Professional Documents
Culture Documents
Networking Basics
Networking Basics
LAN Technologies
NETWORKING
TYPESPHYSICAL TOPOLOGIES CABLING LOGICAL TOPOLOGIESNETWORK PROTOCOLSNETWORK HARDWARE
LAN Linear Classification Ethernet OSI model Hubs, Switches
MAN Star Coaxial Token Ring TCP/IP Repeaters, Bridges
WAN Ring Twisted Pair FDDI IPX Routers, Brouters
CAN Tree Fiber Optic ATM NetBIOS/NetBEUI Gateway
TAN Mesh
DDEFINITIONS: A NETWORK consists of two or more computers that are linked in order to
share resources (such as printers and CD-ROMs), exchange files, or allow electronic
communications. The computers on a network may be linked through cables, telephone lines,
radio waves, satellites, or infrared light beams.
When any one of these computers are connected to a LAN they are referred to as a
WORKSTATION. All computing devices on a network; workstations, printers, etc., are referred
to as NODES.
When connecting a workstation, the interface hardware is referred to as an ADAPTER.
Networking adapters are also commonly referred to as NETWORK INTERFACE CARDS or NICS.
Page 1 of 102
Internet ,Intranet and Extranet Technologies
A hub (which acts as the traffic cop on your small information highway. The hub acts as
a switch to route information from one terminal to another through the use of cables.
an interface card (hardware in each computer that connects to the hub)
a server (the central storage computer for information).
special cabling
computers, printers, scanners, etc.
Page 2 of 102
Internet ,Intranet and Extranet Technologies
Local Area Network (LAN): A Local Area Network (LAN) is a network that is confined
to a relatively small area. It is generally limited to a geographic area such as a writing lab, school,
or building. Rarely are LAN computers more than a mile apart.
Metropolitan Area Network (MAN): A Metropolitan Area Network (MAN) covers larger
geographic areas, such as cities or school districts. By interconnecting smaller networks within a
large geographic area, information is easily disseminated throughout the network. Local libraries
and government agencies often use a MAN to connect to citizens and private industries.
Wide Area Network (WAN): Wide Area Networks (WANs) connect larger geographic
areas, such as Florida, the United States, or the world. Dedicated transoceanic cabling or satellite
uplinks may be used to connect this type of network.
CAN: Campus Network
TAN: Tine Area Networks are 2 - 3 computers networked at home or in a small business.
NETWORK TOPOLOGIES
PHYSICAL TOPOLOGIES
1. LINEAR BUS
A linear bus topology or 10BASE2 bus topology consists of a main run of cable with a
terminator at each end. All nodes (file server, workstations, and peripherals) are connected to the
linear cable. ETHERNET AND LOCALTALK networks use a linear bus topology. Networking is
simple. The network may have or hub or not.
Page 3 of 102
Internet ,Intranet and Extranet Technologies
DISADVANTAGES
2. STAR TOPOLOGY
A star topology is designed with each node (file server, workstations, and peripherals) connected
directly to a central network hub or concentrator. A concentrator is a device that provides a
central connection point for cables from workstations, servers, and peripherals. Most
concentrators contain the ability to amplify the electrical signal they receive.
Page 4 of 102
Internet ,Intranet and Extranet Technologies
DISADANTAGES
Requires more cable length than a linear topology. If the hub or concentrator fails, nodes
attached are disabled.
More expensive than linear bus topologies because of the cost of the concentrators.
This configuration is common with twisted pair cable; however, it can also be used with coaxial
cable or fiber optic cable. A simple star topology is also used for 10BASE-T ETHERNET
networks.
Page 6 of 102
Internet ,Intranet and Extranet Technologies
A Token ring using Unshielded twisted pair in star or modified star transfers at 4 Mbps.
A Token Ring configuration using shielded twisted pair in star or modified star configuration
transfers at 4 or 16 Mbps. A local Ring Hub allows four-node connections on one MAU port cable.
64 - 72 (max.) nodes are recommended per ring for optimal performance. A double ring may
have a maximum of 12 MAU's, each which can support 8 nodes. THe maximum distance between
MAU and workstation is 45 m.; MAU to MAU is 120 m.
In difference, FDDI (FIBER DISTRIBUTED DATA INTERFACE), pronounced fid-ee, also uses
A COMPLEX token ring topology. FDII networks run on optical fiber cables instead of copper
cabling. It's similar to Token Ring but can be connected to 2 MAUS so if one fails, the other can
work. The FDDI has an added alternate ring. If a break occurs in either ring, it automatically
reroutes the data transmission to the alternate ring. This ring supports speeds up to 100 Mbps.
Has become the defacto high speed backbone. Maximum stations are 1000. THe distance
limitation is 2 miles.
4. TREE TOPOLOGY
A tree topology combines characteristics of linear bus and star topologies. It consists of groups of
star-configured workstations connected to a linear bus backbone cable. Tree topologies allow for
the expansion of an existing network, and enable schools to configure a network to meet their
needs.
DISADVANTAGES
5-4-3 RULE: A consideration in setting up a tree topology using Ethernet protocol is the 5-4-3
RULE. One aspect of the Ethernet protocol requires that a signal sent out on the network cable
reach every part of the network within a specified length of time. Each concentrator or repeater
that a signal goes through adds a small amount of time.
This leads to the rule that between any two nodes on the network there can only be a
Page 7 of 102
Internet ,Intranet and Extranet Technologies
maximum of 5 segments
connected through 4 repeaters/concentrators.
In addition, only 3 of the segments may be populated (trunk) segments if they are
made of coaxial cable. A populated segment is one which has one or more nodes attached to it.
This rule does not apply to other network protocols or Ethernet networks where all fiber optic
cabling is used.
2. MESH TOPOLOGY
CABLING
XBaseX classification: 10BaseT, 100BaseT and 10Base2 are networking standards and there
are others.
With Broadband, the total bandwith of the cabling is divided and there will be many signals
traveling through the cabling at a time. Broadband is analog. Broadband signals can travel father
then Baseband.
The last portion is an indication of wire type and the approximate distances involved
or the type of cabling.
TYPES OF CABLE
Coaxial
Twisted-Pair
Page 9 of 102
Internet ,Intranet and Extranet Technologies
Fiber
802.1 Internetworking
802.2 Logical Link Control (LLC)
802.3 CSMA/CD LANs (Ethernet)
802.4 Token Bus LAN
802.5 Token Ring LAN
802.6 MAN
802.7 Broadband Technical Advisory Groups
802.8 Fiber Optic Technical Advisory Group
802.9 Integrated Voice and Data Networks
802.10 Network Security
802.11 Wireless Network, etc.
1. COAXIAL CABLE
Following the IEEE 802.3 Standard, coaxial cable is used for 10BASE2 (thin-net, CheaperNet)
and 10BASE5 (thick-net) networking. No concentrator is needed. 10BASE2 is not the most
reliable cabling. 10BASE2 and 10BASE5 are used in a LINEAR BUS topology.
Page 10 of 102
Internet ,Intranet and Extranet Technologies
Page 11 of 102
Internet ,Intranet and Extranet Technologies
10Base5 wire is connected not by BNC connectors but by AUI connectors. AUI connectors are
a DB15 connector, that is, a D-shaped plug with 15 pins. These look just like RS-232 modem
connectors, only about half as broad. These are common on equipment such as routers.
AUI Connector
10Base5 cable may also be connected by a vampire connector with clamps holding the cable in place. A
vampire tap is a connection to a coaxial cable in which a hole is drilled through the outer shield of the cable so
that a clamp can be connected to the inner conductor of the cable. This cable connection is made with a unit
Page 13 of 102
Internet ,Intranet and Extranet Technologies
that clamps onto and "bites" into the cable, hence the vampire name.
Vampire Connectors
Coaxial and SHIELDED TWISTED PAIR (STP) have a copper braid of foil that offers good
resistance to electrical noise, but the extra foil creates a larger, thicker cable, making it difficult
to pull the cable through conduit and walls during installation. UNSHIELDED TWISTED PAIR
(UTP) does not contain this aluminum shielding and is thinner and therefore easier to install. It
offers less resistance to electrical noise.
STP is used in Token Ring, ARCnet and Appletalk networks. UTP is used in Star Topologies.
Unshielded Twisted Pair(UTP) is the next step up from Coaxial. TP cabling is a cable made up of
four pairs of insulated copper wires. UTP are 8 copper conductor, four pair wires.
Page 14 of 102
Internet ,Intranet and Extranet Technologies
RJ45 connectors are fitted on each end of the cable. They resemble a normal telephone plug
(RJ11) with the exception of eight pins rather than four. The RJ45 cable connects to a
NETWORK PATCH PANEL which is connected to the hub. The RJ45 is an 8 wire (4 pair) media
connector.
DIRECTIONS: If at this point you have not made any patch cables, proceed to the crimpers, UTP cable, RJ45's and
follow the directions "On Putting Together Patch Cables".
Page 15 of 102
Internet ,Intranet and Extranet Technologies
UTP (Unshieded Twisted Pair) is most commonly used in Category Three (CAT3) or Category
Five (CAT5). The difference between the ratings is the number of twists per inch. Higher is
better. CAT5 is probably the most commonly seen and used. It is inexpensive, reliable, easy to
maintain and expand.
COATING ON CABLES: Cable through the ceilings must be plenum-rated and riser-rated
and capable of withstanding environmental and fire conditions(riser) without giving off toxic
gases(plenum) when it burns. PVC rated is the least expensive but highly flammable.
Standard IEEE 802.8. Rather than using electrical impulses over wire, optical fiber transmits
data using pulses of light. It is expensive to install and maintain. The average network
administrator lacks the expertise to terminate each end. Fiber can carry data as high as 622
megabits per second. Fiber is not affected by EMI like copper cable and does build up a
magnetic field to allow crosstalk. It is very light-weight compared to copper-based cable.
LOGICAL TOPOLOGIES
A protocol is a set of rules that governs the communications between computers on a network. These rules include
guidelines that regulate the following characteristics of a network: access method, allowed
physical topologies, types of cabling, and speed of data transfer. Logical topologies instruct
the hardware how to packet and transmit data across a physical topology.
1. ETHERNET
The Ethernet protocol is by far the most widely used. The Ethernet protocol allows for linear
Page 16 of 102
Internet ,Intranet and Extranet Technologies
bus, star, or tree topologies. Data can be transmitted over twisted pair, coaxial, or fiber optic
cable at speeds of 10 Mbps.
5-4-3 RULE
925m
(3035 ft.)
Thin
607 ft. 1024 workstations NICs with
Ethernet 30 Workstations per 50-ohm resistor
(185 m) Bus 2 per network built-in BNC To earth
(10Base2) trunk (both ends)
10 Mbps transceivers
COAXIAL
minimum cable
length between
workstations 20"
Shielded
328 ft. Central hub
(STP) None
(100 m) Token Ring 3 500m managed or
10Base-T needed
16 - 155 Mbps unmanaged
TWISTED
PAIR
1023 workstations
without bridging
5-4-3 RULE
Unshielded 328 ft.
Central hub
(UTP) (100 m) Workstations only None
Star 3 500m managed or
10Base-T 10 Mbps 328 ft. from needed
unmanaged
TWISTED Speed concentrator
PAIR
minimum cable
legnth between
stations 8 ft.
1023 workstations
without bridging
5-4-3 RULE
Unshielded 328 ft.
Central hub
(UTP) (100 m) Workstations only None
Star 3 500m managed or
100Base-T 100 Mbps 328 ft. from needed
unmanaged
TWISTED Speed concentrator
PAIR
minimum cable
legnth between
stations 8 ft.
Page 17 of 102
Internet ,Intranet and Extranet Technologies
Gbps
100BASE-T4 20 m.
Page 18 of 102
Internet ,Intranet and Extranet Technologies
2. TOKEN RING
Uses IEEE Standard 802.5, Token Ring is very different from Ethernet. In token ring a single packet is passed around the network.
Every computer waits its turn. There are no collisons. Token Ring has the same bandwidth as Ethernet. Too many computers result in
network slowness. FDDI is a faster Token Ring configuration (as described above).
NETWORK PROTOCOLS
On top of the Logical Topologies are protocols. Protocols handle the translation of data from applications to the logical topology.
THe OSI model explain how a network should work. The lower the level the less abstract and more concrete the layer is. Each layer
communicates only with the layer above or below it while moving data.
This handy mnemonic will help you keep the layers in proper order:
7. All Application
6. People Presentation
5. Seem Session
4. To Transport
3. Need Network
1. Processing Physical
Page 19 of 102
Internet ,Intranet and Extranet Technologies
Page 20 of 102
Internet ,Intranet and Extranet Technologies
Page 21 of 102
Internet ,Intranet and Extranet Technologies
Page 22 of 102
Internet ,Intranet and Extranet Technologies
Page 23 of 102
Internet ,Intranet and Extranet Technologies
Class C Addresses: 192.0.0.X - 223.255.255.X
The first three octets identify the network, and the last octet is the node.
CLASS C
DEFAULT SUBNET MASK = 255.255.255.0
11111111.1111111111111111100000000
The DNS breaks addresses into groups and gives each level the responsibility for the levels under
them. Each level is called a domain. A period separates each domain name from the next one. The
right most portion of the address identifies the top level domain name which references the
organization type. The following table lists commonly used domain names:
Two services that the TCP/IP protocol uses to resolve domain name to IP adresses are
HOST FILE : a test file that is kept on the local machine and contains a list
of other hosts and IP numbers. The domain name resolver goes to this text field first.
Page 24 of 102
Internet ,Intranet and Extranet Technologies
DNS Server: Every company has a DNS server that workstations may
consult for a name to IP address resolution. THE DNS server contains FQDN (Fully Qualified
Domain Names) to IP address matches. This database contains entries for every host within the
organization. Only one DNS server will keep the master database.
LMHosts - WINS: A LMHost file resolves a NetBIOS name to an IP
address. The file must be installed and kept up to date on each machine. The WINS server is a
database that keeps track of IP addresses and NetBIOS names. The WINS server is dynamic in its
configuration and updates.
TROUBLESHOOTING TCP/IP UTILITIES:
PING: The ping command is used to test connectivity to a host. It is a loop-
back address. You can also Ping an address on the other side of your router to test the default
gateway.
To check if you have a path to an Internet host, enter the Ping command and the host's IP address at
the command line, as in the following example:
PING 204.32.23.67
NOTE: You can also use Ping with the DNS name of the host, such as www.wavetech.com.
TRACERT:This utility allows you to find the route used between you and the
remote computer host. For example, say that you are having trouble reaching a host named
www.yahoo.com. Type the following command at the command prompt:
TRACERT WWW.yahoo.com
Page 25 of 102
Internet ,Intranet and Extranet Technologies
IPX stands for Internet Packet Exchange. It is a Novell NetWare designed transport protocol. Novell
Netware is an operating system made of FAT and DET(Directory Entry Table). Performs addressing
and routing functions. Resides in the NETWORK layer. Requires some configuration. Requires the
administrator to uniquely assign a network or cable segment address.
Stands for Network Bios Input Output Sustem and Network Advanced User Interface. Microsoft
designed this protocol for fast packet delivery in a small network without much configuration. It is not
routable, but operates on the NETWORK and TRANSPORT layers of the OSI model.
NETWORK HARDWARE
More than any feature, network hardware may determine the speed,
quality and performance of a network.
Hubs
Hub
Page 26 of 102
Internet ,Intranet and Extranet Technologies
Stackable Hub
Modular Hub
SWITCHES
Repeater
Page 27 of 102
Internet ,Intranet and Extranet Technologies
Transceiver
Bridge
Routers
A router is like super-intelligent bridge. They can link multiple LANs and
look deeper into the data packet to determine its destination. Routers
not only know the addresses of the computers on the network
but are aware of all the other bridges and routers on the
network and can decide the most efficient path in which to send
data. The router uses a routing table of network addresses to
determine where to forward the packet.When a router receives data, it
discards the outer packet or frame or MAC address, repackages the data
Page 28 of 102
Internet ,Intranet and Extranet Technologies
with network address, and retransmits the signal. By stripping off the
outer layers of data before sending a packet, the total number of bits
moving across the network is reduced. The router at the receiving end
then repackages the data into a packet of frame that is appropriate for
its network. There are ROUTABLE and NON-ROUTABLE protocols.
Brouters
Gateways
Keys To Remember:
Bridge: Links two subnets (networks) that use the same media and
protocol. May control data traffic and speed.
Page 29 of 102
Internet ,Intranet and Extranet Technologies
FAULT TOLERANCE
RAID Levels
FAULT TOLERANCE
RAID Levels
Internet Resources:
This layer supports application and end-user processes. Communication partners are
identified, quality of service is identified, user authentication and privacy are
Application considered, and any constraints on data syntax are identified. Everything at this layer is
(Layer 7) application-specific. This layer provides application services for file transfers, e-mail,
and other network software services. Telnet and FTP are applications that exist entirely
in the application level. Tiered application architectures are part of this layer.
This layer provides independence from differences in data representation (e.g.,
Presentationencryption) by translating from application to network format, and vice versa. The
presentation layer works to transform data into the form that the application layer can
(Layer 6) accept. This layer formats and encrypts data to be sent across a network, providing
freedom from compatibility problems. It is sometimes called the syntax layer.
This layer establishes, manages and terminates connections between applications. The
Session session layer sets up, coordinates, and terminates conversations, exchanges, and
(Layer 5) dialogues between the applications at each end. It deals with session and connection
coordination.
Transport This layer provides transparent transfer of data between end systems, or hosts, and is
responsible for end-to-end error recovery and flow control. It ensures complete data
(Layer 4) transfer.
This layer provides switching and routing technologies, creating logical paths, known as
Network virtual circuits, for transmitting data from node to node. Routing and forwarding are
(Layer 3) functions of this layer, as well as addressing, internetworking, error handling,
congestion control and packet sequencing.
At this layer, data packets are encoded and decoded into bits. It furnishes transmission
protocol knowledge and management and handles errors in the physical layer, flow
Data Link control and frame synchronization. The data link layer is divided into two sublayers:
The Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. The
(Layer 2) MAC sublayer controls how a computer on the network gains access to the data and
permission to transmit it. The LLC layer controls frame synchronization, flow control
and error checking.
This layer conveys the bit stream - electrical impulse, light or radio signal -- through the
Physical network at the electrical and mechanical level. It provides the hardware means of
(Layer 1) sending and receiving data on a carrier, including defining cables, cards and physical
aspects. Fast Ethernet, RS232, and ATM are protocols with physical layer components.
Page 31 of 102
Internet ,Intranet and Extranet Technologies
WAN Technologies
Q-1: What is HDLC Protocol?
Ans: HDLC (High-Level Data Link Control,) uses zero insertion/deletion process [bit
stuffing] to ensure that the bit pattern of the delimiter flag does not occur in the fields
between flags. The HDLC frame is synchronous and therefore relies on the physical layer to
provide method of clocking and synchronizing the transmission and reception of frames.
Page 32 of 102
Internet ,Intranet and Extranet Technologies
Q-3: What Point-to-Point Protocol Frame Encapsulation?
Ans: Point-to-Point Protocol Frame Encapsulation: Point-to-Point Protocol [PPP] is used in
transporting multi-protocol datagram over point-to-point links. PPP is capable of operating
on many DTE/DCE interfaces (such as, RS-232C, RS-422, RS-423 or V.35). PPP is used with
full-duplex circuits [dedicated or circuit-switched] operating in either an asynchronous
(start/stop), bit-synchronous, or octet-synchronous mode, transparent to PPP Data Link
Layer frames. PPP does not require the use of control signals, such as Request to Send (RTS),
Clear to Send (CTS), Data Carrier Detect (DCD), and Data Terminal Ready (DTR). For
asynchronous links, inter-octet and inter-frame time fill MUST be accomplished by
transmitting continuous "1" bits.
The protocol is similar to that of an X.25 network, except all circuits are permanently
assigned. What is a circuit? A circuit is a link between user end points. In frame relay and
X.25 networks, circuits are known as "permanent virtual circuits", or PVC's. The circuits are
known as virtual because they are not electrical circuits where there is a direct electrical
connection from end to end. Rather, there is a "logical" connection, or virtual connection,
where the user data moves from end to end, but without a direct electrical circuit.
Frame relay relies on the customer equipment to perform end to end error correction. Each switch
inside a frame relay network just relays the data (frame) to the next switch. X.25, in contrast, performs
error correction from switch to switch. The networks of today are sufficiently error free to move the
burden of error correction to the end points. Most modern protocols do error correction anyway,
protocols such as SDLC, HDLC, TCP/IP, stat mux protocols, etc.
Page 33 of 102
Internet ,Intranet and Extranet Technologies
Because frame relay passes blocks of data from switch to switch without error correction,
propagation from customer end to customer end through the network is very fast.
Propagation time in a DCB mux test at Wiltel (LDDS WorldCom) indicated a 70 millisecond
round trip delay from Tulsa, Oklahoma to New York City and back. This is equal to or less
than the propagation time through 9600 bps modems over the same distance. Similar
propagation times have been measured by DCB over Sprint, AT&T and MCI frame relay
networks. An X.25 network would experience a delay of a least one half second, and
probably a second or more for the same distance.
Page 34 of 102
Internet ,Intranet and Extranet Technologies
The Control Field indicates the type of Information that is being sent as Data. It identifies the
purpose of the packet as Data or Control information, and may also indicate the size of the
packet and Data.
The Data Field is the actual information being transmitted. It can contain Control
Information for handshaking, or actual Data used by applications.The CRC [Cyclic
Redundancy Checking] or FCS [Frame Check Sequence] contains an error checking number
that the Destination can use to verify that the packet is error free.
The End Frame Delimiter has a specific bit pattern. This bit pattern identifies the end of the
packet to the Destination. Protocols with fixed packet size may not require an End Frame
Delimiter.For some physical interfaces [SDH or SONET] after the data as been encapsulated
into the frame it must still be scrambled before being sent to the physical layer [from the Link
layer].
Q-7: What are Permanent Virtual Circuits and Switched Virtual Circuits?
Ans: PVC's contrast with Switched Virtual Circuits (SVC). A connection to a network that
allows connection and disconnection to various points is a switched virtual circuit. Circuits
that are routed through software switching devices like X.25 pads and frame relay networks
are virtual. A hard wired connected in a plain old circuit, not a virtual circuit.
In the above example, the Chicago host location might be a single 56or 64 Kbps line into a
DCB SRX-32 frame relay host mux. At each remote location there might be an SPL-08
Page 35 of 102
Internet ,Intranet and Extranet Technologies
multiplexer. The DLCI numbers are not necessarily assigned in any order by the carrier,
although it is commonly done.
The above example illustrates that DCLI numbers have significance at the user's end point
only. Chicago has 4 addresses, 16, 17, 18 and 19. At each remote, each location has the same
number 16. The telephone company providing the frame relay service has a frame relay
switch that translates the addresses. When these permanent virtual circuits are established,
the relationship of the physical ports is mapped and then assigned DLCI numbers
A principal attribute of ATM is that it is equally suitable for departmental and campus local
area networks, metropolitan area networks and wide area networks. The term "ATM" is used
to describe what was earlier known as the Broadband Integrated Services Digital Network
(B-ISDN), having been adopted by the internetworking and computer industry, as well as by
the world press, to designate what is actually a combination of technologies and services.
Page 36 of 102
Internet ,Intranet and Extranet Technologies
The UNI exists between a single end user and a public ATM network, between a single end
user and a private ATM switch, or between a private ATM switch and the public ATM
network of an RBOC.
The NNI exists between switches in a single public ATM network. NNIs may also exist
between two private ATM switches.
The ICI is located between two public ATM networks (an RBOC and an inter exchange
carrier).
All of these interfaces are very similar. The major differences between these types of
interfaces are administrative and signaling related. The only type of signaling exchanged
across the UNI is that required to set up a VIRTUAL CHANNEL for the transmission.
Communication across the NNI and the ICI will require signaling for virtual-path and
virtual-channel establishment together with various exchange mechanisms for the exchange
of information such as routing tables, etc.
The network functions as follows: End User 1 in Chicago wishes to transfer a data file to End
User 2 in Los Angeles. A virtual channel is created and a virtual path is established from
switch to switch within the public ATM network in Chicago (ATM Network 1). The Chicago
Page 37 of 102
Internet ,Intranet and Extranet Technologies
RBOC, in turn, establishes contact with the public ATM network in Los Angeles (ATM
Network 2).
ATM Network 2 also establishes a virtual path from switch to switch within the network and
with the Private ATM Switch at the destination. The private ATM network completes the
virtual path by establishing a virtual channel with End User 2.
At each interface in this network, a unique virtual path identifier (VPI) and virtual channel
identifier (VCI) are established for this transmission. These identifiers are of local significance
ONLY: the identifier is significant only for a specific switch and the two nodes adjacent to it
in the virtual path. Each node within the virtual path (including both the end users and the
switches) maintain a pool of inactive identifiers to be used as needed.
End User 2 encapsulates the file in 53-byte cells, each with its unique VPI/VCI "destination
address" in the header. These cells are streamed and sent across the UNI to the ATM network
switch. This switch reads the ATM header, consults the routing table created during the
virtual path setup, changes the VPI/VCI as necessary, and sends each cell in the stream out of
the appropriate port and across the NNI to the next switch in the virtual path.
The last switch within the virtual path for ATM Network 1 repeats this process and sends the
cell out through the ICI to ATM Network 2.
ATM Network 2 continues the process in a similar manner until the cell is carried through
the UNI to the Private ATM Switch which, in turn, sends the cell to End User 2. End User 2
then reconstructs the file from the sequential cells, stripping the 5-byte header from each cell.
End User 1 or End User 2 terminates the call, i.e., "hangs up," and the virtual path is
dismantled. The VCI and VPI values are returned to the pool of available values for each
switch.
Notice that only the End Users at either end of the transmission deal with the 48-byte
information load within the cell. At each stage of the transmission, the switch is only
concerned with accepting the cell from one port, changing the VPI/VCI according to its
tables, and routing the cell out the appropriate switch port.
All other layers are irrelevant in ATM, as these layers are only part of the encapsulated
information portion of the cell which is not used by the ATM network.
Page 38 of 102
Internet ,Intranet and Extranet Technologies
In ATM, the functionality of the two lower OSI layers is handled by three layers (shown here
below the double line):
.--------------------------------------------------------------,
| Application Layer |
+--------------------------------------------------------------+
| User Layers |
+==============================================================+
| ATM Adaptation Layer: Convergence Sublayer |
| -----------------------------------|
| Segmentation & Reassembly Sublayer |
+--------------------------------------------------------------+
| ATM Layer |
+--------------------------------------------------------------+
| Physical Layer: Transmission Convergence Sublayer |
| ----------------------------------------|
| Physical Medium Dependent Sublayer |
+--------------------------------------------------------------+
The Physical Layer defines the medium for transmission, any medium-dependent
parameters (e.g., rate, quality of service required), and framing used to find the data
contained within the medium.
The ATM Layer provides the basic 53-byte cell format, by defining the 5-byte ATM header
for each 48-byte payload segment handed down by the AAL.
The ATM Adaptation Layer (AAL) adapts the higher-level data into formats compatible with
the ATM Layer requirements, i.e., this layer segments the data and adds appropriate error
control information as necessary. It is dependent on the type of services (voice, data, etc.)
being transported by the higher layer.
Several AAL protocols have been defined for specific types of data. These are loosely
associated with various classes of data. However, no AAL is restricted to a specific data class
or type; all types of data could conceivable be handled by any of the AALs.
AAL 1
Constant bit rate, connection-oriented, synchronous traffic (e.g., uncompressed voice)
AAL 2
Definition never completed undefined, but envisioned to be for variable bit rate, connection-
oriented, synchronous traffic (e.g., compressed video)
AAL 3/4
Variable bit rate, connection- oriented, asynchronous traffic (e.g., X.25 data) or connectionless
packet data (e.g., SMDS traffic) with an additional 4-byte header in the information payload
of the cell
AAL 5
Similar to AAL 3/4 with a simplified information header scheme that requires only one
header per data unit and uses the PTI bit (see below) to indicate the last cell in a transmission
Page 39 of 102
Internet ,Intranet and Extranet Technologies
Examples of services that use AAL 5 are Classic IP over ATM, and LAN Emulation (LANE).
AAL 5 are the most widely used ATM Adaptation Layer Protocol. See the ATM Adaptation
Layer Protocols Overview for more details.
When the End User sends traffic over the ATM network, the higher-level data unit is passed
down to the Convergence Sub layer of the AAL Layer, which prepares the data for the ATM
Layer according to the designated AAL protocol (when appropriate). The data is then passed
down to the Segmentation and Reassembly Sub layer of the AAL Layer, which divides the
prepared data unit into appropriately sized segments. These segments are then passed down
to the ATM Layer, which defines an appropriate cell header for each segment and
encapsulates the header and payload segment into a 53-byte ATM cell. The cells are then
passed down to the Physical Layer, which streams the cells at an appropriate pace for the
transmission medium being used, adding empty cells as needed.
Some Definitions
Page 40 of 102
Internet ,Intranet and Extranet Technologies
It is intended to control the traffic flow across the UNI and to alleviate short-term overload
conditions. It is currently undefined and these 4 bits must be set to 0's.
Bit 3 is set to 1 to indicate that congestion was experienced by a data cell in transmission and
is only valid when bit 4 is set to 0.
Bit 2 is used by AAL 5 to identify the data as Type 0 (beginning of message, continuation of
message; bit = 0) or Type 1 (end of message, single-cell message; bit = 1) when bit 4 is set to 0.
It may also be used for management functions when bit 4 is set to 1. This bit is currently
carried transparently through the network and has no meaning to the end user when AAL 5
is NOT in use.
The HEC is compared by each switch as the ATM cell is received and all cells with HEC
discrepancies (errors) are discarded. Cells with single-bit errors may be subject to error
correction (if supported or discarded.
When a cell is passed through the switch and the VPI/VCI values are altered, the HEC is
recalculated for the cell prior to being passed out the port.
Page 41 of 102
Internet ,Intranet and Extranet Technologies
Q13: What is ISDN?
Ans: ISDN (Integrated Services Digital Network) is an all-digital communications network
designed to bring the power of the digital network directly to the desktop. It is the ideal
communications technology for the information age - perfect for students, cyberspacers,
travelers, telecommuters, parents, business people, and corporate executives.
ISDN is as easy to use as analog but offers much more. For example, you can utilize the two
64 kbps B channels as individual voice and data lines at the same time. You can use one
channel to talk while you're using the second to send data files. Or, with ISDN's BONDING
capability, you can aggregate both lines into a single high-speed 128 kbps link for
dependable transmission that's four times faster than a 28.8 kbps modem. Other benefits
include:Voice, data and video can all be sent over a single ISDN line. ISDN connections are
made almost instantly - typically less than a second - unlike modems and analog lines which
require 30 to 60 seconds before any data can be transmitted. Because it's a digital service,
ISDN offers near-perfect line quality that's far superior to analog - so line conditions never
force you to fall back to a slower speed.
BASICS OF ISDN
Integrated Services Digital Network (ISDN) is a fully digital communications technology
implemented throughout the infrastructure of the existing worldwide telephone network.
ISDN uses a standard phone line (a copper wire pair) in a home or office and converts it from
a single analog circuit into multiple high speed digital circuits capable of transmitting audio,
still images, motion video, and text data simultaneously. ISDN services make possible
videoconferencing and other real time data-intensive applications, and it does so at a price
comparable to standard analog service.
Standard telephone service requires a separate phone line for each device to be used
simultaneously. Not only can multiple lines be expensive, but the amount of information that
can be transmitted is limited with analog service; current technology allows 56 kilobits per
second (Kbps). ISDN, however, provides multiple channels to operate concurrently on the
same pair of wires, and each channel is capable of transmitting at 64 Kbps. Additionally,
digital transmissions allow for reduced noise and interference on the carrier channels. [1]
ISDN provides services and capabilities not available through standard telephone service.
ISDN furnishes these services through a digital package when a call is initiated. The digital
packet includes information regarding: 1) who is calling, 2) the type of call (data/voice/etc...),
and 3) the number dialed, if more than one number is used for a single ISDN line. [1] With
the information provided, ISDN equipment can determine how to handle a call, based on
user-defined preferences. Calls can be accepted, rejected or even rerouted. Data calls can
even be routed to an Internet Protocol (IP) address. [4]
Page 42 of 102
Internet ,Intranet and Extranet Technologies
ISDN has been in the making for over a decade and is just beginning to become widely
available in the United States. Europe and Japan have enjoyed large-scale deployment of
ISDN services for years. North America has just over 70 percent deployment, with
availability in most major metropolitan areas. [4]
Page 43 of 102
Internet ,Intranet and Extranet Technologies
ISDN has three different services: 1) Basic Rate Interface (BRI), 2) Primary Rate Interface
(PRI), and 3) Broadband (B-ISDN). BRI is the most common service and was intended to be
the most widely available for residential customers. BRI services provide two B channels and
one D channel (2B+D). PRI services are implemented differently in North America and Japan
than in Europe where they are the most common services. European PRI services deliver 30
B channels and one D channel (30B+D). North American and Japanese PRI services consist of
23 B channels and one D channel (23B+D). B-ISDN is still under development but will
support up to 622 Mbps transmission rates over a fiber optic network. [1]
One major advantage of the ISDN architecture is its dynamic bandwidth allocation feature.
Also known as bandwidth-on-demand, inverse multiplexing, and channel aggregation,
dynamic bandwidth allocation is the process of combining any or all of the B channels into a
single broadband conduit. 128 Kbps is possible with BRI service and 1.536 Mbps with PRI
service in North America and Japan. In Europe, PRI configurations can reach 1.92 Mbps due
to the deployment of additional B channels. [4]
For PRI service, the combining of multiple B channels is often programmed into the ISDN
switch servicing the location. For network managers, however, new controllers allow real
time control over channel aggregation to provide the most efficient use of a network. [5]
With existing analog service, a data connection is made modem-to-modem. At all times
during the connection a carrier signal is produced by the modems to indicate the presence of
a connection; the connection is lost if either modem cannot detect the carrier signal. The
problem with maintaining a constant analog signal is that the service provider’s equipment
has to continually process the information. If the percentage of data calls through central
switching office approaches 50 percent, a large strain on the equipment is produced and
becomes a problem.
With ISDN connections, no carrier signal is present. Only the actual user data is transmitted
and it transfers at a fraction of the time compared to analog service. Therefore, implementing
ISDN switches can actually reduce traffic overhead for service a provider which reduces
their service costs. In addition, ISDN technology swaps one analog line with two digital
connections without physically replacing any wires. [2]
Page 44 of 102
Internet ,Intranet and Extranet Technologies
BENEFITS OF ISDN
ISDN affords many benefits to service providers and customers. The increasing popularity of
ISDN allows pricing that continues to fall and compete with standard analog service. Some
of the many benefits are:
Simultaneous audio, video, and data services over a single pair of copper wires reduces
infrastructure and maintenance costs for service and subscribers.
ISDN BRI service can use data compression which boosts the 128 Kbps transmission rate to
between 256 Kbps and 632 Kbps, depending upon the compression ratio used.
Digital transmissions produce clearer and quieter voice telephone service and more reliable
and accurate connectivity than analog technology.
Remote computer users benefit from high performance ISDN connections at home or on the
road.
ISDN is compatible with other WAN services like X.25, Frame Relay, Switched Multi-
megabit Data Services (SMDS) and higher speed services like Asynchronous Transfer Mode
(ATM). [4]
Pricing is inconsistent nationally. You should check with you local service provider about
their pricing structure (tariff) and inquire as to the services available.
INSTALLING ISDN
Standard telephone service to a residence consists of four wires (two pairs) over which two
separate analog voice lines can operate. With BRI service, the two pairs of wire can
theoretically provide four digital phone lines. In practice, however, service providers will
oppose connecting more than one ISDN line to any given location. An ISDN installation
Page 45 of 102
Internet ,Intranet and Extranet Technologies
involves connecting a single pair of wires between the central office and a home or business.
The phone company connects their end of the wire pair to their digital switching equipment
and terminates the service end with a standard jack that provides a U-interface. The U-
interface signaling handles the high speed data transfers in both directions simultaneously
over a single pair of wires. [3]
Standard telephones and computer equipment cannot be connected directly to the ISDN line.
All equipment must be routed through a device called a Network Terminator 1 (NT1) which
is plugged into the U-connector and provides the signal multiplexing onto the ISDN line.
The NT1 also needs a power receptacle to operate, from which it can power itself and other
devices connected to it. In Europe, NT1 devices are included as part of the service, but in the
United
States, deregulation of telephone services forces the customer to provide the NT1 devices just
like the telephone equipment. Unfortunately, ISDN is just now gaining popularity and NT1
devices are not as accessible as other telephone equipment. [3]
From the NT1 unit, a four-wire connection called an “S/T” circuit attaches as many as eight
ISDN-ready telephones and/or computers. Non-ISDN telephones, fax machines, and
computers require special signal handling prior to being connected to the NT1. A terminal
adapter (TA) converts the analog phone and computer signals into digital impulses that can
be processed by the NT1. [3]
For computers, both internal and external TAs is available, much like analog modems.
Internal TA units plug into an Industry Standard Architecture (ISA) expansion slot in a
personal computer (PC) and are capable of providing the full 64 Kbps transmission rates.
External TAs connects to a serial communications port (COM port) on the back of the PC;
however, the transmission rates of these units are limited by the speed of the serial port. In
most cases, COM ports will not exceed 19.2 Kbps, and the full bandwidth of the ISDN line is
not utilized. [3]
ISDN CONFIGURATIONS
Multiple Line Services
ISDN services can be supplied in three different configurations from the ISDN-ready digital
switch to a business or residence. The alternatives are:
1. Through a direct BRI connection from an ISDN switch. One or more BRI connections are
made from the central switching office to a business or home. These connections can be made
directly to ISDN equipment, or they can be connected through a Public Broadcast Exchange
(PBX) or key system. Using a PBX allows devices to communicate with one another without
having to make a connection outside the premises. [5]
2. Through ISDN Centrex service. One or more BRI connections are made to ISDN Centrex
service which offers the advantage of having the ISDN switch function as the switching
Page 46 of 102
Internet ,Intranet and Extranet Technologies
system. Therefore an individual or company does not have to own a PBX or key system.
Centrex service is provided at a low cost and provides virtual unlimited growth. [5]
3. Through a PRI connection. 23 B channels and one D channel is connected to a business
through a PBX. The PBX then provides the switching necessary within the organization. For
heavy data traffic, an ISDN router, multiplexer, or controller may be used instead of a PBX to
reduce the chance of a bottleneck through the switch.
X.25 is efficient at handling bursty LAN environment traffic and also provides data security
and error detection/correction facilities. Due to its low speed, however, it is not a viable
alternative for high speed LAN and WAN applications. [4]
Frame relay is relatively more expensive (as much as 12 times more) than ISDN since it
requires a dedicated access line, and it is not as widely deployed as ISDN services. [4]
Cable Service
Cable services, although still under development, will eventually provide residential
customers with WAN connections of speeds between 500 Kbps and 30 Mbps. In addition to
fast on-line access with built-in TCP/IP-ready WAN links, customers will be able enjoy
interactive television. When services are available they will be delivered over standard
coaxial cable, just as current services are provided. Eventually, fiber optic or a hybrid fiber-
coaxial cable will provide services. Cable service has two main disadvantages. The first is the
reputation for unreliability over existing cable networks. The second is that bandwidth is
shared over cable, causing poor overall response for multiple users on a single cable. Also,
current cable networks are not optimized for two-way data communications, and
internetworking standards are not in place. [4]
Page 48 of 102
Internet ,Intranet and Extranet Technologies
are used at under 20 percent of their total capacity. Also, leased lines are not efficient at
handling bursty network traffic. [4]
APPLICATIONS OF ISDN
ISDN in Business
For business users and even residential subscribers, videoconferencing is the biggest
communication advancement that ISDN has to offer. With the simultaneous high speed
transfer of voice and video, ISDN can provide real time video communication on a PC that
once was only capable on sophisticated systems costing upwards of $100,000. [1]
A shared electronic chalk board is another tool available through ISDN. Ideas and
illustrations can be distributed in real time to remote locations so people in other cities or
other countries can participate in meetings. [1]
Telecommuting is becoming a rule more than an exception; more and more people are
working from home. ISDN provides the facilities for users to tap into central network
resources from the privacy of their own homes and do so with the functionality of a network
node. Node connections are possible with Serial Line Interface Protocol (SLIP) and Point-to-
Point Protocol (PPP). [1]
ISDN in Education
Students will also reap the benefits of videoconferencing by relating with other students
worldwide. Using the video capabilities of ISDN allows students to see the surroundings of
other countries or speak with pen-pals. The value of videoconferencing in educational
settings is unlimited.
Computers have become important learning tools for students. Children are introduced to
computers and networking at an early age, and ISDN allows the high speed connections to
vast amounts of information and resources.
Why ISDN?
ISDN - Integrated Services Digital Network
Page 49 of 102
Internet ,Intranet and Extranet Technologies
Telephone services -> Telecommunication services
Used for voice, image and data
ISDN protocols
E - series for Telephone network and ISDN
I - series for ISDN concepts, aspects and interfaces
Types of channels
Bearer channel (B-channel=64 kb/s) clear pipe for data
Delta channel (D-channel, 16 kb/s or 64 kb/s) call signaling information:
who is calling
type of call
calling what number
Service types
Basic Rate Interface (2 B channels + 1 D channel (16 kb/s))
Primary Rate Interface (30 B channels + 1 D channel (64 kb/s))
Digital
reliable connection
Speed
128 kb/s (160 kb/s) for BRI
1920 kb/s (2048 kb/s) for PRI
Fast call setup
2 seconds
Advantages of ISDN
Bandwidth on Demand
– adding new channels to the bundle of channels
Multiple devices
– phone, fax, PC, videoconferencing system, router, terminal adapter,.. each
with its own sub-address
Page 50 of 102
Internet ,Intranet and Extranet Technologies
– NT1
– TE1 - ISDN devices
– TE2 - analog devices (need TA)
– TA - Terminal Adapter (rate adaptation (V.110, V.120)
ISDN
devices
TE
1
4 NT
2
S/T W 1 W
U
interface Iinterfac
e
interface
TE TA
2
Rate
adaptation
Page 51 of 102
Internet ,Intranet and Extranet Technologies
56 k Technology
Analog line
Access server
Digital line
Telephone
switch
? Telephone
switch
Modem
<= 33,6 kbps Modem
Access server
Telephone
switch
Modem
<= 56 kbps
ISDN, E1,..
Wireless Technologies
Page 52 of 102
Internet ,Intranet and Extranet Technologies
Security Technology
Although very successful, each technology requires the manpower of at least one human to
manage or confirm updates. Several technologies attempt these automatic updates with, for
example, firewall rules or blocking methods. With more failure than success, many are either
unacceptable or unmanageable. In the end, each fails due to the amount of intelligence and
manual work necessary to ensure each change does not impact the network, customers or
user base. Technology does not contain the necessary Artificial Intelligence (AI) to combine
the results from these systems and make the proper judgment for configuration changes,
blocking rules or overall device re-configuration. There has simply not been a viable solution
that works for each demand or requirements that would bind all necessary networking
components together.
IPS have been developed from the valid needs caused by false positives and other typical
problems found in detecting malicious code or threats to networks today. IDS started the
overall protection process by first protecting hosts (host-based IDS), then networks (network-
based IDS). First and second-generation IDS currently protect our networks by identifying
threats. IDS provide real-time alerts and reports. What they do not provide is the necessary
intelligence to notify all network components downstream and upstream from the point of
identification. This is where IPS become part of the overall layered approach to security. IPS
Page 53 of 102
Internet ,Intranet and Extranet Technologies
gather all network information and make the determination of the threat, then notify all
other devices of those findings. Upstream providers can notify downstream customers of
possible attacks before or during the event as that malicious attempt arrives and vice versa.
Although IPS are actually the next generation IDS, there will always be a need to keep these
separate technologies. Security devices must remain separate to allow depth in overall
protection; thus, firewalls will need IDS, and the network will need IPS. Each technology is
bound to each other with dependencies that will not disappear.
Network design
Network traffic saturation
Frequent updates
False positives
The overall network design must be considered with the introduction of IPS. Several
question come to light.
What traffic is allowed between say the Internet, DMZ and internal network?
Can the network allow the necessary communications between these zones that
would use the full capability of the IPS?
Like IDS, IPS must be designed and scalable enough to accommodate any network design.
Network traffic saturation must also be considered to ensure the additional IPS network
traffic does not bring down the network. Finally, frequent updates and false positives are the
same menace to IPS as they are to IDS. Simply put, software and signature files will need
updating. This poses problems simply due to the manpower or work involved. False
positives, on the other hand, have been the very reason IDS programs or projects collapse.
IPS have a distinct advantage in this area only because other network device information will
be gathered, and decisions are not based on one set of data but many. False positives are
always an issue due to the large amounts of data IDS must collect and then analyze in real-
time with limited AI. Signatures do a decent job of analysis, but they still do not contrast to
the interaction IPS will provide.
IDS appear much easier to implement into a network with the use of TAPS (device used to
tap a wire and not disrupt communication) and other devices. The introduction of IPS may
require more work only because they must be introduced into the entire network
infrastructure, not simply tap in on a network segment. IPS will need to the following first
configured, then maintained: rules setup/management, system tuning, packet decode/tune,
packet rules, console and database. As with many other technologies, these are the bare
bones essential functions, thus acceptable.
Page 54 of 102
Internet ,Intranet and Extranet Technologies
IPS may not be the final answer to computer security, but it is a good start that further
supports the firewall-to-IDS protection methodology. As with any other technology, there
are testing results and configuration changes that can make or break the use of IPS in any
company. The associated return-on-investment (ROI) must also be considered due to the
already considerable amount of money spent on current network components. Senior
management must be informed that IPS are an additional technology that will enhance and
layer the ability of the firewalls and IDS to mitigate the risk of attacks and malicious code,
thereby protecting the company and customers. As the threat increases almost daily this new
technology will provide another layer of protection to our already well-protected systems.
We can no longer afford the manpower necessary to monitor the many network components
and computers that exist today. IPS provides the solution to automatically response in a
trusted solution to threat as it occurs, not afterwards or when a human has time to verify the
event.
Cisco Network Address Translation (NAT)
Network Address Translation (NAT) is designed for IP address simplification and
conservation. It enables private IP networks that use unregistered IP addresses to connect to
the Internet. NAT operates on a router, usually connecting two networks together, and
translates the private (not globally unique) addresses in the internal network into legal
addresses, before packets are forwarded to another network. As part of this capability, NAT
can be configured to advertise only one address for the entire network to the outside world.
This provides additional security by effectively hiding the entire internal network behind
that address. NAT offers the dual functions of security and address conservation, and is
typically implemented in remote-access environments.
Internet Protocols
Background
The Internet protocols are the world's most popular open-system (nonproprietary) protocol
suite because they can be used to communicate across any set of interconnected networks
and are equally well suited for LAN and WAN communications. The Internet protocols
consist of a suite of communication protocols, of which the two best known are the
Transmission Control Protocol (TCP) and the Internet Protocol (IP). The Internet protocol
suite not only includes lower-layer protocols (such as TCP and IP), but it also specifies
common applications such as electronic mail, terminal emulation, and file transfer. This
chapter provides a broad introduction to specifications that comprise the Internet protocols.
Discussions include IP addressing and key upper-layer protocols used in the Internet.
Specific routing protocols are addressed individually later in this document. Internet
protocols were first developed in the mid-1970s, when the Defense Advanced Research
Projects Agency (DARPA) became interested in establishing a packet-switched network that
would facilitate communication between dissimilar computer systems at research
institutions. With the goal of heterogeneous connectivity in mind, DARPA funded research
by Stanford University and Bolt, Beranek, and Newman (BBN). The result of this
Page 55 of 102
Internet ,Intranet and Extranet Technologies
IP Packet Format
An IP packet contains several types of information, as illustrated in . Figure 30-2 Fourteen fields
comprise an IP packet.
Page 56 of 102
Internet ,Intranet and Extranet Technologies
The following discussion describes the IP packet fields illustrated in :
IP Addressing
As with any other network-layer protocol, the IP addressing scheme is integral to the process of
routing IP datagrams through an internetwork. Each IP address has specific components and follows
a basic format. These IP addresses can be subdivided and used to create addresses for subnetworks,
as discussed in more detail later in this chapter. Each host on a TCP/IP network is assigned a unique
32-bit logical address that is divided into two main parts: the network number and the host number.
The network number identifies a network and must be assigned by the Internet Network Information
Center (InterNIC) if the network is to be part of the Internet. An Internet Service Provider (ISP) can
obtain blocks of network addresses from the InterNIC and can itself assign address space as
necessary. The host number identifies a host on a network and is assigned by the local network
administrator.
IP Address Format
The 32-bit IP address is grouped eight bits at a time, separated by dots, and represented in
decimal format (known as dotted decimal notation). Each bit in the octet has a binary weight
Page 57 of 102
Internet ,Intranet and Extranet Technologies
(128, 64, 32, 16, 8, 4, 2, 1). The minimum value for an octet is 0, and the maximum value for
an octet is 255. illustrates the basic format of an IP address. Figure 30-3 An IP address
consists of 32 bits, grouped into four octets.
IP Address Classes
IP addressing supports five different address classes: A, B,C, D, and E. Only classes A, B,
and C are available for commercial use. The left-most (high-order) bits indicate the network
class. provides reference information about the five IP address classes. Table 30-1 Reference
Information About the Five IP Address Classes
High-
IP Orde No. Bits
Addres r Address Network/Ho Max.
s Class Format Purpose Bit(s) Range st Hosts
Page 58 of 102
Internet ,Intranet and Extranet Technologies
illustrates the format of the commercial IP address classes. (Note the high-order bits in each class.)
IP Subnet Addressing
IP networks can be divided into smaller networks called subnetworks (or subnets). Subnetting
provides the network administrator with several benefits, including extra flexibility, more efficient
use of network addresses, and the capability to contain broadcast traffic (a broadcast will not cross a
Page 59 of 102
Internet ,Intranet and Extranet Technologies
router). Subnets are under local administration. As such, the outside world sees an organization as a
single network and has no detailed knowledge of the organization's internal structure. A given
network address can be broken up into many subnetworks. For example, 172.16.1.0, 172.16.2.0,
172.16.3.0, and 172.16.4.0 are all subnets within network 171.16.0.0. (All 0s in the host portion of
an address specifies the entire network.)
IP Subnet Mask
A subnet address is created by "borrowing" bits from the host field and designating them
as the subnet field. The number of borrowed bits varies and is specified by the subnet
mask. shows how bits are borrowed from the host address field to create the subnet
address field. Figure 30-6 Bits are borrowed from the host address field to create the subnet
address field.
Subnet masks use the same format and representation technique as IP addresses. The
subnet mask, however, has binary 1s in all bits specifying the network and subnetwork
fields, and binary 0s in all bits specifying the host field. illustrates a sample subnet mask.
Subnet mask bits should come from the high-order (left-most) bits of the host field, as
illustrates. Details of Class B and C subnet mask types follow. Class A addresses are not
discussed in this chapter because they generally are subnetted on an 8-bit boundary.
Figure 30-8 Subnet mask bits come from the high-order bits of the host field.
Page 60 of 102
Internet ,Intranet and Extranet Technologies
Various types of subnet masks exist for Class B and C subnets. The default subnet mask for
a Class B address that has no subnetting is 255.255.0.0, while the subnet mask for a Class B
address 171.16.0.0 that specifies eight bits of subnetting is 255.255.255.0. The reason for this
is that eight bits of subnetting or 2 8 - 2 (1 for the network address and 1 for the broadcast
address) = 254 subnets possible, with 28 - 2 = 254 hosts per subnet. The subnet mask for a
Class C address 192.168.2.0 that specifies five bits of subnetting is 255.255.255.248.With five
bits available for subnetting, 25 - 2 = 30 subnets possible, with
23 - 2 = 6 hosts per subnet. The reference charts shown in table 30-2 and table 30-3 can be
used when planning Class B and C networks to determine the required number of subnets
and hosts, and the appropriate subnet mask.
2 255.255.192.0 2 16382
3 255.255.224.0 6 8190
4 255.255.240.0 14 4094
5 255.255.248.0 30 2046
6 255.255.252.0 62 1022
Page 61 of 102
Internet ,Intranet and Extranet Technologies
10 255.255.255.192 1022 62
11 255.255.255.224 2046 30
12 255.255.255.240 4094 14
13 255.255.255.248 8190 6
14 255.255.255.252 16382 2
2 255.255.255.192 2 62
3 255.255.255.224 6 30
4 255.255.255.240 14 14
5 255.255.255.248 30 6
6 255.255.255.252 62 2
Page 62 of 102
Internet ,Intranet and Extranet Technologies
Logical AND Operation
Three basic rules govern logically "ANDing" two binary numbers. First, 1 "ANDed" with 1
yields 1. Second, 1 "ANDed" with 0 yields 0. Finally, 0 "ANDed" with 0 yields 0. The truth
table provided in table 30-4 illustrates the rules for logical AND operations.
1 1 1
1 0 0
0 1 0
0 0 0
Two simple guidelines exist for remembering logical AND operations: Logically "ANDing"
a 1 with a 1 yields the original value, and logically "ANDing" a 0 with any number yields 0.
illustrates that when a logical AND of the destination IP address and the subnet mask is
performed, the subnetwork number remains, which the router uses to forward the packet.
Figure 30-9 Applying a logical AND the destination IP address and the subnet mask
produces the subnetwork number.
For two machines on a given network to communicate, they must know the other
machine's physical (or MAC) addresses. By broadcasting Address Resolution Protocols
(ARPs), a host can dynamically discover the MAC-layer address corresponding to a
particular IP network-layer address. After receiving a MAC-layer address, IP devices create
an ARP cache to store the recently acquired IP-to-MAC address mapping, thus avoiding
Page 63 of 102
Internet ,Intranet and Extranet Technologies
having to broadcast ARPS when they want to recontact a device. If the device does not
respond within a specified time frame, the cache entry is flushed.
In addition to the Reverse Address Resolution Protocol (RARP) is used to map MAC-layer
addresses to IP addresses. RARP, which is the logical inverse of ARP, might be used by
diskless workstations that do not know their IP addresses when they boot. RARP relies on
the presence of a RARP server with table entries of MAC-layer-to-IP address mappings.
Internet Routing
Internet routing devices traditionally have been called gateways. In today's terminology,
however, the term gateway refers specifically to a device that performs application-layer
protocol translation between devices. Interior gateways refer to devices that perform these
protocol functions between machines or networks under the same administrative control or
authority, such as a corporation's internal network. These are known as autonomous
systems. Exterior gateways perform protocol functions between independent networks.
Routers within the Internet are organized hierarchically. Routers used for information
exchange within autonomous systems are called interior routers, which use a variety of
Interior Gateway Protocols (IGPs) to accomplish this purpose. The Routing Information
Protocol (RIP) is an example of an IGP.
Routers that move information between autonomous systems are called exterior routers.
These routers use an exterior gateway protocol to exchange information between
autonomous systems. The Border Gateway Protocol (BGP) is an example of an exterior
gateway protocol.
IP Routing
IP routing protocols are dynamic. Dynamic routing calls for routes to be calculated
automatically at regular intervals by software in routing devices. This contrasts with static
routing, where routers are established by the network administrator and do not change
until the network administrator changes them. An IP routing table, which consists of
destination address/next hop pairs, is used to enable dynamic routing. An entry in this
table, for example, would be interpreted as follows: to get to network 172.31.0.0, send the
packet out Ethernet interface 0 (E0).
IP routing specifies that IP datagrams travel through internetworks one hop at a time. The
entire route is not known at the onset of the journey, however. Instead, at each stop, the
next destination is calculated by matching the destination address within the datagram
with an entry in the current node's routing table.
Each node's involvement in the routing process is limited to forwarding packets based on
internal information. The nodes do not monitor whether the packets get to their final
Page 64 of 102
Internet ,Intranet and Extranet Technologies
destination, nor does IP provide for error reporting back to the source when routing
anomalies occur. This task is left to another Internet protocol, the Internet Control-Message
Protocol (ICMP), which is discussed in the following section.
The Internet Control Message Protocol (ICMP) is a network-layer Internet protocol that
provides message packets to report errors and other information regarding IP packet
processing back to the source. ICMP is documented in RFC 792.
ICMP Messages
ICMPs generate several kinds of useful messages, including Destination Unreachable, Echo
Request and Reply, Redirect, Time Exceeded, and Router Advertisement and Router
Solicitation. If an ICMP message cannot be delivered, no second one is generated. This is to
avoid an endless flood of ICMP messages. When an ICMP destination-unreachable
message is sent by a router, it means that the router is unable to send the package to its
final destination. The router then discards the original packet. Two reasons exist for why a
destination might be unreachable. Most commonly, the source host has specified a
nonexistent address. Less frequently, the router does not have a route to the
destination.Destination-unreachable messages include four basic types: network
unreachable, host unreachable, protocol unreachable, and port unreachable. Network-
unreachable messages usually mean that a failure has occurred in the routing or addressing of
a packet. Host-unreachable messages usually indicates delivery failure, such as a wrong
subnet mask. Protocol-unreachable messages generally mean that the destination does not
support the upper-layer protocol specified in the packet. Port-unreachable messages imply
that the TCP socket or port is not available. An ICMP echo-request message, which is
generated by the ping command, is sent by any host to test node reachability across an
internetwork. The ICMP echo-reply message indicates that the node can be successfully
reached.
An ICMP Redirect message is sent by the router to the source host to stimulate more
efficient routing. The router still forwards the original packet to the destination. ICMP
redirects allow host routing tables to remain small because it is necessary to know the
address of only one router, even if that router does not provide the best path. Even after
receiving an ICMP Redirect message, some devices might continue using the less-efficient
route. An ICMP Time-exceeded message is sent by the router if an IP packet's Time-to-Live
field (expressed in hops or seconds) reaches zero. The Time-to-Live field prevents packets
from continuously circulating the internetwork if the internetwork contains a routing loop.
The router then discards the original packet.
Page 65 of 102
Internet ,Intranet and Extranet Technologies
ICMP Router-Discovery Protocol (IDRP)
To use reliable transport services, TCP hosts must establish a connection-oriented session
with one another. Connection establishment is performed by using a "three-way
handshake" mechanism. A three-way handshake synchronizes both ends of a connection
Page 66 of 102
Internet ,Intranet and Extranet Technologies
by allowing both sides to agree upon initial sequence numbers. This mechanism also
guarantees that both sides are ready to transmit data and know that the other side is ready
to transmit as well. This is necessary so that packets are not transmitted or retransmitted
during session establishment or after session termination. Each host randomly chooses a
sequence number used to track bytes within the stream it is sending and receiving. Then,
the three-way handshake proceeds in the following manner:
The first host (Host A) initiates a connection by sending a packet with the initial sequence
number (X) and SYN bit set to indicate a connection request. The second host (Host B)
receives the SYN, records the sequence number X, and replies by acknowledging the SYN
(with an ACK = X + 1). Host B includes its own initial sequence number (SEQ = Y). An ACK
= 20 means the host has received bytes 0 through 19 and expects byte 20 next. This
technique is called forward acknowledgment. Host A then acknowledges all bytes Host B sent
with a forward acknowledgment indicating the next byte Host A expects to receive (ACK =
Y + 1). Data transfer then can begin.
PAR is an inefficient use of bandwidth, however, because a host must wait for an
acknowledgment before sending a new packet, and only one packet can be sent at a time.
A TCP sliding window provides more efficient use of network bandwidth than PAR because
it enables hosts to send multiple bytes or packets before waiting for an acknowledgment. In
TCP, the receiver specifies the current window size in every packet. Because TCP provides
a byte-stream connection, window sizes are expressed in bytes. This means that a window
is the number of data bytes that the sender is allowed to send before waiting for an
acknowledgment. Initial window sizes are indicated at connection setup, but might vary
throughout the data transfer to provide flow control. A window size of zero, for instance,
means "Send no data." In a TCP sliding-window operation, for example, the sender might
have a sequence of bytes to send (numbered 1 to 10) to a receiver who has a window size of
Page 67 of 102
Internet ,Intranet and Extranet Technologies
five. The sender then would place a window around the first five bytes and transmit them
together. It would then wait for an acknowledgment.
The receiver would respond with an ACK = 6, indicating that it has received bytes 1 to 5
and is expecting byte 6 next. In the same packet, the receiver would indicate that its
window size is 5. The sender then would move the sliding window five bytes to the right
and transmit bytes 6 to 10. The receiver would respond with an ACK = 11, indicating that it
is expecting sequenced byte 11 next. In this packet, the receiver might indicate that its
window size is 0 (because, for example, its internal buffers are full). At this point, the
sender cannot send any more bytes until the receiver sends another packet with a window
size greater than 0.
illustrates the fields and overall format of a TCP packet. Figure 30-10 Twelve fields comprise a TCP
packet.
Page 68 of 102
Internet ,Intranet and Extranet Technologies
• Reserved—Remains reserved for future use.
• Flags—Carries a variety of control information, including the SYN and ACK bits used
for connection establishment, and the FIN bit used for connection termination.
• Window—Specifies the size of the sender's receive window (that is, the buffer space
available for incoming data).
• Checksum—Indicates whether the header was damaged in transit.
• Urgent Pointer—Points to the first urgent data byte in the packet.
• Options—Specifies various TCP options.
• Data—Contains upper-layer information.
The UDP packet format contains four fields, as shown in . These include source and
destination ports, length, and checksum fields. Figure 30-11 A UDP packet consists of four
fields.
Source and destination ports contain the 16-bit UDP protocol port numbers used to
demultiplex datagrams for receiving application-layer processes. A length field specifies
the length of the UDP header and data. Checksum provides an (optional) integrity check
on the UDP header and data.
Page 69 of 102
Internet ,Intranet and Extranet Technologies
Internet Protocols Application-Layer Protocols
The Internet protocol suite includes many application-layer protocols that represent a wide
variety of applications, including the following:
• File Transfer Protocol (FTP)—Moves files between devices
• Simple Network-Management Protocol (SNMP)—Primarily reports anomalous network
conditions and sets network threshold values
• Telnet—Serves as a terminal emulation protocol
• X Windows—Serves as a distributed windowing and graphics system used for
communication between X terminals and UNIX workstations
• Network File System (NFS), External Data Representation (XDR), and Remote Procedure Call
(RPC)—Work together to enable transparent access to remote network resources
• Simple Mail Transfer Protocol (SMTP)—Provides electronic mail services
• Domain Name System (DNS)—Translates the names of network nodes into network
addresses
lists these higher-layer protocols and the applications that they support. Table 30-5 Higher-Layer
Protocols and Their Applications
Application Protocols
Page 70 of 102
Internet ,Intranet and Extranet Technologies
Today's open standard version of RIP, sometimes referred to as IP RIP, is formally defined
in two documents: Request For Comments (RFC) 1058 and Internet Standard (STD) 56. As
IP-based networks became both more numerous and greater in size, it became apparent to
the Internet Engineering Task Force (IETF) that RIP needed to be updated. Consequently,
the IETF released RFC 1388 in January 1993, which was then superceded in November 1994
by RFC 1723, which describes RIP 2 (the second version of RIP). These RFCs described an
extension of RIP's capabilities but did not attempt to obsolete the previous version of RIP.
RIP 2 enabled RIP messages to carry more information, which permitted the use of a simple
authentication mechanism to secure table updates. More importantly, RIP 2 supported
subnet masks, a critical feature that was not available in RIP.
This chapter summarizes the basic capabilities and features associated with RIP. Topics
include the routing update process, RIP routing metrics, routing stability, and routing
timers.
Routing Updates
RIP sends routing-update messages at regular intervals and when the network topology
changes. When a router receives a routing update that includes changes to an entry, it
updates its routing table to reflect the new route. The metric value for the path is increased
by 1, and the sender is indicated as the next hop. RIP routers maintain only the best route
(the route with the lowest metric value) to a destination. After updating its routing table,
the router immediately begins transmitting routing updates to inform other network
routers of the change. These updates are sent independently of the regularly scheduled
updates that RIP routers send.
RIP uses a single routing metric (hop count) to measure the distance between the source
and a destination network. Each hop in a path from source to destination is assigned a hop
count value, which is typically 1. When a router receives a routing update that contains a
new or changed destination network entry, the router adds 1 to the metric value indicated
in the update and enters the network in the routing table. The IP address of the sender is
used as the next hop.
RIP prevents routing loops from continuing indefinitely by implementing a limit on the
number of hops allowed in a path from the source to a destination. The maximum number
of hops in a path is 15. If a router receives a routing update that contains a new or changed
entry, and if increasing the metric value by 1 causes the metric to be infinity (that is, 16), the
Page 71 of 102
Internet ,Intranet and Extranet Technologies
network destination is considered unreachable. The downside of this stability feature is
that it limits the maximum diameter of a RIP network to less than 16 hops.
RIP includes a number of other stability features that are common to many routing
protocols. These features are designed to provide stability despite potentially rapid
changes in a network's topology. For example, RIP implements the split horizon and
holddown mechanisms to prevent incorrect routing information from being propagated.
RIP Timers
RIP uses numerous timers to regulate its performance. These include a routing-update
timer, a route-timeout timer, and a route-flush timer. The routing-update timer clocks the
interval between periodic routing updates. Generally, it is set to 30 seconds, with a small
random amount of time added whenever the timer is reset. This is done to help prevent
congestion, which could result from all routers simultaneously attempting to update their
neighbors. Each routing table entry has a route-timeout timer associated with it. When the
route-timeout timer expires, the route is marked invalid but is retained in the table until the
route-flush timer expires.
Packet Formats
The following section focuses on the IP RIP and IP RIP 2 packet formats illustrated in
Figures 44-1 and 44-2. Each illustration is followed by descriptions of the fields illustrated.
The following descriptions summarize the IP RIP packet format fields illustrated in Figure
47-1:
Version number—Specifies the RIP version used. This field can signal different
potentially incompatible versions.
Page 72 of 102
Internet ,Intranet and Extranet Technologies
Zero—This field is not actually used by RFC 1058 RIP; it was added solely to
provide backward compatibility with prestandard varieties of RIP. Its name comes
from its defaulted value: zero.
Address-family identifier (AFI)—Specifies the address family used. RIP is designed
to carry routing information for several different protocols. Each entry has an
address-family identifier to indicate the type of address being specified. The AFI for
IP is 2.
Address—Specifies the IP address for the entry.
Metric—Indicates how many internetwork hops (routers) have been traversed in the
trip to the destination. This value is between 1 and 15 for a valid route, or 16 for an
unreachable route.
The RIP 2 specification (described in RFC 1723) allows more information to be included in
RIP packets and provides a simple authentication mechanism that is not supported by RIP.
Figure 47-2 shows the IP RIP 2 packet format.
The following descriptions summarize the IP RIP 2 packet format fields illustrated in
Figure 47-2:
Version—Specifies the RIP version used. In a RIP packet implementing any of the
RIP 2 fields or using authentication, this value is set to 2.
Unused—Has a value set to zero.
Address-family identifier (AFI)—Specifies the address family used. RIPv2's AFI
field functions identically to RFC 1058 RIP's AFI field, with one exception: If the AFI
for the first entry in the message is 0xFFFF, the remainder of the entry contains
authentication information. Currently, the only authentication type is simple
password.
Route tag—Provides a method for distinguishing between internal routes (learned
by RIP) and external routes (learned from other protocols).
Page 73 of 102
Internet ,Intranet and Extranet Technologies
IP address—Specifies the IP address for the entry.
Subnet mask—Contains the subnet mask for the entry. If this field is zero, no subnet
mask has been specified for the entry.
Next hop—Indicates the IP address of the next hop to which packets for the entry
should be forwarded.
Metric—Indicates how many internetwork hops (routers) have been traversed in the
trip to the destination. This value is between 1 and 15 for a valid route, or 16 for an
unreachable route.
Summary
Despite RIP's age and the emergence of more sophisticated routing protocols, it is far from
obsolete. RIP is mature, stable, widely supported, and easy to configure. Its simplicity is
well suited for use in stub networks and in small autonomous systems that do not have
enough redundant paths to warrant the overheads of a more sophisticated protocol.
Review Questions
A—RIP has numerous stability features, the most obvious of which is RIP's maximum hop
count. By placing a finite limit on the number of hops that a route can take, routing loops
are discouraged, if not completely eliminated. Other stability features include its various
timing mechanisms that help ensure that the routing table contains only valid routes, as
well as split horizon and holddown mechanisms that prevent incorrect routing information
from being disseminated throughout the network.
A—The timeout timer is used to help purge invalid routes from a RIP node. Routes that
aren't refreshed for a given period of time are likely invalid because of some change in the
network. Thus, RIP maintains a timeout timer for each known route. When a route's
timeout timer expires, the route is marked invalid but is retained in the table until the
route-flush timer expires.
A—RIP 2 enables the use of a simple authentication mechanism to secure table updates.
More importantly, RIP 2 supports subnet masks, a critical feature that is not available in
RIP.
Page 74 of 102
Internet ,Intranet and Extranet Technologies
Q—What is the maximum network diameter of a RIP network?
A—A RIP network's maximum diameter is 15 hops. RIP can count to 16, but that value is
considered an error condition rather than a valid hop count.
Background
Open Shortest Path First (OSPF) is a routing protocol developed for Internet Protocol (IP)
networks by the Interior Gateway Protocol (IGP) working group of the Internet
Engineering Task Force (IETF). The working group was formed in 1988 to design an IGP
based on the Shortest Path First (SPF) algorithm for use in the Internet. Similar to the
Interior Gateway Routing Protocol (IGRP), OSPF was created because in the mid-1980s, the
Routing Information Protocol (RIP) was increasingly incapable of serving large,
heterogeneous internetworks. This chapter examines the OSPF routing environment,
underlying routing algorithm, and general protocol components.OSPF was derived from
several research efforts, including Bolt, Beranek, and Newman's (BBN's) SPF algorithm
developed in 1978 for the ARPANET (a landmark packet-switching network developed in
the early 1970s by BBN), Dr. Radia Perlman's research on fault-tolerant broadcasting of
routing information (1988), BBN's work on area routing (1986), and an early version of
OSI's Intermediate System-to-Intermediate System (IS-IS) routing protocol. OSPF has two
primary characteristics. The first is that the protocol is open, which means that its
specification is in the public domain. The OSPF specification is published as Request For
Comments (RFC) 1247. The second principal characteristic is that OSPF is based on the SPF
algorithm, which sometimes is referred to as the Dijkstra algorithm, named for the person
credited with its creation.
OSPF is a link-state routing protocol that calls for the sending of link-state advertisements
(LSAs) to all other routers within the same hierarchical area. Information on attached
interfaces, metrics used, and other variables is included in OSPF LSAs. As OSPF routers
accumulate link-state information, they use the SPF algorithm to calculate the shortest path
to each node.
As a link-state routing protocol, OSPF contrasts with RIP and IGRP, which are distance-
vector routing protocols. Routers running the distance-vector algorithm send all or a
portion of their routing tables in routing-update messages to their neighbors.
Routing Hierarchy
Unlike RIP, OSPF can operate within a hierarchy. The largest entity within the hierarchy is
the autonomous system (AS), which is a collection of networks under a common
administration that share a common routing strategy. OSPF is an intra-AS (interior
Page 75 of 102
Internet ,Intranet and Extranet Technologies
gateway) routing protocol, although it is capable of receiving routes from and sending
routes to other ASs.An AS can be divided into a number of areas, which are groups of
contiguous networks and attached hosts. Routers with multiple interfaces can participate in
multiple areas. These routers, which are called Area Border Routers, maintain separate
topological databases for each area.A topological database is essentially an overall picture
of networks in relationship to routers. The topological database contains the collection of
LSAs received from all routers in the same area. Because routers within the same area share
the same information, they have identical topological databases.
The term domain sometimes is used to describe a portion of the network in which all
routers have identical topological databases. Domain is frequently used interchangeably
with AS.
An area's topology is invisible to entities outside the area. By keeping area topologies
separate, OSPF passes less routing traffic than it would if the AS were not partitioned.
Area partitioning creates two different types of OSPF routing, depending on whether the
source and the destination are in the same or different areas. Intra-area routing occurs
when the source and destination are in the same area; interarea routing occurs when they
are in different areas.An OSPF backbone is responsible for distributing routing information
between areas. It consists of all Area Border Routers, networks not wholly contained in any
area, and their attached routers. Figure 46-1 shows an example of an internetwork with
several areas.In the figure, routers 4, 5, 6, 10, 11, and 12 make up the backbone. If Host H1
in Area 3 wants to send a packet to Host H2 in Area 2, the packet is sent to Router 13,
which forwards the packet to Router 12, which sends the packet to Router 11. Router 11
then forwards the packet along the backbone to Area Border Router 10, which sends the
packet through two intra-area routers (Router 9 and Router 7) to be forwarded to Host
H2.The backbone itself is an OSPF area, so all backbone routers use the same procedures
and algorithms to maintain routing information within the backbone that any area router
would. The backbone topology is invisible to all intra-area routers, as are individual area
topologies to the backbone.
Areas can be defined in such a way that the backbone is not contiguous. In this case, backbone
connectivity must be restored through virtual links. Virtual links are configured between any
backbone routers that share a link to a nonbackbone area and function as if they were direct links.
Page 76 of 102
Internet ,Intranet and Extranet Technologies
Figure 46-1: An OSPF AS Consists of Multiple Areas Linked by Routers
AS border routers running OSPF learn about exterior routes through exterior gateway
protocols (EGPs), such as Exterior Gateway Protocol (EGP) or Border Gateway Protocol
(BGP), or through configuration information. For more information about these protocols,
see Chapter 39, "Border Gateway Protocol."
SPF Algorithm
The Shortest Path First (SPF) routing algorithm is the basis for OSPF operations. When an
SPF router is powered up, it initializes its routing-protocol data structures and then waits
for indications from lower-layer protocols that its interfaces are functional.After a router is
assured that its interfaces are functioning, it uses the OSPF Hello protocol to acquire
neighbors, which are routers with interfaces to a common network. The router sends hello
packets to its neighbors and receives their hello packets. In addition to helping acquire
neighbors, hello packets also act as keepalives to let routers know that other routers are still
functional.On multiaccess networks (networks supporting more than two routers), the
Hello protocol elects a designated router and a backup designated router. Among other
things, the designated router is responsible for generating LSAs for the entire multiaccess
network. Designated routers allow a reduction in network traffic and in the size of the
topological database.
When the link-state databases of two neighboring routers are synchronized, the routers are
said to be adjacent. On multiaccess networks, the designated router determines which
routers should become adjacent. Topological databases are synchronized between pairs of
Page 77 of 102
Internet ,Intranet and Extranet Technologies
adjacent routers. Adjacencies control the distribution of routing-protocol packets, which
are sent and received only on adjacencies.Each router periodically sends an LSA to provide
information on a router's adjacencies or to inform others when a router's state changes. By
comparing established adjacencies to link states, failed routers can be detected quickly, and
the network's topology can be altered appropriately. From the topological database
generated from LSAs, each router calculates a shortest-path tree, with itself as root. The
shortest-path tree, in turn, yields a routing table.
Packet Format
All OSPF packets begin with a 24-byte header, as illustrated in Figure 46-2.
The following descriptions summarize the header fields illustrated in Figure 46-2.
Page 78 of 102
Internet ,Intranet and Extranet Technologies
Additional OSPF Features
Additional OSPF features include equal-cost, multipath routing, and routing based on
upper-layer type-of-service (TOS) requests. TOS-based routing supports those upper-layer
protocols that can specify particular types of service. An application, for example, might
specify that certain data is urgent. If OSPF has high-priority links at its disposal, these can
be used to transport the urgent datagram.
OSPF supports one or more metrics. If only one metric is used, it is considered to be
arbitrary, and TOS is not supported. If more than one metric is used, TOS is optionally
supported through the use of a separate metric (and, therefore, a separate routing table) for
each of the eight combinations created by the three IP TOS bits (the delay, throughput, and
reliability bits). For example, if the IP TOS bits specify low delay, low throughput, and high
reliability, OSPF calculates routes to all destinations based on this TOS designation. IP
subnet masks are included with each advertised destination, enabling variable-length subnet
masks. With variable-length subnet masks, an IP network can be broken into many subnets of
various sizes. This provides network administrators with extra network-configuration flexibility.
Review Questions
Q—When using OSPF, can you have two areas attached to each other where only one AS has an
interface in Area 0?
A—Yes, you can. This describes the use of a virtual path. One area has an interface in Area
0 (legal), and the other AS is brought up and attached off an ABR in Area 1, so we'll call it
Area 2. Area 2 has no interface in Area 0, so it must have a virtual path to Area 0 through
Area 1. When this is in place, Area 2 looks like it is directly connected to Area 0. When Area
1 wants to send packets to Area 2, it must send them to Area 0, which in turn redirects
them back through Area 1 using the virtual path to Area 2.
Q—Area 0 contains five routers (A, B, C, D, and E), and Area 1 contains three routers
(R, S, and T). What routers does Router T know exists? Router S is the ABR.
A—Router T knows about routers R and S only. Likewise, Router S only knows about R
and T, as well as routers to the ABR in Area 0. The AS's separate the areas so that router
updates contain only information needed for that AS.
The rapid growth and expansion of today's networks has pushed RIP to its limits. RIP has
certain limitations that could cause problems in large networks:
Page 79 of 102
Internet ,Intranet and Extranet Technologies
RIP has a limit of 15 hops. A RIP network that spans more than 15 hops (15 routers) is
considered unreachable.
RIP cannot handle Variable Length Subnet Masks (VLSM). Given the shortage of IP
addresses and the flexibility VLSM gives in the efficient assignment of IP addresses, this
is considered a major flaw.
Periodic broadcasts of the full routing table will consume a large amount of bandwidth.
This is a major problem with large networks especially on slow links and WAN clouds.
RIP converges slower than OSPF. In large networks convergence gets to be in the order of
minutes. RIP routers will go through a period of a hold-down and garbage collection and
will slowly time-out information that has not been received recently. This is
inappropriate in large environments and could cause routing inconsistencies.
RIP has no concept of network delays and link costs. Routing decisions are based on hop
counts. The path with the lowest hop count to the destination is always preferred even if
the longer path has a better aggregate link bandwidth and slower delays.
RIP networks are flat networks. There is no concept of areas or boundaries. With the
introduction of classless routing and the intelligent use of aggregation and
summarization, RIP networks seem to have fallen behind.
Some enhancements were introduced in a new version of RIP called RIP2. RIP2 addresses
the issues of VLSM, authentication, and multicast routing updates. RIP2 is not a big
improvement over RIP (now called RIP 1) because it still has the limitations of hop counts
and slow convergence which are essential in todays large networks.
OSPF, on the other hand, addresses most of the issues presented above:
OSPF uses IP multicast to send link-state updates. This ensures less processing on routers
that are not listening to OSPF packets. Also, updates are only sent in case routing changes
occur instead of periodically. This ensures a better use of bandwidth.
OSPF has better convergence than RIP. This is because routing changes are propagated
instantaneously and not periodically.
Page 80 of 102
Internet ,Intranet and Extranet Technologies
OSPF allows for a logical definition of networks where routers can be divided into areas.
This will limit the explosion of link state updates over the whole network. This also
provides a mechanism for aggregating routes and cutting down on the unnecessary
propagation of subnet information.
OSPF allows for the transfer and tagging of external routes injected into an Autonomous
System. This keeps track of external routes injected by exterior protocols such as BGP.
This of course would lead to more complexity in configuring and troubleshooting OSPF
networks. Administrators that are used to the simplicity of RIP will be challenged with the
amount of new information they have to learn in order to keep up with OSPF networks.
Also, this will introduce more overhead in memory allocation and CPU utilization. Some of
the routers running RIP might have to be upgraded in order to handle the overhead caused
by OSPF.
OSPF is a link-state protocol. We could think of a link as being an interface on the router. The
state of the link is a description of that interface and of its relationship to its neighboring
routers. A description of the interface would include, for example, the IP address of the
interface, the mask, the type of network it is connected to, the routers connected to that
network and so on. The collection of all these link-states would form a link-state database.
Introduction
This document introduces Interior Gateway Routing Protocol (IGRP). It has two purposes.
One is to form an introduction to the IGRP technology, for those who are interested in using,
evaluating, and possibly implementing it. The other is to give wider exposure to some
interesting ideas and concepts that are embodied in IGRP. Refer to Configuring IGRP, The
Cisco IGRP Implementation and IGRP Commands for information on how to configure
IGRP.
The IGRP protocol allows a number of gateways to coordinate their routing. Its goals are the
following:
Page 81 of 102
Internet ,Intranet and Extranet Technologies
Stable routing even in very large or complex networks. No routing loops should occur,
even as transients.
Fast response to changes in network topology.
Low overhead. That is, IGRP itself should not use more bandwidth than what is actually
needed for its task.
Splitting traffic among several parallel routes when they are of roughly equal desirability.
Taking into account error rates and level of traffic on different paths.
The current implementation of IGRP handles routing for TCP/IP. However, the basic design
is intended to be able to handle a variety of protocols.
No one tool is going to solve all routing problems. Conventionally the routing problem is
broken into several pieces. Protocols such as IGRP are called "internal gateway protocols"
(IGPs). They are intended for use within a single set of networks, either under a single
management or closely coordinated managements. Such sets of networks are connected by
"external gateway protocols" (EGPs). An IGP is designed to keep track of a good deal of
detail about network topology. Priority in designing an IGP is placed on producing optimal
routes and responding quickly to changes. An EGP is intended to protect one system of
networks against errors or intentional misrepresentation by other systems, BGP is one such
Exterior gateway protocol.. Priority in designing an EGP is on stability and administrative
controls. Often it is sufficient for an EGP to produce a reasonable route, rather than the
optimal route.IGRP has some similarities to older protocols such as Xerox's Routing
Information Protocol, Berkeley's RIP, and Dave Mills' Hello. It differs from these protocols
primarily in being designed for larger and more complex networks. See the Comparison with
RIP section for a more detailed comparison with RIP, which is the most widely used of the
older generation of protocols.
Like these older protocols, IGRP is a distance vector protocol. In such a protocol, gateways
exchange routing information only with adjacent gateways. This routing information
contains a summary of information about the rest of the network. It can be shown
mathematically that all of the gateways taken together are solving an optimization problem
by what amounts to a distributed algorithm. Each gateway only needs to solve part of the
problem, and it only has to receive a portion of the total data.
The major alternative to IGRP is Enhanced IGRP (EIGRP) and a class of algorithms referred
to as SPF (shortest- path first). OSPF uses this concept. To learn more about OSPF refer to
OSPF Design Guide. OSPF These are is based on a flooding technique, where every gateway
is kept up to date about the status of every interface on every other gateway. Each gateway
independently solves the optimization problem from its point of view using data for the
Page 82 of 102
Internet ,Intranet and Extranet Technologies
entire network. There are advantages to each approach. In some circumstances SPF may be
able to respond to changes more quickly. In order to prevent routing loops, IGRP has to
ignore new data for a few minutes after certain kinds of changes. Because SPF has
information directly from each gateway, it is able to avoid these routing loops. Thus it can
act on new information immediately. However, SPF has to deal with substantially more data
than IGRP, both in internal data structures and in messages between gateways.
IGRP is intended for use in gateways connecting several networks. We assume that the
networks use packet-based technology. In effect the gateways act as packet switches. When a
system connected to one network wants to send a packet to a system on a different network,
it addresses the packet to a gateway. If the destination is on one of the networks connected to
the gateway, the gateway will forward the packet to the destination. If the destination is
more distant, the gateway will forward the packet to another gateway that is closer to the
destination. Gateways use routing tables to help them decide what to do with packets. Here
is a simple example routing table. (Addresses used in the examples are IP addresses taken
from Rutgers University. Note that the basic routing problem is similar for other protocols as
well, but this description will assume that IGRP is being used for routing IP.)
Figure 1
(Actual IGRP routing tables have additional information for each gateway, as we will see.)
This gateway is connected to two Ethernets, called 0 and 1. They have been given IP network
numbers (actually subnet numbers) 128.6.4 and 128.6.5. Thus packets addressed for these
specific networks can be sent directly to the destination, simply by using the appropriate
Page 83 of 102
Internet ,Intranet and Extranet Technologies
Ethernet interface. There are two nearby gateways, 128.6.4.1 and 128.6.5.4. Packets for
networks other than 128.6.4 and 128.6.5 will be forwarded to one or the other of those
gateways. The routing table indicates which gateway should be used for which network. For
example, packets addressed to a host on network 10 should be forwarded to gateway
128.6.5.4. One hopes that this gateway is closer to network 10, i.e. that the best path to
network 10 goes through this gateway. The primary purpose of IGRP is allow the gateways
to build and maintain routing tables like this.
Summary of IGRP
As mentioned above, IGRP is a protocol that allows gateways to build up their routing table
by exchanging information with other gateways. A gateway starts out with entries for all of
the networks that are directly connected to it. It gets information about other networks by
exchanging routing updates with adjacent gateways. In the simplest case, the gateway will
find one path that represents the best way to get to each network. A path is characterized by
the next gateway to which packets should be sent, the network interface that should be used,
and metric information. Metric information is a set of numbers that characterize how good
the path is. This allows the gateway to compare paths that it has heard from various
gateways and decide which one to use. There are often cases where it makes sense to split
traffic between two or more paths. IGRP will do this whenever two or more paths are equally
good. The user can also configure it to split traffic when paths are almost equally good. In
this case more traffic will be sent along the path with the better metric. The intent is that
traffic can be split between a 9600 bps line and a 19200 BPS line, and the 19200 line will get
roughly twice as much traffic as the 9600 BPS line.
Topological delay time is the amount of time it would take to get to the destination along
that path, assuming an unloaded network. Of course there is additional delay when the
network is loaded. However, load is accounted for by using the channel occupancy figure,
not by attempting to measure actual delays. The path bandwidth is simply the bandwidth in
bits per second of the slowest link in the path. Channel occupancy indicates how much of
that bandwidth is currently in use. It is measured, and will change with load. Reliability
indicates the current error rate. It is the fraction of packets that arrive at the destination
undamaged. It is measured.Although they are not used as part of the metric, two addition
Page 84 of 102
Internet ,Intranet and Extranet Technologies
pieces of information are passed with it: hop count and MTU. The hop count is simply the
number of gateways that a packet will have to go through to get to the destination. MTU is
the maximum packet size that can be sent along the entire path without fragmentation. (That
is, it is the minimum of the MTUs of all the networks involved in the path.)
Based on the metric information, a single "composite metric" is calculated for the path. The
composite metric combines the effect of the various metric components into a single number
representing the "goodness" of that path. It is the composite metric that is actually used to
decide on the best path.
Periodically each gateway broadcasts its entire routing table (with some censoring because of
the split horizon rule) to all adjacent gateways. When a gateway gets this broadcast from
another gateway, it compares the table with its existing table. Any new destinations and
paths are added to the gateway's routing table. Paths in the broadcast are compared with
existing paths. If a new path is better, it may replace the existing one. Information in the
broadcast is also used to update channel occupancy and other information about existing
paths. This general procedure is similar to that used by all distance vector protocols. It is
referred to in the mathematical literature as the Bellman-Ford algorithm. Refer to RFC 1058
for a detailed development of the basic procedure, which describes RIP, an older distance
vector protocol.In IGRP, the general Bellman-Ford algorithm is modified in three critical
aspects. First, instead of a simple metric, a vector of metrics is used to characterize paths.
Second, instead of picking a single path with the smallest metric, traffic is split among
several paths, whose metrics fall into a specified range. Third, several features are introduced
to provide stability in situations where the topology is changing.
There are two advantages to using a vector of metric information. The first is that it provides
the ability to support multiple types of service from the same set of data. The second
advantage is improved accuracy. When a single metric is used, it is normally treated as if it
were a delay. Each link in the path is added to the total metric. If there is a link with a low
bandwidth, it is normally represented by a large delay. However, bandwidth limitations
Page 85 of 102
Internet ,Intranet and Extranet Technologies
don't really cumulate the way delays do. By treating bandwidth as a separate component, it
can be handled correctly. Similarly, load can be handled by a separate channel occupancy
number.IGRP provides a system for interconnecting computer networks which can stably
handle a general graph topology including loops. The system maintains full path metric
information, i.e., it knows the path parameters to all other networks to which any gateway is
connected. Traffic can be distributed over parallel paths and multiple path parameters can be
simultaneously computed over the entire network.
Getting EIGRP running is not much more difficult than getting IGRP running, as we will see
in the section "Getting EIGRP Running." Even though EIGRP offers radical improvements
over IGRP, there are similarities between the protocols. Like IGRP, EIGRP bases its metric on
bandwidth, delay, reliability, load, and MTU (see the "EIGRP Metric" section).The fast
convergence feature in EIGRP is due to the Diffusing Update Algorithm (DUAL), discussed
in "How EIGRP Works."EIGRP updates carry subnet mask information. This allows EIGRP
to summarize routes on arbitrary bit boundaries, support classless route lookups, and allow
the support of Variable Length Subnet Masks (VLSM). This is discussed in "Variable Length
Subnet Masks" and "Route Summarization."Setting up default routes in EIGRP is discussed
in "Default Routes."Troubleshooting EIGRP can be tricky. This chapter ends with some
troubleshooting tips in "Troubleshooting EIGRP."EIGRP is a Cisco proprietary protocol;
other router vendors do not support EIGRP. Keep this in mind if you are planning a
multivendor router environment.
This chapter focuses on EIGRP's enhancements over IGRP: the use of DUAL; and the use of
subnet masks in updates, which in turn allow VLSM and route summarization at arbitrary
bit boundaries. This chapter does not cover router metrics in detail or the concept of parallel
paths. Those concepts have not changed much in EIGRP. I assume that the reader is familiar
with IGRP.
EIGRP Metric
The EIGRP composite metric is computed exactly as the IGRP metric is and then multiplied
by 256. Thus, the default expression for the EIGRP composite metric is:
Page 86 of 102
Internet ,Intranet and Extranet Technologies
Metric = [BandW +Delay] × 256
where BandW and Delay are computed exactly as for IGRP (see the section "IGRP Metric" in
Chapter 3). In summary, BandW is computed by taking the smallest bandwidth (expressed in
kbits/s) from all outgoing interfaces to the destination (including the destination) and
dividing 10,000,000 by this number (the smallest bandwidth), and Delay is the sum of all the
delay values to the destination network (expressed in tens of microseconds).Further, note
that the total delay (line 6), minimum bandwidth (line 6), reliability (line 7), minimum MTU
(line 7), and load (line 8) for a path, which are used to compute the composite metric (line 5),
are shown as output of the show ip route destination-network-number command:
Converting route metrics between EIGRP and IGRP is very straightforward: EIGRP metrics
are 256 times larger than IGRP metrics. This easy conversion becomes important when a
network is running both IGRP and EIGRP, such as during a migration from IGRP to EIGRP.
Just like IGRP, EIGRP can be made to use load and reliability in its metric by modifying the
parameters k1, k2, k3, k4, and k5 (see the "IGRP Metric" section in the previous chapter).The
constants k1, k2, k3, k4, and k5 can be modified with the following command:
WARNING: Cisco strongly recommends not modifying the k1, k2, k3, k4, and k5 values for
EIGRP.
Unlike traditional DV protocols such as RIP and IGRP, EIGRP does not rely on periodic
updates: routing updates are sent only when there is a change. Remember that RIP and IGRP
reset the invalid and flush timers upon receiving a route update. When a route is lost, the
updates stop; the invalid and flush timers grow and grow (the timers are not reset), and,
ultimately, the route is flushed from the routing table. This process of convergence assumes
Page 87 of 102
Internet ,Intranet and Extranet Technologies
periodic updates. EIGRP's approach has the advantage that network resources are not
consumed by periodic updates. However, if a router dies, taking away all its downstream
routes, how would EIGRP detect the loss of these routes? EIGRP relies on small hello packets
to establish neighbor relationships and to detect the loss of a neighbor. Neighbor
relationships are discussed in detail in the next section. RIP and IGRP suffer from a major
flaw: routing loops. Routing loops happen when information about the loss of a route does not
reach all routers in the network because an update packet gets dropped or corrupted. These
routers (that have not received the information about the loss of the route) inject bad routing
information back into the network by telling their neighbors about the route they know.
EIGRP uses reliable transmission for all updates between neighbors. Neighbors acknowledge
the receipt of updates, and if an acknowledgment is not received, EIGRP retransmits the
update. RIP and IGRP employ a battery of techniques to reduce the likelihood of routing
loops: split horizon, hold-down timers, and poison reverse. These techniques do not
guarantee that loops will not occur and, in any case, result in long convergence times. EIGRP
uses the Diffusing Update Algorithm (DUAL) for all route computations. DUAL's
convergence times are an order of magnitude lower than those of traditional DV algorithms.
DUAL is able to achieve such low convergence times by maintaining a table of loop-free
paths to every destination, in addition to the least-cost path. DUAL is described in more
detail later in this chapter. DUAL can support IP, IPX, and AppleTalk. A protocol-dependent
module encapsulates DUAL messages and handles interactions with the routing table. In
summary, DUAL requires:
1. A method for the discovery of new neighbors and their loss (see the next section,
"Neighbor Relationship").
2. Reliable transmission of update packets between neighbors (see the later section "Reliable
Transport Protocol").
3. Protocol-dependent modules that can encapsulate DUAL traffic in IP, IPX, or AppleTalk.
This text will deal only with EIGRP in IP networks (see the later section "Protocol-
Dependent Module").
Neighbor Relationship
A router discovers a neighbor when it receives its first hello packet on a directly connected
network. The router requests DUAL to send a full route update to the new neighbor. In
response, the neighbor sends its full route update. Thus, a new neighbor relationship is
established in the following steps:
1. When a router A receives a hello packet from a new neighbor B, A sends its topology
table to router B in unicast updates with the initialization bit turned on.
Page 88 of 102
Internet ,Intranet and Extranet Technologies
2. When router B receives a packet with the initialization bit on, it sends its topology table to
router A.
The interval between hello packets from any EIGRP-speaking router on a network is five
seconds (by default) on most media types. Each hello packet advertises hold-time--the length
of time the neighbor should consider the sender up. The default hold-time is 15 seconds. If
no hellos are received for the duration of the hold-time, DUAL is informed that the neighbor
is down. Thus, in addition to detecting a new neighbor, hello packets are also used to detect
the loss of a neighbor. The hello-interval can be changed with the following command in
interface configuration mode:
Lengthening the hello-interval will also lengthen the route convergence time. However, a
longer hello-interval may be desirable on a congested network with many EIGRP routers. If
the hello-interval is changed, the hold-time should also be modified. A rule of thumb is to
keep the hold-time at three times the hello-interval. ip hold-time eigrp autonomous-system-
number seconds
Note that the hello-interval and hold-time need not be the same for all routers on a network.
Each router advertises its own hold-time, which is recorded in the neighbor's neighbor table.
After a neighbor relationship has been established between A and B the only EIGRP
overhead is the exchange of hello packets, unless there is a topological change in the
network.
Page 89 of 102
Internet ,Intranet and Extranet Technologies
Reliable Transport Protocol
The EIGRP transport mechanism uses a mix of multicast and unicast packets, using reliable
delivery when necessary. All transmissions use IP with the protocol type field set to 88. The
IP multicast address used is 224.0.0.10. DUAL requires guaranteed and sequenced delivery
for some transmissions. This is achieved using acknowledgments and sequence numbers. So,
for example, update packets (containing routing table data) are delivered reliably (with
sequence numbers) to all neighbors using multicast. Acknowledgment packets--with the correct
sequence number--are expected from every neighbor. If the correct acknowledgment number
is not received from a neighbor, the update is retransmitted as a unicast. The sequence
number (seq num) in the last packet from the neighbor is recorded to ensure that packets are
received in sequence. The number of packets in the queue that might need retransmission is
shown as a queue count (QCnt), and the smoothed round trip time (SRTT) is used to estimate
how long to wait before retransmitting to the neighbor. The retransmission timeout (RTO) is
the time the router will wait for an acknowledgment before retransmitting the packet in the
queue. Some transmissions do not require reliable delivery. For example, hello packets are
multicast to all neighbors on an Ethernet segment, whereas acknowledgments are unicast.
Neither hellos nor acknowledgments are sent reliably.
EIGRP also uses queries and replies as part of DUAL. Queries are multicast or unicast using
reliable delivery, whereas replies are always reliably unicast. Query and reply packets are
discussed in more detail in the next section.
Enhanced IGRP
The Enhanced Interior Gateway Routing Protocol (EIGRP) represents an evolution from its
predecessor IGRP (refer to Chapter 42, "Interior Gateway Routing Protocol"). This
evolution resulted from changes in networking and the demands of diverse, large-scale
internetworks. Enhanced IGRP integrates the capabilities of link-state protocols into
distance vector protocols. Additionally, EIGRP contains several important protocols that
greatly increase its operational efficiency relative to other routing protocols. One of these
protocols is the Diffusing update algorithm (DUAL) developed at SRI International by Dr. J.J.
Garcia-Luna-Aceves. DUAL enables EIGRP routers to determine whether a path advertised
by a neighbor is looped or loop-free, and allows a router running EIGRP to find alternate
paths without waiting on updates from other routers.Enhanced IGRP provides
compatibility and seamless interoperation with IGRP routers. An automatic-redistribution
mechanism allows IGRP routes to be imported into Enhanced IGRP, and vice versa, so it is
possible to add Enhanced IGRP gradually into an existing IGRP network. Because the
metrics for both protocols are directly translatable, they are as easily comparable as if they
were routes that originated in their own autonomous systems (ASs). In addition, Enhanced
IGRP treats IGRP routes as external routes and provides a way for the network
administrator to customize them.
Page 90 of 102
Internet ,Intranet and Extranet Technologies
This chapter provides an overview of the basic operations and protocol characteristics of
Enhanced IGRP.
Key capabilities that distinguish Enhanced IGRP from other routing protocols include fast
convergence, support for variable-length subnet mask, support for partial updates, and
support for multiple network layer protocols. A router running Enhanced IGRP stores all
its neighbors' routing tables so that it can quickly adapt to alternate routes. If no
appropriate route exists, Enhanced IGRP queries its neighbors to discover an alternate
route. These queries propagate until an alternate route is found.Its support for variable-
length subnet masks permits routes to be automatically summarized on a network number
boundary. In addition, Enhanced IGRP can be configured to summarize on any bit
boundary at any interface.Enhanced IGRP does not make periodic updates. Instead, it
sends partial updates only when the metric for a route changes. Propagation of partial
updates is automatically bounded so that only those routers that need the information are
updated. As a result of these two capabilities, Enhanced IGRP consumes significantly less
bandwidth than IGRP.Enhanced IGRP includes support for AppleTalk, IP, and Novell
NetWare. The AppleTalk implementation redistributes routes learned from the Routing
Table Maintenance Protocol (RTMP). The IP implementation redistributes routes learned
from OSPF, Routing Information Protocol (RIP), Intermediate System-to-Intermediate
System (IS-IS), Exterior Gateway Protocol (EGP), or Border Gateway Protocol (BGP). The
Novell implementation redistributes routes learned from Novell RIP or Service
Advertisement Protocol (SAP).
To provide superior routing performance, Enhanced IGRP employs four key technologies
that combine to differentiate it from other routing technologies: neighbor
discovery/recovery, reliable transport protocol (RTP), DUAL finite-state machine, and
protocol-dependent modules.The neighbor discovery/recovery mechanism enables routers to
dynamically learn about other routers on their directly attached networks. Routers also
must discover when their neighbors become unreachable or inoperative. This process is
achieved with low overhead by periodically sending small hello packets. As long as a
router receives hello packets from a neighboring router, it assumes that the neighbor is
functioning, and the two can exchange routing information.
Page 91 of 102
Internet ,Intranet and Extranet Technologies
Enhanced IGRP sends a single multicast hello packet containing an indicator that informs
the receivers that the packet need not be acknowledged. Other types of packets, such as
updates, indicate in the packet that acknowledgment is required. RTP contains a provision
for sending multicast packets quickly when unacknowledged packets are pending, which
helps ensure that convergence time remains low in the presence of varying speed links.The
DUAL finite-state machine embodies the decision process for all route computations by
tracking all routes advertised by all neighbors. DUAL uses distance information to select
efficient, loop-free paths and selects routes for insertion in a routing table based on feasible
successors. A feasible successor is a neighboring router used for packet forwarding that is a
least-cost path to a destination that is guaranteed not to be part of a routing loop. When a
neighbor changes a metric, or when a topology change occurs, DUAL tests for feasible
successors. If one is found, DUAL uses it to avoid recomputing the route unnecessarily.
When no feasible successors exist but neighbors still advertise the destination, a
recomputation (also known as a diffusing computation) must occur to determine a new
successor. Although recomputation is not processor-intensive, it does affect convergence
time, so it is advantageous to avoid unnecessary recomputations.Protocol-dependent
modules are responsible for network layer protocol-specific requirements. The IP-
Enhanced IGRP module, for example, is responsible for sending and receiving Enhanced
IGRP packets that are encapsulated in IP. Likewise, IP-Enhanced IGRP is also responsible
for parsing Enhanced IGRP packets and informing DUAL of the new information that has
been received. IP-Enhanced IGRP asks DUAL to make routing decisions, the results of
which are stored in the IP routing table. IP-Enhanced IGRP is responsible for redistributing
routes learned by other IP routing protocols.
Routing Concepts
Enhanced IGRP relies on four fundamental concepts: neighbor tables, topology tables,
route states, and route tagging. Each of these is summarized in the discussions that follow.
Neighbor Tables
When a router discovers a new neighbor, it records the neighbor's address and interface as
an entry in the neighbor table. One neighbor table exists for each protocol-dependent
module. When a neighbor sends a hello packet, it advertises a hold time, which is the
amount of time that a router treats a neighbor as reachable and operational. If a hello
packet is not received within the hold time, the hold time expires and DUAL is informed of
the topology change.The neighbor-table entry also includes information required by RTP.
Sequence numbers are employed to match acknowledgments with data packets, and the
last sequence number received from the neighbor is recorded so that out-of-order packets
can be detected. A transmission list is used to queue packets for possible retransmission on
a per-neighbor basis. Round-trip timers are kept in the neighbor-table entry to estimate an
optimal retransmission interval.
Page 92 of 102
Internet ,Intranet and Extranet Technologies
Topology Tables
The topology table contains all destinations advertised by neighboring routers. The protocol-
dependent modules populate the table, and the table is acted on by the DUAL finite-state
machine. Each entry in the topology table includes the destination address and a list of
neighbors that have advertised the destination. For each neighbor, the entry records the
advertised metric, which the neighbor stores in its routing table. An important rule that
distance vector protocols must follow is that if the neighbor advertises this destination, it
must use the route to forward packets.The metric that the router uses to reach the
destination is also associated with the destination. The metric that the router uses in the
routing table, and to advertise to other routers, is the sum of the best-advertised metric
from all neighbors and the link cost to the best neighbor.
Route States
A topology-table entry for a destination can exist in one of two states: active or passive. A
destination is in the passive state when the router is not performing a recomputation; it is in
the active state when the router is performing a recomputation. If feasible successors are
always available, a destination never has to go into the active state, thereby avoiding a
recomputation.A recomputation occurs when a destination has no feasible successors. The
router initiates the recomputation by sending a query packet to each of its neighboring
routers. The neighboring router can send a reply packet, indicating that it has a feasible
successor for the destination, or it can send a query packet, indicating that it is participating
in the recomputation. While a destination is in the active state, a router cannot change the
destination's routing-table information. After the router has received a reply from each
neighboring router, the topology-table entry for the destination returns to the passive state,
and the router can select a successor.
Route Tagging
Enhanced IGRP supports internal and external routes. Internal routes originate within
an Enhanced IGRP AS. Therefore, a directly attached network that is configured to run
Enhanced IGRP is considered an internal route and is propagated with this information
throughout the Enhanced IGRP AS. External routes are learned by another routing protocol
or reside in the routing table as static routes. These routes are tagged individually with the
identity of their origin.External routes are tagged with the following information:
Page 93 of 102
Internet ,Intranet and Extranet Technologies
Bit flags for default routing
Route tagging allows the network administrator to customize routing and maintain flexible
policy controls. Route tagging is particularly useful in transit ASs, where Enhanced IGRP
typically interacts with an interdomain routing protocol that implements more global
policies, resulting in a very scalable, policy-based routing.
Enhanced IGRP uses the following packet types: hello and acknowledgment, update, and
query and reply.Hello packets are multicast for neighbor discovery/recovery and do not
require acknowledgment. An acknowledgment packet is a hello packet that has no data.
Acknowledgment packets contain a nonzero acknowledgment number and always are
sent by using a unicast address.Update packets are used to convey reachability of
destinations. When a new neighbor is discovered, unicast update packets are sent so that
the neighbor can build up its topology table. In other cases, such as a link-cost change,
updates are multicast. Updates always are transmitted reliably.
Query and reply packets are sent when a destination has no feasible successors. Query
packets are always multicast. Reply packets are sent in response to query packets to
instruct the originator not to recompute the route because feasible successors exist. Reply
packets are unicast to the originator of the query. Both query and reply packets are
transmitted reliably.
Summary
Cisco Systems's EIGRP is one of the most feature-rich and robust routing protocols to ever
be developed. Its unique combination of features blends the best attributes of distance
vector protocols with the best attributes of link-state protocols. The result is a hybrid
routing protocol that defies easy categorization with conventional protocols.EIGRP is also
remarkably easy to configure and use, as well as remarkably efficient and secure in
operation. It can be used in conjunction with IPv4, AppleTalk, and IPX. More importantly,
its modular architecture will readily enable Cisco to add support for other routed protocols
that may be developed in the future.
Review Questions
A—Unlike most other distance vector routing protocols, EIGRP does not mandate a
periodic update of routing tables between neighboring routers. Instead, it employs a
neighbor discovery/recovery mechanism to ensure that neighbors remain aware of each
other's accessibility. As long as a router receives periodic hello packets from its neighbors,
it can assume that those neighbors remain functional. More importantly, it can assume that
all of its routes that rely upon passage through those neighbors remain usable. Thus,
EIGRP is much more efficient than conventional distance vector routing protocols because
it imposes much less overhead on routers and transmission facilities during normal
operation.
A—EIGRP supports both internal and external routes. Routes that are internal to an AS are
completely contained within that AS. External routes are those that are learned from
neighbors that lie outside the AS. External routes are tagged with information that
identifies their origin. This enables a network administrator to develop customized
interdomain routing policies.
Introduction
Page 95 of 102
Internet ,Intranet and Extranet Technologies
External BGP (EBGP). If a service provider is using BGP to exchange routes within an AS,
then the protocol is referred to as Interior BGP (IBGP). Figure 39-1 illustrates this
distinction.
BGP is a very robust and scalable routing protocol, as evidenced by the fact that BGP is the
routing protocol employed on the Internet. At the time of this writing, the Internet BGP
routing tables number more than 90,000 routes. To achieve scalability at this level, BGP
uses many route parameters, called attributes, to define routing policies and maintain a
stable routing environment. In addition to BGP attributes, classless interdomain routing
(CIDR) is used by BGP to reduce the size of the Internet routing tables. For example,
assume that an ISP owns the IP address block 195.10.x.x from the traditional Class C
address space. This block consists of 256 Class C address blocks, 195.10.0.x through
195.10.255.x. Assume that the ISP assigns a Class C block to each of its customers. Without
CIDR, the ISP would advertise 256 Class C address blocks to its BGP peers. With CIDR,
BGP can supernet the address space and advertise one block, 195.10.x.x. This block is the
same size as a traditional Class B address block. The class distinctions are rendered
obsolete by CIDR, allowing a significant reduction in the BGP routing tables.
BGP neighbors exchange full routing information when the TCP connection between
neighbors is first established. When changes to the routing table are detected, the BGP
routers send to their neighbors only those routes that have changed. BGP routers do not
send periodic routing updates, and BGP routing updates advertise only the optimal path to
a destination network.
BGP Attributes
Routes learned via BGP have associated properties that are used to determine the best
route to a destination when multiple paths exist to a particular destination. These
properties are referred to as BGP attributes, and an understanding of how BGP attributes
Page 96 of 102
Internet ,Intranet and Extranet Technologies
influence route selection is required for the design of robust networks. This section
describes the attributes that BGP uses in the route selection process:
Weight
Local preference
Multi-exit discriminator
Origin
AS_path
Next hop
Community
Weight Attribute
Weight is a Cisco-defined attribute that is local to a router. The weight attribute is not advertised to
neighboring routers. If the router learns about more than one route to the same destination, the route with the
highest weight will be preferred. In Figure 39-2, Router A is receiving an advertisement for network
172.16.1.0 from routers B and C. When Router A receives the advertisement from Router B, the associated
weight is set to 50. When Router A receives the advertisement from Router C, the associated weight is set to
100. Both paths for network 172.16.1.0 will be in the BGP routing table, with their respective weights. The
route with the highest weight will be installed in the IP routing table.
Figure 39-2 BGP Weight Attribute
Page 97 of 102
Internet ,Intranet and Extranet Technologies
Origin Attribute
The origin attribute indicates how BGP learned about a particular route. The origin attribute
can have one of three possible values:
IGP—The route is interior to the originating AS. This value is set when the network
router configuration command is used to inject the route into BGP.
EGP—The route is learned via the Exterior Border Gateway Protocol (EBGP).
Incomplete—The origin of the route is unknown or learned in some other way. An
origin of incomplete occurs when a route is redistributed into BGP.
The origin attribute is used for route selection and will be covered in the next section.
Page 98 of 102
Internet ,Intranet and Extranet Technologies
AS_path Attribute
When a route advertisement passes through an autonomous system, the AS number is
added to an ordered list of AS numbers that the route advertisement has traversed. Figure
39-5 shows the situation in which a route is passing through three autonomous systems.
AS1 originates the route to 172.16.1.0 and advertises this route to AS 2 and AS 3, with the
AS_path attribute equal to {1}. AS 3 will advertise back to AS 1 with AS-path attribute {3,1},
and AS 2 will advertise back to AS 1 with AS-path attribute {2,1}. AS 1 will reject these
routes when its own AS number is detected in the route advertisement. This is the
mechanism that BGP uses to detect routing loops. AS 2 and AS 3 propagate the route to
each other with their AS numbers added to the AS_path attribute. These routes will not be
installed in the IP routing table because AS 2 and AS 3 are learning a route to 172.16.1.0
from AS 1 with a shorter AS_path list.
Next-Hop Attribute
The EBGP next-hop attribute is the IP address that is used to reach the advertising router. For EBGP
peers, the next-hop address is the IP address of the connection between the peers. For IBGP, the
EBGP next-hop address is carried into the local AS, as illustrated in
Figure 39-6.
Figure 39-5 BGP AS-path Attribute
Page 99 of 102
Internet ,Intranet and Extranet Technologies
Figure 39-6 BGP Next-Hop Attribute
Router C advertises network 172.16.1.0 with a next hop of 10.1.1.1. When Router A
propagates this route within its own AS, the EBGP next-hop information is preserved. If
Router B does not have routing information regarding the next hop, the route will be
discarded. Therefore, it is important to have an IGP running in the AS to propagate next-
hop routing information.
Community Attribute
The community attribute provides a way of grouping destinations, called communities, to
which routing decisions (such as acceptance, preference, and redistribution) can be applied.
Route maps are used to set the community attribute. Predefined community attributes are
listed here:
no-export—Do not advertise this route to EBGP peers.
no-advertise—Do not advertise this route to any peer.
internet—Advertise this route to the Internet community; all routers in the network
belong to it.
Figure 39-7 illustrates the no-export community. AS 1 advertises 172.16.1.0 to AS 2 with the community
attribute no-export. AS 2 will propagate the route throughout AS 2 but will not send this route to AS 3 or any
other external AS. Figure 39-7 BGP no-export Community Attribute
Figure 39-9 demonstrates the internet community attribute. There are no limitations to the
scope of the route advertisement from AS 1.
BGP could possibly receive multiple advertisements for the same route from multiple
sources. BGP selects only one path as the best path. When the path is selected, BGP puts the
selected path in the IP routing table and propagates the path to its neighbors. BGP uses the
following criteria, in the order presented, to select a path for a destination:
If the path specifies a next hop that is inaccessible, drop the update.
Prefer the path with the largest weight.
If the weights are the same, prefer the path with the largest local preference.
If the local preferences are the same, prefer the path that was originated by BGP
running on this router.
If no route was originated, prefer the route that has the shortest AS_path.
Review Questions
Q—Can IBGP be used in place of an IGP (RIP, IGRP, EIGRP, OSPF, or ISIS)?
A—Yes and no. Remember that the next-hop information from EBGP is carried into IBGP.
If IBGP does not have a route to reach the next hop, then the route will be discarded.
Typically an IGP needs to be used to exchange routes to the next hop, but this can be
achieved by using static routes on all the routers running IBGP. So, the answer is yes if you
want to use and maintain static routes. Otherwise, the answer is no.
Q—Assume that a BGP router is learning the same route from two different EBGP peers. The
AS_path information from peer 1 is {2345,86,51}, and the AS_path information from peer 2 is
{2346,51}. What BGP attributes could be adjusted to force the router to prefer the route advertised
by peer 1?
A—Weight and local preference. Both have a higher preference than AS_path length.
Q—Can BGP be used only by Internet service providers?
A—No. BGP can be used to scale large enterprise networks. A large network can be
divided into segments, with each segment running an IGP. Routing information between
segments could then be exchanged using BGP.
Q—If a directly connected interface is redistributed into BGP, what value will the origin attribute
have for this route?
A—Any redistributed route will have an origin of incomplete.
================================================