Networking Basics

Internet ,Intranet and Extranet Technologies
LAN Technologies
NETWORKING
TYPESPHYSICAL TOPOLOGIES CABLING LOGICAL TOPOLOGIESNETWORK PROTOCOLSNETWORK HARDWARE
LAN Linear Classification Ethernet OSI model Hubs, Switches
MAN Star Coaxial Token Ring TCP/IP Repeaters, Bridges
WAN Ring Twisted Pair FDDI IPX Routers, Brouters
CAN Tree Fiber Optic ATM NetBIOS/NetBEUI Gateway
TAN Mesh
Lan Wiring, Hardware, and Installation: An Online Course in Networking
DDEFINITIONS: A NETWORK consists of two or more computers that are linked in order to
share resources (such as printers and CD-ROMs), exchange files, or allow electronic
communications. The computers on a network may be linked through cables, telephone lines,
radio waves, satellites, or infrared light beams.
When any one of these computers are connected to a LAN they are referred to as a
WORKSTATION. All computing devices on a network; workstations, printers, etc., are referred
to as NODES.
When connecting a workstation, the interface hardware is referred to as an ADAPTER.
Networking adapters are also commonly referred to as NETWORK INTERFACE CARDS or NICS.
Page 1 of 102
Most NIC's break the information into FRAMES or PACKETS of information.

The LAN connection for a printer, however, is referred to as a PRINT SERVER and not a
NIC.
The SERVER is the computer whose resources are shared with other computers.
SEGMENTS are trunks of cabling connecting devices to a routing device.
A BACKBONE is the foundation of the LAN/WAN where the servers are linked together in
a common series of concentration devices.
A network where a server acts as a dedicated server and supplies information to
workstations is called a CLIENT/SERVER network.
A PEER-TO-PEER network is a network where all computers act as both servers and
clients and data files can be shared. This network has no one dedicated server.
A basic network is made up of primary components.
A hub (which acts as the traffic cop on your small information highway. The hub acts as
a switch to route information from one terminal to another through the use of cables.
an interface card (hardware in each computer that connects to the hub)
a server (the central storage computer for information).
special cabling
computers, printers, scanners, etc.
Page 2 of 102
TYPES OF NETWORKS: The three basic types of networks include:
Local Area Network (LAN): A Local Area Network (LAN) is a network that is confined
to a relatively small area. It is generally limited to a geographic area such as a writing lab, school,
or building. Rarely are LAN computers more than a mile apart.
Metropolitan Area Network (MAN): A Metropolitan Area Network (MAN) covers larger
geographic areas, such as cities or school districts. By interconnecting smaller networks within a
large geographic area, information is easily disseminated throughout the network. Local libraries
and government agencies often use a MAN to connect to citizens and private industries.
Wide Area Network (WAN): Wide Area Networks (WANs) connect larger geographic
areas, such as Florida, the United States, or the world. Dedicated transoceanic cabling or satellite
uplinks may be used to connect this type of network.
CAN: Campus Network
TAN: Tine Area Networks are 2 - 3 computers networked at home or in a small business.
NETWORK TOPOLOGIES
There are two types of topology: physical and logical.
The physical topology of a network refers to the configuration of cables, computers,

and other peripherals.
Logical topology is the method used to pass the information between workstations as
can be seen in protocols.
PHYSICAL TOPOLOGIES
1. LINEAR BUS
A linear bus topology or 10BASE2 bus topology consists of a main run of cable with a
terminator at each end. All nodes (file server, workstations, and peripherals) are connected to the
linear cable. ETHERNET AND LOCALTALK networks use a linear bus topology. Networking is
simple. The network may have or hub or not.
Page 3 of 102
DISADVANTAGES
Entire network shuts down if there is a break in the main cable.
Terminators are required at both ends of the backbone cable.

Difficult to identify the problem if the entire network shuts down.
Not meant to be used as a stand-alone solution in a large building.
2. STAR TOPOLOGY
A star topology is designed with each node (file server, workstations, and peripherals) connected
directly to a central network hub or concentrator. A concentrator is a device that provides a
central connection point for cables from workstations, servers, and peripherals. Most
concentrators contain the ability to amplify the electrical signal they receive.
Page 4 of 102
DISADANTAGES
Requires more cable length than a linear topology. If the hub or concentrator fails, nodes
attached are disabled.
More expensive than linear bus topologies because of the cost of the concentrators.
This configuration is common with twisted pair cable; however, it can also be used with coaxial
cable or fiber optic cable. A simple star topology is also used for 10BASE-T ETHERNET
networks.
3. STAR-WIRED RING (TOKEN RING)

A STAR-WIRED RING topology may appear (externally) to be the same as a star topology.
Instead of having a concentrator at the center of the ring network, there is a device called a MAU
(MULTISTATION ACCESS UNIT). Internally, the MAU of a star-wired ring contains wiring that
allows information to pass from one device to another in a circle or ring. The MAU does the same
Page 5 of 102
thing a hub does, but it works with TOKEN RING networks instead of Ethernet.
An illustration of a token ring's token passing
Page 6 of 102
A Token ring using Unshielded twisted pair in star or modified star transfers at 4 Mbps.
A Token Ring configuration using shielded twisted pair in star or modified star configuration
transfers at 4 or 16 Mbps. A local Ring Hub allows four-node connections on one MAU port cable.
64 - 72 (max.) nodes are recommended per ring for optimal performance. A double ring may
have a maximum of 12 MAU's, each which can support 8 nodes. THe maximum distance between
MAU and workstation is 45 m.; MAU to MAU is 120 m.
In difference, FDDI (FIBER DISTRIBUTED DATA INTERFACE), pronounced fid-ee, also uses
A COMPLEX token ring topology. FDII networks run on optical fiber cables instead of copper
cabling. It's similar to Token Ring but can be connected to 2 MAUS so if one fails, the other can
work. The FDDI has an added alternate ring. If a break occurs in either ring, it automatically
reroutes the data transmission to the alternate ring. This ring supports speeds up to 100 Mbps.
Has become the defacto high speed backbone. Maximum stations are 1000. THe distance
limitation is 2 miles.
4. TREE TOPOLOGY
A tree topology combines characteristics of linear bus and star topologies. It consists of groups of
star-configured workstations connected to a linear bus backbone cable. Tree topologies allow for
the expansion of an existing network, and enable schools to configure a network to meet their
needs.
DISADVANTAGES
Overall length of each segment is limited by the type of cabling used.

If the backbone line breaks, the entire segment goes down.
More difficult to configure and wire than other topologies.
5-4-3 RULE: A consideration in setting up a tree topology using Ethernet protocol is the 5-4-3
RULE. One aspect of the Ethernet protocol requires that a signal sent out on the network cable
reach every part of the network within a specified length of time. Each concentrator or repeater
that a signal goes through adds a small amount of time.
This leads to the rule that between any two nodes on the network there can only be a
Page 7 of 102
maximum of 5 segments
connected through 4 repeaters/concentrators.
In addition, only 3 of the segments may be populated (trunk) segments if they are
made of coaxial cable. A populated segment is one which has one or more nodes attached to it.
This rule does not apply to other network protocols or Ethernet networks where all fiber optic
cabling is used.
2. MESH TOPOLOGY
In a mesh topology, each device on the network is networked (cabled) to eachother.

ADVANTAGES: Mesh topologies are installed where FAULT TOLERANCE is important. A single
cable failure would not stop network communications between any two computers. The mesh
topology is highly fault tolerant. DISADVANTAGES: More expensive and difficult to install.
Requires more cabling since each device is cabled to eachother.
CABLING
XBaseX classification: 10BaseT, 100BaseT and 10Base2 are networking standards and there
are others.
The first number is an indication of the transmission speeds involved. It is listed in

Page 8 of 102
Mbps (Mega Bits Per Second).
The second portion designates Baseband or Broadband, how the data is sent across
the cabling. In Baseband one signal takes up the entire bandwith of the cable. This data is
digital.
With Broadband, the total bandwith of the cabling is divided and there will be many signals
traveling through the cabling at a time. Broadband is analog. Broadband signals can travel father
then Baseband.
The last portion is an indication of wire type and the approximate distances involved
or the type of cabling.
TYPES OF CABLE
There are three types of network wiring.
Coaxial
Twisted-Pair
Page 9 of 102
Fiber
Each type of cabling has different requirements if it is to meet network standards.
IEEE 802.X SPECIFICATIONS
THE INSTITUTE OF ELECTRICAL AND ELECTRONIC

ENGINEERING (IEEE) published the 802 specifications. This
designed standards for the physical components of a network.
802.1 Internetworking
802.2 Logical Link Control (LLC)
802.3 CSMA/CD LANs (Ethernet)
802.4 Token Bus LAN
802.5 Token Ring LAN
802.6 MAN
802.7 Broadband Technical Advisory Groups
802.8 Fiber Optic Technical Advisory Group
802.9 Integrated Voice and Data Networks
802.10 Network Security
802.11 Wireless Network, etc.
The 802 standards break the Data Link Layer further:
LOGICAL LINK CONTROL (LLC) - For error

correction and control.
MEDIA ACCESS CONTROL (MAC) - gives physical

addresses to device. Like the TO: and FRO: of an envelope.
1. COAXIAL CABLE
Following the IEEE 802.3 Standard, coaxial cable is used for 10BASE2 (thin-net, CheaperNet)
and 10BASE5 (thick-net) networking. No concentrator is needed. 10BASE2 is not the most
reliable cabling. 10BASE2 and 10BASE5 are used in a LINEAR BUS topology.
Page 10 of 102
With Ethernet 10Base2
255 devices cab be connected

maximum length of a segment is 185 meters
is usually standard industry RG-58 cable
has a solid copper center conductor
braided outer conductor
50 ohm cable
requires termination at both ends of segment using 50 ohm terminator.
Each computer connects to the computer with a T-Connector (BNC - British Naval
Connector).
Page 11 of 102
With Ethernet 10Base5
is usually standard industry RG-8 or RG-11 cable

maximum length of a segment is 500 meters
50 ohm cable
Page 12 of 102
requires termination at both ends of segment using 50 ohm terminator.
10Base5 wire is connected not by BNC connectors but by AUI connectors. AUI connectors are
a DB15 connector, that is, a D-shaped plug with 15 pins. These look just like RS-232 modem
connectors, only about half as broad. These are common on equipment such as routers.
AUI Connector
10Base5 cable may also be connected by a vampire connector with clamps holding the cable in place. A
vampire tap is a connection to a coaxial cable in which a hole is drilled through the outer shield of the cable so
that a clamp can be connected to the inner conductor of the cable. This cable connection is made with a unit
Page 13 of 102
that clamps onto and "bites" into the cable, hence the vampire name.
Vampire Connectors
Stripping & Terminating Coaxial Cable: Illustrated Tutorial.
2. TWISTED PAIR CABLING (STP and UTP)
Coaxial and SHIELDED TWISTED PAIR (STP) have a copper braid of foil that offers good
resistance to electrical noise, but the extra foil creates a larger, thicker cable, making it difficult
to pull the cable through conduit and walls during installation. UNSHIELDED TWISTED PAIR
(UTP) does not contain this aluminum shielding and is thinner and therefore easier to install. It
offers less resistance to electrical noise.
STP is used in Token Ring, ARCnet and Appletalk networks. UTP is used in Star Topologies.
Unshielded Twisted Pair(UTP) is the next step up from Coaxial. TP cabling is a cable made up of
four pairs of insulated copper wires. UTP are 8 copper conductor, four pair wires.
Page 14 of 102
RJ45 connectors are fitted on each end of the cable. They resemble a normal telephone plug
(RJ11) with the exception of eight pins rather than four. The RJ45 cable connects to a
NETWORK PATCH PANEL which is connected to the hub. The RJ45 is an 8 wire (4 pair) media
connector.
DIRECTIONS: If at this point you have not made any patch cables, proceed to the crimpers, UTP cable, RJ45's and
follow the directions "On Putting Together Patch Cables".
EAI/TIA 568 COMMERCIAL BUILDING WIRING STANDARD for Unshielded

TP(UTP):
UTP comes in levels of Category 1 - 5. The Electronics Industries

Association and the Telecommunication Industries Association
(EIA/TIA) created this standard for Unshield Twisted Pair cabling.
The higher category cables contain more wire paths and
higher number of twists to prevent EMI.
Category 1: not rated for performance

Category 2: used for telephone wiring - sasta rate of 1
magabit per second.
Category 3: lowest level that can be used for
networking. Used for ETHERNET 10BASE-T. Data rate of 16
megabits per second.Used for data up to 10 Mps
Category 4: used for Token Ring and 10BASE-T.
Maximum dat rate is 20 megabits per second.
Category 5: used for Ethernet 10BASE-T. Maximum

date rate of 155 megabits per second. Used for voice/or data.
Page 15 of 102
UTP (Unshieded Twisted Pair) is most commonly used in Category Three (CAT3) or Category
Five (CAT5). The difference between the ratings is the number of twists per inch. Higher is
better. CAT5 is probably the most commonly seen and used. It is inexpensive, reliable, easy to
maintain and expand.
COATING ON CABLES: Cable through the ceilings must be plenum-rated and riser-rated
and capable of withstanding environmental and fire conditions(riser) without giving off toxic
gases(plenum) when it burns. PVC rated is the least expensive but highly flammable.
Stripping and Terminating a Cat5 Cable: Illustrated Tutorial.
3. FIBER OPTIC CABLE
Standard IEEE 802.8. Rather than using electrical impulses over wire, optical fiber transmits
data using pulses of light. It is expensive to install and maintain. The average network
administrator lacks the expertise to terminate each end. Fiber can carry data as high as 622
megabits per second. Fiber is not affected by EMI like copper cable and does build up a
magnetic field to allow crosstalk. It is very light-weight compared to copper-based cable.
LOGICAL TOPOLOGIES
A protocol is a set of rules that governs the communications between computers on a network. These rules include
guidelines that regulate the following characteristics of a network: access method, allowed
physical topologies, types of cabling, and speed of data transfer. Logical topologies instruct
the hardware how to packet and transmit data across a physical topology.
1. ETHERNET
The Ethernet protocol is by far the most widely used. The Ethernet protocol allows for linear
Page 16 of 102
bus, star, or tree topologies. Data can be transmitted over twisted pair, coaxial, or fiber optic
cable at speeds of 10 Mbps.
The foundations of Ethernet is CSMA/CD (Carrier Sense Multiple Access/Collision

Detection). In an Ethernet network, all computers share a single network segment, called a
collision domain. When 2 computers transmit data along the segment simutaneoulsy, collision
occurs. Each computer then can transmit data only when no other computer is transmitting.
Ethernet uses CSMA/CD described in the IEEE standard 802.3.

MAX Devices
Devices/ Max Max Length of
Cabling Distance/ Topology Attached Termination Grounded
Segment IRLs Cable
Segment To:
2.5km (1.5 miles)
Standard maximum lngth of

1640 ft.
Thick trunk 500 m. Backbone 50-ohm
(500 m) 100 Workstations
Ethernet Bus 2 by use of resistor To earth
10 Mbps per trunk
(10Base5) entire network trunk transceivers (both ends)
Speed
COAXIAL maximum 2500 m.
5-4-3 RULE
925m
(3035 ft.)
Thin
607 ft. 1024 workstations NICs with
Ethernet 30 Workstations per 50-ohm resistor
(185 m) Bus 2 per network built-in BNC To earth
(10Base2) trunk (both ends)
10 Mbps transceivers
COAXIAL
minimum cable
length between
workstations 20"
Shielded
328 ft. Central hub
(STP) None
(100 m) Token Ring 3 500m managed or
10Base-T needed
16 - 155 Mbps unmanaged
TWISTED
PAIR
1023 workstations
without bridging
5-4-3 RULE
Unshielded 328 ft.
Central hub
(UTP) (100 m) Workstations only None
Star 3 500m managed or
10Base-T 10 Mbps 328 ft. from needed
unmanaged
TWISTED Speed concentrator
PAIR
minimum cable
legnth between
stations 8 ft.
1023 workstations
without bridging
5-4-3 RULE
Unshielded 328 ft.
Central hub
(UTP) (100 m) Workstations only None
Star 3 500m managed or
100Base-T 100 Mbps 328 ft. from needed
unmanaged
TWISTED Speed concentrator
PAIR
minimum cable
legnth between
stations 8 ft.
10Base-FL 1.2 miles 2 Star 2 4km Fiberoptic None

FIBER (2 km)(w/5 hub or needed
OPTIC segments repeater
max. is 500m)
100 Mbps - 2
Page 17 of 102
Gbps
The Ethernet standard has grown to include faster networks.
Cable Type Data Transfer Speed Maximum Distance
100BASE-T (fast Ethernet) 100 megabits per second 20 m.

100BASE-FX (Fast Ethernet on optical
none
fibers)
100BASE-T4 20 m.
Chart Taken from Data Comm Warehouse

Technical Reference Guide
Page 18 of 102
2. TOKEN RING
Uses IEEE Standard 802.5, Token Ring is very different from Ethernet. In token ring a single packet is passed around the network.
Every computer waits its turn. There are no collisons. Token Ring has the same bandwidth as Ethernet. Too many computers result in
network slowness. FDDI is a faster Token Ring configuration (as described above).
3. ATM (Asynchronous Transfer Mode

Following IEEE Standard 802.9, ATM is one of the newer topologies. It can carry voice and data over network wire or fiber. ATM
transmits packets as 53-byte cells that have a variety of identifiers to detmine such things as Quality of Service or wich packet is to be
routed first. Packets are sent their need for bandwidth. For example, email would have a low priority and voice and video a higher priority
and be sent first. ATM runs 25 - 622 megabits per second. It is also expensive.
NETWORK PROTOCOLS
On top of the Logical Topologies are protocols. Protocols handle the translation of data from applications to the logical topology.
THe OSI model explain how a network should work. The lower the level the less abstract and more concrete the layer is. Each layer
communicates only with the layer above or below it while moving data.
OSI MODEL (Open Systems Interconnect)

The seven-layer OSI (Open systems Interconnection) model, created by the ISO (International
Standards Organization), defines internetworking environments. It provides a description of how
software and hardware interact to permit communication between computers. An interface separates
each layer from those above and below it; each layer provides services to the layer directly above it.
This handy mnemonic will help you keep the layers in proper order:
7. All Application
6. People Presentation
5. Seem Session
4. To Transport
3. Need Network
2. Data Data Link
1. Processing Physical
Page 19 of 102
LAYER FUNCTION PROTOCOLS HARDWARE
Application Allows application processes to FTP, SNMP, Gateway

Layer access network services. Manages SMPT NCP
(Rx. the communication between
dashboard of applications. Flow control and error
your car. The recovery is handled here.
different
gauges make
you aware of
the
information
that you need
to know in
order to
maintain
speed limits
and optimal
performance
for your
vehicle.
Presentation FORMAT - Functions as the NCP Gateway

Layer network’s translator – handles
(RX. the protocol conversion, data translation
universal and encryption, and data
signs both on compression. The redirector
the highway operates here.
and inside
your vehicle.)
Session Layer TRAFFIC COP. Provides None Gateway

(Rx. the synchronization between computers;
designated allows applications on two
traffic lanes computers to establish a session.
Transport RESPONSIBLE FOR THE Uses protocols Gateway

Layer ACCURACY OF THE DATA TCP,
(Rx Speed TRANSMISSION. Ensures reliable SPX(Sequenced
recognition delivery of packets. Repackages Packet
devices on a messages, dividing them into smaller Exchange) from
highway) packets. IPX/SPX stack,
and NWLink
(Microsoft's
implementation
of IPX/SPX),
NetBEUI
SPX and TCP
packets are
connection
Page 20 of 102
Page 21 of 102
Page 22 of 102
Page 23 of 102
Class C Addresses: 192.0.0.X - 223.255.255.X
The first three octets identify the network, and the last octet is the node.
CLASS C
DEFAULT SUBNET MASK = 255.255.255.0
11111111.1111111111111111100000000
Network Network Network Network

PORT NUMBERS: TCP/IP has its own protocols. Different TCP/IP Internet protocols use
different port numbers to connect to web servers.
HTTP uses default port 80 or 8080
FTP (File Transfer Protocol) uses default port 21
TELNET (text communication) uses default port 23
SMNP uses default port 161
SMTP (Simple Mail Transfer protocol) uses default port 25
DOMAIN NAME: Your IP address not only comes in numbers but has a Domain Name. It is
easier to remember a name than a number.
The DNS breaks addresses into groups and gives each level the responsibility for the levels under
them. Each level is called a domain. A period separates each domain name from the next one. The
right most portion of the address identifies the top level domain name which references the
organization type. The following table lists commonly used domain names:
.com = Commercial organizations

.edu = Educational organizations
.gov = Government (non-military)
.mil = Military organizations
.org = Non-profit association
.net = Network resources
Two services that the TCP/IP protocol uses to resolve domain name to IP adresses are
HOST FILE : a test file that is kept on the local machine and contains a list
of other hosts and IP numbers. The domain name resolver goes to this text field first.
Page 24 of 102
DNS Server: Every company has a DNS server that workstations may
consult for a name to IP address resolution. THE DNS server contains FQDN (Fully Qualified
Domain Names) to IP address matches. This database contains entries for every host within the
organization. Only one DNS server will keep the master database.
LMHosts - WINS: A LMHost file resolves a NetBIOS name to an IP
address. The file must be installed and kept up to date on each machine. The WINS server is a
database that keeps track of IP addresses and NetBIOS names. The WINS server is dynamic in its
configuration and updates.
TROUBLESHOOTING TCP/IP UTILITIES:
PING: The ping command is used to test connectivity to a host. It is a loop-
back address. You can also Ping an address on the other side of your router to test the default
gateway.
To check if you have a path to an Internet host, enter the Ping command and the host's IP address at
the command line, as in the following example:
PING 204.32.23.67
NOTE: You can also use Ping with the DNS name of the host, such as www.wavetech.com.
TRACERT:This utility allows you to find the route used between you and the
remote computer host. For example, say that you are having trouble reaching a host named
www.yahoo.com. Type the following command at the command prompt:
TRACERT WWW.yahoo.com
and press enter.
WINIPCFG/IPCONFIG: A good utility to use to check the TCP/IP

configuration on a Windows 95 workstation is WINIPCFG. You can quickly determine a computer's IP
address, subnet mask, and default gateway using this utility. Windows NT has a command line utility,
IPCONFIG that presents similar data about the IP configuration on an NT platform.
Page 25 of 102
2. IPX Network Protocol
IPX stands for Internet Packet Exchange. It is a Novell NetWare designed transport protocol. Novell
Netware is an operating system made of FAT and DET(Directory Entry Table). Performs addressing
and routing functions. Resides in the NETWORK layer. Requires some configuration. Requires the
administrator to uniquely assign a network or cable segment address.
3. NetBIOS/NetBEUI Network Protocol
Stands for Network Bios Input Output Sustem and Network Advanced User Interface. Microsoft
designed this protocol for fast packet delivery in a small network without much configuration. It is not
routable, but operates on the NETWORK and TRANSPORT layers of the OSI model.
NETWORK HARDWARE
More than any feature, network hardware may determine the speed,
quality and performance of a network.
Hubs
A hub is a central connecting device that joins computers in a

star configuration. Hubs may be passive or active. A passive hub
merely connects computers to the network and does not process data in
any way. Active hubs, sometimes called repeaters, regenerate the data
in order to maintain signal strength. Some hubs have intelligence and
can perform additional duties such as bridging, routing and switching.
Hub
Page 26 of 102
Stackable Hub
Modular Hub
SWITCHES
Fast Ethernet switches allow dedicated, high-speed connections at

either 10BASE-T or 100BASE-TX. They are ideal for connecting servers
or multiple hubs in small businesses that want the highest network
performance possible to exchange large data files and images, and
access real-time information. A switch does this by providing dedicated
bandwidth to every device—server, PC, or hub—connected to one of its
ports. They are intelligent in that they give priority to large
bandwidth data.
Repeater
Page 27 of 102
A repeater is the simplest and least expensive of the three. Repeaters

are usually small enough to fit in your hand and are used to
connect two segments of network cable. Extends the signal and
distance of the LAN. The repeater retimes and regenerates signals but
does not change the data frame or packet in any way.
Transceiver
A tranceiver connct different Ethernet nodes together in an organized

fashion, and allows multiple Ethernet segment nodes to connect
to eachother to create a segment.
Bridge
A bridge is like a smart repeater. Bridges, like repeaters, can connect

two network segments, but bridges are a little smarter about the data
they transport. Most bridges have the capacity to listen to the
network and figure out the address of each computer on both
sides of the bridge. The bridge can then inspect each message
that comes from one side and broadcast it to the other side of
the bridge, if the message is intended for a computer that is on the
other side. If the paket's destination is on the same side of the bridge, it
is is discarded. This creates a more efficient scheme for data transport. The bridge
can connect segments that use different cable media types,

like 10BaseT(Twister Pair) and 10Base5(Coaxial).
cannot connect different transport protocols - like Ethernet and
Token Ring networks.
Routers
A router is like super-intelligent bridge. They can link multiple LANs and
look deeper into the data packet to determine its destination. Routers
not only know the addresses of the computers on the network
but are aware of all the other bridges and routers on the
network and can decide the most efficient path in which to send
data. The router uses a routing table of network addresses to
determine where to forward the packet.When a router receives data, it
discards the outer packet or frame or MAC address, repackages the data
Page 28 of 102
with network address, and retransmits the signal. By stripping off the
outer layers of data before sending a packet, the total number of bits
moving across the network is reduced. The router at the receiving end
then repackages the data into a packet of frame that is appropriate for
its network. There are ROUTABLE and NON-ROUTABLE protocols.
TCP/IP and IPX/SPX are routable

NetBEUI is non-routable because it cannot work out of its own
subnet.
Brouters
A brouter is like a bridge that have advanced intelligence that allows

them to take on duties that would normally require a router. These
bridges are called brouters.
Gateways
A gateway is like a super-intelligent router. Gateways are designed to

connect radically different networks. Although slower than a bridge
or router, a gateway has its own processor and memory to perform
complex functions such as interpreting between computers that speak
different languages through both protocol and bandwidth conversion. A
gateway can convert a TCP/IP packet to a NetWare IPX packet and vice
versa. An example of a gateway is a messaging gateway, which
converts messages between different protocols.
Keys To Remember:
Repeaters, bridges, routers and gateways all extend and segment

networks. Because of this, they’re often confused, as they may take on
similar duties. The difference between these devices lies in the different
degrees of data discrimination and handling capability.
Repeater: Regenerates signals to span longer segments of network.

Does not alter data.
Bridge: Links two subnets (networks) that use the same media and
protocol. May control data traffic and speed.
Router: Allows the interconnection of two or more physically distinct
Page 29 of 102
networks and have advanced intelligence enabling it to determine the

most efficient method of delivering data.
Gateways: Designed to connect radically different networks.
QUIZ: Can you now recognize the topologies below
FAULT TOLERANCE
Fault tolerance involves storing data on multiple hard drives to insure

against the failure of any individual drive. There are several levels of
fault tolerance, referred to as RAID (Random Array of Inexpensive
Disks) levels.
RAID Levels
FAULT TOLERANCE
RAID Levels
Internet Resources:
Network Basics (Network+)
The 7 Layers of the OSI Model

Page 30 of 102
The OSI, or Open System Interconnection, model defines a networking framework for
implementing protocols in seven layers. Control is passed from one layer to the next, starting at
the application layer in one station, proceeding to the bottom layer, over the channel to the next
station and back up the hierarchy.
This layer supports application and end-user processes. Communication partners are
identified, quality of service is identified, user authentication and privacy are
Application considered, and any constraints on data syntax are identified. Everything at this layer is
(Layer 7) application-specific. This layer provides application services for file transfers, e-mail,
and other network software services. Telnet and FTP are applications that exist entirely
in the application level. Tiered application architectures are part of this layer.
This layer provides independence from differences in data representation (e.g.,
Presentationencryption) by translating from application to network format, and vice versa. The
presentation layer works to transform data into the form that the application layer can
(Layer 6) accept. This layer formats and encrypts data to be sent across a network, providing
freedom from compatibility problems. It is sometimes called the syntax layer.
This layer establishes, manages and terminates connections between applications. The
Session session layer sets up, coordinates, and terminates conversations, exchanges, and
(Layer 5) dialogues between the applications at each end. It deals with session and connection
coordination.
Transport This layer provides transparent transfer of data between end systems, or hosts, and is
responsible for end-to-end error recovery and flow control. It ensures complete data
(Layer 4) transfer.
This layer provides switching and routing technologies, creating logical paths, known as
Network virtual circuits, for transmitting data from node to node. Routing and forwarding are
(Layer 3) functions of this layer, as well as addressing, internetworking, error handling,
congestion control and packet sequencing.
At this layer, data packets are encoded and decoded into bits. It furnishes transmission
protocol knowledge and management and handles errors in the physical layer, flow
Data Link control and frame synchronization. The data link layer is divided into two sublayers:
The Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. The
(Layer 2) MAC sublayer controls how a computer on the network gains access to the data and
permission to transmit it. The LLC layer controls frame synchronization, flow control
and error checking.
This layer conveys the bit stream - electrical impulse, light or radio signal -- through the
Physical network at the electrical and mechanical level. It provides the hardware means of
(Layer 1) sending and receiving data on a carrier, including defining cables, cards and physical
aspects. Fast Ethernet, RS232, and ATM are protocols with physical layer components.
Page 31 of 102
WAN Technologies

Q-1: What is HDLC Protocol?
Ans: HDLC (High-Level Data Link Control,) uses zero insertion/deletion process [bit
stuffing] to ensure that the bit pattern of the delimiter flag does not occur in the fields
between flags. The HDLC frame is synchronous and therefore relies on the physical layer to
provide method of clocking and synchronizing the transmission and reception of frames.
General HDLC Frame

Opening Flag, 8 bits [01111110], [7E hex]
Address, 8 bits [could be more]
Control, 8 bits, or 16 bits
Data [Payload], Variable, not used in some frames, or may be padded to complete the fill
CRC, 16 bits, or 32 bits
Closing Flag, 8 bits [01111110], [7E hex]
Q-2: What is SDLC Protocol?

Ans: SDLC: Synchronous Data Link Control. Link layer protocol based on synchronous, bit-
oriented operation. Other Protocols; LAP; Link Access Procedure and LAPB; Link Access
Procedure, Balanced, PPP Point-to-Point Protocol and Frame Relay.
Page 32 of 102
Q-3: What Point-to-Point Protocol Frame Encapsulation?
Ans: Point-to-Point Protocol Frame Encapsulation: Point-to-Point Protocol [PPP] is used in
transporting multi-protocol datagram over point-to-point links. PPP is capable of operating
on many DTE/DCE interfaces (such as, RS-232C, RS-422, RS-423 or V.35). PPP is used with
full-duplex circuits [dedicated or circuit-switched] operating in either an asynchronous
(start/stop), bit-synchronous, or octet-synchronous mode, transparent to PPP Data Link
Layer frames. PPP does not require the use of control signals, such as Request to Send (RTS),
Clear to Send (CTS), Data Carrier Detect (DCD), and Data Terminal Ready (DTR). For
asynchronous links, inter-octet and inter-frame time fill MUST be accomplished by
transmitting continuous "1" bits.
Q-4: What is Frame relay?

Ans: Frame relay is a synchronous HDLC protocol based network. Data is sent in HDLC
packets, referred to as "frames". The diagram below of an HDLC frame may be familiar, since
without adding specific definitions of how the Address, Control and CRC is used, the
diagram is applicable to IBM's SDLC, to X.25, to HDLC, to Frame Relay, as well as other
protocols.
AddressControlDataCRC Error Correction
The protocol is similar to that of an X.25 network, except all circuits are permanently
assigned. What is a circuit? A circuit is a link between user end points. In frame relay and
X.25 networks, circuits are known as "permanent virtual circuits", or PVC's. The circuits are
known as virtual because they are not electrical circuits where there is a direct electrical
connection from end to end. Rather, there is a "logical" connection, or virtual connection,
where the user data moves from end to end, but without a direct electrical circuit.
Q-5: What X.25 Protocol?

Ans: X.25 circuits can be initiated and ended from the users terminals. Frame relay circuits
are set up at the time of installation and are maintained 24 hours per day, 7 days per week.
Frame relay circuits are not created and ended by user at their terminals or PC's. However,
the user may have an application running over a frame relay circuit where computer to
terminal sessions are initiated and ended by the user. These sessions are related to the
application, not to the underlying frame relay network.
Frame relay relies on the customer equipment to perform end to end error correction. Each switch
inside a frame relay network just relays the data (frame) to the next switch. X.25, in contrast, performs
error correction from switch to switch. The networks of today are sufficiently error free to move the
burden of error correction to the end points. Most modern protocols do error correction anyway,
protocols such as SDLC, HDLC, TCP/IP, stat mux protocols, etc.
Network Characteristic Frame Relay X.25
Page 33 of 102
Propagation Delay Low High

None, done by the terminal
Error Correction Node to Node
equipment at each end of the link
Protocol family HDLC HDLC
Barely acceptable. Rather slow with one second
Good for interactive use? Yes
or more round trip delay.
Good for polling protocols? OK, sometimes, requires "spoofing"
Slow, even with spoofing
Good for LAN file transfer Yes Slow
Good for voice? Good, standards developing No
Ease of implementation Easy Difficult
Because frame relay passes blocks of data from switch to switch without error correction,
propagation from customer end to customer end through the network is very fast.
Propagation time in a DCB mux test at Wiltel (LDDS WorldCom) indicated a 70 millisecond
round trip delay from Tulsa, Oklahoma to New York City and back. This is equal to or less
than the propagation time through 9600 bps modems over the same distance. Similar
propagation times have been measured by DCB over Sprint, AT&T and MCI frame relay
networks. An X.25 network would experience a delay of a least one half second, and
probably a second or more for the same distance.
Q-6: What is Frame Encapsulation?

Ans: A few different versions of the HDLC frame are shown below. These include the PPP
[Point-to-Point Protocol] HDLC frame, and the Ethernet HDLC frame.
Ethernet HDLC Frame Encapsulation
Ethernet Frame Encapsulation:

The Preamble [a specific bit pattern] Informs the receiving station that a new packet is
arriving and synchronizes the receive clock with the transmitted clock. Used in Ethernet, not
HDLC.The Address Field consists of a Source Address and/or a Destination Address. The
Source and Destination Addresses identify the sender [Source] and receiver [Destination].
The Source Address is used to identify to the network that's sending data. The Destination
Address is used to identify who should be receiving the data.
Some protocols may only have one address.
Page 34 of 102
The Control Field indicates the type of Information that is being sent as Data. It identifies the
purpose of the packet as Data or Control information, and may also indicate the size of the
packet and Data.
The Data Field is the actual information being transmitted. It can contain Control
Information for handshaking, or actual Data used by applications.The CRC [Cyclic
Redundancy Checking] or FCS [Frame Check Sequence] contains an error checking number
that the Destination can use to verify that the packet is error free.
The End Frame Delimiter has a specific bit pattern. This bit pattern identifies the end of the
packet to the Destination. Protocols with fixed packet size may not require an End Frame
Delimiter.For some physical interfaces [SDH or SONET] after the data as been encapsulated
into the frame it must still be scrambled before being sent to the physical layer [from the Link
layer].
Point-to-Point Protocol HDLC Frame Encapsulation
Q-7: What are Permanent Virtual Circuits and Switched Virtual Circuits?
Ans: PVC's contrast with Switched Virtual Circuits (SVC). A connection to a network that
allows connection and disconnection to various points is a switched virtual circuit. Circuits
that are routed through software switching devices like X.25 pads and frame relay networks
are virtual. A hard wired connected in a plain old circuit, not a virtual circuit.
Q-8: What is Data Link Connections?

Ans: DLC -: DLCI -: Data Link Connections Identifier. This number identifies a virtual circuit.
For stat mux applications, a head end DCB SRX multiplexer might have 4 DLCI, s associated
with it, while each of 4 remotes would have just a single DLCI. The following illustrates how
DLCIs might be assigned in this example:
Host Location Host DLCI # Remote DLCI Remote Location

Chicago 16 16 Milwaukee
Chicago 17 16 Minneapolis
Chicago 18 16 St. Louis
Chicago 19 16 Detroit
In the above example, the Chicago host location might be a single 56or 64 Kbps line into a
DCB SRX-32 frame relay host mux. At each remote location there might be an SPL-08
Page 35 of 102
multiplexer. The DLCI numbers are not necessarily assigned in any order by the carrier,
although it is commonly done.
The above example illustrates that DCLI numbers have significance at the user's end point
only. Chicago has 4 addresses, 16, 17, 18 and 19. At each remote, each location has the same
number 16. The telephone company providing the frame relay service has a frame relay
switch that translates the addresses. When these permanent virtual circuits are established,
the relationship of the physical ports is mapped and then assigned DLCI numbers
Q-8: What is Asynchronous Transfer Mode?

Ans: Asynchronous Transfer Mode (ATM) is a technology that has the potential of
revolutionizing data communications and telecommunications. Based on the emerging
standards for Broadband Integrated Services Digital Networks (B-ISDN), ATM offers the
economically sound "bandwidth on demand" features of packet-switching technology at the
high speeds required for today's LAN and WAN networks -- and tomorrows. ATM is a cell-
relay technology that divides upper-level data units into 53-byte cells for transmission over
the physical medium. It operates independently of the type of transmission being generated
at the upper layers AND of the type and speed of the physical-layer medium below it. This
allows the ATM technology to transport all kinds of transmissions (e.g., data, voice, video,
etc.) in a single integrated data stream over any medium, ranging from existing T1/E1 lines,
to SONET OC-3 at speeds of 155 Mbps, and beyond.
A principal attribute of ATM is that it is equally suitable for departmental and campus local
area networks, metropolitan area networks and wide area networks. The term "ATM" is used
to describe what was earlier known as the Broadband Integrated Services Digital Network
(B-ISDN), having been adopted by the internetworking and computer industry, as well as by
the world press, to designate what is actually a combination of technologies and services.
Q-9: What is ATM Network?

Ans: The technology allows both public (i.e., RBOC or carrier) and private (i.e., LAN or
LAN-to-internal switch) ATM networks. This capability gives a seamless and transparent (to
the user) connection from one end user to another end user, whether in the same building or
across two continents. The basic network structure is as shown on the following page.
Page 36 of 102
Three types of interfaces exist in this diagram:
1. User-to-Network Interface (UNI)

2. Network-to-Network Interface (NNI)
3. Inter-Carrier Interface (ICI)
The UNI exists between a single end user and a public ATM network, between a single end
user and a private ATM switch, or between a private ATM switch and the public ATM
network of an RBOC.
The NNI exists between switches in a single public ATM network. NNIs may also exist
between two private ATM switches.
The ICI is located between two public ATM networks (an RBOC and an inter exchange
carrier).
All of these interfaces are very similar. The major differences between these types of
interfaces are administrative and signaling related. The only type of signaling exchanged
across the UNI is that required to set up a VIRTUAL CHANNEL for the transmission.
Communication across the NNI and the ICI will require signaling for virtual-path and
virtual-channel establishment together with various exchange mechanisms for the exchange
of information such as routing tables, etc.
The network functions as follows: End User 1 in Chicago wishes to transfer a data file to End
User 2 in Los Angeles. A virtual channel is created and a virtual path is established from
switch to switch within the public ATM network in Chicago (ATM Network 1). The Chicago
Page 37 of 102
RBOC, in turn, establishes contact with the public ATM network in Los Angeles (ATM
Network 2).
ATM Network 2 also establishes a virtual path from switch to switch within the network and
with the Private ATM Switch at the destination. The private ATM network completes the
virtual path by establishing a virtual channel with End User 2.
At each interface in this network, a unique virtual path identifier (VPI) and virtual channel
identifier (VCI) are established for this transmission. These identifiers are of local significance
ONLY: the identifier is significant only for a specific switch and the two nodes adjacent to it
in the virtual path. Each node within the virtual path (including both the end users and the
switches) maintain a pool of inactive identifiers to be used as needed.
End User 2 encapsulates the file in 53-byte cells, each with its unique VPI/VCI "destination
address" in the header. These cells are streamed and sent across the UNI to the ATM network
switch. This switch reads the ATM header, consults the routing table created during the
virtual path setup, changes the VPI/VCI as necessary, and sends each cell in the stream out of
the appropriate port and across the NNI to the next switch in the virtual path.
The last switch within the virtual path for ATM Network 1 repeats this process and sends the
cell out through the ICI to ATM Network 2.
ATM Network 2 continues the process in a similar manner until the cell is carried through
the UNI to the Private ATM Switch which, in turn, sends the cell to End User 2. End User 2
then reconstructs the file from the sequential cells, stripping the 5-byte header from each cell.
End User 1 or End User 2 terminates the call, i.e., "hangs up," and the virtual path is
dismantled. The VCI and VPI values are returned to the pool of available values for each
switch.
Notice that only the End Users at either end of the transmission deal with the 48-byte
information load within the cell. At each stage of the transmission, the switch is only
concerned with accepting the cell from one port, changing the VPI/VCI according to its
tables, and routing the cell out the appropriate switch port.
Q-10: Define ATM Layered Architecture?

Ans: ATM Layered Architecture at the End User sites, ATM operates with a layered structure that is
similar to the OSI 7-layered model. However, ATM only addresses the functionality of the two lowest
layers of the OSI model: the physical layer (Layer 1) and the data link layer (Layer 2).
All other layers are irrelevant in ATM, as these layers are only part of the encapsulated
information portion of the cell which is not used by the ATM network.
Page 38 of 102
In ATM, the functionality of the two lower OSI layers is handled by three layers (shown here
below the double line):
.--------------------------------------------------------------,
| Application Layer |
+--------------------------------------------------------------+
| User Layers |
+==============================================================+
| ATM Adaptation Layer: Convergence Sublayer |
| -----------------------------------|
| Segmentation & Reassembly Sublayer |
+--------------------------------------------------------------+
| ATM Layer |
+--------------------------------------------------------------+
| Physical Layer: Transmission Convergence Sublayer |
| ----------------------------------------|
| Physical Medium Dependent Sublayer |
+--------------------------------------------------------------+
The Physical Layer defines the medium for transmission, any medium-dependent
parameters (e.g., rate, quality of service required), and framing used to find the data
contained within the medium.
The ATM Layer provides the basic 53-byte cell format, by defining the 5-byte ATM header
for each 48-byte payload segment handed down by the AAL.
The ATM Adaptation Layer (AAL) adapts the higher-level data into formats compatible with
the ATM Layer requirements, i.e., this layer segments the data and adds appropriate error
control information as necessary. It is dependent on the type of services (voice, data, etc.)
being transported by the higher layer.
Several AAL protocols have been defined for specific types of data. These are loosely
associated with various classes of data. However, no AAL is restricted to a specific data class
or type; all types of data could conceivable be handled by any of the AALs.
AAL 1
Constant bit rate, connection-oriented, synchronous traffic (e.g., uncompressed voice)
AAL 2
Definition never completed undefined, but envisioned to be for variable bit rate, connection-
oriented, synchronous traffic (e.g., compressed video)
AAL 3/4
Variable bit rate, connection- oriented, asynchronous traffic (e.g., X.25 data) or connectionless
packet data (e.g., SMDS traffic) with an additional 4-byte header in the information payload
of the cell
AAL 5
Similar to AAL 3/4 with a simplified information header scheme that requires only one
header per data unit and uses the PTI bit (see below) to indicate the last cell in a transmission
Page 39 of 102
Examples of services that use AAL 5 are Classic IP over ATM, and LAN Emulation (LANE).
AAL 5 are the most widely used ATM Adaptation Layer Protocol. See the ATM Adaptation
Layer Protocols Overview for more details.
When the End User sends traffic over the ATM network, the higher-level data unit is passed
down to the Convergence Sub layer of the AAL Layer, which prepares the data for the ATM
Layer according to the designated AAL protocol (when appropriate). The data is then passed
down to the Segmentation and Reassembly Sub layer of the AAL Layer, which divides the
prepared data unit into appropriately sized segments. These segments are then passed down
to the ATM Layer, which defines an appropriate cell header for each segment and
encapsulates the header and payload segment into a 53-byte ATM cell. The cells are then
passed down to the Physical Layer, which streams the cells at an appropriate pace for the
transmission medium being used, adding empty cells as needed.
Q-11: Define ATM Cell?

Ans: The ATM Cell, Each individual ATM cell consists of a 5-byte cell header and 48 bytes of
information encapsulated within its payload. The ATM network uses the header to support
the virtual path and the virtual channel routing, and to perform a quick error check for
corrupted cells.
* For the UNI header only. The NNI header contains an

Additional 4 bytes of VPI information here instead.
Some Definitions
Generic Flow Control (GFC)

The GFC field of the header is only defined across the UNI.
Page 40 of 102
It is intended to control the traffic flow across the UNI and to alleviate short-term overload
conditions. It is currently undefined and these 4 bits must be set to 0's.
Virtual Path Identifier (VPI)

The VPI, an 8-bit field for the UNI and a 12-bit field for the NNI, is used to identify virtual
paths. In an idle cell, the VPI is set to all 0's. (Together with the Virtual Channel Identifier,
the VPI provides a unique local identification for the transmission.)
Virtual Channel Identifier (VCI)

This 16-bit field is used to identify a virtual channel. For idle cells, the VCI is set to all 0's.
(Together with the Virtual Path Identifier, the VCI provides a unique local identification for
the transmission.)
Payload Type Identifier (PTI)

The three bits of the PTI are used for different purposes. Bit 4 is set to 1 to identify operation,
administration, or maintenance cells (i.e., anything other than data cells).
Bit 3 is set to 1 to indicate that congestion was experienced by a data cell in transmission and
is only valid when bit 4 is set to 0.
Bit 2 is used by AAL 5 to identify the data as Type 0 (beginning of message, continuation of
message; bit = 0) or Type 1 (end of message, single-cell message; bit = 1) when bit 4 is set to 0.
It may also be used for management functions when bit 4 is set to 1. This bit is currently
carried transparently through the network and has no meaning to the end user when AAL 5
is NOT in use.
Cell Loss Priority (CLP)

The 1-bit CLP field is used for explicit indication of the priority of the cell. It may be set by
the AAL Layer to indicate cells to discard in cases of congestion, or by the network as part of
the traffic management on commercial subscriber networks.
Header Error Control (HEC)

This is an 8-bit cyclical redundancy check computed for all fields of the first 4 bytes of the
ATM cell header ONLY. It is capable of detecting all single-bit errors and some multiple-bit
errors.
The HEC is compared by each switch as the ATM cell is received and all cells with HEC
discrepancies (errors) are discarded. Cells with single-bit errors may be subject to error
correction (if supported or discarded.
When a cell is passed through the switch and the VPI/VCI values are altered, the HEC is
recalculated for the cell prior to being passed out the port.
Page 41 of 102
Q13: What is ISDN?
Ans: ISDN (Integrated Services Digital Network) is an all-digital communications network
designed to bring the power of the digital network directly to the desktop. It is the ideal
communications technology for the information age - perfect for students, cyberspacers,
travelers, telecommuters, parents, business people, and corporate executives.
ISDN is as easy to use as analog but offers much more. For example, you can utilize the two
64 kbps B channels as individual voice and data lines at the same time. You can use one
channel to talk while you're using the second to send data files. Or, with ISDN's BONDING
capability, you can aggregate both lines into a single high-speed 128 kbps link for
dependable transmission that's four times faster than a 28.8 kbps modem. Other benefits
include:Voice, data and video can all be sent over a single ISDN line. ISDN connections are
made almost instantly - typically less than a second - unlike modems and analog lines which
require 30 to 60 seconds before any data can be transmitted. Because it's a digital service,
ISDN offers near-perfect line quality that's far superior to analog - so line conditions never
force you to fall back to a slower speed.
BASICS OF ISDN
Integrated Services Digital Network (ISDN) is a fully digital communications technology
implemented throughout the infrastructure of the existing worldwide telephone network.
ISDN uses a standard phone line (a copper wire pair) in a home or office and converts it from
a single analog circuit into multiple high speed digital circuits capable of transmitting audio,
still images, motion video, and text data simultaneously. ISDN services make possible
videoconferencing and other real time data-intensive applications, and it does so at a price
comparable to standard analog service.
Standard telephone service requires a separate phone line for each device to be used
simultaneously. Not only can multiple lines be expensive, but the amount of information that
can be transmitted is limited with analog service; current technology allows 56 kilobits per
second (Kbps). ISDN, however, provides multiple channels to operate concurrently on the
same pair of wires, and each channel is capable of transmitting at 64 Kbps. Additionally,
digital transmissions allow for reduced noise and interference on the carrier channels. [1]
ISDN provides services and capabilities not available through standard telephone service.
ISDN furnishes these services through a digital package when a call is initiated. The digital
packet includes information regarding: 1) who is calling, 2) the type of call (data/voice/etc...),
and 3) the number dialed, if more than one number is used for a single ISDN line. [1] With
the information provided, ISDN equipment can determine how to handle a call, based on
user-defined preferences. Calls can be accepted, rejected or even rerouted. Data calls can
even be routed to an Internet Protocol (IP) address. [4]
THE HISTORY OF ISDN
Page 42 of 102
ISDN has been in the making for over a decade and is just beginning to become widely
available in the United States. Europe and Japan have enjoyed large-scale deployment of
ISDN services for years. North America has just over 70 percent deployment, with
availability in most major metropolitan areas. [4]
The International Telecommunications Union Telecommunications Standardization Sector

(ITU-TSS), formerly known as the International Telephone and Telegraph Consultative
Committee (CCITT), is a United Nations organization that coordinates international
telecommunications. It was the intention of the ITU-TSS to standardize global
telecommunications by implementing ISDN. The idea of standardization is widely accepted
but the implementation of ISDN has been slow in coming. AT&T and Northern Telecom are
the two major manufacturers of ISDN switches used by telephone companies. Each
manufacturer took different steps to provide the ITU-TSS standards for their equipment, and
the end result has been incompatibilities with hardware and software. The incongruities
stifled the expansive deployment of ISDN since telephone companies have resisted
purchasing products that are incompatible with their existing equipment. [4]
National ISDN 1 (NISDN-1) is a United States-specific implementation of ISDN that was

adopted by the telecommunications industry in 1991. NISDN-1 was intended to provide
conformity to service users regardless of the equipment or software utilized. However, it
wasn’t until November 1992 that the Transcontinental ISDN Project 1992 (TRIP ‘92) was held
in Reston, Virginia. TRIP ‘92 was a trade show with exhibits from vendors, proving that
ISDN standardized products and services were available along with applications to support
them. Also, the exposition featured the “Golden Splice” event which marked the advent of
transcontinental ISDN service. [1]
NISDN-1 addresses three areas: 1) standardizing equipment and services, 2) standardizing

telephone company procedures for operation, and 3) standardizing communication among
central offices. Unfortunately, the NISDN-1 standards are not accepted by all service
providers. Southwestern Bell Corp. and U.S. West Inc. do not plan to deploy NISDN-1
services due to incompatibilities with their existing ISDN networks. [1]
HOW ISDN WORKS

ISDN carries voice and data on bearer (B) channels which transmit at 64 Kbps each. (H
channels, which are the functional equivalent to B channels, are available and provide faster
bit rates.) A data (D) channel, sometimes referred to as a delta channel, operates at 16 or 64
Kbps and provides signaling to construct and tear down a connection, request network
services, and route data over the B channels. The D channel can also be used to transmit user
packet or frame data at times when bandwidth on the D channel is not required for signaling
and control. Utilizing the D channel in this way provides the most efficient use of ISDN. [1 &
4]
Page 43 of 102
ISDN has three different services: 1) Basic Rate Interface (BRI), 2) Primary Rate Interface
(PRI), and 3) Broadband (B-ISDN). BRI is the most common service and was intended to be
the most widely available for residential customers. BRI services provide two B channels and
one D channel (2B+D). PRI services are implemented differently in North America and Japan
than in Europe where they are the most common services. European PRI services deliver 30
B channels and one D channel (30B+D). North American and Japanese PRI services consist of
23 B channels and one D channel (23B+D). B-ISDN is still under development but will
support up to 622 Mbps transmission rates over a fiber optic network. [1]
One major advantage of the ISDN architecture is its dynamic bandwidth allocation feature.
Also known as bandwidth-on-demand, inverse multiplexing, and channel aggregation,
dynamic bandwidth allocation is the process of combining any or all of the B channels into a
single broadband conduit. 128 Kbps is possible with BRI service and 1.536 Mbps with PRI
service in North America and Japan. In Europe, PRI configurations can reach 1.92 Mbps due
to the deployment of additional B channels. [4]
For PRI service, the combining of multiple B channels is often programmed into the ISDN
switch servicing the location. For network managers, however, new controllers allow real
time control over channel aggregation to provide the most efficient use of a network. [5]
Multilink Point-to-Point Protocol (ML-PPP) is an Internet Engineering Task Force (IETF)

standard that describes how to manipulate data grams over multiple B channels to create a
single logical connection. Similar in nature to dynamic bandwidth allocation, ML-PPP is
specifically designed for Transport Control Protocol/Internet Protocol’s (TCP/IP’s) Point-to-
Point Protocol (PPP). ML-PPP provides additional bandwidth-on-demand for remote LAN
and Internet access and ISDN use. Support is currently available through major ISDN service
providers and equipment vendors like 3Com. [4]
With existing analog service, a data connection is made modem-to-modem. At all times
during the connection a carrier signal is produced by the modems to indicate the presence of
a connection; the connection is lost if either modem cannot detect the carrier signal. The
problem with maintaining a constant analog signal is that the service provider’s equipment
has to continually process the information. If the percentage of data calls through central
switching office approaches 50 percent, a large strain on the equipment is produced and
becomes a problem.
With ISDN connections, no carrier signal is present. Only the actual user data is transmitted
and it transfers at a fraction of the time compared to analog service. Therefore, implementing
ISDN switches can actually reduce traffic overhead for service a provider which reduces
their service costs. In addition, ISDN technology swaps one analog line with two digital
connections without physically replacing any wires. [2]
Page 44 of 102
BENEFITS OF ISDN
ISDN affords many benefits to service providers and customers. The increasing popularity of
ISDN allows pricing that continues to fall and compete with standard analog service. Some
of the many benefits are:
Simultaneous audio, video, and data services over a single pair of copper wires reduces
infrastructure and maintenance costs for service and subscribers.
ISDN BRI service can use data compression which boosts the 128 Kbps transmission rate to
between 256 Kbps and 632 Kbps, depending upon the compression ratio used.
Digital transmissions produce clearer and quieter voice telephone service and more reliable
and accurate connectivity than analog technology.
Remote computer users benefit from high performance ISDN connections at home or on the
road.
ISDN’s dynamic bandwidth allocation feature accommodates the bandwidth-intensive

applications. Up to eight different devices can be operated simultaneously over a single
ISDN line. LAN protocols such as IP and IPX are better supported by ISDN connections
across WANs due to faster connect times (between 1 and 4 seconds) than analog service
(between 10 and 40 seconds).
ISDN is compatible with other WAN services like X.25, Frame Relay, Switched Multi-
megabit Data Services (SMDS) and higher speed services like Asynchronous Transfer Mode
(ATM). [4]
ISDN PRICING AND AVAILABILITY

Certain areas of the country appear to have better access to ISDN than in other regions.
Pacific Bell and Bell Atlantic Corp. have upgraded over 80 percent of their switches to ISDN
technology. Other regional Bell operating companies (RBOCs) have upgraded as few as 46
percent. In 1995, Dataquest predicted that ISDN installations in 1996 would increase from
247,000 to 448,000 BRI connections in the United States. These estimates predict an 80 percent
increase from 1994. [4]
Pricing is inconsistent nationally. You should check with you local service provider about
their pricing structure (tariff) and inquire as to the services available.
INSTALLING ISDN
Standard telephone service to a residence consists of four wires (two pairs) over which two
separate analog voice lines can operate. With BRI service, the two pairs of wire can
theoretically provide four digital phone lines. In practice, however, service providers will
oppose connecting more than one ISDN line to any given location. An ISDN installation
Page 45 of 102
involves connecting a single pair of wires between the central office and a home or business.
The phone company connects their end of the wire pair to their digital switching equipment
and terminates the service end with a standard jack that provides a U-interface. The U-
interface signaling handles the high speed data transfers in both directions simultaneously
over a single pair of wires. [3]
Standard telephones and computer equipment cannot be connected directly to the ISDN line.
All equipment must be routed through a device called a Network Terminator 1 (NT1) which
is plugged into the U-connector and provides the signal multiplexing onto the ISDN line.
The NT1 also needs a power receptacle to operate, from which it can power itself and other
devices connected to it. In Europe, NT1 devices are included as part of the service, but in the
United
States, deregulation of telephone services forces the customer to provide the NT1 devices just
like the telephone equipment. Unfortunately, ISDN is just now gaining popularity and NT1
devices are not as accessible as other telephone equipment. [3]
From the NT1 unit, a four-wire connection called an “S/T” circuit attaches as many as eight
ISDN-ready telephones and/or computers. Non-ISDN telephones, fax machines, and
computers require special signal handling prior to being connected to the NT1. A terminal
adapter (TA) converts the analog phone and computer signals into digital impulses that can
be processed by the NT1. [3]
For computers, both internal and external TAs is available, much like analog modems.
Internal TA units plug into an Industry Standard Architecture (ISA) expansion slot in a
personal computer (PC) and are capable of providing the full 64 Kbps transmission rates.
External TAs connects to a serial communications port (COM port) on the back of the PC;
however, the transmission rates of these units are limited by the speed of the serial port. In
most cases, COM ports will not exceed 19.2 Kbps, and the full bandwidth of the ISDN line is
not utilized. [3]
ISDN CONFIGURATIONS
Multiple Line Services
ISDN services can be supplied in three different configurations from the ISDN-ready digital
switch to a business or residence. The alternatives are:
1. Through a direct BRI connection from an ISDN switch. One or more BRI connections are
made from the central switching office to a business or home. These connections can be made
directly to ISDN equipment, or they can be connected through a Public Broadcast Exchange
(PBX) or key system. Using a PBX allows devices to communicate with one another without
having to make a connection outside the premises. [5]
2. Through ISDN Centrex service. One or more BRI connections are made to ISDN Centrex
service which offers the advantage of having the ISDN switch function as the switching
Page 46 of 102
system. Therefore an individual or company does not have to own a PBX or key system.
Centrex service is provided at a low cost and provides virtual unlimited growth. [5]
3. Through a PRI connection. 23 B channels and one D channel is connected to a business
through a PBX. The PBX then provides the switching necessary within the organization. For
heavy data traffic, an ISDN router, multiplexer, or controller may be used instead of a PBX to
reduce the chance of a bottleneck through the switch.
Single Line and Second Line Services

ISDN services can be installed as an additional utility to complement existing analog
telephone service, or it can be installed as the only connection. There are several ways to
configure ISDN with these options:
1. ISDN as the only line. All equipment must be ISDN-compatible or linked through a TA.
2. ISDN as the only line using a digital modem. A single ISDN line can provide service to all
types of equipment, provided all devices are connected to a digital modem, such as the IBM
WaveRunner.
3. ISDN as a second line. ISDN services can be installed to provide high speed digital
transmissions for data transfers while analog telephone service remains intact. The only
disadvantage with this configuration is that the services remain separate; there is no way to
move a connection from the analog service to the ISDN service and vice versa.
DIGITAL SERVICE COMPARISON
Switched 56 Service (SW56)

SW56 provides 56 Kbps transmission rates for data-only applications over existing public
phone lines. It is a low-cost alternative to dedicated leased lines and is used primarily for
intermittent data swapping between WANs. SW56 is also used to connect ISDN networks in
areas where ISDN is not yet available. [1 & 4]
X.25 Switched Service
X.25 is a widely used protocol standard using synchronous data transmission over the public
switched network. It provides data rates up to 56 Kbps and most commonly supports
applications for order entry, electronic messaging, point-of-sales transactions and credit card
verification. ISDN supports X.25 services over the D channel.
X.25 is efficient at handling bursty LAN environment traffic and also provides data security
and error detection/correction facilities. Due to its low speed, however, it is not a viable
alternative for high speed LAN and WAN applications. [4]
Switched Multi-megabit Data Services (SMDS)

SMDS uses a connectionless networking scheme to connect multi-node LANs through the
public telephone network. SMDS is standardized and supports all major networking
protocols and therefore can be utilized as the backbone for Ethernet, Token Ring, and FDDI
networks. SMDS uses a fixed 53-byte datagram complete with addressing information for
Page 47 of 102
data transmission. Data is routed over the least congested path in an SMDS network,
providing faster transmission, added security, and increased flexibility to reconfigure
network sites. Deployment of SMDS service is very low; between 200 and 500 customers in
North America. [4]
Frame Relay Service

Frame relay service is similar to ISDN in that it is a standards-based technology defined by
both the American National Standards Institute (ANSI) and ITU-TSS. Frame relay operates
from between 56/64 Kbps to 1.544 Mbps and can easily handle peak volume traffic flow in
the LAN environment, due to its bandwidth-on-demand capability. It typically is applied in
LAN-to-LAN internetworking and IBM host access and data file transfer environments.
Frame relay is relatively more expensive (as much as 12 times more) than ISDN since it
requires a dedicated access line, and it is not as widely deployed as ISDN services. [4]
Cable Service
Cable services, although still under development, will eventually provide residential
customers with WAN connections of speeds between 500 Kbps and 30 Mbps. In addition to
fast on-line access with built-in TCP/IP-ready WAN links, customers will be able enjoy
interactive television. When services are available they will be delivered over standard
coaxial cable, just as current services are provided. Eventually, fiber optic or a hybrid fiber-
coaxial cable will provide services. Cable service has two main disadvantages. The first is the
reputation for unreliability over existing cable networks. The second is that bandwidth is
shared over cable, causing poor overall response for multiple users on a single cable. Also,
current cable networks are not optimized for two-way data communications, and
internetworking standards are not in place. [4]
Asynchronous Transfer Mode (ATM)

Broadband ISDN is based on ATM technology, which is emerging as a popular method of
simultaneously transmitting audio, video, and data. ATM has transmission rates between
1.544 Mbps and 622 Mbps. ATM standards are defined by ITU-TSS, but many details of the
implementation of the standards remain in question and ATM WAN services are not yet
widely available. [4]
Point-to-Point Dedicated Leased Services

Private leased lines currently make up the majority of all worldwide WAN connections.
Point-to-point leased lines consist of a dedicated digital connection between two points,
providing security and control. Transmission rates vary between 56 Kbps and 1.544 Mbps in
the United States (T1 rates). In Europe, E1 rates deliver between 64 Kbps and 2.048 Mbps.
Leased line services provide a fixed bandwidth at a fixed speed. In many cases, leased lines
Page 48 of 102
are used at under 20 percent of their total capacity. Also, leased lines are not efficient at
handling bursty network traffic. [4]
APPLICATIONS OF ISDN
ISDN in Business
For business users and even residential subscribers, videoconferencing is the biggest
communication advancement that ISDN has to offer. With the simultaneous high speed
transfer of voice and video, ISDN can provide real time video communication on a PC that
once was only capable on sophisticated systems costing upwards of $100,000. [1]
A shared electronic chalk board is another tool available through ISDN. Ideas and
illustrations can be distributed in real time to remote locations so people in other cities or
other countries can participate in meetings. [1]
Telecommuting is becoming a rule more than an exception; more and more people are
working from home. ISDN provides the facilities for users to tap into central network
resources from the privacy of their own homes and do so with the functionality of a network
node. Node connections are possible with Serial Line Interface Protocol (SLIP) and Point-to-
Point Protocol (PPP). [1]
ISDN in Education
Students will also reap the benefits of videoconferencing by relating with other students
worldwide. Using the video capabilities of ISDN allows students to see the surroundings of
other countries or speak with pen-pals. The value of videoconferencing in educational
settings is unlimited.
Computers have become important learning tools for students. Children are introduced to
computers and networking at an early age, and ISDN allows the high speed connections to
vast amounts of information and resources.
SECURITY AND DIGITAL NETWORKING

Security issues are a prime concern for digital transmissions. Although data encryption
schemes can alleviate the problem, other security issues prevail. The National Security
Agency has approached the FCC with legislation that would make possible electronic
surveillance of all digital transmissions. The underlying reason stems from the possible use
of the telecommunications system by criminal organizations. Without a means to monitor
encrypted network traffic, there could be no detection or intervention of illegal activities
taking place over the public network. [1]
Why ISDN?
 ISDN - Integrated Services Digital Network
Page 49 of 102
 Telephone services -> Telecommunication services
 Used for voice, image and data
ISDN protocols
 E - series for Telephone network and ISDN
 I - series for ISDN concepts, aspects and interfaces
ISDN and OSI model

 Layer 1 - Physical (2B1Q)
 Layer 2 - Data Link (Q.920 - Q.923)
 Layer 3 - Network (Q.930 - Q.939)
Types of channels
 Bearer channel (B-channel=64 kb/s) clear pipe for data
 Delta channel (D-channel, 16 kb/s or 64 kb/s) call signaling information:
 who is calling
 type of call
 calling what number
Service types
 Basic Rate Interface (2 B channels + 1 D channel (16 kb/s))
 Primary Rate Interface (30 B channels + 1 D channel (64 kb/s))
Digital
reliable connection
Speed
128 kb/s (160 kb/s) for BRI
1920 kb/s (2048 kb/s) for PRI
Fast call setup
2 seconds
Advantages of ISDN
Bandwidth on Demand
– adding new channels to the bundle of channels
Multiple devices
– phone, fax, PC, videoconferencing system, router, terminal adapter,.. each
with its own sub-address
Interfaces and Devices

l Interfaces
– S/T (4w)
– U (2w)
l Devices
Page 50 of 102
– NT1
– TE1 - ISDN devices
– TE2 - analog devices (need TA)
– TA - Terminal Adapter (rate adaptation (V.110, V.120)
ISDN
devices
TE
1
4 NT
2
S/T W 1 W
U
interface Iinterfac
e
interface
TE TA
2
Rate
adaptation
ISDN Access Servers

 Digital modems (accepting analog and ISDN calls)
o software busy-out feature
 56 kbit/s technologies
 Rate adaption (V.110, V.120,..)
 Compression (Stac,..)
 Synchronous PPP (with CHAP/PAP authentication)
ISDN Access Servers 2

 PPP Multilink
 BACP (Bandwidth Allocation Control Protocol)
 Controlling the number of B-channels per user
 D-channel based callback
 CLIP - Caller Line Identification Presentation
Page 51 of 102
56 k Technology
Analog line
Access server
Digital line
Telephone
switch
? Telephone
switch
Modem
<= 33,6 kbps Modem
Access server
Telephone
switch
Modem
<= 56 kbps
ISDN, E1,..
Wireless Technologies
Page 52 of 102
Security Technology
IDS and IPS: Information security technology working together
Information security should be based on a layering affect of technologies throughout an

organization to provide an umbrella that mitigates risk and thereby reduces threat. The
introduction of intrusion-prevention systems (IPS) offers one more layer.For that last 20
years, security technologies have been segregated to the different worlds of intrusion-
detection systems (IDS), firewalls, routers, switches and more. Each operates in a separate
segment of the company network, while together providing threat mitigation and risk
reduction through the collection of logs, rules, policy and configurations.
Although very successful, each technology requires the manpower of at least one human to
manage or confirm updates. Several technologies attempt these automatic updates with, for
example, firewall rules or blocking methods. With more failure than success, many are either
unacceptable or unmanageable. In the end, each fails due to the amount of intelligence and
manual work necessary to ensure each change does not impact the network, customers or
user base. Technology does not contain the necessary Artificial Intelligence (AI) to combine
the results from these systems and make the proper judgment for configuration changes,
blocking rules or overall device re-configuration. There has simply not been a viable solution
that works for each demand or requirements that would bind all necessary networking
components together.
IPS: Next generation IDS

Relief from this management dilemma may now be available in intrusion-prevention
systems (IPS). An IPS offers the ability to identify an intrusion, relevance, impact, direction
and proper analysis of an event, and then pass the appropriate information and commands
to the firewalls, switches and other network devices to mitigate the event's risk. "The key
technical components of IPS include the marriage of global and local host access controls,
IDS, global and local security policy, risk management software, and globally accessible
consoles for managing IPS." An IPS is the next security layer to be introduced that combines
the protection of firewalls with the monitoring ability of an IDS to protect our networks with
the analysis necessary to make the proper decisions on the fly.
IPS have been developed from the valid needs caused by false positives and other typical
problems found in detecting malicious code or threats to networks today. IDS started the
overall protection process by first protecting hosts (host-based IDS), then networks (network-
based IDS). First and second-generation IDS currently protect our networks by identifying
threats. IDS provide real-time alerts and reports. What they do not provide is the necessary
intelligence to notify all network components downstream and upstream from the point of
identification. This is where IPS become part of the overall layered approach to security. IPS
Page 53 of 102
gather all network information and make the determination of the threat, then notify all
other devices of those findings. Upstream providers can notify downstream customers of
possible attacks before or during the event as that malicious attempt arrives and vice versa.
Although IPS are actually the next generation IDS, there will always be a need to keep these
separate technologies. Security devices must remain separate to allow depth in overall
protection; thus, firewalls will need IDS, and the network will need IPS. Each technology is
bound to each other with dependencies that will not disappear.
Challenges associated with IPS

Although similar to IDS, IPS have challenges of their own. These include:
 Network design
 Network traffic saturation
 Frequent updates
 False positives
The overall network design must be considered with the introduction of IPS. Several
question come to light.
 What traffic is allowed between say the Internet, DMZ and internal network?
 Can the network allow the necessary communications between these zones that
would use the full capability of the IPS?
Like IDS, IPS must be designed and scalable enough to accommodate any network design.
Network traffic saturation must also be considered to ensure the additional IPS network
traffic does not bring down the network. Finally, frequent updates and false positives are the
same menace to IPS as they are to IDS. Simply put, software and signature files will need
updating. This poses problems simply due to the manpower or work involved. False
positives, on the other hand, have been the very reason IDS programs or projects collapse.
IPS have a distinct advantage in this area only because other network device information will
be gathered, and decisions are not based on one set of data but many. False positives are
always an issue due to the large amounts of data IDS must collect and then analyze in real-
time with limited AI. Signatures do a decent job of analysis, but they still do not contrast to
the interaction IPS will provide.
IDS appear much easier to implement into a network with the use of TAPS (device used to
tap a wire and not disrupt communication) and other devices. The introduction of IPS may
require more work only because they must be introduced into the entire network
infrastructure, not simply tap in on a network segment. IPS will need to the following first
configured, then maintained: rules setup/management, system tuning, packet decode/tune,
packet rules, console and database. As with many other technologies, these are the bare
bones essential functions, thus acceptable.
Page 54 of 102
IPS may not be the final answer to computer security, but it is a good start that further
supports the firewall-to-IDS protection methodology. As with any other technology, there
are testing results and configuration changes that can make or break the use of IPS in any
company. The associated return-on-investment (ROI) must also be considered due to the
already considerable amount of money spent on current network components. Senior
management must be informed that IPS are an additional technology that will enhance and
layer the ability of the firewalls and IDS to mitigate the risk of attacks and malicious code,
thereby protecting the company and customers. As the threat increases almost daily this new
technology will provide another layer of protection to our already well-protected systems.
We can no longer afford the manpower necessary to monitor the many network components
and computers that exist today. IPS provides the solution to automatically response in a
trusted solution to threat as it occurs, not afterwards or when a human has time to verify the
event.
Cisco Network Address Translation (NAT)
Network Address Translation (NAT) is designed for IP address simplification and
conservation. It enables private IP networks that use unregistered IP addresses to connect to
the Internet. NAT operates on a router, usually connecting two networks together, and
translates the private (not globally unique) addresses in the internal network into legal
addresses, before packets are forwarded to another network. As part of this capability, NAT
can be configured to advertise only one address for the entire network to the outside world.
This provides additional security by effectively hiding the entire internal network behind
that address. NAT offers the dual functions of security and address conservation, and is
typically implemented in remote-access environments.
Internet Protocols
Background
The Internet protocols are the world's most popular open-system (nonproprietary) protocol
suite because they can be used to communicate across any set of interconnected networks
and are equally well suited for LAN and WAN communications. The Internet protocols
consist of a suite of communication protocols, of which the two best known are the
Transmission Control Protocol (TCP) and the Internet Protocol (IP). The Internet protocol
suite not only includes lower-layer protocols (such as TCP and IP), but it also specifies
common applications such as electronic mail, terminal emulation, and file transfer. This
chapter provides a broad introduction to specifications that comprise the Internet protocols.
Discussions include IP addressing and key upper-layer protocols used in the Internet.
Specific routing protocols are addressed individually later in this document. Internet
protocols were first developed in the mid-1970s, when the Defense Advanced Research
Projects Agency (DARPA) became interested in establishing a packet-switched network that
would facilitate communication between dissimilar computer systems at research
institutions. With the goal of heterogeneous connectivity in mind, DARPA funded research
by Stanford University and Bolt, Beranek, and Newman (BBN). The result of this
Page 55 of 102
Internet Protocol (IP)

The Internet Protocol (IP) is a network-layer (Layer 3) protocol that contains addressing
information and some control information that enables packets to be routed. IP is
documented in RFC 791 and is the primary network-layer protocol in the Internet protocol
suite. Along with the Transmission Control Protocol (TCP), IP represents the heart of the
Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort
delivery of datagrams through an internetwork; and providing fragmentation and
reassembly of datagrams to support data links with different maximum-transmission unit
(MTU) sizes.
IP Packet Format
An IP packet contains several types of information, as illustrated in . Figure 30-2 Fourteen fields
comprise an IP packet.
Page 56 of 102
The following discussion describes the IP packet fields illustrated in :
• Version—Indicates the version of IP currently used.

• IP Header Length (IHL)—Indicates the datagram header length in 32-bit words.
• Type-of-Service—Specifies how an upper-layer protocol would like a current datagram
to be handled, and assigns datagrams various levels of importance.
• Total Length—Specifies the length, in bytes, of the entire IP packet, including the data
and header.
• Identification—Contains an integer that identifies the current datagram. This field is
used to help piece together datagram fragments.
• Flags—Consists of a 3-bit field of which the two low-order (least-significant) bits
control fragmentation. The low-order bit specifies whether the packet can be fragmented.
The middle bit specifies whether the packet is the last fragment in a series of fragmented
packets. The third or high-order bit is not used.
• Fragment Offset—Indicates the position of the fragment's data relative to the beginning
of the data in the original datagram, which allows the destination IP process to properly
reconstruct the original datagram.
• Time-to-Live—Maintains a counter that gradually decrements down to zero, at which
point the datagram is discarded. This keeps packets from looping endlessly.
• Protocol—Indicates which upper-layer protocol receives incoming packets after IP
processing is complete.
• Header Checksum—Helps ensure IP header integrity.
• Source Address—Specifies the sending node.
• Destination Address—Specifies the receiving node.
• Options—Allows IP to support various options, such as security.
• Data—Contains upper-layer information.
IP Addressing
As with any other network-layer protocol, the IP addressing scheme is integral to the process of
routing IP datagrams through an internetwork. Each IP address has specific components and follows
a basic format. These IP addresses can be subdivided and used to create addresses for subnetworks,
as discussed in more detail later in this chapter. Each host on a TCP/IP network is assigned a unique
32-bit logical address that is divided into two main parts: the network number and the host number.
The network number identifies a network and must be assigned by the Internet Network Information
Center (InterNIC) if the network is to be part of the Internet. An Internet Service Provider (ISP) can
obtain blocks of network addresses from the InterNIC and can itself assign address space as
necessary. The host number identifies a host on a network and is assigned by the local network
administrator.
IP Address Format
The 32-bit IP address is grouped eight bits at a time, separated by dots, and represented in
decimal format (known as dotted decimal notation). Each bit in the octet has a binary weight
Page 57 of 102
(128, 64, 32, 16, 8, 4, 2, 1). The minimum value for an octet is 0, and the maximum value for
an octet is 255. illustrates the basic format of an IP address. Figure 30-3 An IP address
consists of 32 bits, grouped into four octets.
IP Address Classes
IP addressing supports five different address classes: A, B,C, D, and E. Only classes A, B,
and C are available for commercial use. The left-most (high-order) bits indicate the network
class. provides reference information about the five IP address classes. Table 30-1 Reference
Information About the Five IP Address Classes
High-
IP Orde No. Bits
Addres r Address Network/Ho Max.
s Class Format Purpose Bit(s) Range st Hosts
A N.H.H. Few large 0 1.0.0.0 to 7/24 16777214

H1 organizatio 126.0.0.0 2
(224 - 2)
ns
B N.N.H. Medium- 1, 0 128.1.0.0 to 14/16 65534

H size 191.254.0.0 (216 - 2)
organizatio
ns
C N.N.N. Relatively 1, 1, 192.0.1.0 to 21/8 254 (28 -

H small 0 223.255.254.0 2)
organizatio
ns
D N/A Multicast 1, 1, 224.0.0.0 to N/A (not for N/A

groups 1, 0 239.255.255.2 commercial
(RFC 1112) 55 use)
Page 58 of 102
E N/A Experiment 1, 1, 240.0.0.0 to N/A N/A

al 1, 1 254.255.255.2
55
1
N = Network number, H = Host number.
2
One address is reserved for the broadcast address, and one address is reserved for the network.
illustrates the format of the commercial IP address classes. (Note the high-order bits in each class.)
Figure 30-4 IP address formats A, B, and C are available for commercial use.
IP Subnet Addressing
IP networks can be divided into smaller networks called subnetworks (or subnets). Subnetting
provides the network administrator with several benefits, including extra flexibility, more efficient
use of network addresses, and the capability to contain broadcast traffic (a broadcast will not cross a
Page 59 of 102
router). Subnets are under local administration. As such, the outside world sees an organization as a
single network and has no detailed knowledge of the organization's internal structure. A given
network address can be broken up into many subnetworks. For example, 172.16.1.0, 172.16.2.0,
172.16.3.0, and 172.16.4.0 are all subnets within network 171.16.0.0. (All 0s in the host portion of
an address specifies the entire network.)
IP Subnet Mask
A subnet address is created by "borrowing" bits from the host field and designating them
as the subnet field. The number of borrowed bits varies and is specified by the subnet
mask. shows how bits are borrowed from the host address field to create the subnet
address field. Figure 30-6 Bits are borrowed from the host address field to create the subnet
address field.
Subnet masks use the same format and representation technique as IP addresses. The
subnet mask, however, has binary 1s in all bits specifying the network and subnetwork
fields, and binary 0s in all bits specifying the host field. illustrates a sample subnet mask.
Figure 30-7 A sample subnet mask consists of all binary 1s and 0s.
Subnet mask bits should come from the high-order (left-most) bits of the host field, as
illustrates. Details of Class B and C subnet mask types follow. Class A addresses are not
discussed in this chapter because they generally are subnetted on an 8-bit boundary.
Figure 30-8 Subnet mask bits come from the high-order bits of the host field.
Page 60 of 102
Various types of subnet masks exist for Class B and C subnets. The default subnet mask for
a Class B address that has no subnetting is 255.255.0.0, while the subnet mask for a Class B
address 171.16.0.0 that specifies eight bits of subnetting is 255.255.255.0. The reason for this
is that eight bits of subnetting or 2 8 - 2 (1 for the network address and 1 for the broadcast
address) = 254 subnets possible, with 28 - 2 = 254 hosts per subnet. The subnet mask for a
Class C address 192.168.2.0 that specifies five bits of subnetting is 255.255.255.248.With five
bits available for subnetting, 25 - 2 = 30 subnets possible, with
23 - 2 = 6 hosts per subnet. The reference charts shown in table 30-2 and table 30-3 can be
used when planning Class B and C networks to determine the required number of subnets
and hosts, and the appropriate subnet mask.
Table 30-2 Class B Subnetting Reference Chart
Number of Bits Subnet Mask Number of Subnets Number of Hosts
2 255.255.192.0 2 16382
3 255.255.224.0 6 8190
4 255.255.240.0 14 4094
5 255.255.248.0 30 2046
6 255.255.252.0 62 1022
7 255.255.254.0 126 510
8 255.255.255.0 254 254
Page 61 of 102
9 255.255.255.128 510 126
10 255.255.255.192 1022 62
11 255.255.255.224 2046 30
12 255.255.255.240 4094 14
13 255.255.255.248 8190 6
14 255.255.255.252 16382 2
Table 30-3 Class C Subnetting Reference Chart
Number of Bits Subnet Mask Number of Subnets Number of Hosts
2 255.255.255.192 2 62
3 255.255.255.224 6 30
4 255.255.255.240 14 14
5 255.255.255.248 30 6
6 255.255.255.252 62 2
How Subnet Masks are Used to Determine the Network Number

The router performs a set process to determine the network (or more specifically, the
subnetwork) address. First, the router extracts the IP destination address from the
incoming packet and retrieves the internal subnet mask. It then performs a logical AND
operation to obtain the network number. This causes the host portion of the IP destination
address to be removed, while the destination network number remains. The router then
looks up the destination network number and matches it with an outgoing interface.
Finally, it forwards the frame to the destination IP address. Specifics regarding the logical
AND operation are discussed in the following section.
Page 62 of 102
Logical AND Operation
Three basic rules govern logically "ANDing" two binary numbers. First, 1 "ANDed" with 1
yields 1. Second, 1 "ANDed" with 0 yields 0. Finally, 0 "ANDed" with 0 yields 0. The truth
table provided in table 30-4 illustrates the rules for logical AND operations.
Table 30-4 Rules for Logical AND Operations
Input Input Output
1 1 1
1 0 0
0 1 0
0 0 0
Two simple guidelines exist for remembering logical AND operations: Logically "ANDing"
a 1 with a 1 yields the original value, and logically "ANDing" a 0 with any number yields 0.
illustrates that when a logical AND of the destination IP address and the subnet mask is
performed, the subnetwork number remains, which the router uses to forward the packet.
Figure 30-9 Applying a logical AND the destination IP address and the subnet mask
produces the subnetwork number.
Address Resolution Protocol (ARP) Overview
For two machines on a given network to communicate, they must know the other
machine's physical (or MAC) addresses. By broadcasting Address Resolution Protocols
(ARPs), a host can dynamically discover the MAC-layer address corresponding to a
particular IP network-layer address. After receiving a MAC-layer address, IP devices create
an ARP cache to store the recently acquired IP-to-MAC address mapping, thus avoiding
Page 63 of 102
having to broadcast ARPS when they want to recontact a device. If the device does not
respond within a specified time frame, the cache entry is flushed.
In addition to the Reverse Address Resolution Protocol (RARP) is used to map MAC-layer
addresses to IP addresses. RARP, which is the logical inverse of ARP, might be used by
diskless workstations that do not know their IP addresses when they boot. RARP relies on
the presence of a RARP server with table entries of MAC-layer-to-IP address mappings.
Internet Routing
Internet routing devices traditionally have been called gateways. In today's terminology,
however, the term gateway refers specifically to a device that performs application-layer
protocol translation between devices. Interior gateways refer to devices that perform these
protocol functions between machines or networks under the same administrative control or
authority, such as a corporation's internal network. These are known as autonomous
systems. Exterior gateways perform protocol functions between independent networks.
Routers within the Internet are organized hierarchically. Routers used for information
exchange within autonomous systems are called interior routers, which use a variety of
Interior Gateway Protocols (IGPs) to accomplish this purpose. The Routing Information
Protocol (RIP) is an example of an IGP.
Routers that move information between autonomous systems are called exterior routers.
These routers use an exterior gateway protocol to exchange information between
autonomous systems. The Border Gateway Protocol (BGP) is an example of an exterior
gateway protocol.
IP Routing
IP routing protocols are dynamic. Dynamic routing calls for routes to be calculated
automatically at regular intervals by software in routing devices. This contrasts with static
routing, where routers are established by the network administrator and do not change
until the network administrator changes them. An IP routing table, which consists of
destination address/next hop pairs, is used to enable dynamic routing. An entry in this
table, for example, would be interpreted as follows: to get to network 172.31.0.0, send the
packet out Ethernet interface 0 (E0).
IP routing specifies that IP datagrams travel through internetworks one hop at a time. The
entire route is not known at the onset of the journey, however. Instead, at each stop, the
next destination is calculated by matching the destination address within the datagram
with an entry in the current node's routing table.
Each node's involvement in the routing process is limited to forwarding packets based on
internal information. The nodes do not monitor whether the packets get to their final
Page 64 of 102
destination, nor does IP provide for error reporting back to the source when routing
anomalies occur. This task is left to another Internet protocol, the Internet Control-Message
Protocol (ICMP), which is discussed in the following section.
Internet Control Message Protocol (ICMP)
The Internet Control Message Protocol (ICMP) is a network-layer Internet protocol that
provides message packets to report errors and other information regarding IP packet
processing back to the source. ICMP is documented in RFC 792.
ICMP Messages
ICMPs generate several kinds of useful messages, including Destination Unreachable, Echo
Request and Reply, Redirect, Time Exceeded, and Router Advertisement and Router
Solicitation. If an ICMP message cannot be delivered, no second one is generated. This is to
avoid an endless flood of ICMP messages. When an ICMP destination-unreachable
message is sent by a router, it means that the router is unable to send the package to its
final destination. The router then discards the original packet. Two reasons exist for why a
destination might be unreachable. Most commonly, the source host has specified a
nonexistent address. Less frequently, the router does not have a route to the
destination.Destination-unreachable messages include four basic types: network
unreachable, host unreachable, protocol unreachable, and port unreachable. Network-
unreachable messages usually mean that a failure has occurred in the routing or addressing of
a packet. Host-unreachable messages usually indicates delivery failure, such as a wrong
subnet mask. Protocol-unreachable messages generally mean that the destination does not
support the upper-layer protocol specified in the packet. Port-unreachable messages imply
that the TCP socket or port is not available. An ICMP echo-request message, which is
generated by the ping command, is sent by any host to test node reachability across an
internetwork. The ICMP echo-reply message indicates that the node can be successfully
reached.
An ICMP Redirect message is sent by the router to the source host to stimulate more
efficient routing. The router still forwards the original packet to the destination. ICMP
redirects allow host routing tables to remain small because it is necessary to know the
address of only one router, even if that router does not provide the best path. Even after
receiving an ICMP Redirect message, some devices might continue using the less-efficient
route. An ICMP Time-exceeded message is sent by the router if an IP packet's Time-to-Live
field (expressed in hops or seconds) reaches zero. The Time-to-Live field prevents packets
from continuously circulating the internetwork if the internetwork contains a routing loop.
The router then discards the original packet.
Page 65 of 102
ICMP Router-Discovery Protocol (IDRP)
IDRP uses Router-Advertisement and Router-Solicitation messages to discover the

addresses of routers on directly attached subnets. Each router periodically multicasts
Router-Advertisement messages from each of its interfaces. Hosts then discover addresses
of routers on directly attached subnets by listening for these messages. Hosts can use
Router-Solicitation messages to request immediate advertisements rather than waiting for
unsolicited messages. IRDP offers several advantages over other methods of discovering
addresses of neighboring routers. Primarily, it does not require hosts to recognize routing
protocols, nor does it require manual configuration by an administrator.
Router-Advertisement messages enable hosts to discover the existence of neighboring

routers, but not which router is best to reach a particular destination. If a host uses a poor
first-hop router to reach a particular destination, it receives a Redirect message identifying
a better choice.
Transmission Control Protocol (TCP)
The TCP provides reliable transmission of data in an IP environment. TCP corresponds to

the transport layer (Layer 4) of the OSI reference model. Among the services TCP provides
are stream data transfer, reliability, efficient flow control, full-duplex operation, and
multiplexing. With stream data transfer, TCP delivers an unstructured stream of bytes
identified by sequence numbers. This service benefits applications because they do not
have to chop data into blocks before handing it off to TCP. Instead, TCP groups bytes into
segments and passes them to IP for delivery. TCP offers reliability by providing
connection-oriented, end-to-end reliable packet delivery through an internetwork. It does
this by sequencing bytes with a forwarding acknowledgment number that indicates to the
destination the next byte the source expects to receive. Bytes not acknowledged within a
specified time period are retransmitted. The reliability mechanism of TCP allows devices to
deal with lost, delayed, duplicate, or misread packets. A time-out mechanism allows
devices to detect lost packets and request retransmission. TCP offers efficient flow control,
which means that, when sending acknowledgments back to the source, the receiving TCP
process indicates the highest sequence number it can receive without overflowing its
internal buffers. Full-duplex operation means that TCP processes can both send and receive
at the same time. Finally, TCP's multiplexing means that numerous simultaneous upper-
layer conversations can be multiplexed over a single connection.
TCP Connection Establishment
To use reliable transport services, TCP hosts must establish a connection-oriented session
with one another. Connection establishment is performed by using a "three-way
handshake" mechanism. A three-way handshake synchronizes both ends of a connection
Page 66 of 102
by allowing both sides to agree upon initial sequence numbers. This mechanism also
guarantees that both sides are ready to transmit data and know that the other side is ready
to transmit as well. This is necessary so that packets are not transmitted or retransmitted
during session establishment or after session termination. Each host randomly chooses a
sequence number used to track bytes within the stream it is sending and receiving. Then,
the three-way handshake proceeds in the following manner:
The first host (Host A) initiates a connection by sending a packet with the initial sequence
number (X) and SYN bit set to indicate a connection request. The second host (Host B)
receives the SYN, records the sequence number X, and replies by acknowledging the SYN
(with an ACK = X + 1). Host B includes its own initial sequence number (SEQ = Y). An ACK
= 20 means the host has received bytes 0 through 19 and expects byte 20 next. This
technique is called forward acknowledgment. Host A then acknowledges all bytes Host B sent
with a forward acknowledgment indicating the next byte Host A expects to receive (ACK =
Y + 1). Data transfer then can begin.
Positive Acknowledgment and Retransmission (PAR)
A simple transport protocol might implement a reliability-and-flow-control technique

where the source sends one packet, starts a timer, and waits for an acknowledgment before
sending a new packet. If the acknowledgment is not received before the timer expires, the
source retransmits the packet. Such a technique is called positive acknowledgment and
retransmission (PAR). By assigning each packet a sequence number, PAR enables hosts to
track lost or duplicate packets caused by network delays that result in premature
retransmission. The sequence numbers are sent back in the acknowledgments so that the
acknowledgments can be tracked.
PAR is an inefficient use of bandwidth, however, because a host must wait for an
acknowledgment before sending a new packet, and only one packet can be sent at a time.
TCP Sliding Window
A TCP sliding window provides more efficient use of network bandwidth than PAR because
it enables hosts to send multiple bytes or packets before waiting for an acknowledgment. In
TCP, the receiver specifies the current window size in every packet. Because TCP provides
a byte-stream connection, window sizes are expressed in bytes. This means that a window
is the number of data bytes that the sender is allowed to send before waiting for an
acknowledgment. Initial window sizes are indicated at connection setup, but might vary
throughout the data transfer to provide flow control. A window size of zero, for instance,
means "Send no data." In a TCP sliding-window operation, for example, the sender might
have a sequence of bytes to send (numbered 1 to 10) to a receiver who has a window size of
Page 67 of 102
five. The sender then would place a window around the first five bytes and transmit them
together. It would then wait for an acknowledgment.
The receiver would respond with an ACK = 6, indicating that it has received bytes 1 to 5
and is expecting byte 6 next. In the same packet, the receiver would indicate that its
window size is 5. The sender then would move the sliding window five bytes to the right
and transmit bytes 6 to 10. The receiver would respond with an ACK = 11, indicating that it
is expecting sequenced byte 11 next. In this packet, the receiver might indicate that its
window size is 0 (because, for example, its internal buffers are full). At this point, the
sender cannot send any more bytes until the receiver sends another packet with a window
size greater than 0.
TCP Packet Format
illustrates the fields and overall format of a TCP packet. Figure 30-10 Twelve fields comprise a TCP
packet.
TCP Packet Field Descriptions

The following descriptions summarize the TCP packet fields illustrated in :
• Source Port and Destination Port—Identifies points at which upper-layer source and
destination processes receive TCP services.
• Sequence Number—Usually specifies the number assigned to the first byte of data in the
current message. In the connection-establishment phase, this field also can be used to
identify an initial sequence number to be used in an upcoming transmission.
• Acknowledgment Number—Contains the sequence number of the next byte of data the
sender of the packet expects to receive.
• Data Offset—Indicates the number of 32-bit words in the TCP header.
Page 68 of 102
• Reserved—Remains reserved for future use.
• Flags—Carries a variety of control information, including the SYN and ACK bits used
for connection establishment, and the FIN bit used for connection termination.
• Window—Specifies the size of the sender's receive window (that is, the buffer space
available for incoming data).
• Checksum—Indicates whether the header was damaged in transit.
• Urgent Pointer—Points to the first urgent data byte in the packet.
• Options—Specifies various TCP options.
• Data—Contains upper-layer information.
User Datagram Protocol (UDP)
The User Datagram Protocol (UDP) is a connectionless transport-layer protocol (Layer 4)

that belongs to the Internet protocol family. UDP is basically an interface between IP and
upper-layer processes. UDP protocol ports distinguish multiple applications running on a
single device from one another. Unlike the TCP, UDP adds no reliability, flow-control, or
error-recovery functions to IP. Because of UDP's simplicity, UDP headers contain fewer
bytes and consume less network overhead than TCP. UDP is useful in situations where the
reliability mechanisms of TCP are not necessary, such as in cases where a higher-layer
protocol might provide error and flow control. UDP is the transport protocol for several
well-known application-layer protocols, including Network File System (NFS), Simple
Network Management Protocol (SNMP), Domain Name System (DNS), and Trivial File
Transfer Protocol (TFTP).
The UDP packet format contains four fields, as shown in . These include source and
destination ports, length, and checksum fields. Figure 30-11 A UDP packet consists of four
fields.
Source and destination ports contain the 16-bit UDP protocol port numbers used to
demultiplex datagrams for receiving application-layer processes. A length field specifies
the length of the UDP header and data. Checksum provides an (optional) integrity check
on the UDP header and data.
Page 69 of 102
Internet Protocols Application-Layer Protocols
The Internet protocol suite includes many application-layer protocols that represent a wide
variety of applications, including the following:
• File Transfer Protocol (FTP)—Moves files between devices
• Simple Network-Management Protocol (SNMP)—Primarily reports anomalous network
conditions and sets network threshold values
• Telnet—Serves as a terminal emulation protocol
• X Windows—Serves as a distributed windowing and graphics system used for
communication between X terminals and UNIX workstations
• Network File System (NFS), External Data Representation (XDR), and Remote Procedure Call
(RPC)—Work together to enable transparent access to remote network resources
• Simple Mail Transfer Protocol (SMTP)—Provides electronic mail services
• Domain Name System (DNS)—Translates the names of network nodes into network
addresses
lists these higher-layer protocols and the applications that they support. Table 30-5 Higher-Layer
Protocols and Their Applications
Application Protocols
File transfer FTP
Terminal emulation Telnet
Electronic mail SMTP
Network management SNMP
Distributed file services NFS, XDR, RPC, X Windows
Routing Information Protocol

Background
The Routing Information Protocol, or RIP, as it is more commonly called, is one of the most
enduring of all routing protocols. RIP is also one of the more easily confused protocols
because a variety of RIP-like routing protocols proliferated, some of which even used
the same name! RIP and the myriad RIP-like protocols were based on the same set of
algorithms that use distance vectors to mathematically compare routes to identify the best
path to any given destination address. These algorithms emerged from academic research
that dates back to 1957.
Page 70 of 102
Today's open standard version of RIP, sometimes referred to as IP RIP, is formally defined
in two documents: Request For Comments (RFC) 1058 and Internet Standard (STD) 56. As
IP-based networks became both more numerous and greater in size, it became apparent to
the Internet Engineering Task Force (IETF) that RIP needed to be updated. Consequently,
the IETF released RFC 1388 in January 1993, which was then superceded in November 1994
by RFC 1723, which describes RIP 2 (the second version of RIP). These RFCs described an
extension of RIP's capabilities but did not attempt to obsolete the previous version of RIP.
RIP 2 enabled RIP messages to carry more information, which permitted the use of a simple
authentication mechanism to secure table updates. More importantly, RIP 2 supported
subnet masks, a critical feature that was not available in RIP.
This chapter summarizes the basic capabilities and features associated with RIP. Topics
include the routing update process, RIP routing metrics, routing stability, and routing
timers.
Routing Updates
RIP sends routing-update messages at regular intervals and when the network topology
changes. When a router receives a routing update that includes changes to an entry, it
updates its routing table to reflect the new route. The metric value for the path is increased
by 1, and the sender is indicated as the next hop. RIP routers maintain only the best route
(the route with the lowest metric value) to a destination. After updating its routing table,
the router immediately begins transmitting routing updates to inform other network
routers of the change. These updates are sent independently of the regularly scheduled
updates that RIP routers send.
RIP Routing Metric
RIP uses a single routing metric (hop count) to measure the distance between the source
and a destination network. Each hop in a path from source to destination is assigned a hop
count value, which is typically 1. When a router receives a routing update that contains a
new or changed destination network entry, the router adds 1 to the metric value indicated
in the update and enters the network in the routing table. The IP address of the sender is
used as the next hop.
RIP Stability Features
RIP prevents routing loops from continuing indefinitely by implementing a limit on the
number of hops allowed in a path from the source to a destination. The maximum number
of hops in a path is 15. If a router receives a routing update that contains a new or changed
entry, and if increasing the metric value by 1 causes the metric to be infinity (that is, 16), the
Page 71 of 102
network destination is considered unreachable. The downside of this stability feature is
that it limits the maximum diameter of a RIP network to less than 16 hops.
RIP includes a number of other stability features that are common to many routing
protocols. These features are designed to provide stability despite potentially rapid
changes in a network's topology. For example, RIP implements the split horizon and
holddown mechanisms to prevent incorrect routing information from being propagated.
RIP Timers
RIP uses numerous timers to regulate its performance. These include a routing-update
timer, a route-timeout timer, and a route-flush timer. The routing-update timer clocks the
interval between periodic routing updates. Generally, it is set to 30 seconds, with a small
random amount of time added whenever the timer is reset. This is done to help prevent
congestion, which could result from all routers simultaneously attempting to update their
neighbors. Each routing table entry has a route-timeout timer associated with it. When the
route-timeout timer expires, the route is marked invalid but is retained in the table until the
route-flush timer expires.
Packet Formats
The following section focuses on the IP RIP and IP RIP 2 packet formats illustrated in
Figures 44-1 and 44-2. Each illustration is followed by descriptions of the fields illustrated.
RIP Packet Format
Figure 47-1 illustrates the IP RIP packet format.
Figure 47-1: An IP RIP Packet Consists of Nine Fields
The following descriptions summarize the IP RIP packet format fields illustrated in Figure
47-1:
 Command—Indicates whether the packet is a request or a response. The request

asks that a router send all or part of its routing table. The response can be an
unsolicited regular routing update or a reply to a request. Responses contain routing
table entries. Multiple RIP packets are used to convey information from large
routing tables.
 Version number—Specifies the RIP version used. This field can signal different
potentially incompatible versions.
Page 72 of 102
 Zero—This field is not actually used by RFC 1058 RIP; it was added solely to
provide backward compatibility with prestandard varieties of RIP. Its name comes
from its defaulted value: zero.
 Address-family identifier (AFI)—Specifies the address family used. RIP is designed
to carry routing information for several different protocols. Each entry has an
address-family identifier to indicate the type of address being specified. The AFI for
IP is 2.
 Address—Specifies the IP address for the entry.
 Metric—Indicates how many internetwork hops (routers) have been traversed in the
trip to the destination. This value is between 1 and 15 for a valid route, or 16 for an
unreachable route.
RIP 2 Packet Format
The RIP 2 specification (described in RFC 1723) allows more information to be included in
RIP packets and provides a simple authentication mechanism that is not supported by RIP.
Figure 47-2 shows the IP RIP 2 packet format.
Figure 47-2: An IP RIP 2 Packet Consists of Fields Similar to Those of an IP RIP Packet
The following descriptions summarize the IP RIP 2 packet format fields illustrated in
Figure 47-2:
 Command—Indicates whether the packet is a request or a response. The request

asks that a router send all or a part of its routing table. The response can be an
unsolicited regular routing update or a reply to a request. Responses contain routing
table entries. Multiple RIP packets are used to convey information from large
routing tables.
 Version—Specifies the RIP version used. In a RIP packet implementing any of the
RIP 2 fields or using authentication, this value is set to 2.
 Unused—Has a value set to zero.
 Address-family identifier (AFI)—Specifies the address family used. RIPv2's AFI
field functions identically to RFC 1058 RIP's AFI field, with one exception: If the AFI
for the first entry in the message is 0xFFFF, the remainder of the entry contains
authentication information. Currently, the only authentication type is simple
password.
 Route tag—Provides a method for distinguishing between internal routes (learned
by RIP) and external routes (learned from other protocols).
Page 73 of 102
 IP address—Specifies the IP address for the entry.
 Subnet mask—Contains the subnet mask for the entry. If this field is zero, no subnet
mask has been specified for the entry.
 Next hop—Indicates the IP address of the next hop to which packets for the entry
should be forwarded.
 Metric—Indicates how many internetwork hops (routers) have been traversed in the
trip to the destination. This value is between 1 and 15 for a valid route, or 16 for an
unreachable route.
Summary
Despite RIP's age and the emergence of more sophisticated routing protocols, it is far from
obsolete. RIP is mature, stable, widely supported, and easy to configure. Its simplicity is
well suited for use in stub networks and in small autonomous systems that do not have
enough redundant paths to warrant the overheads of a more sophisticated protocol.
Review Questions
Q—Name RIP's various stability features.
A—RIP has numerous stability features, the most obvious of which is RIP's maximum hop
count. By placing a finite limit on the number of hops that a route can take, routing loops
are discouraged, if not completely eliminated. Other stability features include its various
timing mechanisms that help ensure that the routing table contains only valid routes, as
well as split horizon and holddown mechanisms that prevent incorrect routing information
from being disseminated throughout the network.
Q—What is the purpose of the timeout timer?
A—The timeout timer is used to help purge invalid routes from a RIP node. Routes that
aren't refreshed for a given period of time are likely invalid because of some change in the
network. Thus, RIP maintains a timeout timer for each known route. When a route's
timeout timer expires, the route is marked invalid but is retained in the table until the
route-flush timer expires.
Q—What two capabilities are supported by RIP 2 but not RIP?
A—RIP 2 enables the use of a simple authentication mechanism to secure table updates.
More importantly, RIP 2 supports subnet masks, a critical feature that is not available in
RIP.
Page 74 of 102
Q—What is the maximum network diameter of a RIP network?
A—A RIP network's maximum diameter is 15 hops. RIP can count to 16, but that value is
considered an error condition rather than a valid hop count.
Open Shortest Path First
Background
Open Shortest Path First (OSPF) is a routing protocol developed for Internet Protocol (IP)
networks by the Interior Gateway Protocol (IGP) working group of the Internet
Engineering Task Force (IETF). The working group was formed in 1988 to design an IGP
based on the Shortest Path First (SPF) algorithm for use in the Internet. Similar to the
Interior Gateway Routing Protocol (IGRP), OSPF was created because in the mid-1980s, the
Routing Information Protocol (RIP) was increasingly incapable of serving large,
heterogeneous internetworks. This chapter examines the OSPF routing environment,
underlying routing algorithm, and general protocol components.OSPF was derived from
several research efforts, including Bolt, Beranek, and Newman's (BBN's) SPF algorithm
developed in 1978 for the ARPANET (a landmark packet-switching network developed in
the early 1970s by BBN), Dr. Radia Perlman's research on fault-tolerant broadcasting of
routing information (1988), BBN's work on area routing (1986), and an early version of
OSI's Intermediate System-to-Intermediate System (IS-IS) routing protocol. OSPF has two
primary characteristics. The first is that the protocol is open, which means that its
specification is in the public domain. The OSPF specification is published as Request For
Comments (RFC) 1247. The second principal characteristic is that OSPF is based on the SPF
algorithm, which sometimes is referred to as the Dijkstra algorithm, named for the person
credited with its creation.
OSPF is a link-state routing protocol that calls for the sending of link-state advertisements
(LSAs) to all other routers within the same hierarchical area. Information on attached
interfaces, metrics used, and other variables is included in OSPF LSAs. As OSPF routers
accumulate link-state information, they use the SPF algorithm to calculate the shortest path
to each node.
As a link-state routing protocol, OSPF contrasts with RIP and IGRP, which are distance-
vector routing protocols. Routers running the distance-vector algorithm send all or a
portion of their routing tables in routing-update messages to their neighbors.
Routing Hierarchy
Unlike RIP, OSPF can operate within a hierarchy. The largest entity within the hierarchy is
the autonomous system (AS), which is a collection of networks under a common
administration that share a common routing strategy. OSPF is an intra-AS (interior
Page 75 of 102
gateway) routing protocol, although it is capable of receiving routes from and sending
routes to other ASs.An AS can be divided into a number of areas, which are groups of
contiguous networks and attached hosts. Routers with multiple interfaces can participate in
multiple areas. These routers, which are called Area Border Routers, maintain separate
topological databases for each area.A topological database is essentially an overall picture
of networks in relationship to routers. The topological database contains the collection of
LSAs received from all routers in the same area. Because routers within the same area share
the same information, they have identical topological databases.
The term domain sometimes is used to describe a portion of the network in which all
routers have identical topological databases. Domain is frequently used interchangeably
with AS.
An area's topology is invisible to entities outside the area. By keeping area topologies
separate, OSPF passes less routing traffic than it would if the AS were not partitioned.
Area partitioning creates two different types of OSPF routing, depending on whether the
source and the destination are in the same or different areas. Intra-area routing occurs
when the source and destination are in the same area; interarea routing occurs when they
are in different areas.An OSPF backbone is responsible for distributing routing information
between areas. It consists of all Area Border Routers, networks not wholly contained in any
area, and their attached routers. Figure 46-1 shows an example of an internetwork with
several areas.In the figure, routers 4, 5, 6, 10, 11, and 12 make up the backbone. If Host H1
in Area 3 wants to send a packet to Host H2 in Area 2, the packet is sent to Router 13,
which forwards the packet to Router 12, which sends the packet to Router 11. Router 11
then forwards the packet along the backbone to Area Border Router 10, which sends the
packet through two intra-area routers (Router 9 and Router 7) to be forwarded to Host
H2.The backbone itself is an OSPF area, so all backbone routers use the same procedures
and algorithms to maintain routing information within the backbone that any area router
would. The backbone topology is invisible to all intra-area routers, as are individual area
topologies to the backbone.
Areas can be defined in such a way that the backbone is not contiguous. In this case, backbone
connectivity must be restored through virtual links. Virtual links are configured between any
backbone routers that share a link to a nonbackbone area and function as if they were direct links.
Page 76 of 102
Figure 46-1: An OSPF AS Consists of Multiple Areas Linked by Routers
AS border routers running OSPF learn about exterior routes through exterior gateway
protocols (EGPs), such as Exterior Gateway Protocol (EGP) or Border Gateway Protocol
(BGP), or through configuration information. For more information about these protocols,
see Chapter 39, "Border Gateway Protocol."
SPF Algorithm
The Shortest Path First (SPF) routing algorithm is the basis for OSPF operations. When an
SPF router is powered up, it initializes its routing-protocol data structures and then waits
for indications from lower-layer protocols that its interfaces are functional.After a router is
assured that its interfaces are functioning, it uses the OSPF Hello protocol to acquire
neighbors, which are routers with interfaces to a common network. The router sends hello
packets to its neighbors and receives their hello packets. In addition to helping acquire
neighbors, hello packets also act as keepalives to let routers know that other routers are still
functional.On multiaccess networks (networks supporting more than two routers), the
Hello protocol elects a designated router and a backup designated router. Among other
things, the designated router is responsible for generating LSAs for the entire multiaccess
network. Designated routers allow a reduction in network traffic and in the size of the
topological database.
When the link-state databases of two neighboring routers are synchronized, the routers are
said to be adjacent. On multiaccess networks, the designated router determines which
routers should become adjacent. Topological databases are synchronized between pairs of
Page 77 of 102
adjacent routers. Adjacencies control the distribution of routing-protocol packets, which
are sent and received only on adjacencies.Each router periodically sends an LSA to provide
information on a router's adjacencies or to inform others when a router's state changes. By
comparing established adjacencies to link states, failed routers can be detected quickly, and
the network's topology can be altered appropriately. From the topological database
generated from LSAs, each router calculates a shortest-path tree, with itself as root. The
shortest-path tree, in turn, yields a routing table.
Packet Format
All OSPF packets begin with a 24-byte header, as illustrated in Figure 46-2.
Figure 46-2: OSPF Packets Consist of Nine Fields
The following descriptions summarize the header fields illustrated in Figure 46-2.
 Version number—Identifies the OSPF version used.

 Type—Identifies the OSPF packet type as one of the following:
o Hello—Establishes and maintains neighbor relationships.
o Database description—Describes the contents of the topological database.
These messages are exchanged when an adjacency is initialized.
o Link-state request—Requests pieces of the topological database from
neighbor routers. These messages are exchanged after a router discovers (by
examining database-description packets) that parts of its topological database
are outdated.
o Link-state update—Responds to a link-state request packet. These messages
also are used for the regular dispersal of LSAs. Several LSAs can be included
within a single link-state update packet.
o Link-state acknowledgment—Acknowledges link-state update packets.
 Packet length—Specifies the packet length, including the OSPF header, in bytes.
 Router ID—Identifies the source of the packet.
 Area ID—Identifies the area to which the packet belongs. All OSPF packets are
associated with a single area.
 Checksum—Checks the entire packet contents for any damage suffered in transit.
 Authentication type—Contains the authentication type. All OSPF protocol
exchanges are authenticated. The authentication type is configurable on per-area
basis.
 Authentication—Contains authentication information.
 Data—Contains encapsulated upper-layer information.
Page 78 of 102
Additional OSPF Features
Additional OSPF features include equal-cost, multipath routing, and routing based on
upper-layer type-of-service (TOS) requests. TOS-based routing supports those upper-layer
protocols that can specify particular types of service. An application, for example, might
specify that certain data is urgent. If OSPF has high-priority links at its disposal, these can
be used to transport the urgent datagram.
OSPF supports one or more metrics. If only one metric is used, it is considered to be
arbitrary, and TOS is not supported. If more than one metric is used, TOS is optionally
supported through the use of a separate metric (and, therefore, a separate routing table) for
each of the eight combinations created by the three IP TOS bits (the delay, throughput, and
reliability bits). For example, if the IP TOS bits specify low delay, low throughput, and high
reliability, OSPF calculates routes to all destinations based on this TOS designation. IP
subnet masks are included with each advertised destination, enabling variable-length subnet
masks. With variable-length subnet masks, an IP network can be broken into many subnets of
various sizes. This provides network administrators with extra network-configuration flexibility.
Review Questions
Q—When using OSPF, can you have two areas attached to each other where only one AS has an
interface in Area 0?
A—Yes, you can. This describes the use of a virtual path. One area has an interface in Area
0 (legal), and the other AS is brought up and attached off an ABR in Area 1, so we'll call it
Area 2. Area 2 has no interface in Area 0, so it must have a virtual path to Area 0 through
Area 1. When this is in place, Area 2 looks like it is directly connected to Area 0. When Area
1 wants to send packets to Area 2, it must send them to Area 0, which in turn redirects
them back through Area 1 using the virtual path to Area 2.
Q—Area 0 contains five routers (A, B, C, D, and E), and Area 1 contains three routers
(R, S, and T). What routers does Router T know exists? Router S is the ABR.
A—Router T knows about routers R and S only. Likewise, Router S only knows about R
and T, as well as routers to the ABR in Area 0. The AS's separate the areas so that router
updates contain only information needed for that AS.
OSPF versus RIP
The rapid growth and expansion of today's networks has pushed RIP to its limits. RIP has
certain limitations that could cause problems in large networks:
Page 79 of 102
 RIP has a limit of 15 hops. A RIP network that spans more than 15 hops (15 routers) is
considered unreachable.
 RIP cannot handle Variable Length Subnet Masks (VLSM). Given the shortage of IP
addresses and the flexibility VLSM gives in the efficient assignment of IP addresses, this
is considered a major flaw.
 Periodic broadcasts of the full routing table will consume a large amount of bandwidth.
This is a major problem with large networks especially on slow links and WAN clouds.
 RIP converges slower than OSPF. In large networks convergence gets to be in the order of
minutes. RIP routers will go through a period of a hold-down and garbage collection and
will slowly time-out information that has not been received recently. This is
inappropriate in large environments and could cause routing inconsistencies.
 RIP has no concept of network delays and link costs. Routing decisions are based on hop
counts. The path with the lowest hop count to the destination is always preferred even if
the longer path has a better aggregate link bandwidth and slower delays.
 RIP networks are flat networks. There is no concept of areas or boundaries. With the
introduction of classless routing and the intelligent use of aggregation and
summarization, RIP networks seem to have fallen behind.
 Some enhancements were introduced in a new version of RIP called RIP2. RIP2 addresses
the issues of VLSM, authentication, and multicast routing updates. RIP2 is not a big
improvement over RIP (now called RIP 1) because it still has the limitations of hop counts
and slow convergence which are essential in todays large networks.
 OSPF, on the other hand, addresses most of the issues presented above:
 With OSPF, there is no limitation on the hop count.
 The intelligent use of VLSM is very useful in IP address allocation.
 OSPF uses IP multicast to send link-state updates. This ensures less processing on routers
that are not listening to OSPF packets. Also, updates are only sent in case routing changes
occur instead of periodically. This ensures a better use of bandwidth.
 OSPF has better convergence than RIP. This is because routing changes are propagated
instantaneously and not periodically.
 OSPF allows for better load balancing.
Page 80 of 102
 OSPF allows for a logical definition of networks where routers can be divided into areas.
This will limit the explosion of link state updates over the whole network. This also
provides a mechanism for aggregating routes and cutting down on the unnecessary
propagation of subnet information.
 OSPF allows for routing authentication by using different methods of password

authentication.
 OSPF allows for the transfer and tagging of external routes injected into an Autonomous
System. This keeps track of external routes injected by exterior protocols such as BGP.
This of course would lead to more complexity in configuring and troubleshooting OSPF
networks. Administrators that are used to the simplicity of RIP will be challenged with the
amount of new information they have to learn in order to keep up with OSPF networks.
Also, this will introduce more overhead in memory allocation and CPU utilization. Some of
the routers running RIP might have to be upgraded in order to handle the overhead caused
by OSPF.
What Do We Mean by Link-States?
OSPF is a link-state protocol. We could think of a link as being an interface on the router. The
state of the link is a description of that interface and of its relationship to its neighboring
routers. A description of the interface would include, for example, the IP address of the
interface, the mask, the type of network it is connected to, the routers connected to that
network and so on. The collection of all these link-states would form a link-state database.
Interior Gateway Routing Protocol
Introduction
This document introduces Interior Gateway Routing Protocol (IGRP). It has two purposes.
One is to form an introduction to the IGRP technology, for those who are interested in using,
evaluating, and possibly implementing it. The other is to give wider exposure to some
interesting ideas and concepts that are embodied in IGRP. Refer to Configuring IGRP, The
Cisco IGRP Implementation and IGRP Commands for information on how to configure
IGRP.
Goals for IGRP
The IGRP protocol allows a number of gateways to coordinate their routing. Its goals are the
following:
Page 81 of 102
 Stable routing even in very large or complex networks. No routing loops should occur,
even as transients.
 Fast response to changes in network topology.
 Low overhead. That is, IGRP itself should not use more bandwidth than what is actually
needed for its task.
 Splitting traffic among several parallel routes when they are of roughly equal desirability.
 Taking into account error rates and level of traffic on different paths.
The current implementation of IGRP handles routing for TCP/IP. However, the basic design
is intended to be able to handle a variety of protocols.
No one tool is going to solve all routing problems. Conventionally the routing problem is
broken into several pieces. Protocols such as IGRP are called "internal gateway protocols"
(IGPs). They are intended for use within a single set of networks, either under a single
management or closely coordinated managements. Such sets of networks are connected by
"external gateway protocols" (EGPs). An IGP is designed to keep track of a good deal of
detail about network topology. Priority in designing an IGP is placed on producing optimal
routes and responding quickly to changes. An EGP is intended to protect one system of
networks against errors or intentional misrepresentation by other systems, BGP is one such
Exterior gateway protocol.. Priority in designing an EGP is on stability and administrative
controls. Often it is sufficient for an EGP to produce a reasonable route, rather than the
optimal route.IGRP has some similarities to older protocols such as Xerox's Routing
Information Protocol, Berkeley's RIP, and Dave Mills' Hello. It differs from these protocols
primarily in being designed for larger and more complex networks. See the Comparison with
RIP section for a more detailed comparison with RIP, which is the most widely used of the
older generation of protocols.
Like these older protocols, IGRP is a distance vector protocol. In such a protocol, gateways
exchange routing information only with adjacent gateways. This routing information
contains a summary of information about the rest of the network. It can be shown
mathematically that all of the gateways taken together are solving an optimization problem
by what amounts to a distributed algorithm. Each gateway only needs to solve part of the
problem, and it only has to receive a portion of the total data.
The major alternative to IGRP is Enhanced IGRP (EIGRP) and a class of algorithms referred
to as SPF (shortest- path first). OSPF uses this concept. To learn more about OSPF refer to
OSPF Design Guide. OSPF These are is based on a flooding technique, where every gateway
is kept up to date about the status of every interface on every other gateway. Each gateway
independently solves the optimization problem from its point of view using data for the
Page 82 of 102
entire network. There are advantages to each approach. In some circumstances SPF may be
able to respond to changes more quickly. In order to prevent routing loops, IGRP has to
ignore new data for a few minutes after certain kinds of changes. Because SPF has
information directly from each gateway, it is able to avoid these routing loops. Thus it can
act on new information immediately. However, SPF has to deal with substantially more data
than IGRP, both in internal data structures and in messages between gateways.
The Routing Problem
IGRP is intended for use in gateways connecting several networks. We assume that the
networks use packet-based technology. In effect the gateways act as packet switches. When a
system connected to one network wants to send a packet to a system on a different network,
it addresses the packet to a gateway. If the destination is on one of the networks connected to
the gateway, the gateway will forward the packet to the destination. If the destination is
more distant, the gateway will forward the packet to another gateway that is closer to the
destination. Gateways use routing tables to help them decide what to do with packets. Here
is a simple example routing table. (Addresses used in the examples are IP addresses taken
from Rutgers University. Note that the basic routing problem is similar for other protocols as
well, but this description will assume that IGRP is being used for routing IP.)
Figure 1
network gateway interface

------- ------- ---------
128.6.4 none ethernet 0
128.6.5 none ethernet 1
128.6.21 128.6.4.1 ethernet 0
128.121 128.6.5.4 ethernet 1
10 128.6.5.4 ethernet 1
(Actual IGRP routing tables have additional information for each gateway, as we will see.)
This gateway is connected to two Ethernets, called 0 and 1. They have been given IP network
numbers (actually subnet numbers) 128.6.4 and 128.6.5. Thus packets addressed for these
specific networks can be sent directly to the destination, simply by using the appropriate
Page 83 of 102
Ethernet interface. There are two nearby gateways, 128.6.4.1 and 128.6.5.4. Packets for
networks other than 128.6.4 and 128.6.5 will be forwarded to one or the other of those
gateways. The routing table indicates which gateway should be used for which network. For
example, packets addressed to a host on network 10 should be forwarded to gateway
128.6.5.4. One hopes that this gateway is closer to network 10, i.e. that the best path to
network 10 goes through this gateway. The primary purpose of IGRP is allow the gateways
to build and maintain routing tables like this.
Summary of IGRP
As mentioned above, IGRP is a protocol that allows gateways to build up their routing table
by exchanging information with other gateways. A gateway starts out with entries for all of
the networks that are directly connected to it. It gets information about other networks by
exchanging routing updates with adjacent gateways. In the simplest case, the gateway will
find one path that represents the best way to get to each network. A path is characterized by
the next gateway to which packets should be sent, the network interface that should be used,
and metric information. Metric information is a set of numbers that characterize how good
the path is. This allows the gateway to compare paths that it has heard from various
gateways and decide which one to use. There are often cases where it makes sense to split
traffic between two or more paths. IGRP will do this whenever two or more paths are equally
good. The user can also configure it to split traffic when paths are almost equally good. In
this case more traffic will be sent along the path with the better metric. The intent is that
traffic can be split between a 9600 bps line and a 19200 BPS line, and the 19200 line will get
roughly twice as much traffic as the 9600 BPS line.
The metrics used by IGRP include the following:
 Topological delay time

 Bandwidth of the narrowest bandwidth segment of the path
 Channel occupancy of the path
 Reliability of the path
Topological delay time is the amount of time it would take to get to the destination along
that path, assuming an unloaded network. Of course there is additional delay when the
network is loaded. However, load is accounted for by using the channel occupancy figure,
not by attempting to measure actual delays. The path bandwidth is simply the bandwidth in
bits per second of the slowest link in the path. Channel occupancy indicates how much of
that bandwidth is currently in use. It is measured, and will change with load. Reliability
indicates the current error rate. It is the fraction of packets that arrive at the destination
undamaged. It is measured.Although they are not used as part of the metric, two addition
Page 84 of 102
pieces of information are passed with it: hop count and MTU. The hop count is simply the
number of gateways that a packet will have to go through to get to the destination. MTU is
the maximum packet size that can be sent along the entire path without fragmentation. (That
is, it is the minimum of the MTUs of all the networks involved in the path.)
Based on the metric information, a single "composite metric" is calculated for the path. The
composite metric combines the effect of the various metric components into a single number
representing the "goodness" of that path. It is the composite metric that is actually used to
decide on the best path.
Periodically each gateway broadcasts its entire routing table (with some censoring because of
the split horizon rule) to all adjacent gateways. When a gateway gets this broadcast from
another gateway, it compares the table with its existing table. Any new destinations and
paths are added to the gateway's routing table. Paths in the broadcast are compared with
existing paths. If a new path is better, it may replace the existing one. Information in the
broadcast is also used to update channel occupancy and other information about existing
paths. This general procedure is similar to that used by all distance vector protocols. It is
referred to in the mathematical literature as the Bellman-Ford algorithm. Refer to RFC 1058
for a detailed development of the basic procedure, which describes RIP, an older distance
vector protocol.In IGRP, the general Bellman-Ford algorithm is modified in three critical
aspects. First, instead of a simple metric, a vector of metrics is used to characterize paths.
Second, instead of picking a single path with the smallest metric, traffic is split among
several paths, whose metrics fall into a specified range. Third, several features are introduced
to provide stability in situations where the topology is changing.
The best path is selected based on a composite metric:
[(K1 / Be) + (K2 * Dc)] r
Where K1, K2 = constants, Be = unloaded path bandwidth x (1 - channel occupancy), Dc =

topological delay, and r = reliability.The path having the smallest composite metric will be
the best path. Where there are multiple paths to the same destination, the gateway can route
the packets over more than one path. This is done in accordance with the composite metric
for each data path. For instance, if one path has a composite metric of 1 and another path has
a composite metric of 3, three times as many packets will be sent over the data path having
the composite metric of 1.
There are two advantages to using a vector of metric information. The first is that it provides
the ability to support multiple types of service from the same set of data. The second
advantage is improved accuracy. When a single metric is used, it is normally treated as if it
were a delay. Each link in the path is added to the total metric. If there is a link with a low
bandwidth, it is normally represented by a large delay. However, bandwidth limitations
Page 85 of 102
don't really cumulate the way delays do. By treating bandwidth as a separate component, it
can be handled correctly. Similarly, load can be handled by a separate channel occupancy
number.IGRP provides a system for interconnecting computer networks which can stably
handle a general graph topology including loops. The system maintains full path metric
information, i.e., it knows the path parameters to all other networks to which any gateway is
connected. Traffic can be distributed over parallel paths and multiple path parameters can be
simultaneously computed over the entire network.
Enhanced Interior Gateway Routing Protocol (EIGRP)
The Enhanced Interior Gateway Routing Protocol (EIGRP), referred to as an advanced

Distance Vector protocol, offers radical improvements over IGRP. Traditional DV protocols
such as RIP and IGRP exchange periodic routing updates with all their neighbors, saving the
best distance (or metric) and the vector (or next hop) for each destination. EIGRP differs in
that it saves not only the best (least-cost) route but all routes, allowing convergence to be
much quicker. Further, EIGRP updates are sent only upon a network topology change;
updates are not periodic.
Getting EIGRP running is not much more difficult than getting IGRP running, as we will see
in the section "Getting EIGRP Running." Even though EIGRP offers radical improvements
over IGRP, there are similarities between the protocols. Like IGRP, EIGRP bases its metric on
bandwidth, delay, reliability, load, and MTU (see the "EIGRP Metric" section).The fast
convergence feature in EIGRP is due to the Diffusing Update Algorithm (DUAL), discussed
in "How EIGRP Works."EIGRP updates carry subnet mask information. This allows EIGRP
to summarize routes on arbitrary bit boundaries, support classless route lookups, and allow
the support of Variable Length Subnet Masks (VLSM). This is discussed in "Variable Length
Subnet Masks" and "Route Summarization."Setting up default routes in EIGRP is discussed
in "Default Routes."Troubleshooting EIGRP can be tricky. This chapter ends with some
troubleshooting tips in "Troubleshooting EIGRP."EIGRP is a Cisco proprietary protocol;
other router vendors do not support EIGRP. Keep this in mind if you are planning a
multivendor router environment.
This chapter focuses on EIGRP's enhancements over IGRP: the use of DUAL; and the use of
subnet masks in updates, which in turn allow VLSM and route summarization at arbitrary
bit boundaries. This chapter does not cover router metrics in detail or the concept of parallel
paths. Those concepts have not changed much in EIGRP. I assume that the reader is familiar
with IGRP.
EIGRP Metric
The EIGRP composite metric is computed exactly as the IGRP metric is and then multiplied
by 256. Thus, the default expression for the EIGRP composite metric is:
Page 86 of 102
Metric = [BandW +Delay] × 256
where BandW and Delay are computed exactly as for IGRP (see the section "IGRP Metric" in
Chapter 3). In summary, BandW is computed by taking the smallest bandwidth (expressed in
kbits/s) from all outgoing interfaces to the destination (including the destination) and
dividing 10,000,000 by this number (the smallest bandwidth), and Delay is the sum of all the
delay values to the destination network (expressed in tens of microseconds).Further, note
that the total delay (line 6), minimum bandwidth (line 6), reliability (line 7), minimum MTU
(line 7), and load (line 8) for a path, which are used to compute the composite metric (line 5),
are shown as output of the show ip route destination-network-number command:
NewYork#sh ip route 172.16.50.0

Routing entry for 172.16.50.0 255.255.255.0
Known via "eigrp 10", distance 90, metric 2195456, type internal
Redistributing via eigrp 10
Last update from 172.16.250.2 on Serial0, 00:00:21 ago
Routing Descriptor Blocks:
* 172.16.50.0, from 172.16.250.2, 00:00:21 ago, via Serial0
Route metric is 2195456, traffic share count is 1
Total delay is 21000 microseconds, minimum bandwidth is 1544 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
Converting route metrics between EIGRP and IGRP is very straightforward: EIGRP metrics
are 256 times larger than IGRP metrics. This easy conversion becomes important when a
network is running both IGRP and EIGRP, such as during a migration from IGRP to EIGRP.
Just like IGRP, EIGRP can be made to use load and reliability in its metric by modifying the
parameters k1, k2, k3, k4, and k5 (see the "IGRP Metric" section in the previous chapter).The
constants k1, k2, k3, k4, and k5 can be modified with the following command:
metric weights tos k1 k2 k3 k4 k5
WARNING: Cisco strongly recommends not modifying the k1, k2, k3, k4, and k5 values for
EIGRP.
How EIGRP Works
Unlike traditional DV protocols such as RIP and IGRP, EIGRP does not rely on periodic
updates: routing updates are sent only when there is a change. Remember that RIP and IGRP
reset the invalid and flush timers upon receiving a route update. When a route is lost, the
updates stop; the invalid and flush timers grow and grow (the timers are not reset), and,
ultimately, the route is flushed from the routing table. This process of convergence assumes
Page 87 of 102
periodic updates. EIGRP's approach has the advantage that network resources are not
consumed by periodic updates. However, if a router dies, taking away all its downstream
routes, how would EIGRP detect the loss of these routes? EIGRP relies on small hello packets
to establish neighbor relationships and to detect the loss of a neighbor. Neighbor
relationships are discussed in detail in the next section. RIP and IGRP suffer from a major
flaw: routing loops. Routing loops happen when information about the loss of a route does not
reach all routers in the network because an update packet gets dropped or corrupted. These
routers (that have not received the information about the loss of the route) inject bad routing
information back into the network by telling their neighbors about the route they know.
EIGRP uses reliable transmission for all updates between neighbors. Neighbors acknowledge
the receipt of updates, and if an acknowledgment is not received, EIGRP retransmits the
update. RIP and IGRP employ a battery of techniques to reduce the likelihood of routing
loops: split horizon, hold-down timers, and poison reverse. These techniques do not
guarantee that loops will not occur and, in any case, result in long convergence times. EIGRP
uses the Diffusing Update Algorithm (DUAL) for all route computations. DUAL's
convergence times are an order of magnitude lower than those of traditional DV algorithms.
DUAL is able to achieve such low convergence times by maintaining a table of loop-free
paths to every destination, in addition to the least-cost path. DUAL is described in more
detail later in this chapter. DUAL can support IP, IPX, and AppleTalk. A protocol-dependent
module encapsulates DUAL messages and handles interactions with the routing table. In
summary, DUAL requires:
1. A method for the discovery of new neighbors and their loss (see the next section,
"Neighbor Relationship").
2. Reliable transmission of update packets between neighbors (see the later section "Reliable
Transport Protocol").
3. Protocol-dependent modules that can encapsulate DUAL traffic in IP, IPX, or AppleTalk.
This text will deal only with EIGRP in IP networks (see the later section "Protocol-
Dependent Module").
I'll end this section with a discussion of EIGRP packet formats.
Neighbor Relationship
A router discovers a neighbor when it receives its first hello packet on a directly connected
network. The router requests DUAL to send a full route update to the new neighbor. In
response, the neighbor sends its full route update. Thus, a new neighbor relationship is
established in the following steps:
1. When a router A receives a hello packet from a new neighbor B, A sends its topology
table to router B in unicast updates with the initialization bit turned on.
Page 88 of 102
2. When router B receives a packet with the initialization bit on, it sends its topology table to
router A.
The interval between hello packets from any EIGRP-speaking router on a network is five
seconds (by default) on most media types. Each hello packet advertises hold-time--the length
of time the neighbor should consider the sender up. The default hold-time is 15 seconds. If
no hellos are received for the duration of the hold-time, DUAL is informed that the neighbor
is down. Thus, in addition to detecting a new neighbor, hello packets are also used to detect
the loss of a neighbor. The hello-interval can be changed with the following command in
interface configuration mode:
ip hello-interval eigrp autonomous-system-number seconds
Lengthening the hello-interval will also lengthen the route convergence time. However, a
longer hello-interval may be desirable on a congested network with many EIGRP routers. If
the hello-interval is changed, the hold-time should also be modified. A rule of thumb is to
keep the hold-time at three times the hello-interval. ip hold-time eigrp autonomous-system-
number seconds
Note that the hello-interval and hold-time need not be the same for all routers on a network.
Each router advertises its own hold-time, which is recorded in the neighbor's neighbor table.
The default hello-interval is 60 seconds (with a hold-time of 180 seconds) on multipoint

interfaces (such as ATM, Frame Relay, and X.25) with link speeds of T-1 or less. Hello
packets are multicast; no acknowledgments are expected. The following output shows
NewYork's neighbors. The first column--labeled H--is the order in which the neighbors were
learned. The hold-time for 172.16.251.2 (Ames) is 10 seconds, from which we can deduce that
the last hello was received 5 seconds ago. The hold-time for 172.16.250.2 (Chicago) is 13
seconds, from which we can deduce that the last hello was received 2 seconds ago. The hold-
time for a neighbor should not exceed 15 seconds or fall below 10 seconds (if the hold-time
fell below 10 s, that would indicate the loss of one or more hello packets).
NewYork#sh ip eigrp neighbor

IP-EIGRP neighbors for process 10
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.16.251.2 Se0/1 10 00:17:08 28 2604 0 7
0 172.16.250.2 Se0/0 13 00:24:43 12 2604 0 14.
After a neighbor relationship has been established between A and B the only EIGRP
overhead is the exchange of hello packets, unless there is a topological change in the
network.
Page 89 of 102
Reliable Transport Protocol
The EIGRP transport mechanism uses a mix of multicast and unicast packets, using reliable
delivery when necessary. All transmissions use IP with the protocol type field set to 88. The
IP multicast address used is 224.0.0.10. DUAL requires guaranteed and sequenced delivery
for some transmissions. This is achieved using acknowledgments and sequence numbers. So,
for example, update packets (containing routing table data) are delivered reliably (with
sequence numbers) to all neighbors using multicast. Acknowledgment packets--with the correct
sequence number--are expected from every neighbor. If the correct acknowledgment number
is not received from a neighbor, the update is retransmitted as a unicast. The sequence
number (seq num) in the last packet from the neighbor is recorded to ensure that packets are
received in sequence. The number of packets in the queue that might need retransmission is
shown as a queue count (QCnt), and the smoothed round trip time (SRTT) is used to estimate
how long to wait before retransmitting to the neighbor. The retransmission timeout (RTO) is
the time the router will wait for an acknowledgment before retransmitting the packet in the
queue. Some transmissions do not require reliable delivery. For example, hello packets are
multicast to all neighbors on an Ethernet segment, whereas acknowledgments are unicast.
Neither hellos nor acknowledgments are sent reliably.
EIGRP also uses queries and replies as part of DUAL. Queries are multicast or unicast using
reliable delivery, whereas replies are always reliably unicast. Query and reply packets are
discussed in more detail in the next section.
Enhanced IGRP
The Enhanced Interior Gateway Routing Protocol (EIGRP) represents an evolution from its
predecessor IGRP (refer to Chapter 42, "Interior Gateway Routing Protocol"). This
evolution resulted from changes in networking and the demands of diverse, large-scale
internetworks. Enhanced IGRP integrates the capabilities of link-state protocols into
distance vector protocols. Additionally, EIGRP contains several important protocols that
greatly increase its operational efficiency relative to other routing protocols. One of these
protocols is the Diffusing update algorithm (DUAL) developed at SRI International by Dr. J.J.
Garcia-Luna-Aceves. DUAL enables EIGRP routers to determine whether a path advertised
by a neighbor is looped or loop-free, and allows a router running EIGRP to find alternate
paths without waiting on updates from other routers.Enhanced IGRP provides
compatibility and seamless interoperation with IGRP routers. An automatic-redistribution
mechanism allows IGRP routes to be imported into Enhanced IGRP, and vice versa, so it is
possible to add Enhanced IGRP gradually into an existing IGRP network. Because the
metrics for both protocols are directly translatable, they are as easily comparable as if they
were routes that originated in their own autonomous systems (ASs). In addition, Enhanced
IGRP treats IGRP routes as external routes and provides a way for the network
administrator to customize them.
Page 90 of 102
This chapter provides an overview of the basic operations and protocol characteristics of
Enhanced IGRP.
Enhanced IGRP Capabilities and Attributes
Key capabilities that distinguish Enhanced IGRP from other routing protocols include fast
convergence, support for variable-length subnet mask, support for partial updates, and
support for multiple network layer protocols. A router running Enhanced IGRP stores all
its neighbors' routing tables so that it can quickly adapt to alternate routes. If no
appropriate route exists, Enhanced IGRP queries its neighbors to discover an alternate
route. These queries propagate until an alternate route is found.Its support for variable-
length subnet masks permits routes to be automatically summarized on a network number
boundary. In addition, Enhanced IGRP can be configured to summarize on any bit
boundary at any interface.Enhanced IGRP does not make periodic updates. Instead, it
sends partial updates only when the metric for a route changes. Propagation of partial
updates is automatically bounded so that only those routers that need the information are
updated. As a result of these two capabilities, Enhanced IGRP consumes significantly less
bandwidth than IGRP.Enhanced IGRP includes support for AppleTalk, IP, and Novell
NetWare. The AppleTalk implementation redistributes routes learned from the Routing
Table Maintenance Protocol (RTMP). The IP implementation redistributes routes learned
from OSPF, Routing Information Protocol (RIP), Intermediate System-to-Intermediate
System (IS-IS), Exterior Gateway Protocol (EGP), or Border Gateway Protocol (BGP). The
Novell implementation redistributes routes learned from Novell RIP or Service
Advertisement Protocol (SAP).
Underlying Processes and Technologies
To provide superior routing performance, Enhanced IGRP employs four key technologies
that combine to differentiate it from other routing technologies: neighbor
discovery/recovery, reliable transport protocol (RTP), DUAL finite-state machine, and
protocol-dependent modules.The neighbor discovery/recovery mechanism enables routers to
dynamically learn about other routers on their directly attached networks. Routers also
must discover when their neighbors become unreachable or inoperative. This process is
achieved with low overhead by periodically sending small hello packets. As long as a
router receives hello packets from a neighboring router, it assumes that the neighbor is
functioning, and the two can exchange routing information.
Reliable Transport Protocol (RTP) is responsible for guaranteed, ordered delivery of

Enhanced IGRP packets to all neighbors. It supports intermixed transmission of multicast
or unicast packets. For efficiency, only certain Enhanced IGRP packets are transmitted
reliably. On a multiaccess network that has multicast capabilities, such as Ethernet, it is not
necessary to send hello packets reliably to all neighbors individually. For that reason,
Page 91 of 102
Enhanced IGRP sends a single multicast hello packet containing an indicator that informs
the receivers that the packet need not be acknowledged. Other types of packets, such as
updates, indicate in the packet that acknowledgment is required. RTP contains a provision
for sending multicast packets quickly when unacknowledged packets are pending, which
helps ensure that convergence time remains low in the presence of varying speed links.The
DUAL finite-state machine embodies the decision process for all route computations by
tracking all routes advertised by all neighbors. DUAL uses distance information to select
efficient, loop-free paths and selects routes for insertion in a routing table based on feasible
successors. A feasible successor is a neighboring router used for packet forwarding that is a
least-cost path to a destination that is guaranteed not to be part of a routing loop. When a
neighbor changes a metric, or when a topology change occurs, DUAL tests for feasible
successors. If one is found, DUAL uses it to avoid recomputing the route unnecessarily.
When no feasible successors exist but neighbors still advertise the destination, a
recomputation (also known as a diffusing computation) must occur to determine a new
successor. Although recomputation is not processor-intensive, it does affect convergence
time, so it is advantageous to avoid unnecessary recomputations.Protocol-dependent
modules are responsible for network layer protocol-specific requirements. The IP-
Enhanced IGRP module, for example, is responsible for sending and receiving Enhanced
IGRP packets that are encapsulated in IP. Likewise, IP-Enhanced IGRP is also responsible
for parsing Enhanced IGRP packets and informing DUAL of the new information that has
been received. IP-Enhanced IGRP asks DUAL to make routing decisions, the results of
which are stored in the IP routing table. IP-Enhanced IGRP is responsible for redistributing
routes learned by other IP routing protocols.
Routing Concepts
Enhanced IGRP relies on four fundamental concepts: neighbor tables, topology tables,
route states, and route tagging. Each of these is summarized in the discussions that follow.
Neighbor Tables
When a router discovers a new neighbor, it records the neighbor's address and interface as
an entry in the neighbor table. One neighbor table exists for each protocol-dependent
module. When a neighbor sends a hello packet, it advertises a hold time, which is the
amount of time that a router treats a neighbor as reachable and operational. If a hello
packet is not received within the hold time, the hold time expires and DUAL is informed of
the topology change.The neighbor-table entry also includes information required by RTP.
Sequence numbers are employed to match acknowledgments with data packets, and the
last sequence number received from the neighbor is recorded so that out-of-order packets
can be detected. A transmission list is used to queue packets for possible retransmission on
a per-neighbor basis. Round-trip timers are kept in the neighbor-table entry to estimate an
optimal retransmission interval.
Page 92 of 102
Topology Tables
The topology table contains all destinations advertised by neighboring routers. The protocol-
dependent modules populate the table, and the table is acted on by the DUAL finite-state
machine. Each entry in the topology table includes the destination address and a list of
neighbors that have advertised the destination. For each neighbor, the entry records the
advertised metric, which the neighbor stores in its routing table. An important rule that
distance vector protocols must follow is that if the neighbor advertises this destination, it
must use the route to forward packets.The metric that the router uses to reach the
destination is also associated with the destination. The metric that the router uses in the
routing table, and to advertise to other routers, is the sum of the best-advertised metric
from all neighbors and the link cost to the best neighbor.
Route States
A topology-table entry for a destination can exist in one of two states: active or passive. A
destination is in the passive state when the router is not performing a recomputation; it is in
the active state when the router is performing a recomputation. If feasible successors are
always available, a destination never has to go into the active state, thereby avoiding a
recomputation.A recomputation occurs when a destination has no feasible successors. The
router initiates the recomputation by sending a query packet to each of its neighboring
routers. The neighboring router can send a reply packet, indicating that it has a feasible
successor for the destination, or it can send a query packet, indicating that it is participating
in the recomputation. While a destination is in the active state, a router cannot change the
destination's routing-table information. After the router has received a reply from each
neighboring router, the topology-table entry for the destination returns to the passive state,
and the router can select a successor.
Route Tagging
Enhanced IGRP supports internal and external routes. Internal routes originate within
an Enhanced IGRP AS. Therefore, a directly attached network that is configured to run
Enhanced IGRP is considered an internal route and is propagated with this information
throughout the Enhanced IGRP AS. External routes are learned by another routing protocol
or reside in the routing table as static routes. These routes are tagged individually with the
identity of their origin.External routes are tagged with the following information:
 Router ID of the Enhanced IGRP router that redistributed the route

 AS number of the destination
 Configurable administrator tag
 ID of the external protocol
 Metric from the external protocol
Page 93 of 102
 Bit flags for default routing
Route tagging allows the network administrator to customize routing and maintain flexible
policy controls. Route tagging is particularly useful in transit ASs, where Enhanced IGRP
typically interacts with an interdomain routing protocol that implements more global
policies, resulting in a very scalable, policy-based routing.
Enhanced IGRP Packet Types
Enhanced IGRP uses the following packet types: hello and acknowledgment, update, and
query and reply.Hello packets are multicast for neighbor discovery/recovery and do not
require acknowledgment. An acknowledgment packet is a hello packet that has no data.
Acknowledgment packets contain a nonzero acknowledgment number and always are
sent by using a unicast address.Update packets are used to convey reachability of
destinations. When a new neighbor is discovered, unicast update packets are sent so that
the neighbor can build up its topology table. In other cases, such as a link-cost change,
updates are multicast. Updates always are transmitted reliably.
Query and reply packets are sent when a destination has no feasible successors. Query
packets are always multicast. Reply packets are sent in response to query packets to
instruct the originator not to recompute the route because feasible successors exist. Reply
packets are unicast to the originator of the query. Both query and reply packets are
transmitted reliably.
Summary
Cisco Systems's EIGRP is one of the most feature-rich and robust routing protocols to ever
be developed. Its unique combination of features blends the best attributes of distance
vector protocols with the best attributes of link-state protocols. The result is a hybrid
routing protocol that defies easy categorization with conventional protocols.EIGRP is also
remarkably easy to configure and use, as well as remarkably efficient and secure in
operation. It can be used in conjunction with IPv4, AppleTalk, and IPX. More importantly,
its modular architecture will readily enable Cisco to add support for other routed protocols
that may be developed in the future.
Review Questions
Q—Name the four key technologies that are used by EIGRP.
A—EIGRP employs four key technologies, including neighbor discover/recovery, Reliable

Transport Protocol (RTP), Diffusing Update ALgorithm (DUAL) finite-state machine, and a
modular architecture that enables support for new protocols to be easily added to an
existing network.
Page 94 of 102
Q—Explain why EIGRP is more efficient in operation than IGRP.
A—Unlike most other distance vector routing protocols, EIGRP does not mandate a
periodic update of routing tables between neighboring routers. Instead, it employs a
neighbor discovery/recovery mechanism to ensure that neighbors remain aware of each
other's accessibility. As long as a router receives periodic hello packets from its neighbors,
it can assume that those neighbors remain functional. More importantly, it can assume that
all of its routes that rely upon passage through those neighbors remain usable. Thus,
EIGRP is much more efficient than conventional distance vector routing protocols because
it imposes much less overhead on routers and transmission facilities during normal
operation.
Q—How does RTP enable improved convergence times?
A—RTP is responsible for providing guaranteed delivery of EIGRP packets between

neighboring routers. However, not all of the EIGRP packets that neighbors exchange must
be sent reliably. Some packets, such as hello packets, can be sent unreliably. More
importantly, they can be multicast rather than having separate datagrams with essentially
the same payload being discretely addressed and sent to individual routers. This helps an
EIGRP network converge quickly, even when its links are of varying speeds.
Q—Why does EIGRP tag certain routes?
A—EIGRP supports both internal and external routes. Routes that are internal to an AS are
completely contained within that AS. External routes are those that are learned from
neighbors that lie outside the AS. External routes are tagged with information that
identifies their origin. This enables a network administrator to develop customized
interdomain routing policies.
Border Gateway Protocol
Introduction
The Border Gateway Protocol (BGP) is an interautonomous system routing protocol. An

autonomous system is a network or group of networks under a common administration
and with common routing policies. BGP is used to exchange routing information for the
Internet and is the protocol used between Internet service providers (ISP). Customer
networks, such as universities and corporations, usually employ an Interior Gateway
Protocol (IGP) such as RIP or OSPF for the exchange of routing information within their
networks. Customers connect to ISPs, and ISPs use BGP to exchange customer and ISP
routes. When BGP is used between autonomous systems (AS), the protocol is referred to as
Page 95 of 102
External BGP (EBGP). If a service provider is using BGP to exchange routes within an AS,
then the protocol is referred to as Interior BGP (IBGP). Figure 39-1 illustrates this
distinction.
Figure 39-1 External and Interior BGP
BGP is a very robust and scalable routing protocol, as evidenced by the fact that BGP is the
routing protocol employed on the Internet. At the time of this writing, the Internet BGP
routing tables number more than 90,000 routes. To achieve scalability at this level, BGP
uses many route parameters, called attributes, to define routing policies and maintain a
stable routing environment. In addition to BGP attributes, classless interdomain routing
(CIDR) is used by BGP to reduce the size of the Internet routing tables. For example,
assume that an ISP owns the IP address block 195.10.x.x from the traditional Class C
address space. This block consists of 256 Class C address blocks, 195.10.0.x through
195.10.255.x. Assume that the ISP assigns a Class C block to each of its customers. Without
CIDR, the ISP would advertise 256 Class C address blocks to its BGP peers. With CIDR,
BGP can supernet the address space and advertise one block, 195.10.x.x. This block is the
same size as a traditional Class B address block. The class distinctions are rendered
obsolete by CIDR, allowing a significant reduction in the BGP routing tables.
BGP neighbors exchange full routing information when the TCP connection between
neighbors is first established. When changes to the routing table are detected, the BGP
routers send to their neighbors only those routes that have changed. BGP routers do not
send periodic routing updates, and BGP routing updates advertise only the optimal path to
a destination network.
BGP Attributes
Routes learned via BGP have associated properties that are used to determine the best
route to a destination when multiple paths exist to a particular destination. These
properties are referred to as BGP attributes, and an understanding of how BGP attributes
Page 96 of 102
influence route selection is required for the design of robust networks. This section
describes the attributes that BGP uses in the route selection process:
 Weight
 Local preference
 Multi-exit discriminator
 Origin
 AS_path
 Next hop
 Community
Weight Attribute
Weight is a Cisco-defined attribute that is local to a router. The weight attribute is not advertised to
neighboring routers. If the router learns about more than one route to the same destination, the route with the
highest weight will be preferred. In Figure 39-2, Router A is receiving an advertisement for network
172.16.1.0 from routers B and C. When Router A receives the advertisement from Router B, the associated
weight is set to 50. When Router A receives the advertisement from Router C, the associated weight is set to
100. Both paths for network 172.16.1.0 will be in the BGP routing table, with their respective weights. The
route with the highest weight will be installed in the IP routing table.
Figure 39-2 BGP Weight Attribute
Local Preference Attribute

The local preference attribute is used to prefer an exit point from the local autonomous
system (AS). Unlike the weight attribute, the local preference attribute is propagated
throughout the local AS. If there are multiple exit points from the AS, the local preference
attribute is used to select the exit point for a specific route. In Figure 39-3, AS 100 is
receiving two advertisements for network 172.16.1.0 from AS 200. When Router A receives
the advertisement for network 172.16.1.0, the corresponding local preference is set to 50.
When Router B receives the advertisement for network 172.16.1.0, the corresponding local
preference is set to 100. These local preference values will be exchanged between routers A
and B. Because Router B has a higher local preference than Router A, Router B will be used
as the exit point from AS 100 to reach network 172.16.1.0 in AS 200.
Page 97 of 102
Figure 39-3 BGP Local Preference Attribute
Multi-Exit Discriminator Attribute

The multi-exit discriminator (MED) or metric attribute is used as a suggestion to an external
AS regarding the preferred route into the AS that is advertising the metric. The term
suggestion is used because the external AS that is receiving the MEDs may be using other
BGP attributes for route selection. We will cover the rules regarding route selection in the
next section. In Figure 39-4, Router C is advertising the route 172.16.1.0 with a metric of 10,
while Route D is advertising 172.16.1.0 with a metric of 5. The lower value of the metric is
preferred, so AS 100 will select the route to router D for network 172.16.1.0 in AS 200.
MEDs are advertised throughout the local AS.
Origin Attribute
The origin attribute indicates how BGP learned about a particular route. The origin attribute
can have one of three possible values:
 IGP—The route is interior to the originating AS. This value is set when the network
router configuration command is used to inject the route into BGP.
 EGP—The route is learned via the Exterior Border Gateway Protocol (EBGP).
 Incomplete—The origin of the route is unknown or learned in some other way. An
origin of incomplete occurs when a route is redistributed into BGP.
The origin attribute is used for route selection and will be covered in the next section.
Page 98 of 102
Figure 39-4 BGP Multi-Exit Discriminator Attribute
AS_path Attribute
When a route advertisement passes through an autonomous system, the AS number is
added to an ordered list of AS numbers that the route advertisement has traversed. Figure
39-5 shows the situation in which a route is passing through three autonomous systems.
AS1 originates the route to 172.16.1.0 and advertises this route to AS 2 and AS 3, with the
AS_path attribute equal to {1}. AS 3 will advertise back to AS 1 with AS-path attribute {3,1},
and AS 2 will advertise back to AS 1 with AS-path attribute {2,1}. AS 1 will reject these
routes when its own AS number is detected in the route advertisement. This is the
mechanism that BGP uses to detect routing loops. AS 2 and AS 3 propagate the route to
each other with their AS numbers added to the AS_path attribute. These routes will not be
installed in the IP routing table because AS 2 and AS 3 are learning a route to 172.16.1.0
from AS 1 with a shorter AS_path list.
Next-Hop Attribute
The EBGP next-hop attribute is the IP address that is used to reach the advertising router. For EBGP
peers, the next-hop address is the IP address of the connection between the peers. For IBGP, the
EBGP next-hop address is carried into the local AS, as illustrated in
Figure 39-6.
Figure 39-5 BGP AS-path Attribute
Page 99 of 102
Figure 39-6 BGP Next-Hop Attribute
Router C advertises network 172.16.1.0 with a next hop of 10.1.1.1. When Router A
propagates this route within its own AS, the EBGP next-hop information is preserved. If
Router B does not have routing information regarding the next hop, the route will be
discarded. Therefore, it is important to have an IGP running in the AS to propagate next-
hop routing information.
Community Attribute
The community attribute provides a way of grouping destinations, called communities, to
which routing decisions (such as acceptance, preference, and redistribution) can be applied.
Route maps are used to set the community attribute. Predefined community attributes are
listed here:
 no-export—Do not advertise this route to EBGP peers.
 no-advertise—Do not advertise this route to any peer.
 internet—Advertise this route to the Internet community; all routers in the network
belong to it.
Figure 39-7 illustrates the no-export community. AS 1 advertises 172.16.1.0 to AS 2 with the community
attribute no-export. AS 2 will propagate the route throughout AS 2 but will not send this route to AS 3 or any
other external AS. Figure 39-7 BGP no-export Community Attribute
Page 100 of 102

In Figure 39-8, AS 1 advertises 172.16.1.0 to AS 2 with the community attribute no-advertise. Router B in AS
2 will not advertise this route to any other router.
Figure 39-8 BGP no-advertise Community Attribute
Figure 39-9 demonstrates the internet community attribute. There are no limitations to the
scope of the route advertisement from AS 1.
Figure 39-9 BGP internet Community Attribute
BGP Path Selection
BGP could possibly receive multiple advertisements for the same route from multiple
sources. BGP selects only one path as the best path. When the path is selected, BGP puts the
selected path in the IP routing table and propagates the path to its neighbors. BGP uses the
following criteria, in the order presented, to select a path for a destination:
 If the path specifies a next hop that is inaccessible, drop the update.
 Prefer the path with the largest weight.
 If the weights are the same, prefer the path with the largest local preference.
 If the local preferences are the same, prefer the path that was originated by BGP
running on this router.
 If no route was originated, prefer the route that has the shortest AS_path.
Page 101 of 102

 If all paths have the same AS_path length, prefer the path with the lowest origin
type (where IGP is lower than EGP, and EGP is lower than incomplete).
 If the origin codes are the same, prefer the path with the lowest MED attribute.
 If the paths have the same MED, prefer the external path over the internal path.
 If the paths are still the same, prefer the path through the closest IGP neighbor.
 Prefer the path with the lowest IP address, as specified by the BGP router ID.
Review Questions
Q—Can IBGP be used in place of an IGP (RIP, IGRP, EIGRP, OSPF, or ISIS)?
A—Yes and no. Remember that the next-hop information from EBGP is carried into IBGP.
If IBGP does not have a route to reach the next hop, then the route will be discarded.
Typically an IGP needs to be used to exchange routes to the next hop, but this can be
achieved by using static routes on all the routers running IBGP. So, the answer is yes if you
want to use and maintain static routes. Otherwise, the answer is no.
Q—Assume that a BGP router is learning the same route from two different EBGP peers. The
AS_path information from peer 1 is {2345,86,51}, and the AS_path information from peer 2 is
{2346,51}. What BGP attributes could be adjusted to force the router to prefer the route advertised
by peer 1?
A—Weight and local preference. Both have a higher preference than AS_path length.
Q—Can BGP be used only by Internet service providers?
A—No. BGP can be used to scale large enterprise networks. A large network can be
divided into segments, with each segment running an IGP. Routing information between
segments could then be exchanged using BGP.
Q—If a directly connected interface is redistributed into BGP, what value will the origin attribute
have for this route?
A—Any redistributed route will have an origin of incomplete.
================================================
Page 102 of 102

Networking Basics

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Networking Basics

Uploaded by

Copyright:

Available Formats

Internet ,Intranet and Extranet Technologies

Lan Wiring, Hardware, and Installation: An Online Course in Networking

Most NIC's break the information into FRAMES or PACKETS of information.

A basic network is made up of primary components.

TYPES OF NETWORKS: The three basic types of networks include:

There are two types of topology: physical and logical.

The physical topology of a network refers to the configuration of cables, computers,

Entire network shuts down if there is a break in the main cable.

Terminators are required at both ends of the backbone cable.

3. STAR-WIRED RING (TOKEN RING)

An illustration of a token ring's token passing

Overall length of each segment is limited by the type of cabling used.

In a mesh topology, each device on the network is networked (cabled) to eachother.

The first number is an indication of the transmission speeds involved. It is listed in

There are three types of network wiring.

Each type of cabling has different requirements if it is to meet network standards.

IEEE 802.X SPECIFICATIONS

THE INSTITUTE OF ELECTRICAL AND ELECTRONIC

The 802 standards break the Data Link Layer further:

LOGICAL LINK CONTROL (LLC) - For error

MEDIA ACCESS CONTROL (MAC) - gives physical

With Ethernet 10Base2

255 devices cab be connected

With Ethernet 10Base5

is usually standard industry RG-8 or RG-11 cable

Stripping & Terminating Coaxial Cable: Illustrated Tutorial.

2. TWISTED PAIR CABLING (STP and UTP)

EAI/TIA 568 COMMERCIAL BUILDING WIRING STANDARD for Unshielded

UTP comes in levels of Category 1 - 5. The Electronics Industries

Category 1: not rated for performance

Category 5: used for Ethernet 10BASE-T. Maximum

Stripping and Terminating a Cat5 Cable: Illustrated Tutorial.

3. FIBER OPTIC CABLE

The foundations of Ethernet is CSMA/CD (Carrier Sense Multiple Access/Collision

Ethernet uses CSMA/CD described in the IEEE standard 802.3.

Standard maximum lngth of

10Base-FL 1.2 miles 2 Star 2 4km Fiberoptic None

The Ethernet standard has grown to include faster networks.

Cable Type Data Transfer Speed Maximum Distance

100BASE-T (fast Ethernet) 100 megabits per second 20 m.

Chart Taken from Data Comm Warehouse

3. ATM (Asynchronous Transfer Mode

OSI MODEL (Open Systems Interconnect)

2. Data Data Link

LAYER FUNCTION PROTOCOLS HARDWARE

Application Allows application processes to FTP, SNMP, Gateway

Presentation FORMAT - Functions as the NCP Gateway

Session Layer TRAFFIC COP. Provides None Gateway

Transport RESPONSIBLE FOR THE Uses protocols Gateway

Network Network Network Network

.com = Commercial organizations

and press enter.

WINIPCFG/IPCONFIG: A good utility to use to check the TCP/IP

2. IPX Network Protocol

3. NetBIOS/NetBEUI Network Protocol

A hub is a central connecting device that joins computers in a

Fast Ethernet switches allow dedicated, high-speed connections at

A repeater is the simplest and least expensive of the three. Repeaters

A tranceiver connct different Ethernet nodes together in an organized

A bridge is like a smart repeater. Bridges, like repeaters, can connect

can connect segments that use different cable media types,

TCP/IP and IPX/SPX are routable