Professional Documents
Culture Documents
Chapter 1.3 Fundwementals of Computer Networking
Chapter 1.3 Fundwementals of Computer Networking
CINS/F1-01
Chapter 1.3
Fundamental Networking Concepts Review
3
Hot Standby Router Protocol (HSRP)
• The majority of devices can store a single IP address for the default gateway.
if that gateway fails, They won’t be able to communicate outside of their
subnet.
• If the default gateway fails, you will have a major outage. So, that router is
a Single Point of Failure (SPoF). the router fails, the entire network will be
isolated.
• if a switch fails, the computers connected to it will be isolated. the switch is
not a Single Point of Failure. This is because their failure does not impact the
entire infrastructure, only part of it. However, in case you are connecting
servers in a data center, you want to connect a server to two switches at
least.
5
The Solution
6
How Hot Standby Router Protocol works?
• All these gateway routers exchange Hello messages at regular intervals (Default
timer 3 seconds and Default hold time 10 seconds) to remain aware of each
other's state and existence. If Primary router fails, Standby becomes active and
start responding to the ARP queries raised by LAN users.
• Group number can be any value from 0-255. Most Cisco Catalyst Multi layer
Switches support only up to 16 unique HSRP group numbers . If you configure
HSRP on Multi layer Switches, on VLAN interfaces, redundancy can only be
provided for on 16 VLANs as you can only use 16 unique group numbers. Solution
to this problem is to use same group number for all VLAN interfaces because
HSRP group numbers are locally significant to interfaces.
• The active/primary router is chosen based on highest HSRP priority (default
priority is 100). In case of a tie, the router with the highest configured IP address
becomes primary. A new router with a higher priority does not cause an election
unless it is configured to preempt—that is, take over from a lower priority router.
Configuring a router to preempt also ensures that the highest priority router regains
its active status if it goes down and comes back online again.
• Interface tracking reduces the active router’s priority if a specified link is down. This
enables the standby router to take over even though the active router is still up.
8
Hot Standby Router Protocol States
9
HSRP features include:
11
DNS
12
DNS Features:
Global Distribution
• Data is maintained locally, but retrievable globally
– No single computer has all DNS data
• DNS lookups can be performed by any device
• Remote DNS data is locally cachable to improve performance
Loose Coherency
• The database is always internally consistent
– Each version of a subset of the database (a zone) has a serial number
• The serial number is incremented on each database change
• Changes to the master copy of the database are replicated according to timing set
by the zone administrator
• Cached data expires according to timeout set by zone administrator
Scalability
• No limit to the size of the database
– One server has over 20,000,000 names
• Not a particularly good idea
• No limit to the number of queries
– 24,000 queries per second handled easily
• Queries distributed among masters, slaves, and caches 13
Reliability
• Data is replicated
– Data from master is copied to multiple slaves
• Clients can query
– Master server
– Any of the copies at slave servers
• Clients will typically query local caches
• DNS protocols can use either UDP or TCP
– If UDP, DNS protocol handles retransmission, sequencing, etc
Dynamicity
• Database can be updated dynamically
– Add/delete/modify of any record
• Modification of the master database triggers replication
– Only master can be dynamically updated
• Creates a single point of failure
14
DNS Concepts
• Fred.com
•gwu •ucb •cmu •bu •mit
• Fred.edu
•cs •ece
•cmcl • Fred.cmu.edu
• Fred.cmcl.cs.cmu.edu
• Fred.cs.mit.edu
DNS Design: Zone Definitions
•Complete Tree
Servers/Resolvers
•ns1.cmu.edu
•Local
•Client •DNS server
•DNS server •ns1.cs.cmu.edu
•DNS
•server
Top-level Domains (TLDs)
21
Bootstrap Protocol(BOOTP)
22
RARP ( Reverse Address Resolution Protocol)
• Operation
• UDP Ports
– BOOTP is the client’s use of the well-known port 68 instead of an transient
port
– if two hosts with same well-known port 68 use BOOTP at the same time in
case of broadcasting the reply, both hosts receive the message.
• In this case, transaction ID is used
• Using TFTP
– If a client needs more information for booting, the client can use the pathname
of a file sent by server which the client can find complete booting information.
– The client can then use a TFTP message to get the rest of the needed
information.
• Relay agent
– In case that does not include a BOOTP sever in each LAN, a remote BOOTP
server may serve several LANs
– If a client needs to be booted, it cannot reach the remote sever using the
broadcast address because an address of all 1s has only local jurisdiction.
– So, a relay agent is used to send local requests to remote severs
BOOTP (cont’d)
29
Dynamic Host Configuration Protocol (DHCP)
1. The DHCP server issues an active open command on UDP port number 67
and waits for a client
2. A booted client issues an active open command on port number 68.
3. The server responds with either a broadcast or a unicast message using
UDP source port number 67 and destination port 68
Client and server on two different networks
– DHCP request is broadcast because the client does not know the IP address
of server
• Broadcast IP datagram cannot pass through any router
– To solve above problem, one of the hosts can be used as a relay, called relay
agent.
• Relay agent knows the unicast address of a DHCP server
• Listen for broadcast message on port 67
33
• Packet Format
– To make DHCP backward compatible with BOOTP, it is only added a one-bit flag to the
packet.
– extra options have been added to the option field
– Flag :
• Let client specify a forced broadcast reply from the server
– Option :
• several options are added
– Ex - the value 53 for the tag subfield is used to define the type of interaction
between the client and server
– MAX : 312 bytes
• DHCP Options
34
DHCP Operation
40
Internet Control Message Protocol (ICMP)
additional information
or
0x00000000
42
ICMP Query message
• ICMP query:
45
Telnet
46
Telnet
Negotiated Options
• All Network Virtual Terminals(NVT) support a minimal set of capabilities.
• Some terminals have more capabilities than the minimal set.
• The 2 endpoints negotiate a set of mutually acceptable options (character set, echo
mode, etc).
• The protocol for requesting optional features is well defined and includes rules for
eliminating possible negotiation “loops”.
• The set of options is not part of the TELNET protocol, so that new terminal features
can be incorporated without changing the TELNET protocol
Option examples
• Line mode vs. character mode
• echo modes
• character set (EBCDIC vs. ASCII)
.
Control Functions
• All TELNET commands and data flow through the same TCP connection.
• Commands start with a special character called the Interpret as Command escape
character (IAC).
• The IAC code is 255.
• If a 255 is sent as data - it must be followed by another 255.
Looking for Commands
• Each receiver must look at each byte that arrives and look for IAC.
• If IAC is found and the next byte is IAC - a single byte is presented to the
application/terminal.
• If IAC is followed by any other code - the TELNET layer interprets this as a
command.
Command Codes
• IP 243 WILL 251
• AO 244 WON’T 252
• AYT 245 DO 253
• EC 246 DON’T 254
• EL 247 IAC 255
File Transfer Protocol(FTP)
• The File Transfer Protocol (FTP) is a standard Network Protocol used for the
transfer of data/files between client and server on a Network
• FTP is built on a client-server model architecture using separate control and data
connections between the client and the server.
• FTP users may authenticate themselves with a clear-text sign-in protocol,
normally in the form of a username and password, but can connect anonymously if
•applicatio
the server is configured to allow it. n
•transport
•network
Applications and Application-Layer Protocols •data link
• Application: communicating, distributed processes •physical
Creating
the data
connection
EXAMPLE
6 PORT 8888
150 (Data connection opens shortly) 7
8 LIST /usr/user/forouzan/reports
125 (Data connection OK) 9
List of files or directories 10
DATA
TRANSFER
• Bandwidth
• Some apps (e.g., multimedia) require minimum amount of
bandwidth to be “effective”
• Other apps (“elastic apps”) make use of whatever bandwidth they
get
Trivial File Transfer Protocol(TFTP)
– Read request
– Write request
– Data
– ACK (acknowledgment)
– Error
Error Types and Meaning
Data Connection
TFTP example
Internet datagram
61
Internet datagram
•Source IP address
•Destination IP address
•IP Options (if any) •Padding
•Data
•…
IP datagram format (cont.)
63
IP Fragmentation
• How do we send a datagram of say 1400 bytes through a link that has a Maximum
Transfer Unit (MTU) of say 620 bytes?
• the datagram is broken into fragments
•Net 1 •Net 3
•Net 2
•MTU=1500 •MTU=1500
•MTU=620
64
Fragmentation Control
65
Fragment series composition
•Offset=0
•More frags •Offset=1480 •Offset=2960 •Offset=3440
•More frags •More frags •Last frag
•NB. If data segment contains its own header that is not replicated
IP Access Lists
• Access-list (ACL) is a set of rules defined for controlling the network traffic
and reducing network attacks. ACLs are used to filter traffic based on the set
of rules defined for the incoming or out going of the network. These are the
Access-list which are made using the source IP address only
• Access lists are used to control and manage access of interesting and non
interesting traffic.
• Access lists are powerful tools for controlling access both to and from network
segments.
• They can filter uninteresting packets and be used to implement security policies.
• Using the right combination of access lists, network managers will be armed with
the power to enforce nearly any access policy they can invent.
• After the lists are built, they can be applied to either inbound or outbound traffic on
any interface.
• By applying access lists can effect router to analyze each packet by crossing the
interface at specific direction and also take action.
67
Basic Rules for IP Access Lists
• It's always compared with each line of the access list in sequential order, it mean
that it will always start with line 1, then go to line 2, then line 3, and so on.
• It is compared with lines of the access list only until a match is made. Once the
packet matches a
• line of the access list, no further comparisons take place.
• "deny all" is used to end of each access list. This means that if a packet doesn't
match up to any statement of the access list, it'll be discarded.
68
Types of IP Access Lists
• Standard access lists: The standard IP access lists use only the source IP
address in an IP packet to filter the network. This basically permits or denies an
entire protocol suite.
• Extended access lists: The extended access lists check for source and
destination IP address, protocol field in the layer 3 header, and port number at the
layer 4 header.
69
• R1(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
<1100-1199> Extended 48-bit MAC address access list
<1300-1999> IP standard access list (expanded range)
<200-299> Protocol type-code access list
<2000-2699> IP extended access list (expanded range)
<700-799> 48-bit MAC address access list
dynamic-extended Extend the dynamic ACL absolute timer
rate-limit Simple rate-limit specific access list
70
• R1(config)#access-list 1 ?
deny Specify packets to reject
permit Specify packets to forward
remark Access list entry comment
71