TCP header.
 reserved – always set to 0.
 flags – used to set up and terminate a session.
 window – the window size the sender is willing to accept.
 checksum – used for error-checking of the header and data.
 urgent – indicates the offset from the current sequence number, where the segment of non-
urgent data begins.
 options – various TCP options, such as Maximum Segment Size (MSS) or Window Scaling.

TCP three-way handshake

Since TCP is a connection-oriented protocol, a connection needs to be established
before two devices can communicate. TCP uses a process called three-way
handshake to negotiate the sequence and acknowledgment fields and start the
session. Here is a graphical representation of the process:

As the name implies, the three way handshake process consists of three steps:
1.
1. Host A initiates the connection by sending the TCP SYN packet to the destination
host. The packet contains the random sequence number (e.g. 5432) which marks
the beginning of the sequence numbers for data that the Host A will transmit.
2. The Server receives the packet and responds with its own sequence number. The
response also includes the acknowledgment number, which is Host A’s sequence
number incremented by 1 (in our case, that would be 5433).
3. Host A acknowledges the response of the Server by sending the acknowledgment
number, which is the Server’s sequence number incremented by 1.

Here is another picture with the numbers included:

After the data transmission process is finished, TCP will terminate the connection
between two endpoints. This four-step process is illustrated below:

1. The client application that wants to close the connection sends a TCP segment with
the FIN (Finished) flag set to 1.
2. The server receives the TCP segment and acknowledges it with the ACK segment.
3. Server sends its own TCP segment with the FIN flag set to 1 to the client in order to
terminate the connection.
4. The client acknowledges the server’s FIN segment and closes the connection.

UDP (User Datagram Protocol) Explained

One other important protocol in the TCP/IP site is User Datagram Protocol (UDP).
This protocol is basically a scaled-down version of TCP. Just like TCP, this protocol
provides delivery of data between applications running on hosts on a TCP/IP
network, but, unlike TCP, it does not sequence the data and does not care about the
 order in which the segments arrive at the destination. Because of this it is considered
to be an unreliable protocol. UDP is also considered to be a connectionless protocol,
since no virtual circuit is established between two endpoints before the data transfer
takes place.

Because it does not provide many features that TCP does, UDP uses much less
network resources than TCP. UDP is commonly used with two types of applications:

 applications that are tolerant of the lost data – VoIP (Voice over IP) uses UDP
because if a voice packet is lost, by the time the packet would be retransmitted, too
much delay would have occurred, and the voice would be unintelligible.
 applications that have some application mechanism to recover lost data –
Network File System (NFS) performs recovery with application layer code, so UDP is
used as a transport-layer protocol.

The UDP header is 8 bytes long and consists of the following fields:

Here is a description of each field:

 source port – the port number of the application on the host sending the data.
 destination port – the port number of the application on the host receiving the data.
 length – the length of the UDP header and data.
 checksum – checksum of both the UDP header and UDP data fields.

NOTE
UDP is a Transport layer protocol (Layer 4 of the OSI model).

IP header
An IP header is a prefix to an IP packet that contains information about the IP
version, length of the packet, source and destination IP addresses, etc. It consists of
the following fields:

Here is a description of each field:

 Version – the version of the IP protocol. For IPv4, this field has a value of 4.
 Header length – the length of the header in 32-bit words. The minumum value is 20
bytes, and the maximum value is 60 bytes.
 Priority and Type of Service – specifies how the datagram should be handled. The
first 3 bits are the priority bits.
 Total length – the length of the entire packet (header + data). The minimum length
is 20 bytes, and the maximum is 65,535 bytes.
 Identification – used to differentiate fragmented packets from different datagrams.
 Flags – used to control or identify fragments.
 Fragmented offset – used for fragmentation and reassembly if the packet is too
large to put in a frame.
 Time to live – limits a datagram’s lifetime. If the packet doesn’t get to its destination
before the TTL expires, it is discarded.
 Protocol – defines the protocol used in the data portion of the IP datagram. For
example, TCP is represented by the number 6 and UDP by 17.
 Header checksum – used for error-checking of the header. If a packet arrives at a
router and the router calculates a different checksum than the one specified in this
field, the packet will be discarded.
 Source IP address – the IP address of the host that sent the packet.
 Destination IP address – the IP address of the host that should receive the packet.
 Options – used for network testing, debugging, security, and more. This field is
usually empty.

Ports explained
- A port is a 16-bit number used to identify specific applications and services.
TCP and UDP specify the source and destination port numbers in their packet
headers and that information, along with the source and destination IP
addresses and the transport protocol (TCP or UDP), enables applications
running on hosts on a TCP/IP network to communicate.

- Applications that provide a service (such as FTP and HTTP servers) open a
port on the local computer and listen for connection requests. A client can
request the service by pointing the request to the application’s IP address and
 port. A client can use any locally unused port number for communication.
Consider the following example:

- In the picture above you can see that a host with an IP address of
192.168.0.50 wants to communicate with the FTP server. Because FTP
servers use, by default, the well-known port 21, the host generates the
request and sends it to the FTP server’s IP address and port. The host use
the locally unused port of 1200 for communication. The FTP server receives
the request, generates the response,and sends it to the host’s IP address and
port.

- Port numbers are from 0 to 65535. The first 1024 ports are reserved for use
by certain privileged services:
- NOTE
- The combination of an IP address and a port number is called a socket. In our example
the socket would be 192.168.0.50:1200.

- Unicast, Multicast, and Broadcast

Addresses
- There are three types of Ethernet addresses:

- 1. Unicast Addresses

- Unicast addresses represent a single LAN interface. A unicast frame will be

sent to a specific device, not to a group of devices on the LAN:

- The unicast address will have the value of the MAC address of the destination
device.
-

- 2. Multicast Addresses

- Multicast addresses represent a group of devices in a LAN. A frame sent to a

multicast address will be forwarded to a group of devices on the LAN:

- Multicast frames have a value of 1 in the least-significant bit of the first octet
of the destination address. This helps a network switch to distinguish between
unicast and multicast addresses. One example of an Ethernet multicast
address would be 01:00:0C:CC:CC:CC, which is the address used by CDP
(Cisco Discovery Protocol).

- 3. Broadcast Addresses

- Broadcast addresses represent all devices on the LAN. Frames sent to a

broadcast address will be delivered to all devices on the LAN:
-

- The broadcast address has the value of FFFF.FFFF.FFFF (all binary ones).
The switch will flood broadcast frames out of all ports except the port that it
was received on.

- Types of IP Addresses
- The IP addresses are divided into three different types, based on their
operational characteristics:

- 1. unicast IP addresses – an address of a single interface. The IP addresses

of this type are used for one-to-one communication. Unicast IP addresses are
used to direct packets to a specific host. Here is an example:

- In the picture above you can see that the host wants to communicate with the
server. It uses the (unicast) IP address of the server (192.168.0.150) to do so.
- 2. multicast IP addresses – used for one-to-many communication. Multicast
messages are sent to IP multicast group addresses. Routers forward copies
of the packet out to every interface that has hosts subscribed to that group
address. Only the hosts that need to receive the message will process the
packets. All other hosts on the LAN will discard them. Here is an example:

- R1 has sent a multicast packet destined for 224.0.0.9. This is an RIPv2

packet, and only routers on the network should read it. R2 will receive the
packet and read it. All other hosts on the LAN will discard the packet.

- 3. broadcast IP addresses – used to send data to all possible destinations in

the broadcast domain (the one-to-everybody communication). The broadcast
address for a network has all host bits on. For example, for the
network 192.168.30.0 255.255.255.0 the broadcast address would
be 192.168.30.255*. Also, the IP address of all 1’s (255.255.255.255) can be
used for local broadcast. Here’s an example:
 -

- R1 wants to communicate with all hosts on the network and has sent a
broadcast packet to the broadcast IP address of 192.168.30.255. All hosts in
the same broadcast domain will receive and process the packet.

- *This is because the subnet mask of 255.255.255.0 means that the last octet
in the IP address represents the host bits. And 8 one’s written in decimal is
255.

What is IPv4 Address and its Role in the

Network?
IPv4 or Internet Protocol version 4, address is a 32-bit string of numbers separated
by periods. It uniquely identifies a network interface in a device. IP is a part of the
TCP/IP (Transmission Control Protocol/Internet Protocol) suite, where IP is the
principal set of rules for communication on the Internet. An IP address is needed to
be allocated on the devices, such as PCs, printers, servers, routers, switches, etc.,
to be able to communicate with each other in the network and out the Internet.
IPv4 Address Format
IPv4 addresses are expressed as a set of four numbers in decimal format, and each
set is separated by a dot. Thus, the term ‘dotted decimal format.’ Each set is called
an ‘octet’ because a set is composed of 8 bits. The figure below shows the binary
format of each octet in the 192.168.10.100 IP address:

A number in an octet can range from 0 to 255. Therefore, the full IPv4 address space
goes from 0.0.0.0 to 255.255.255.255. The IPv4 address has two parts, the network
part and the host part. A subnet mask is used to identify these parts.

Network Part
The network part of the IPv4 address is on the left-hand side of the IP address. It
specifies the particular network to where the IPv4 address belongs. The network
portion of the address also identifies the IP address class of the IPv4 address.

For example, we have the IPv4 address 192.168.10.100 and a /24 subnet mask. /24
simply means that the first 24 bits, starting from the left side, is the network portion of
the IPv4 address. The 8 remaining bits of the 32 bits will be the host portion.

Host Part
The host portion of the IPv4 address uniquely identifies the device or the interface on
your network. Hosts that have the same network portion can communicate with one
another directly, without the need for the traffic to be routed.
 IPv4 Address Allocation
The Internet Protocol address can be allocated to hosts or interfaces either manually
or dynamically.

 Static – static IP address is set manually on the device. It is best practice to set
static IP addresses on network devices, such as routers and switches, and on
servers as well.
 Dynamic – dynamic IP address can be automatically allocated to a device via
Dynamic Host Configuration Protocol (DHCP). Dynamic IP addresses are best to be
used on end devices, such as PCs.

Types of IPv4 Addresses

We have two types of IP addresses, namely public IP addresses and private IP
addresses.

 Public IP address – used to route Internet traffic. This is used on the Internet and is
given out by Internet Service Providers (ISPs) to their customers.
 Private IP address – used in private networks for internal traffics within the LAN.
Private addresses are not routable out the Internet.

Converting the Decimal IP Address to Binary

IP addresses can be read in decimal or binary representation, but network devices
only understand the binary value. Therefore, we must understand how to convert a
decimal IP address to binary form.

Remember that IPv4 addresses are typically written in decimal digits, formatted as
four 8-bit fields separated by periods. Each 8-bit field, called an octet, represents a
byte of the IPv4 address.

Decimal Number
A decimal is a base 10 numbering system with which most of us are familiar. We use
ten different numerals to represent the decimal numbers from zero to nine. The
numerals are 0, 1, 2, 3, 4, 5, 6, 7, 8, and 9. Once we get to the number ten, there is
no numeral to represent this value, so we go one place value up from ones to tens
and so on and so forth.
Binary Number
Binary numbers are another number system mostly used to represent machine
language. Unlike the decimal number, a binary number system only has two
numerals to binary representations, which are numbers 1 and 0. The placeholder in
binary each has a value of, so Binary code is also known as the Base 2 Numbering
System.

20 = 1

21 = 2

22 = 4

So since there are only two numerals that represent a binary digit, a usual example
of it can be seen below.

11100101

0001100

11110100

Converting Decimal to Binary IP Address

Below is an example of an IPv4 address in dotted decimal format and its
corresponding binary format.
Understanding the IP address given in the example above, below are the
corresponding equivalent of the decimal numbers to binary.

192 = 11000000

168 = 10101000

32 = 00100000

47 = 00101111

The first thing to do in converting decimal to binary system is to understand the

corresponding decimal digits of the byte. As stated earlier, there are 8 bits in 1 byte,
and every bit corresponds to specific digits based on the most significant bit (MSB)
and the least significant bit (LSB).

Now we take the number 168, for example, and convert it to a binary number. To do
so, we must do a simple addition method of values based on the table above to get
the corresponding decimal number. Each 1’s should be added, and 0’s should be
disregarded.

Now, subtract the decimal value from the MSB value of the octet and continue the
process until you subtract the LSB value or your result is already zero. All the results
with a positive value or zero will be counted as a 1, subtracted to the next value, and,
if not, will be considered 0.
168 -128 = 40 (1)

40 – 64 = -24 (0)

40 – 32 = 8 (1)

8 – 16 = -8 (0)

8 – 8 = 0 (1)

0 – 4 = -4 (0)

0 – 2 = -2 (0)

0 – 1 = (0)

Once the difference is zero, the rest of the value up to the LSB shall be zero.
Therefore the binary equivalent of 168 is 10101000.

Subnet Mask Explained

An IP address is divided into two parts: network and host parts. For example, an IP
class A address consists of 8 bits identifying the network and 24 bits identifying the
host. This is because the default subnet mask for a class A IP address is 8 bits long.
(or, written in dotted decimal notation, 255.0.0.0). What does it mean? Well, like an
IP address, a subnet mask also consists of 32 bits. Computers use it to determine
the network part and the host part of an address. The 1s in the subnet mask
represent a network part, and the 0s a host part.

Computers work only with bits. The math used to determine a network range is
binary AND.

Let’s say that we have the IP address of 10.0.0.1 with the default subnet mask of 8
bits (255.0.0.0).
First, we need to convert the IP address to binary:

IP address: 10.0.0.1 = 00001010.00000000.00000000.00000001

Subnet mask 255.0.0.0 = 11111111.00000000.00000000.0000000

Computers then use the AND operation to determine the network number:
The computer can then determine the size of the network. Only IP addresses that
begins with 10 will be in the same network. So, in this case, the range of addresses
in this network is 10.0.0.0 – 10.255.255.255.
NOTE
A subnet mask must always be a series of 1s followed by a series of 0s.

Slash Notation
Aside from the dotted decimal format, we can also write the subnet mask in slash
notation. It is a slash ‘/’ then followed by the subnet mask bits. To determine the
slash notation of the subnet mask, convert the dotted decimal format into binary,
count the series of 1s, and add a slash on the start.

For example, we have the dotted decimal subnet mask of 255.0.0.0. In binary, it is
11111111.00000000.00000000.0000000. The number of succeeding 1s are 8,
therefore the slash notation of 255.0.0.0 is /8.

Classes of IP addresses
TCP/IP defines five classes of IP addresses: class A, B, C, D, and E. Each class has
a range of valid IP addresses. The value of the first octet determines the class. IP
addresses from the first three classes (A, B and C) can be used for host addresses.
The other two classes are used for other purposes – class D for multicast and class
E for experimental purposes.

The system of IP address classes was developed for the purpose of Internet IP
addresses assignment. The classes created were based on the network size. For
example, for the small number of networks with a very large number of hosts, the
Class A was created. The Class C was created for numerous networks with small
number of hosts.

Classes of IP addresses are:

For the IP addresses from Class A, the first 8 bits (the first decimal number)
represent the network part, while the remaining 24 bits represent the host part. For
Class B, the first 16 bits (the first two numbers) represent the network part, while the
remaining 16 bits represent the host part. For Class C, the first 24 bits represent the
network part, while the remaining 8 bits represent the host part.

Consider the following IP addresses:

 10.50.120.7 – because this is a Class A address, the first number (10) represents
the network part, while the remainder of the address represents the host part
(50.120.7). This means that, in order for devices to be on the same network, the first
number of their IP addresses has to be the same for both devices. In this case, a
device with the IP address of 10.47.8.4 is on the same network as the device with
the IP address listed above. The device with the IP address 11.5.4.3 is not on the
same network, because the first number of its IP address is different.
 172.16.55.13 – because this is a Class B address, the first two numbers (172.16)
represent the network part, while the remainder of the address represents the host
part (55.13). A device with the IP address of 172.16.254.3 is on the same network,
while a device with the IP address of 172.55.54.74 isn’t.

NOTE
The system of network address ranges described here is generally bypassed today by use of
the Classless Inter-Domain Routing (CIDR) addressing.

Special IP address ranges that are used for special purposes are:

 0.0.0.0/8 – addresses used to communicate with the local network

 127.0.0.0/8 – loopback addresses
 169.254.0.0/16 – link-local addresses (APIPA)
 Subnetting Explained
 Subnetting is the practice of dividing a network into two or more smaller
networks.

 It increases routing efficiency, enhances the security of the network, and

reduces the size of the broadcast domain.

 Consider the following example:

Consider the following example:

 In the picture above we have one huge network: 10.0.0.0/24. All hosts on the
network are in the same subnet, which has the following disadvantages:

 a single broadcast domain – all hosts are in the same broadcast domain. A
broadcast sent by any device on the network will be processed by all hosts, creating
lots of unnecessary traffic.
 network security – each device can reach any other device on the network, which
can present security problems. For example, a server containing sensitive
information shouldn’t be in the same network as the user’s workstations.
 organizational problems – in large networks, different departments are usually
grouped into different subnets. For example, you can group all devices from
the Accounting department in the same subnet and then give access to sensitive
financial data only to hosts from that subnet.

The network above could be subnetted like this:

Now, two subnets were created for different departments: 10.0.0.0/24 for Accounting
and 10.1.0.0/24 for Marketing. Devices in each subnet are now in a different
broadcast domain. This will reduce the amount of traffic flowing on the network and
allow us to implement packet filtering on the router.

CIDR (Classless inter-domain routing)

CIDR (Classless inter-domain routing) is a method of public IP address
assignment. It was introduced in 1993 by Internet Engineering Task Force with the
following goals:
 to deal with the IPv4 address exhaustion problem
 to slow down the growth of routing tables on Internet routers

Before CIDR, public IP addresses were assigned based on the class boundaries:

 Class A – the classful subnet mask is /8. The number of possible IP addresses is
16,777,216 (2 to the power of 24).
 Class B – the classful subnet mask is /16. The number of addresses is 65,536
 Class C – the classful subnet mask is /24. Only 256 addresses are available.

Some organizations were known to have gotten an entire Class A public IP address
(for example, IBM got all the addresses in the 9.0.0.0/8 range). Since these
addresses can’t be assigned to other companies, there was a shortage of available
IPv4 addresses. Also, since IBM probably didn’t need more than 16 million IP
addresses, a lot of addresses were unused.

To combat this, the classful network scheme of allocating the IP address was
abandoned. The new system was classsless – a classful network was split into
multiple smaller networks. For example, if a company needs 12 public IP addresses,
it would get something like this: 190.5.4.16/28.

The number of usable IP addresses can be calculated with the following formula:

2 to the power of host bits – 2

In the example above, the company got 14 usable IP addresses from the 190.5.4.16
– 190.5.4.31 range because there are 4 host bits and 2 to the power of 4 minus 2 is
14 The first and the last address are the network address and the broadcast
address, respectively. All other addresses inside the range could be assigned to
Internet hosts.

Create Subnets
There are a couple of ways to create subnets. In this article, we will subnet a class C
address 192.168.0.0 that, by default, has 24 subnet bits and 8 host bits.

Before we start subnetting, we have to ask ourselves these two questions:

1. How many subnets do we need?

2x = number of subnets. x is the number of 1s in the subnet mask. With 1 subnet bit,
we can have 21 or 2 subnets. With 2 bits, 22 or 4 subnets, with 3 bits, 23 or 8 subnets,
etc.

2. How many hosts per subnet do we need?

2y – 2 = number of hosts per subnet. y is the number of 0s in the subnet mask.

Subnetting Example
An example will help you understand the subnetting concept. Let’s say that we need
to subnet a class C address 192.168.0.0/24. We need two subnets with 50 hosts per
subnet. Here is our calculation:

1. Since we need only two subnets, we need 21 subnet bits. In our case, this means
that we will take one bit from the host part. Here is the calculation:

First, we have a class C address 192.168.0.0 with the subnet mask of 24. Let’s
convert them to binary:

192.168.0.0 = 11000000.10101000.00000000.00000000
255.255.255.0 = 11111111.11111111.11111111.00000000

We need to take a single zero from the host part of the subnet mask. Here is our
new subnet mask:

255.255.255.128 = 11111111.11111111.11111111.10000000

Remember, the ones in the subnet mask represent the network.

2. We need 50 hosts per subnet. Since we took one bit from the host part, we are left
with seven bits for the hosts. Is it enough for 50 hosts? The formula to calculate the
number of hosts is 2y – 2, with y representing the number of host bits. Since 27 – 2 is
126, we have more than enough bits for our hosts.

3. Our network will look like this:

192.168.0.0/25 – the first subnet has the subnet number of 192.168.0.0. The range
of IP addresses in this subnet is 192.168.0.0 – 192.168.0.127.

192.168.0.128/25 – the second subnet has the subnet number of 192.168.0.128.

The range of IP addresses in this subnet is 192.168.0.128 – 192.168.0.255.