Module 1 DCN

As per ICAO DOC 9868
and DOC 10057
2024
Competency Based Training and Assessment for

ATSEP
Non-PLI Training
On
Data Communication Networking, Cyber
Security and Linux
MODULE-1
Data Communication Networking
AAI/ANS/CNS/CATC/2024/CBTA-Non PLI/Data
Communication Networking/Cyber-
सी.ए.टी.सी.,
Security/Linux/Mod-1 /Ver.1.0
प्रयागराज
CATC, PRAYAGRAJ
THIS PAGE IS INTENTIONALLY KEPT BLANK
Module-1
Data Communication Networking, Cyber security and Linux
Training Quality Policy
“To develop the human

resources for the aviation
industry, ensuring conformity of
the processes, by adapting the
best practices within industry
and building higher skills and
standards in training.”
Module-1
Module-1
Version Control
Module Doc No. AAI/CATC/CNS/DCN/CYBER-SECURITY/LINUX/NPLI

Version 1.0 1. Sh. Pravin Kumar Singh, AGM (CNS), CATC
Developed by 2. Sh. Hasan Ashraf, AGM (CNS), CATC
3. Sh. V.P Ratheesh,AGM(CNS),Chennai
4. Narendra Patel,AGM(CNS),CATC
5. Dhiraj Kumar Gupta ,Mgr(CNS),Kolkata
6. Kumar Raunak , AM(CNS),Kolkata
Version 1.0 1. Sh. Govinda Kumar Gupta, AGM (CNS), CATC
vetted by 2. Sh.Hasan Ashraf, AGM (CNS), CATC
3. Sh. V.P Ratheesh, AGM (CNS), Chennai
4. Narendra Kr. Patel,AGM(CNS),CATC
5. Sh. Sandeep.G SM(CNS), Mangalore
Period of vetted Ver. 15th April 2024 to 18th April 2024
1.0
Maintained By CDRC, CATC, PRAYAGRAJ
Version Number Modified By Date Date
Modified approved
Ver 1.0
Module-1
Module-1
Preface
This “Data Communication Networking, Cyber Security and Linux NPLI Training”
handout conforms to the standards and recommended practices of International Civil Aviation
Organization (ICAO) vide Doc. 9868 (PANS Training) Part IV Chapter 3 for ATSEP and Doc. 10057
(Manual on Air Traffic Safety Electronics Personnel- Competency Based Training and Assessment).
With pleasure, I authenticate this handout and make it available for imparting NPLI training
course on “Data Communication Networking, Cyber Security and Linux” for ATSEPs in AAI.
The course content has been approved by CHQ of AAI. It is hoped that the trainee ATSEPs
will find it informative, interesting and better in presentation.
I am sure that the trainees will carry a sense of pride in undergoing this CBTA based NPLI
Training course of ICAO standard.
This handout on “Data Communication Networking, Cyber Security and Linux” is

specifically designed and developed to equip the ATSEPs with requisite competencies required
to understand Introduction to Data Communication, TCP/IP, Classification of networks, Network
devices with basic configuration in switch and router, Loop avoidance in LAN, IP Addressing &
Subnetting, IP Routing and configuration of static and dynamic routing, VLAN, VLAN Trunking and
inter VLAN routing and configure VLAN in switch and Inter VLAN routing, IP Multicast, Different
protocol, Linux operating system, Linux command, Introduction to cyber security, various cyber
threats , Cyber security threats prevention and basic configuration of network devices to
prevent cyber threats
This handout is intended to be kept up to date. It will be amended periodically as new

technological developments are made in the field of Data communication networking and cyber.
For the development and presentation of this module as per ICAO Doc 10057, I would like
to appreciate the meticulous and excellent work done by the course developers.
Errors, if any or suggestions, if brought to the notice of undersigned would be highly

commendable as it will serve to improve this module and contribute to our objective of achieving
excellence in the field of ATSEP training.
GM (CNS)/ Head of ATSEP training

CATC, PRAYAGRAJ-211012
Dated: 18th April. 2024
Module-1
TABLE OF CONTENTS
CHAPTER -01 ................................................................................................................... 1
INTRODUCTION TO DATA COMMUNICATION ................................................................... 1
1.1 COMMUNICATIONS MODEL ............................................................................................ 1
1.2 DATA REPRESENTATION ................................................................................................ 2
1.3 TEXT ......................................................................................................................... 2
1.4 NUMBERS .................................................................................................................. 3
1.5 IMAGES ..................................................................................................................... 4
1.6 AUDIO ....................................................................................................................... 4
1.7 VIDEO ....................................................................................................................... 4
1.8 DATA COMMUNICATION NETWORKING.............................................................................. 5
1.9 NETWORK TOPOLOGY ................................................................................................... 6
1.10 PROTOCOLS & STANDARDS ........................................................................................... 7
CHAPTER-2 .................................................................................................................... 14
INTRODUCTION TO TCP/IP ............................................................................................ 14
2. TCP/IP (DOD MODEL) .................................................................................................. 14
2.1. NETWORK ACCESS LAYER ........................................................................................... 15
2.2. INTERNET LAYER ....................................................................................................... 16
2.3. APPLICATION LAYER ................................................................................................... 21
CHAPTER-3 .................................................................................................................... 25
CLASSIFICATION OF NETWORK & NETWORK DEVICES ................................................. 25
3.1. CLASSIFICATION OF NETWORK BASED ON SIZE................................................................. 25
3.2. CABLES AND CONNECTOR USED IN ETHERNET ................................................................. 28
3.3. COLLISION IN NETWORK .............................................................................................. 33
3.4. REPEATERS .............................................................................................................. 34
3.5. HUBS ...................................................................................................................... 35
3.6. BRIDGES ................................................................................................................. 36
3.7. BROADCAST DOMAIN .................................................................................................. 36
3.8. SWITCHES ................................................................................................................ 37
3.9. ADDRESS RESOLUTION PROTOCOL (ARP) ....................................................................... 38
3.10. GATEWAY: ................................................................................................................ 44
CHAPTER-4 .................................................................................................................... 45
LOOP AVOIDANCE IN LAN .............................................................................................. 45
CHAPTER-5 .................................................................................................................... 50
IP ADDRESSING & SUBNETTING .................................................................................... 50
5.1. IP ADDRESSING ........................................................................................................ 50
5.2. CLASSLESS ADDRESSING ............................................................................................ 54
5.3. SUBNETTING............................................................................................................. 55
5.4. VARIABLE LENGTH SUBNETTING (VLSM) ....................................................................... 61
CHAPTER-6 .................................................................................................................... 66
IP ROUTING ................................................................................................................... 66
6.1. IP ROUTING .............................................................................................................. 66
6.2. METRIC ................................................................................................................... 73
CHAPTER-7 .................................................................................................................... 86
Civil Aviation Training College, India

VLAN .............................................................................................................................. 86
7.1. INTRODUCTION .......................................................................................................... 86
7.2. VLAN BASICS........................................................................................................... 86
7.3. ACCESS PORT: .......................................................................................................... 90
7.4. TRUNK PORT:............................................................................................................ 90
7.5. VLAN TAGGING: ....................................................................................................... 91
CHAPTER-8 .................................................................................................................... 95
IP MULTICAST ............................................................................................................... 95
CHAPTER-9 .................................................................................................................. 127
PROTOCOLS................................................................................................................. 127
Civil Aviation Training College, India

Chapter – 01 Data Communication
CHAPTER -01
INTRODUCTION TO DATA COMMUNICATION
1.1 Communications Model
For communication to take place it requires a source from where the message
intended to be exchanged is generated. The message so generated is sent to
the destination through a medium. The figure shown below depicts a
generalized block diagram of a communication model.
Source system Destination system
Source Transmitt Transmission Receiver Destinati

er system on
Fig: General Block Diagram

The fundamental purpose of data communications system is the exchange of
data between two parties. The word Data refers to the information presented
in whatever form that is agreed upon by the parties creating and using the
data. The figure given below is one particular example in which
communication between a workstation and a server through a public
telephone network is shown.
Public Telephone network
Computer Modem Modem Computer
Fig: Communication through public network
The key elements of the model are
⮚ Source: This device generates the data to be transmitted; examples are

telephones and Personal computers.
Civil Aviation Training College, India Page 1

⮚ Transmitter: Usually, the data generated by a source system are not

transmitted directly in the form in which they were generated. Rather, a
transmitter transforms and encoded the information in such a way as to
produce
⮚ Destination: Takes electromagnetic signals that can be transmitted

across some sort of transmission system. For example a modem takes a
digital bit stream from an attached device such as a PC and transforms
that bit stream into an analog signal that can be handled by the telephone
network.
⮚ Transmission System: This can be single transmission line or a complex

network connecting source and destination.
⮚ Receiver: The receiver accepts the signal from the transmission system
and converts it into a form that can be handled by the destination device.
For example, a modem will accept analog signal coming from a network or
transmission line and convert it into a digital bit stream the incoming data
from the receiver.
1.2 Data Representation
Information to be exchanged is done in the form of data. This data are in

different forms such as text, numbers, images, audio and video.
1.3 Text
In data communications, text is represented as a bit pattern, a sequence of

bits (0s & 1s). The number of bits in a pattern depends on the number of
symbols in the language. For example, the English language uses 26 symbols
(A,B,C,…..Z) to represent uppercase letters, 26 symbols (a,b,c,….z) to
represent lowercase letters. 10 symbols to represent numbers (0, 1, 2,…9)
and symbols (?, / +, ;,…..) to represent punctuations. Other symbols such as
the blank, the new line, and the tab are used for text alignment and
readability.

Different sets of bit patterns have been designed to represent text symbols.
Each set is a code, and the process of representing the symbols is called
coding.
⮚ ASCII: The American Nationals Standard Institute (ANSI) developed a code

called the American Standard code for information Interchange. The
code uses 7bits for each symbol. This means that 28 (127) different
symbols can be defined by this code.
⮚ Extended ASCII: To make the size of each pattern 1byte (8-bits), the
ASCII pattern is augmented with an extra 0 in the left. Now each pattern
is exactly 1 byte of memory. In other words, in extended ASCII, the first
pattern is 00000000 and the last one is 01111111.
⮚ EBCDIC: IBM’s 8-bit code Extended Binary-Coded-Decimal Interchange

Code, EBCDIC is vendor specific and is used primarily in large IBM
computers.
⮚ Unicode: Neither of the foregoing represents symbols belonging to

languages other than English. For that, a code with much greater
capacity is needed. A coalition of hardware and software manufacturers
has designed a called Unicode that uses 16-bits can represent 65536
symbols. Different sections of the code are allocated to symbols from
different languages in the world. Some parts of the code are used for
graphics and special symbols.
The International Standard Organization, known as ISO, has designed a code

using a 32-bit pattern. This code can represent 4,294,967,296 symbols,
which is definitely enough to represent any symbol in the world today.
1.4 Numbers
Numbers are also represented using bit patterns. However a code such as
ASCII is not used to represent the numbers; the number is directly converted

to binary numbers. The reason is to simplify mathematical operations on

numbers.
1.5 Images
Images today are represented by bit patterns. In its simpler form, an image is
divided into a matrix of pixels (picture elements), where each pixel is a small
dot. The size of the pixel depends on resolution. For example an image can
be divided into 1000 pixels or 10000 pixels. In the second case, there is a
better representation of image, but more memory is needed to store the bit
pattern of the image.
After the image is divided into pixels, each pixel is assigned a bit pattern. The
size and the value of the pattern depend on the image. For an image made of
only black & white dots (e.g., a chessboard), a 1-bit pattern is enough to
represent a pixel either 0 or 1. If the image consists of 4 levels of gray shades
a 2-bit pattern is required. A bit pattern 00 represents a black pixel, 01 a dark
gray shade, 10 pattern a light gray shade and 11 a white shade.
To represent color images, each color pixel is decomposed into three primary
colors; red, green and blue. A three-bit pattern each consisting of 8-bits is
used to represent the intensity of each color.
1.6 Audio
Audio is representation of sound. Audio is by nature different from text,
numbers, or images. It is continuous not discrete. This form is changed to the
other form to use it.
1.7 Video
Video can be produced either as a continuous entity (e.g., by a TV camera),

or it can be a combination of images, each a discrete entity, arranged to
convert the idea of motion.

1.8 Data Communication Networking
In its simplest form data communication takes place between two devices that
are directly connected by some form of point-to-point connected transmission
medium. A network is two or more devices connected together through links. A
link is a communications pathway that transfers data from one device to
another. It is simple to imagine any link as a line drawn between two points. For
communication to occur, two devices must be connected in some way to the
same link at the same time. There are two possible types of connections: point-
to-point and multi-point.
Computer Computer
Fig: Point-to-point connection
In point-to-point connection two devices are connected through a dedicated link.

The entire capacity of the link is reserved for transmission between these two
devices. Most point-to-point connections use an actual length of wire or cable to
connect the two ends, but other options, such as microwave or satellite links are
also possible.
A multipoint (also called multi-drop) connection is one in which more than two
specific devices share a single link. Thus the capacity of the channel is shared.

Fig: Multi-point connection
The links discussed above may be small which may be within a building or it
may be several kilometers long. If the devices are farther apart it is impractical
to directly connect through a point-to-point link. It is always not possible to run
a dedicated line between the devices. In such cases the devices are to be
connected through networks. There exists different types of networks while will
be covered in the networking module.
1.9 Network Topology
Network topology can be classified as:

Star Topology: In a star network, each node is connected to a central device
either a HUB or a SWITCH.

Tree Topology: It is also known as Extended Star Topology wherein central

Hub/ Switch is connected to several downstream hubs/ switches.
Bus Topology: It uses a single backbone cable that is terminated at both ends.
All the hosts connect directly to this backbone.
Ring Topology: A ring topology connects the nodes in a continuous loop. Data
flows around the ring in one direction.
Mesh Topology: A mesh topology has at least two network connections on every
device on the network. Each host has its own connections to all other hosts.
Hybrid Topology: It is a combination of above-mentioned topologies, connected
by a suitable networking device.
1.10 Protocols & Standards
In this section, we define two widely used terms: protocols and standards. A
protocol is synonymous with rules and Standards are agreed upon rules.
Protocols
In computer networks, communication occurs between entities in different
systems. An entity is anything capable of sending and receiving information.
Examples are user application programs, file transfer packages, e-mail facilities,
Database management systems etc., However, two entities cannot simply send
bit streams to each other and expect to be understood. For communication to
occur, the entities must agree on a protocol. A Protocol is a set of rules that
governs the data communications. A protocol defines what is communicated,

how is it communicated, and when it is communicated. The key elements of a

protocol are:
Syntax: Syntax refers to the structure or format of the data, meaning the order
in which they are represented and signal levels. For example, a simple protocol
might expect the first 8 bits of data to be the address of the sender, the seconds
8bits to be the address of the receiver, and the rest of the stream to be the
message itself.
Semantics: Semantics refers to the meaning of each section of bits. How is a
particular pattern to be interpreted, and what action is to be taken based on that
interpretation?
Timing: Timing refers to the synchronization and coordination between devices
while transferring the data. Timing ensures at what time data should be sent
and how fast data can be sent. For example, If a sender sends 100 Mbps but the
receiver can only handle 1 Mbps, the receiver will overflow and lose data. Timing
ensures preventing data loss, collisions and other timing related issues.
Sequence control: Sequence control ensures the proper ordering of data
packets. The main responsibility of sequence control is to acknowledge the data
while it gets received, and the retransmission of lost data. Through this
mechanism the data is delivered in correct order.
Flow Control: Flow control regulates device data delivery. It limits the sender’s
data or asks the receiver if it’s ready for more. Flow control prevents data
congestion and loss.
Error Control: Error control mechanisms detect and fix data transmission
faults. They include error detection codes, data resend, and error recovery. Error
control detects and corrects noise, interference, and other problems to maintain
data integrity.
Security: Network security safeguards data confidentiality, integrity, and
authenticity. Which includes encryption, authentication, access control, and
other security procedures. Network communication’s privacy and
trustworthiness are protected by security standards.

Standards
Network standards are agreed-upon specifications that ensure compatibility and
interoperability among different devices, vendors, and applications on a network.
They define the physical, electrical, and functional characteristics of network
components, such as cables, connectors, signals, frequencies, and protocols. For
example, Ethernet is a network standard that defines how data is transmitted
over a wired network using frames, MAC addresses, and switches.
How do network protocols and standards relate?
Network protocols and standards are closely related, but not the same. Network
protocols are the logical rules that govern how data is communicated, while
network standards are the physical and technical specifications that enable the
implementation of network protocols. Network protocols and standards often
work together in layers, forming a network architecture or model that describes
the functions and interactions of each layer. For example, the OSI model is a
network architecture that consists of seven layers, each with its own protocols
and standards.
Why are network protocols and standards important?

Network protocols and standards are important because they enable different
devices and systems to communicate with each other on a network, regardless
of their hardware, software, or location. They also ensure consistency, efficiency,
and quality of service for network users and applications. Without network
protocols and standards, there would be no common language or framework for
data transmission, and network communication would be chaotic, unreliable,
and insecure.
2 PROTOCOL LAYERING
In data communication and networking, a protocol defines the rules that both
the sender and receiver and all intermediate devices need to follow to be able to

communicate effectively. When communication is simple (e.g. – Face to Face) we

may need only one simple protocol;
Fig 1.1
When the communication is complex, we may need to divide the task between
different layers, in which case we need a protocol at each layer, or protocol
layering.
Fig 1.2
Let us assume that A sends the first letter to B. The third layer machine listens
to what A says and creates the plaintext (a letter in English), which is passed to
the second layer machine. The second layer machine takes the plaintext,
encrypts it, and creates the ciphertext, which is passed to the first layer machine.
The first layer machine takes the ciphertext, puts it in an envelope, adds the
sender and receiver addresses, and mails it.
At B’s side, the first layer machine picks up the letter from B’s mail box,
recognizing the letter from A by the sender address. The machine takes out the
ciphertext from the envelope and delivers it to the second layer machine. The
second layer machine decrypts the message, creates the plaintext, and passes

the plaintext to the third-layer machine. The third layer machine takes the
plaintext and reads it.
Protocol layering enables us to divide a complex task into several smaller
and simpler tasks. We could have used only one machine to do the job of all
three machines. However, if A and B decide that the encryption/decryption done
by the machine is not enough to protect their secrecy, they would have to change
the whole machine. In the present situation, they need to change only the second
layer machine; the other two can remain the same. This is referred to as
modularity. Modularity in this case means independent layers. A layer (module)
can be defined as a black box with inputs and outputs, without concern about
how inputs are changed to outputs. If two machines provide the same outputs
when given the same inputs, they can replace each other. For example, A and B
can buy the second layer machine from two different manufacturers. As long as
the two machines create the same ciphertext from the same plaintext and vice
versa, they do the job.
One of the advantages of protocol layering is that it allows us to separate
the services from the implementation. A layer needs to be able to receive a set of
services from the lower layer and to give the services to the upper layer; we don’t
care about how the layer is implemented.
Another advantage of protocol layering, which cannot be seen in our
simple examples but reveals itself when we discuss protocol layering in the
Internet, is that communication does not always use only two end systems; there
are intermediate systems that need only some layers, but not all layers. If we did
not use protocol layering, we would have to make each intermediate system as
complex as the end systems, which makes the whole system more expensive.
Logical Connections
In protocol layering, there is a logical connection between each layer. This means
that we have layer-to-layer communication.

Fig 1.3
Reference Model in Computer Networking

In the early days of computer networking, suppliers developed proprietary
model networking to support their products. The biggest problem with these
models was that only the devices produced by the same vendor allowed
communication. For example, only the computer or networking device IBM
produced could communicate with.
For both manufacturers and consumers, this situation was neither good
nor profitable. It forced producers to produce all the essential network devices
and consumers to purchase all devices from the same manufacturer.
To overcome this barrier, leading hardware producers agree that a vendor-
neutral network model should be utilized or supported in conjunction with their
proprietary networking model. Two significant efforts were made to create a
supplier-neutral networking model.
The OSI (Open Systems Interconnection) model was established by ISO
(The International Organization for Standardization), and the U.S. Defense Dept.
(DoD) developed the TCP / IP model.

Seven Layers of the OSI Model
1. Application Layer: Provides Network Services to various

Applications Processes & Provides User Authentication.
2. Presentation Layer: It formats and structures data in a way that it
is readable at the receiving end. It provides Encryption & negotiates
for data transfer syntax for application layer.
3. Session Layer: It establishes, manages & terminates sessions
between applications.
4. Transport layer: It ensures data transport reliability via fault
detection & recovery information flow control. It establishes,
maintains and terminates virtual circuits.
5. Network Layer: It routes data packets by selecting the best path to
deliver data. Provides logical addressing & path selection.
6. Data Link Layer: Defines format in which data is to be transmitted
and how access to the network is controlled. It also provides error
detection.
7. Physical layer: It defines specifications for activating, maintaining
and deactivating physical links.

CHAPTER – 02 INTRODUCTION TO TCP/IP
CHAPTER-2
INTRODUCTION TO TCP/IP
The Transmission Control Protocol/Internet Protocol (TCP/IP) suite was
created by the Department of Defense (DoD) to ensure and preserve data
integrity, as well as maintain communications in the event of catastrophic war.
It is a hierarchical protocol made up of interactive modules, each of which
provides a specific functionality. The term hierarchical means that each upper-
level protocol is supported by the services provided by one or more lower-level
protocols.
2. TCP/IP (DoD Model)
The DoD model is basically a condensed version of the OSI model—it’s

composed of four, instead of seven, layers:
1) Process/Application layer
2) Host-to-Host layer
3) Internet layer
4) Network Access layer
Figure 6.1 shows a comparison of the DoD model and the OSI reference model.
As you can see, the two are similar in concept, but each has a different number
of layers with different names.
Fig 2 .1 The DoD and OSI models

The original TCP/IP protocol suite was defined as four software

layers built upon the hardware. Today, however, TCP/IP is thought of as a
five-layer model.
Logical connections between layers of the TCP/IP protocol suite
Fig 2.2
2.1. Network Access Layer
Physical Layer
Physical layer is the lowest level in the TCP/IP protocol suite. It is
responsible for transmitting raw data bits over a physical medium, such as
copper wires, fiber optic cables, or wireless communication channels. The
Physical Layer deals with the physical characteristics of the transmission
medium and the physical signaling mechanisms used to transmit data. It defines
how binary 0s and 1s are converted into signals that can be transmitted over the
chosen medium. This process involves encoding the data into electrical, optical,
or radio signals, depending on the transmission medium. It determines the rate
at which data is transmitted over the network and the bandwidth available for
the transmission. Techniques such as parity checking or cyclic redundancy
check (CRC) for error detection and correction.
Data-link Layer
Delivery of the packets between two systems on the same network is the
responsibility of the Data Link layer. Its major role is to ensure error-free
transmission of information. The data link layer receives data from the Network
Layer above it. It breaks this data into smaller, manageable units called frames
and attach source and destination device addresses (MAC addresses) as header.

The physical address / Layer 2 Hardware address / MAC address, is the

unique address of a node. Ethernet uses a 6-byte (48-bit) physical address.
Physical address written as 12 hexadecimal digits; every byte (2 hexadecimal
digits) is separated by a colon, as shown below:
07:01:02: 01:2C:4B
Some of the protocols available in Network Access Layer are:
● Ethernet (IEEE 802.3): Ethernet is one of the most widely used protocols
in local area networks (LANs). It defines the framing and addressing used
to transmit data packets between devices connected to the same network
segment.
● Wi-Fi (IEEE 802.11): Wi-Fi is a set of wireless communication standards
commonly used for wireless local area networking (WLAN).
● Point-to-Point Protocol (PPP): PPP is a data link protocol used to establish
a direct connection between two nodes, typically over serial interfaces. It
is commonly used for dial-up connections, DSL and Leased Lines.
2.2. Internet Layer
The internet layer, also known as the network layer or IP layer, is

responsible for efficiently routing packets of data from a source device to a
destination device, even if they're on entirely different networks.
The Internet Layer uses logical addresses, known as IP addresses, to
uniquely identify devices on a network. IP addresses are assigned to devices and
are used to route packets across interconnected networks.
The Internet Layer may fragment packets into smaller units if they are too
large to be transmitted across a network segment with a smaller Maximum
Transmission Unit (MTU). At the destination, the fragments are reassembled into
the original packet.
Some of the key protocols associated with the internet layer:
⮚ Internet Protocol (IP): The workhorse of the internet layer, IP is

responsible for addressing and routing packets. There are primarily two
versions of the Internet Protocol (IP) currently in use: IPv4 and IPv6.The

IPv4 (Internet Protocol version 4) is the fourth revision of the Internet

Protocol (IP) and the first version of the protocol to be widely deployed. It
defines the addressing system that allows devices to communicate over the
Internet or other IP-based networks.
Here are some key features of IPv4:
IPv4 addresses are 32-bit numerical values expressed in decimal format,
typically represented as four octets separated by periods (e.g.,
192.168.1.1). This addressing scheme provides a unique identifier for each
device on a network.
IPv4 packets consist of a header followed by a data payload. The header
contains various fields, including source and destination IP addresses,
packet length, Time-to-Live (TTL), protocol number (indicating the higher-
layer protocol), and checksum for error detection.
IPv4 uses a hierarchical addressing scheme to facilitate routing.
IPv4 supports packet fragmentation, allowing large packets to be divided
into smaller fragments to traverse networks with different Maximum
Transmission Unit (MTU) sizes.
The figure below is the simple representation of an IP packet
(There are many different fields available in the IP header)
⮚ Address Resolution Protocol (ARP): ARP resolves IP addresses into Media

Access Control (MAC) addresses, which are the hardware addresses used
by devices on a network segment to communicate.
⮚ Internet Control Message Protocol (ICMP): ICMP is used for error

reporting and diagnostics, helping identify issues with data transmission.
⮚ Internet Group Management Protocol (IGMP): Used for managing

multicast communication, where a single data stream is sent to a group of
devices simultaneously.

⮚ Protocol Independent Multicast (PIM): Another multicast routing

protocol that works alongside IGMP for more complex network
configurations.
⮚ Internet Protocol Security (IPsec): IPsec provides security services,

including authentication and encryption, at the Internet Layer.
❖ Transport Layer: The Transport Layer, is the layer above the Network Layer,
is responsible for providing end-to-end communication services for
applications. It ensures that data is transmitted reliably, efficiently, and
accurately between devices on a network. The logical connection at the
transport layer is also end-to-end. The Transport Layer breaks down data
from the Application Layer into smaller units called segments or datagrams
before transmission. It also reassembles these segments at the receiving end.
Port addressing is a fundamental concept in the Transport Layer, specifically

for protocols like TCP (Transmission Control Protocol) and UDP (User
Datagram Protocol). Ports are used to differentiate between multiple services
or applications running on the same device. It enables multiple applications
to share a network connection efficiently. A port number is a 16-bit unsigned
integer that ranges from 0 to 65535. Combination of IP address and port
number is called a socket. It is used for communication between multiple
processes of different systems in the network. Socket helps to recognize the
address of the application to which data is to be sent using the IP address
and port number.
192.168.1.100:80 is an example of a socket
❖ Transmission Control Protocol (TCP): The Transmission Control Protocol

(TCP) is one of the core protocols of transport Layer. TCP is designed to ensure
that data transmitted between hosts arrives reliably, in order, and without
errors.

TCP is a connection-oriented protocol that first establishes a logical

connection between transport layers at two hosts before transferring data. It
creates a logical pipe between two TCPs for transferring a stream of bytes.
TCP provides reliable, connection-oriented communication between two
hosts on an IP network. It takes large blocks of information from an application
and breaks them into segments, then assigns a sequence number to each
segment and transmits. It numbers and sequences each segment so that the
destination’s TCP stack can put the segments back into the order the application
intended. After these segments are sent, TCP (on the transmitting host) waits for
an acknowledgment of the receiving end’s TCP virtual circuit session. It
retransmits segments that aren’t acknowledged by the destination host.
Some key aspects of TCP:
● before data transfer can occur, a TCP connection must be established
between the client and the server. This process involves a three-way handshake,
where the client sends a SYN (synchronize) packet to the server, the server
responds with a SYN-ACK (synchronize-acknowledge) packet, and finally, the
client sends an ACK (acknowledge) packet to confirm the connection.
● TCP ensures reliable delivery of data by using sequence numbers,

acknowledgments, and retransmissions. Each TCP segment includes a sequence
number, allowing the receiver to reorder packets and detect missing or
duplicated packets. The receiver sends acknowledgments (ACKs) for received
data, and the sender retransmits segments if ACKs are not received within a
certain timeout period.

● TCP implements flow control mechanisms to prevent the sender from

overwhelming the receiver with data. The receiver advertises a receive window
size, indicating the amount of data it is willing to receive. The sender adjusts its
transmission rate based on the receiver's window size to avoid congestion.
● TCP's congestion control mechanisms prevent network congestion by
dynamically adjusting the transmission rate based on network conditions.
● TCP supports full duplex communication, allowing data to be transmitted
in both directions simultaneously. Each TCP connection consists of two streams,
one for sending data from the client to the server (outgoing), and one for sending
data from the server to the client (incoming).
❖ User Datagram Protocol (UDP): UDP is a connectionless protocol that

transmits user datagrams without first creating a logical connection. In UDP,
each user datagram is an independent entity without being related to the
previous or the next one (the meaning of the term connectionless). UDP is a
simple protocol that does not provide flow, error, or congestion control. Its
simplicity, which means small overhead, is attractive to an application
program that needs to send short messages and cannot afford the
retransmission of the packets involved in TCP, when a packet is corrupted or
lost.
UDP is used for communication throughout the internet. It is specifically
chosen for time-sensitive applications like gaming, playing videos, or Domain
Name System (DNS) lookups. UDP results in speedier communication because it
does not spend time forming a firm connection with the destination before
transferring the data.
TCP UDP
Sequenced Un-sequenced
Reliable Unreliable
Connection-oriented Connectionless
Virtual circuit Low overhead
Acknowledgments No acknowledgment
Windowing flow control No windowing or flow control

The figure below shows the simple representation of a TCP or UDP segment.
(There are many different fields available in the TCP and UDP header)
Dynamic Host Configuration Protocol (DHCP): DHCP is a protocol used to

dynamically assign IP addresses and network configuration parameters to
devices on a TCP/IP network. It automates the process of IP address allocation
and configuration.
2.3. Application Layer
The application layer is the highest abstraction layer of the TCP/IP model
that encompasses various protocols and services that serves as the bridge
between user applications and the network. It facilitates the user to use the
services of the network, develop network-based applications, transfer of files to
other systems etc. The application layer shields application programs from the
complexities of the lower layers in the TCP/IP model.
Examples of Layer Protocols:
⮚ Hypertext Transfer Protocol (HTTP): HTTP is the foundation of data

communication for the World Wide Web.
⮚ Simple Mail Transfer Protocol (SMTP): SMTP is a protocol used for

sending email messages between servers.
⮚ Post Office Protocol version 3 (POP3) and Internet Message Access

Protocol (IMAP): POP3 and IMAP are protocols used by email clients to
retrieve email messages from mail servers.
⮚ Domain Name System (DNS): DNS is a distributed naming system used

to translate domain names (e.g., www.aai.aero) into IP addresses.
⮚ File Transfer Protocol (FTP): FTP is a protocol used for transferring files
between hosts over a TCP/IP network. It allows users to upload and
download files to and from remote servers.

⮚ Telnet: Telnet is a protocol used for remote terminal access. It enables

users to log in to remote computers and access resources as if they were
physically connected to the remote machine.
⮚ Simple Network Management Protocol (SNMP): SNMP is a protocol used

for network management and monitoring. It allows network administrators
to monitor network devices, collect information, and manage network
performance.
⮚ Dynamic Host Configuration Protocol (DHCP): DHCP is a protocol used

to dynamically assign IP addresses and network configuration parameters
to devices on a TCP/IP network. It automates the process of IP address
allocation and configuration.
Communication through an internet

We assume that we want to use the suite in a small internet made up of
three LANs (links), each with a link-layer switch. We also assume that the links
are connected by one router, as shown in the following Figure

Let us assume that the Source computer communicates with the

Destination computer. Each device is involved with a set of layers depending on
the role of the device in the internet. The two hosts are involved in all five layers;
the source host needs to create a message in the application layer and send it
down the layers so that it is physically sent to the destination host. The
destination host needs to receive the communication at the physical layer and
then deliver it through the other layers to the application layer.
The router is involved in only three layers. Router is always involved in one
network layer, but different link-layer and physical-layer pairs according to the
number of links. Each link may use its own data-link or physical protocols.
A switch in a link is involved only in two layers - data-link and physical.
Although each switch in the above figure has two different connections, the
connections are in the same link, which uses only one set of protocols. This
means that, unlike a router, a link-layer switch is involved only in one data-link
and one physical layer.

In the top three layers, the data unit (packets) should not be changed by
any router or link-layer switch. In the data link layer, the packet created by the
host is changed only by the routers, not by the link-layer switches.
Identical objects in the TCP/IP protocol suite

CHAPTER – 04 LOOP AVOIDANCE IN LAN
CHAPTER-3
CLASSIFICATION OF NETWORK & NETWORK DEVICES
3.1. Classification of Network based on size
Depending upon the size of the network, it can be classified as:

Local Area Network (LAN): LAN is in a limited geographical area such as home,
school, computer laboratory, office building, or closely positioned group of
buildings.
There are two primary LAN types: wired LANs and wireless LANs (WLANs).
Wired LAN:
Ethernet standard known as IEEE Standard 802.3, developed by the Electrical

and Electronic Engineers Institute, is the most popular physical layer LAN
technology in use today. Ethernet is indeed a widely used protocol at the Network
Access Layer of the TCP/IP model.

The Ethernet frame format is the structure used for data transmission over
Ethernet networks. It consists of several fields, each serving a specific purpose
in the communication process.
Here's a breakdown of the Ethernet frame format:
Preamble: The preamble is a sequence of alternating 1s and 0s (101010...) used
to signal the start of the Ethernet frame. It helps the receiving device synchronize
its clock with the incoming data stream.
Start Frame Delimiter (SFD): The SFD is a unique bit pattern (10101011)
immediately following the preamble. It indicates the end of the preamble and the
start of the Ethernet frame's header.
Destination MAC Address: This field specifies the MAC (Media Access Control)
address of the intended recipient of the Ethernet frame. It is 6 bytes (48 bits) in
length and identifies the network interface card (NIC) or device that should
receive the frame.
Source MAC Address: This field specifies the MAC address of the sender of the
Ethernet frame. Like the destination MAC address, it is also 6 bytes (48 bits) in
length and identifies the NIC or device that originated the frame.
EtherType or Length: The EtherType field indicates the type of payload carried
in the Ethernet frame. It can either specify the length of the payload (in bytes) or
indicate the protocol type being used (e.g., IPv4, IPv6, ARP, etc.).
Payload: The payload contains the actual data being transmitted in the Ethernet
frame. It can vary in size depending on the EtherType or length field.
Frame Check Sequence (FCS): The FCS is a 4-byte (32-bit) field used for error
detection. It contains a checksum or CRC (Cyclic Redundancy Check) value
calculated over the entire Ethernet frame, including the header and payload. The
receiving device uses the FCS to check for transmission errors and verify the
integrity of the received data.
The figure below shows a simple representation of an Ethernet frame with IP and
TCP/UDP.

The Ethernet standard also defines the number of conductors that are required
for a connection, the performance thresholds that can be expected, and provides
the framework for data transmission. A standard Ethernet network can transmit
data at a rate up to 10 Megabits per second (10 Mbps).
The Fast Ethernet standard (IEEE 802.3u) has been established for
Ethernet networks that need higher transmission speeds. This standard raises
the Ethernet speed limit from 10 Mbps to 100 Mbps. Types of Fast Ethernet:
● 100BASE-TX for use with Cat 5 UTP cable
● 100BASE-FX for use with fiber-optic cable
The Gigabit Ethernet standard (IEEE 802.3ab) raises the Ethernet speed
limit to 1 Gbps.
● 1000BASE-T for use with Cat 5 UTP cable
● 1000BASE-X is the collective term used to describe various options of 1
Gbps transmission over fiber-optic cable such as 1000BASE-SX,
1000BASE-LX and 1000BASE-LX10 etc.
10 Gigabit Ethernet standard (IEEE 802.3ae) raises the Ethernet speed

limit to 10 Gbps.
● 10GBASE-T specifies 10GigE connectivity using UTP copper cables
● 10GBASE-SR, 10GBASE-LR, 10GBASE-LR etc. are for use with fiber-optic
cable

3.2. Cables and connector used in Ethernet
Ethernet cables are the primary means of wired network connectivity. They
come in various types, but the most common is the UTP (Unshielded Twisted
Pair) cable. UTP cables consist of four pairs of insulated copper wires twisted
together. The twisting helps to cancel out electrical interference (crosstalk) that
can corrupt data signals. UTP cables come in different categories, each with
different maximum speeds and cable lengths.
CAT5e cables can support data transmission speeds of up to 1 gigabit per second
(Gbps) and can reliably transmit data over distances of up to 100 meters (or
approximately 328 feet).
CAT6 cables can support data transmission speeds of up to 1 gigabit per second
(Gbps) over distances of up to 100 meters and 10 Gbps over shorter distances,
typically up to 55 meters.
RJ45 connectors are commonly used in Cat5 and Cat6 cables. These
connectors are standardized connectors used primarily for Ethernet networking.
T-568B T-568A
Pin Colour Pin Name Colour Pin Name
1 Orange White Tx+ Green White Rx+
2 Orange Tx- Green Rx-
3 Green White Rx+ Orange White Tx+
4 Blue Not Used Blue Not Used
5 Blue White Not Used Blue White Not Used
6 Green Rx- Orange Tx
7 Brown White Not Used Brown White Not Used
8 Brown Not Used Brown Not Used

A straight-through cable is a type of Ethernet cable that is used to connect

devices of different types on a local area network (LAN). The wires inside the cable
are wired in the same order on both ends. To create a straight-through cable,
you'll have to use either T-568A or T-568B on both ends of the cable. To create
a cross-over cable, you'll wire T-568A on one end and T-568B on the other end
of the cable.

Cross-over cables were traditionally used in Ethernet networking to

connect two similar devices directly. Most modern networking devices (switches,
routers) have a feature called Auto-MDIX (Automatic Medium Dependent
Interface Crossover). This means they automatically detect the cable type
(straight-through or crossover) and adjust the signal flow accordingly.
Ethernet can be transmitted over Fiber Optic Cables (OFC) also especially
in scenarios where high-speed and long-distance data transmission is required.
These cables use light signals to transmit data over long distances with minimal
signal loss and electromagnetic interference compared to traditional copper
cables.
Optical fiber cables (OFC) come in various types, but broadly they are
categorized into two main types based on the type of glass used in the core:
● Single-mode OFC have a small core diameter and are designed to carry
light directly down the fiber with little dispersion. They are optimized for
longer distances and higher bandwidths. Single-mode fiber is commonly
used in long-haul telecommunications networks, metropolitan area
networks (MANs), and other applications where high data rates and long
distances are required.
● Multimode OFC have a larger core diameter compared to single-mode
fiber. This allows multiple modes of light to propagate through the fiber.
Multimode fibers are typically used for shorter-distance applications such
as LANs, data centers, and campus networks.
LC Connectors have a smaller form factor compared to SC connectors, making

them ideal for high-density applications where space is limited. It uses a latch
mechanism similar to RJ45 connectors.

SC Connectors are larger in size compared to LC connectors. They are

rectangular in shape and are commonly used in applications where high packing
density isn't as critical. It uses a push-pull mechanism.
LC and SC connectors are available in both single-mode and multimode variants.

Wireless LAN:

A wireless local-area network (WLAN) is a group of colocated computers or other

devices that form a network based on radio transmissions rather than wired
connections. IEEE 802.11 family of standards defines various wireless LANs.
Metropolitan Area Network (MAN): A metropolitan area network is a large

computer network that usually spans a city or a large campus

Wide area network (WAN):
A Wide Area Network (WAN) is a type of computer network that spans a large
geographical area, connecting multiple Local Area Networks (LANs) and other
types of networks over long distances. WANs facilitate communication and data
exchange between geographically dispersed locations, such as different cities,
countries, or even continents. WANs utilize various transmission mediums for
data transfer. This includes fiber optic cables, leased lines, satellite links,
microwave links etc.
3.3. Collision in network
A networking collision occurs when two or more data packets from

different systems try to occupy the same network channel at the same time. This
leads to them interfering with one another. Collisions happen in a shared
medium network. Frequent collisions can slow down network performance as
devices often have to stop, wait, and try resending packets. Collisions can lead
to lost or damaged packets, requiring retransmission and using extra network
resources. In extreme cases, a high collision rate could make a network unstable
or unusable, leading to significant business impact.

A collision domain is a network segment connected by a shared medium

where collision of packets can happen. Repeaters and hubs operate at the
physical layer of the OSI model and are considered to be in a single collision
domain. This means that when a device connected to a repeater or hub transmits
data, all other devices connected to that same repeater or hub will receive that
data. If two devices connected to the same repeater or hub attempt to transmit
data at the same time, a collision occurs. Repeaters and hubs do not segment
the network and do not prevent collisions, unlike switches.
3.4. Repeaters
The repeater passes the digital signal bit-by-bit in both directions between
the two segments. As the signal passes through a repeater, it is amplified and
regenerated at the other end. The repeater does not isolate one segment from the
other, if there is a collision on one segment, it is regenerated on the other
segment. Hence it has one collision domain. Repeaters work at the physical
layer. The main aim of using a repeater is to increase the networking distance
by increasing the strength and quality of signals.

3.5. Hubs
Hubs are networking devices operating at a physical layer of the OSI model
that are used to connect multiple devices in a network. They are generally used
to connect computers in a LAN. A hub is a multiport repeater. A computer which
intends to be connected to the network is plugged into one of these ports. When
a data frame arrives at a port, it is broadcast to every other port, without
considering whether it is destined for a particular destination device or not. A
hub operates in the physical layer.
All devices connected to a network hub equally share all available

bandwidth. When two devices connected to a network hub transmit data
simultaneously, the packets collide, which causes network performance
problems. The collision domain of all hosts connected through hubs remains
one.

3.6. Bridges
These are network devices that connect two or more LAN segments. They
work by examining the destination MAC address of a packet and forwarding it
only to the segment where the destination device resides. This reduces collisions
on the network by limiting the traffic flow, but it does not segment the broadcast
domain.
3.7. Broadcast domain
A broadcast domain is a logical group of devices on a network where all members

can directly receive broadcast messages sent by any other member. Broadcast
messages are special data packets addressed to all devices on the network,
identified by a specific destination MAC address (usually FF:FF:FF:FF:FF:FF).
Any device within the broadcast domain will receive and process these messages.
Hubs and repeaters simply broadcast all received data to all connected devices.
Therefore, all devices connected to a hub or repeater are in the same broadcast

domain. Switches improve network efficiency by forwarding traffic only to the

intended recipient; they typically do not segment broadcast domains. This
means all devices connected to a switch, even across different ports, can still
receive broadcast messages. Routers segment broadcast domains. Routers do
not forward broadcast traffic by default, effectively creating separate broadcast
domains for each network they connect.
3.8. Switches
A switch is a networking device that operates at the data link layer. Its
primary function is to connect multiple devices within a local area network (LAN)
and facilitate communication between them. Unlike hubs or repeaters, switches
are intelligent devices that can inspect data packets and make forwarding
decisions based on the destination MAC (Media Access Control) address.
Here are some key features and functions of switches:

MAC Address Learning: Switches maintain a MAC address table, also known as
a Forwarding Table or Content Addressable Memory (CAM) table. When a data
packet arrives at a switch, it examines the source MAC address of the packet
and updates its MAC address table with the port through which the packet was
received.

Forwarding: When a switch receives a data packet destined for a specific MAC
address, it looks up the MAC address in its table to determine the appropriate
outgoing port. The switch then forwards the packet only to that port, rather than
flooding it out to all ports as hubs do.
Broadcast Handling: Switches handle broadcast traffic differently. Broadcast
traffic is typically forwarded out to all ports except the one it was received on.
Segmentation: Switches can segment a network into multiple collision domains.
Each port on a switch is its own collision domain.
Symbol of switch
3.9. Address Resolution Protocol (ARP)
Address Resolution Protocol (ARP) is a protocol that resolves IP addresses

to MAC addresses in a local area network (LAN). Every device on a network has
both an IP address and a MAC address. The IP address is used for logical

addressing at the network layer, while the MAC address is used for physical
addressing at the data link layer (Layer 2).
When a device needs to communicate with another device on the same
network, it checks its ARP cache to see if it already knows the MAC address
corresponding to the IP address it wants to reach. If the MAC address is not
found in the ARP cache, the device broadcasts an ARP request. The destination
MAC address in an ARP request is the layer 2 broadcast MAC address
(FF:FF:FF:FF:FF:FF). All devices on the same network receive the broadcast.
However, only the device with the corresponding IP address specified in the ARP
request will respond with its MAC address. Once the reply is received, the
mapping is added to the ARP cache for future reference, speeding up subsequent
communication. The ARP cache entries are typically aged out after a certain
period of time to accommodate changes in the network topology.
How does data packets move from one system to another system in a LAN
System A wants to send data to system B.

(IP address of System B is known to System A)
● System A checks its ARP cache for the MAC address of System B.
● If MAC address is not available, System A sends an ARP broadcast.
● Switch receives the ARP broadcast packet and sends to all the interfaces
except the interface which it receives the packet.
● Switch update its MAC Table with the MAC address of system A

● All the systems connected to the switch receive the broadcast and only
system B will respond to the ARP request.
● System B sends ARP reply to System A using the MAC address of System
A as destination address.
● Once the switch receives the ARP reply packet from system B, updates its
MAC table with the MAC address of system B.
● Since the MAC address of System A is known to switch, the reply will be
sent only to the port where System A is connected.
● System A receives the ARP reply from B and updates its ARP cache.
● Actual data will be encapsulated in an ethernet frame using the MAC
address of the System B as destination address and sent to the switch.
● Switch checks the MAC table to find out the port where System B is
connected and switch the packet to the corresponding port.
Layer 2 Un Managed Switch

Unmanaged switches provide basic switching functionality and are
suitable for small networks. These switches are plug-and-play devices that
require no configuration, Cost-effective and consume less power. Since
unmanaged switches lack remote management capabilities, you cannot monitor
them remotely.
Layer 2 Managed Switch
Unlike unmanaged switches, which operate in a plug-and-play fashion,
Layer 2 managed switches offer a greater degree of control and configuration
options. Administrators can access and configure these switches through Web
Interface (GUI) using the IP address of the switch and Command Line Interface
(CLI) using Console Port of the switch. Layer 2 managed switches that can be
configured with security features such as access control lists (ACLs), based on
MAC, which can be used to restrict traffic flow on the network. They can also be
used to implement port security, which can limit the number of devices that can
be connected to a particular port. With a managed switch, administrators can
configure features such as VLANs (Virtual Local Area Networks), spanning tree
protocols, Quality of Service (QoS), port mirroring, link aggregation, and more.

Layer 3 Switch
A Layer 3 switch, also known as a multilayer switch, is a networking device
that combines the functionalities of a Layer 2 managed switch and a router. Like
a Layer 2 switch, a Layer 3 switch learns the MAC addresses of devices connected
to its ports and forwards frames (data packets at Layer 2) based on that
information. A Layer 3 switch can also inspect incoming packets and route them
based on their IP addresses. It maintains a routing table that contains
information about how to reach different networks. This routing table can be
statically configured or learned dynamically using routing protocols. Layer 3
switches can route traffic between different VLANs without the need for an
external router.
Symbol of Layer 3 Switch

Router
Routers are networking devices operating at layer 3 or a network layer. It
connects different networks together and sends data packets from one network
to another. They are responsible for receiving, analyzing, and forwarding data
packets among the connected computer networks.
Symbol of Router

Packet Forwarding: Routers forward data packets between computer networks.

They analyze the destination IP addresses of packets and determine the best
path for them to reach their destination.
Routing: Routers use routing tables to determine the optimal path for data
packets to reach their destination. These tables contain information about
network topology, such as available paths, traffic conditions, and the best routes
to different destinations.
Network Address Translation (NAT): NAT is a technique used by routers to
modify network address information in packet headers while in transit. This
allows multiple devices on a local network to share a single public IP address,
facilitating communication with devices on other networks.
Firewall: Many routers include firewall capabilities to filter incoming and
outgoing traffic based on predefined rules. Firewalls help protect networks from
unauthorized access and malicious activity.
DHCP Server: Routers can act as Dynamic Host Configuration Protocol (DHCP)
servers, automatically assigning IP addresses and other network configuration
parameters to devices on a local network.
VPN Support: Some routers support Virtual Private Network (VPN) connections,
allowing remote users to securely access the local network from outside locations
over the internet.
Quality of Service (QoS) Management: Routers can prioritize certain types of
network traffic over others, ensuring that critical data such as voice or video

streams receive sufficient bandwidth and are not disrupted by lower-priority

traffic.
Logging and Monitoring: Routers often include logging and monitoring
capabilities, allowing network administrators to track network activity, diagnose
problems, and identify potential security threats.
Packet Forwarding: Routers use logical network addresses (IP addresses) to
determine the best path for forwarding data packets across different networks.
This involves analyzing the destination IP address in the packet and consulting
a routing table to find the most efficient route.
Interconnection of Networks: Routers are used to connect different networks
together.
Routing tables: Routers maintain routing tables that contain information about
connected networks, their IP addresses, and the preferred route to reach them.
These tables are used to make informed decisions about forwarding data
packets.
Security: Routers can be configured to filter incoming and outgoing traffic based
on security rules, protecting the network from unauthorized access and
malicious attacks.
Difference between layer 3 switch and router
Layer 3 Switch Router
● Generally support a subset of ● Can handle a variety of routing

routing protocols compared to protocols.
routers. ● Can route traffic between
● Optimized for high-speed packet networks of different types, such
forwarding within LANs. as LANs and WANs.
● Specialized hardware and software ● Support complex routing policies
to handle routing functions. and routing protocols to adapt to
● Can handle large numbers of changing network conditions.

VLANs and perform fast inter- ● Highly scalable

VLAN routing. ● More expensive than Layer 3
● Generally less expensive than switches.
traditional routers ● Used as backbone of large-scale
● commonly used in enterprise LANs networks
to route traffic between VLANs
Summary: Layer 3 switches focus on high-speed LAN switching with basic

routing capabilities. Routers are more versatile in their support for a wide
range of routing protocols, making them suitable for connecting diverse
networks across LANs and WANs.
3.10. Gateway:
A gateway in networking serves as an entry or exit point between two different
networks, facilitating communication between them. Its functions vary
depending on its specific role and the type of networks it connects.
Some common functions of a gateway:
● Packet Routing between networks based on their destination IP addresses.

● Network Address Translation (NAT) between private IP addresses used
within a local network and public IP addresses used on the internet.
● Can enforce security policies by filtering and controlling the flow of traffic
between networks. It is done by inspecting packets and applying rules to
allow or deny specific types of traffic based on criteria such as
source/destination IP addresses, ports, or protocols.
● Perform protocol conversion, translating between different network
protocols to enable communication between networks using incompatible
protocols. For example, a gateway can translate data between IPv4 and
IPv6. Similarly, gateways can translate between other network protocols
such as TCP/IP, IPX/SPX, AppleTalk, and more.

CHAPTER-4
LOOP AVOIDANCE IN LAN
Loop Avoidance in LAN

If a switch receives unknown unicast, multicast and broadcast it will forward
that frame from all of its ports except the port on which the frame arrived. If the
switching loop exists, the forwarded frame will be switched in the network
endlessly. When a frame loops around the network indefinitely, it is known as
the broadcast storm. A broadcast storm can saturate all bandwidth of the
network. It also significantly decreases the performance of the end devices by
forcing them to process duplicate copies of the same frame.
A looping frame also makes the CAM table (MAC Table) unstable. When a
switch receives a frame, it checks the source address field of the frame and
associates the interface or port on which the frame arrived with the MAC address
that it finds in the source address field of the frame. If a loop exists in the
network, a switch can receive the looped frame from multiple interfaces. Each
time the switch receives the looped frame from the different interface, it assumes
that the device has been moved and updates the CAM table entry.
Usually switches are connected to each other with a single cable. So there
is a single point of failure. To get rid of this single point of failure we will add
another cable. With the extra cable we now have redundancy. Unfortunately
redundancy also brings loops.
● A sends an ARP request to get the MAC address of B. An ARP request is a
layer 2 broadcast frame (layer 2 broadcast MAC: FF:FF:FF:FF:FF:FF).

● SW1 will forward this broadcast frame on all its interfaces, except the
interface where it received the frame on.
● SW2 will receive both broadcast frames.
● SW2 will forward it out of every interface except the interface where it
received the frame on.
● The frame that was received on interface Fa0/0 of SW2 will be forwarded
on its Interface Fa0/1.
● The frame that was received on Interface Fa0/1 of SW2 will be forwarded
on Interface Fa0/0.
● The same thing will happen in SW1 also.
● Both switches will keep forwarding packets over and over again, creating
an infinite loop.
A layer 2 switching loop creates three major problems: broadcast storm,

duplicate frames, and unstable CAM table. If a loop exists, a single looped frame
is sufficient to decrease the performance of the entire network by consuming the
bandwidth and CPU power of the affected devices.
How to avoid layer 2 switching loops in a network?
Implementing the Spanning Tree Protocol (STP) is the primary way to

avoid Layer 2 switching loops. STP actively monitors all links of the network. To
finds a redundant link, it uses an algorithm, known as the STA (spanning-tree
algorithm). The STA algorithm first creates a topology database then it finds and
disables the redundant links. Once redundant links are disabled, only the STP-
chosen links remain active. If a new link is added or an existing link is removed,
the STP re-runs the spanning-tree algorithm and re-adjusts all links to reflect
the change.

We have three switches and added redundancy by connecting the switches

in a triangle, this also means we have a loop here. MAC addresses are simplified
for explanation in this example:
● SW1: MAC AAA
● SW2: MAC BBB
● SW3: MAC CCC
Since spanning tree is enabled, all our switches will send a special frame
to each other called a BPDU (Bridge Protocol Data Unit). In this BPDU there are
two pieces of information that spanning-tree requires:
● MAC address
● Priority
The MAC address and the priority together make up the bridge ID. The
BPDU is sent between all the switches
Spanning-tree requires the bridge ID for its calculation. How it works:

● First of all spanning tree will elect a root bridge; this root-bridge will be the
one that has the best “bridge ID”.
● The switch with the lowest bridge ID is the best one.
● By default the priority is 32768 but we can change this value if we want.
In this example SW1 will become the root bridge. Since the priority is the
same on all switches it will be the MAC address that is the tiebreaker. SW1 has
the lowest MAC address thus the best bridge ID and will become the root bridge.
All other switches will become non-root bridges
The ports on the root bridge are always designated which means they are in a
forwarding state.
Non-root bridges will have to find the shortest path to the root bridge. The
shortest path to the root bridge is called the “root port”.
To break the loop, one of the ports between SW2 and SW3 shall be
shutdown. Both switches have the same priority but the MAC address of SW2 is
lower. Hence, SW3 will block its port, effectively breaking the loop.

The Fa1/0 interface of SW3 is called a Non Designated port.
Take a look at the picture above. SW1 is the root bridge and SW2 is non-
root. We have two links between these switches for redundancy. Redundancy
means loops so spanning-tree is going to block one the interfaces on SW2.
SW2 will receive BPDUs on both interfaces but the root path cost field will
be the same. When the cost is equal, spanning-tree will look at the port priority.
By default the port priority is the same for all interfaces which means that the
interface number will be the tie-breaker. The lowest interface number (Fa0/1)
will be chosen as forwarding port and port Fa0/2 will be blocked here. Of course
port priority is a value that we can change so we can choose which interface will
be blocked.

CHAPTER – 04 IP ADDRESSING & SUBNETTING
CHAPTER-5
IP ADDRESSING & SUBNETTING
5.1. IP Addressing
An IP address, short for Internet Protocol address, is like a unique digital

address assigned to each device on a network, allowing them to communicate
with each other. IP addressing was designed to allow hosts on one network to
communicate with a host on a different network. These routers use the
destination IP address to determine where to forward the data packets until they
reach their intended destination.
There are two main types of IP addressing schemes:
● IPv4 (Internet Protocol version 4): This is the most widely used IP
addressing scheme. It uses a 32-bit address scheme allowing for a total of
232 addresses (over 4 billion addresses). However, due to the rapid growth
of the internet, IPv4 addresses are now running out, leading to the
adoption of IPv6.
● IPv6 (Internet Protocol version 6): IPv6 is the next-generation IP addressing
scheme designed to replace IPv4. It uses a 128-bit address scheme, which
allows for significantly more addresses than IPv4 (2128 addresses). IPv6
adoption has been increasing to accommodate the growing number of
devices and internet users.
IPv4 (Internet Protocol version 4)
An IP address is 32-bit and consists of 2 parts, the network part and the
host part.
IPv4 addresses are typically represented in decimal format as four octets.

Each octet is 8 bits long, and they are separated by dots. This format, known as

"dotted-decimal notation," makes it easier for us to read and work with IP

addresses.
Dividing an IP address into network and host parts: An IP address itself

doesn't inherently tell you which portion identifies the network and which
identifies the specific device (host) on that network. The subnet mask (32 bits)
acts like a divider, specifying how many bits from the beginning of the IP address
represent the network part, and the remaining bits represent the host part.
Example:
Classful IP address scheme

In classful addressing, IP addresses are divided into predefined classes,
each with its own default subnet mask. A classful address refers to an IP address
scheme that divides the IP address space into five classes. Each class has a
predetermined range of addresses and a default subnet mask. The classification
is based on the first few bits of the IP address, which determine the network
class. The main classes are Class A, Class B, and Class C. There are also Class
D and Class E, but they are used for special purposes and are not typically used
for general network addressing.
● Class A: The first bit always has to be 0.
● Class B: The first 2 bits always have to be 10.
● Class C: The first 3 bits always have to be 110.

● Class D: The first 3 bits always have to be 1110.

● Class E: The first 3 bits always have to be 1111.
So if you calculate this from binary to decimal you’ll get the following:
● Class A starts at 0.0.0.0
● Class B starts at 128.0.0.0
● Class C starts at 192.0.0.0
● Class D starts at 224.0.0.0
● Class D starts at 240.0.0.0
So what are the exact ranges that we have?

● Class A: 0.0.0.0 – 127.255.255.255
● Class B: 128.0.0.0 – 191.255.255.255
● Class C: 192.0.0.0 – 223.255.255.255
● Class D: 224.0.0.0 to 239.255.255.255
● Class E: 240.0.0.0 to 255.255.255.255
The range 127.0.0.0/8 (or 127.0.0.0 - 127.255.255.255) is designated for

loopback testing. A loopback interface is a virtual network interface in a
computer, typically with the IP address 127.0.0.1. By pinging the loopback
address (ping 127.0.0.1), you can verify basic functionality of the TCP/IP stack
on the device. As long as the device itself is operational, the loopback interface
is considered "up" and reachable. In the classful networking scheme, subnet
masks were predetermined based on the class of the IP address.

Class A: Subnet mask is 255.0.0.0 (or /8 in CIDR notation). This means the first
8 bits are for the network portion, and the remaining 24 bits are for hosts.
Class B: Subnet mask is 255.255.0.0 (or /16 in CIDR notation). This allows for
16 bits for the network portion and 16 bits for hosts.
Class C: Subnet mask is 255.255.255.0 (or /24 in CIDR notation). This allows
for 24 bits for the network portion and 8 bits for hosts.
Subnet masks are not defined for Class D and Class E addresses because
these address ranges were reserved for special purposes and were not intended
for conventional host-to-host communication.
Difference between “Private” and “Public” IP addresses
● Public IP addresses are used on the Internet.
● Private IP addresses are used on your local area network and should not
be used on the Internet.
Private IP address ranges:

● Class A: 10.0.0.0 – 10.255.255.255
● Class B: 172.16.0.0 – 172.31.255.255
● Class C: 192.168.0.0 – 192.168.255.255
In each IP subnet, there are two special addresses that cannot be assigned to
individual devices.
● Network address.
● Broadcast address.

The network address cannot be used on a computer as an IP address

because it’s being used to “define” the network.
The broadcast address cannot be used on a computer as an IP address
because it’s used for broadcast to all devices in the same network.
Let’s use the Class C range IP address 192.168.1.1 to find the network address
and broadcast address.
When we set all the bits to 0 in the 'host' part of the IP address
192.168.1.1, we obtain the network address.
When we set all the bits to 1 in the 'host' part of the IP address
192.168.1.1, we obtain the broadcast address.
Main limitations of classful addressing:

Classful addressing allocated IP addresses in fixed-length blocks based on
the class of the address. This often resulted in inefficient use of address space,
as organizations were assigned larger blocks of addresses than they needed,
leading to address wastage and rapid depletion of available IPv4 addresses
5.2. Classless Addressing
Classless Addressing, also known as Classless Inter-Domain Routing

(CIDR), is a flexible method of IP addressing and subnetting in IPv4 networks.
Unlike classful addressing, which divides IP addresses into fixed classes (Class

A, B, C, etc.) with predefined subnet masks, CIDR allows for the allocation of IP
addresses in Variable-Length Subnet Masks (VLSM). CIDR allows for the
subdivision of IP address blocks into smaller subnets, enabling more efficient
utilization of available IP addresses.
With VLSM (Variable-Length Subnet Masks), network administrators can
subnet a network into smaller subnets, each with its own subnet mask length
based on the number of required hosts in that subnet. This flexibility enables
more precise allocation of IP addresses, reducing wastage and optimizing
address space utilization.
For example, in a network with the IP address range 192.168.1.0/24, a subnet
mask of /24 (255.255.255.0) provides 256 addresses. However, if one subnet
requires only 30 hosts, while another requires 100 hosts, VLSM allows using
subnet masks of /27 (255.255.255.224) for the smaller subnet (30 hosts) and
/25 (255.255.255.128) for the larger subnet (100 hosts) (Variable subnetting will
be discussed later).
5.3. Subnetting
A subnet mask is a 32-bit number that identifies the network portion and
the host portion of an IP address. It's represented similarly to an IP address,
often with dotted decimal notation. The subnet mask contains a sequence of
contiguous ones (1s) followed by a sequence of contiguous zeros (0s). The ones
represent the network portion, and the zeros represent the host portion.
Subnetting is the process of dividing a large network into smaller, more
manageable sub-networks called subnets. It's a technique used in IP networking
to efficiently utilize IP address space and improve network performance,
security, and management. Subnetting is facilitated by the use of subnet masks.
To subnet a network, borrow bits from the host portion of the IP address and
allocate them to create subnets. Each subnet is identified by its own unique
subnet address and subnet mask.
Let's subnet the network 192.168.1.0/24 into 2 newt works.

Identify the original network: The given network is 192.168.1.0 with a subnet
mask of /24, which means the first 24 bits are assigned for the network portion.
It is a class C network.
Determine the number of bits to borrow for subnetting: To create subnets,

we need to borrow bits from the host portion. The number of bits we borrow
determines the number of subnets and hosts per subnet.
Choose a subnet mask: We want to create 2 subnets. To accommodate this, we
need to borrow 1 bit (since 21 = 2) from the host part. This would result in a
subnet mask of /25 (24 + 1 bit borrowed = 25).
Calculate the new subnet mask: With 1 bit borrowed, the new subnet mask
becomes 255.255.255.128 in decimal (or /25 in CIDR notation), as the first 25
bits are set to 1.
Determine the subnet range: Each subnet will have its own range of addresses.
Hence there can be two networks

1. 192.168.1.0/25
2. 192.168.1.128/25
The subnet ranges will be:

Subnet 1: 192.168.1.0/25

192.168.1.0 (Network Address)

192.168.1.127 (Broadcast Address)
192.168.1.1 to 192.168.1.126 (Usable Address Range)
126 usable IPs
Subnet 2: 192.168.1.128/25
192.168.1.128 (Network Address)
192.168.1.255 (Broadcast Address)
192.168.1.129 to 192.168.1.254 (Usable Address Range)
126 usable IPs
Let's subnet the class c network 192.168.1.0/24 into 4 newt works.

We want to create 4 subnets. To accommodate this, we need to borrow 2 bits
(since 22 = 4) from the host part. This would result in a subnet mask of /26 (24
+ 2 bit borrowed = 26).
With 2 bits borrowed, the new subnet mask becomes 255.255.255.192 in

decimal (or /26 in CIDR notation), as the first 26 bits are set to 1.
Each subnet will have its own range of addresses.
Hence there can be 4 networks

192.168.1.0/26, 192.168.1.64/26, 192.168.1.128/26 and 192.168.1.192/26
1. 192.168.1.0/26
a. Network Address - 192.168.1.0
b. Broadcast Address - 192.168.1.63
c. Usable Address Range - 192.168.1.1 to 192.168.1.62 (62 Usable IPs)
2. 192.168.1.64/26


c. Usable Address Range - 192.168.1.65 to 192.168.1.126 (62 Usable
IPs)
3. 192.168.1.128/26
IPs)
4. 192.168.1.192/26
IPs)
Let's subnet the class c network 192.168.1.0/24 into 8 newt works

Here another method will be used to find the details
1. In the given question, the network address is 192.168.1.0 and the subnet
mask is 255.255.255.0 (11111111.11111111.11111111.00000000 - first
24 bits in the network side and the last 8 bits in the host side)
2. 2n = Number of subnets, where n is the number of bits to be borrowed
from the host side.
23 = 8 (We need to create 8 nos of subnets)

Since n=3. We need to borrow 3 bits from host side to network side
3. Hence the new subnet mask will be
255.255.255.224 (11111111.11111111.11111111.11100000 - 3 bits from

host side is brought to the network side)
4. To find out the network addresses of new subnets, we have to find out the
block size
Block Size = 2(32 - number of 1’s in the new subnet mask)

Here, Block Size = 232-27 = 25 = 32

Hence the new network addresses are
192.168.1.0/27, 192.168.1.32/27, 192.168.1.64/27, 192.168.1.96/27,
192.168.1.128/27, 192.168.1.160/27, 192.168.1.192/27 and
192.168.1.224/27
5. First IP address of each network will be the network address. Last IP
address of each network will be the broadcast address. The IP addresses
available between first and last IP addresses are the usable IPs of that
network. So 30 nos of IPs are available to assign to the hosts.
Let's take one of the above network 192.168.1.160/27

Network address - 192.168.1.160
Usable IPs - 192.168.1.161 to 192.168.1.190
Broadcast IP - 192.168.1.191
Another example
How many networks will be available on 190.10.0.0/22. Also find the number of
hosts per network
1. First octet is 190. So it belongs to the Class B network.
2. Usually Class B networks have a 16 bit subnet mask.
3. In this example the subnet mask is 22 bits long. So 6 bits were borrowed
from the host side to the network side.
4. 2n = Number of subnets. 26 = 64. So 64 nos of subnets can be formed.
5. Block Size = 2(32 - number of 1’s in the new subnet mask), 232-22) = 210 = 1024
6. Since size of a network is 1024, number of hosts in a network will be
1024 - 2 = 1022
7. To find the network addresses of each subnet
a. Block Size = 2(32 - number of 1’s in the new subnet mask), 232-22) = 210
b. First 2 octets of the network part are fixed.
c. Block size of third and fourth octet is 210 (22 x 28)

d. So block size of third octet is 22 = 4
e. Accordingly first 4 subnets are shown below
Subnet Usable IPs Broadcast IP

190.10.0.0/22 190.10.0.1 - 190.10.3.254 190.10.3.255
190.10.4.0/22 190.10.4.1 - 190.10.7.254 190.10.7.255
190.10.8.0/22 190.10.8.1 - 190.10.11.254 190.10.11.255
190.10.12.0/22 190.10.12.1 - 190.10.15.254 190.10.15.255
How to find the network address of an IP address
● You need to know the subnet mask associated with the network
● Convert both the IP address and the subnet mask to binary form.
● Perform a bitwise AND operation between each corresponding pair of bits
in the IP address and the subnet mask.
● Convert the binary result back to decimal form. This will give you the
network address.
Example: Find the network address of 195.170.1.45/27

● Subnet mask - 255.255.255.224 (/27)
● Convert 195.170.1.45 into binary -
11000011.10101010.00000001.00101101
● Convert 255.255.255.224 into binary -
11111111.11111111.11111111.11100000
● Perform a bitwise AND operation between the IP address and the subnet
mask.
11000011.10101010.00000001.00101101
11111111.11111111.11111111.11100000
__________________________________
11000011.10101010.00000001.00100000
● Result in decimal - 195.170.1.32
● Therefore, the network address for the IP address 195.170.1.45/27 is
195.170.1.32

5.4. Variable Length Subnetting (VLSM)
Variable Length Subnetting is a technique used in IP addressing to

allocate subnets with varying sizes according to the specific needs of different
network segments. Here's an example to illustrate VLSM:
Let's consider a network with the address 192.168.10.0/24. We need to
divide this network into subnets to accommodate different departments within
an organization, each with varying numbers of hosts.
Main Office: Requires a subnet with at least 50 hosts.
Sales Department: Requires a subnet with at least 20 hosts.
Accounting Department: Requires a subnet with at least 10 hosts.
IT Department: Requires a subnet with at least 6 hosts.
Management Department: Requires a subnet with at least 2 hosts.
How to do subnetting to fulfill the above needs?

192.168.10.0/24 is a single network with 256 addresses (254 usable IPs).
The number of hosts in VLSM can be in multiples of 2, so adjust the subnet size
accordingly to fit specific requirements.
To provide 50 hosts to Main Office, 6 bits required in host part (26 = 64)
Hence allocate a subnet of /26 (which allows for 62 hosts) to this department.
Subnet: 192.168.10.0/26 Broadcast: 192.168.10.63
IP addresses from 192.168.10.1 to 192.168.10.62 are reserved for the Main
Office.
To provide 20 hosts to Sales Department, 5 bits required in host part (25 = 32)
IP addresses from 192.168.10.65 to 192.168.10.94 are reserved for the Sales
Department.

To provide 10 hosts to Accounting Department, 4 bits required in host part (24

= 16)
IP addresses from 192.168.10.97 to 192.168.10.110 are reserved for the
Accounting Department.
To provide 6 hosts to IT Department, 3 bits required in host part (23 = 8)

IP addresses from 192.168.10.113 to 192.168.10.118 are reserved for the IT
Department.
To provide 2 hosts to Management Department, 2 bits required in host part (22
= 4)
IP addresses from 192.168.10.121 to 192.168.10.122 are reserved for the
Management Department.

With VLSM, we have efficiently allocated subnets with varying sizes

according to the specific requirements of each department, optimizing the use of
IP addresses within the network.

Subnet Mask Chart
Decimal CIDR Binary

255.0.0.0 /8 11111111.00000000.00000000.00000000
255.128.0.0 /9 11111111.10000000.00000000.00000000
255.192.0.0 /10 11111111.11000000.00000000.00000000
255.224.0.0 /11 11111111.11100000.00000000.00000000
255.240.0.0 /12 11111111.11110000.00000000.00000000
255.248.0.0 /13 11111111.11111000.00000000.00000000
255.252.0.0 /14 11111111.11111100.00000000.00000000
255.254.0.0 /15 11111111.11111110.00000000.00000000
255.255.0.0 /16 11111111.11111111.00000000.00000000
255.255.128.0 /17 11111111.11111111.10000000.00000000
255.255.192.0 /18 11111111.11111111.11000000.00000000
255.255.224.0 /19 11111111.11111111.11100000.00000000
255.255.240.0 /20 11111111.11111111.11110000.00000000
255.255.248.0 /21 11111111.11111111.11111000.00000000
255.255.252.0 /22 11111111.11111111.11111100.00000000
255.255.254.0 /23 11111111.11111111.11111110.00000000
255.255.255.0 /24 11111111.11111111.11111111.00000000
255.255.255.128 /25 11111111.11111111.11111111.10000000
255.255.255.192 /26 11111111.11111111.11111111.11000000
255.255.255.224 /27 11111111.11111111.11111111.11100000
255.255.255.240 /28 11111111.11111111.11111111.11110000
255.255.255.248 /29 11111111.11111111.11111111.11111000
255.255.255.252 /30 11111111.11111111.11111111.11111100
Internet Protocol version 6 (IPv6)
The main reason for the development and implementation of IPv6 (Internet
Protocol version 6) is the exhaustion of IPv4 addresses. IPv4, the previous version
of the Internet Protocol, uses 32-bit addresses, which allows for approximately

4.3 billion unique addresses. With the rapid growth of the internet and the
proliferation of connected devices, IPv4 addresses were being depleted.
IPv6 addresses are 128 bits long, providing a vastly larger address space
compared to IPv4's 32-bit addresses. This allows for approximately 340 trillion
(2128) unique addresses, ensuring that the internet can continue to grow and
accommodate the increasing number of devices and users.
IPv6 addressing scheme:

IPv6 addresses are 128 bits long. IPv6 addresses are typically represented in
hexadecimal notation, consisting of eight groups of four hexadecimal digits
separated by colons. For example, a typical IPv6 address might look like this:
2001:0db8:85a3:0000:0000:8a2e:0370:7334
IPv6 allows consecutive groups of zeroes within an address to be compressed to
‘::’. For example, 2001:0db8:85a3:0000:0000:8a2e:0370:7334 can be
compressed to ‘2001:db8:0:42::ab00:1234’
IPv6 addresses include network prefixes and host identifiers. The network prefix
specifies the network portion of the address, similar to IPv4's network address,
while the host identifier identifies a specific interface on the network. For
example, 2001:0db8:85a3::/48 represents the network prefix with a length of 48
bits. Subnetting in IPv6 is typically done by adjusting the prefix length.
Routers configured with the IPv6 SLAAC protocol (Stateless Address
Autoconfiguration) in IPv6 networks periodically send router advertisement
messages containing information about the network address (prefix), subnet
mask (prefix length), and default gateway. Using this information, the host
generates its own IPv6 address (known as a Global Unicast Address or GUA)
automatically without manual intervention. Hosts append their interface
identifier (typically based on the MAC address or a random number) to the
received network prefix to form a complete IPv6 address. This identifier ensures
the uniqueness of the IPv6 address on the network.

CHAPTER – 06 IP ROUTING
CHAPTER-6
IP ROUTING
6.1. IP Routing
System A wants to send a unicast packet to system D

(Both are in the same network)
● The process or application running in the system A initiates

communication.

● Then the data is encapsulated into TCP or UDP datagrams (Adding Port
Addresses)
● Then it performs a bitwise logical AND operation between its own IP

address and subnet mask and the IP address and subnet mask of System
D.
● The result of the bitwise AND operation for both the source and
destination addresses yields the same network address, then the
destination is within the same network.
● The transport layer segment/datagram is then encapsulated into an IP

packet (Adding the source and destination IP addresses to the packet
header).
● System A checks its ARP cache for the MAC address of System D.
● If not available, then System A sends an ARP broadcast.
● Switch receives the broadcast, reads the source MAC address (MAC of
System A), updates its own MAC table and forwards to all other ports
except the port which it receives.
● All systems connected to the switch receive the broadcast and Only
System D will reply (ARP Reply) with its own MAC address.
● Switch receives the ARP reply from System D, reads the source MAC
address (MAC of System D), updates its own MAC table, checks its MAC
table to find which port is connected to System A and forwards the packet
only to System A.
● System A updates its ARP cache with the MAC address of System D.
● Then System A makes an ethernet frame as shown in the below figure and
sends it to switch.
● Switch receives the frame, read the destination MAC address and forward
to the port in which System D is connected.

System A wants to send a unicast packet to system E

(Both are in different network)
communication.
Addresses).

E.
destination addresses yields different network addresses. Hence, the
destination is not within the same network.
● Since the gateway IP address is not configured in System A, further

operations halt.
● So, to enable communication between System A and System E, we

changed the topology of the network by introducing a router.
● Router creates a new point of connection and defines a new boundary

between different network segments.
● Configure gateway address 192.168.1.4 in System A, B & C. Also configure

gateway address 172.100.0.5 in System D, E, F & G.


communication.
Addresses).

E.
destination addresses yields different network addresses. Hence, the
destination is not within the same network.
● Since the gateway IP address is configured in System A, the frame needs

to be forwarded to the router (Gateway Interface).
● System A checks its ARP cache for the MAC address of the router (Gateway
Interface).
● If not available, then System A sends an ARP broadcast.
● Switch receives the broadcast, reads the source MAC address (MAC of
System A), updates its own MAC table, if not available and forwards to all
other ports except the port which it receives.
● All systems connected to the switch receive the broadcast and only router
gateway interface reply (ARP Reply) with its own MAC address.
● Switch receives the ARP reply from the router gateway interface, reads the
source MAC address (MAC of router gateway interface), updates its own
MAC table, if not available. Checks its MAC table to find which port is
connected to System A and forwards the packet only to System A.
● System A updates its ARP cache with the MAC address of the router
gateway interface.
● Then System A makes an ethernet frame as shown in the below figure and
sends it to switch.

● Switch receives the frame, reads the destination MAC address and
forwards to the port in which the router gateway interface is connected.
● Router receives the packet, reads the source MAC address, updates its
ARP cache with the MAC address of System A.
● Then it reads the destination IP, checks its routing table to find the
interface through which this packet needs to be sent.
● In a router's routing table, directly connected networks are automatically

updated based on the router's interfaces and their configurations.
● So, the router needs to send out the packet to the interface Fa0/1.
● Router checks its ARP table to find the MAC address of System E.
● If not available, using ARP request and reply, the router gets the MAC of
system E.
● Then make an ethernet frame for system E as shown below.
Compare the source and destination MAC addresses of the incoming and
outgoing ethernet frames of the router. MAC addresses were changed. But no
change in IP addresses.
IP routing is the process of forwarding data packets from one network

to another network based on their IP addresses. In computer networking, devices
called routers are responsible for this task. When a device wants to send data to
another device on a different network, it forwards the data packet to its default
gateway (usually a router), which then examines the destination IP address of
the packet and determines the best path or route to reach that destination. The

routing decision is made based on the routing table stored in the router's
memory. This routing table contains information about various networks and
the next-hop router or interface through which data should be forwarded to
reach each network. IP routing ensures that data packets are efficiently routed
through multiple network segments and routers to reach their intended
destinations.
If system A wants to send data to System B, then the ethernet frame will
be sent to the gateway (Fa 0/0 interface of R 1). Router 1 will consult its routing
table, which contains information about the available paths to various
destinations. Based on metrics like hop count, bandwidth, latency, and
administrative cost, Router 1 will select the best path to forward the Ethernet
frame toward System B. Once the best path is determined, Router 1 will then
forward the frame accordingly.
Routing tables are built through various mechanisms.
● Directly Connected Networks: When a router is configured with an IP
address and subnet mask on an interface, it automatically knows about
the network directly connected to that interface. These networks and their
associated interfaces are typically added to the routing table as directly
connected routes.

Example: Network 1, 2 & 3 are directly connected to Router 1. These three

networks and associated interfaces will be automatically added to the
routing table of R 1.
● Static Routes: Network administrators can manually configure static
routes on routers. This is called static routing. These routes specify a next-
hop router or an outgoing interface for a particular destination network.
Static routes are entered manually into the routing table and remain
unchanged until they are manually modified or removed.
System A in Network 1 can reach system B in Network 7 only through R1.

But R1 has two routes to reach system B. One through R2 and another
through R4. In static routing, the network administrator has to manually
add the route through which R1 shall reach system B of Network 7 in the
routing table of R1.
Let's assume, the selected route is through R4. Routes can be added in
two ways.
1. Using next hop address (IP address of the interface Fa0/0 of R4)
2. Using the exit interface (Fa0/2 of Router 1)
Similarly, the network administrator has to add all the routes

manually in all the routers of the network. It is a cumbersome process and
leads to erroneous routing configuration.
● Dynamic Routing Protocols: Dynamic routing protocols allow routers

to exchange routing information with neighboring routers. Routers
running dynamic routing protocols share information about the
networks they know about to the neighboring routers, and this
information is used to dynamically update the routing table of those
routers. RIP (Routing Information Protocol), OSPF (Open Shortest Path
First), EIGRP (Enhanced Interior Gateway Routing Protocol), BGP
(Border Gateway Protocol) etc are examples of dynamic routing
protocols.

● Administrative Distance: This is a measure used by routers to select

the best path when there are multiple routes to the same destination
from different routing protocols. It's a way to prioritize routes. Each
routing protocol assigns a default administrative distance value to each
of its routes. The lower the administrative distance, the more preferred
the route. For example, in Cisco routers, directly connected routes have
an administrative distance of 0, while static routes typically have an
administrative distance of 1. The administrative distance is
independent of the actual path's characteristics like speed or cost.
6.2. Metric
This is a measure used by routing algorithms to determine the best path to a

destination within the same routing protocol. The metric is typically based on
various factors such as hop count, bandwidth, delay, load, etc. Each routing
protocol has its own way of calculating the metric.
There are three classes of routing protocols
1. Distance Vector
2. Link State
3. Hybrid
6.2.1 Distance Vector Protocols

A distance-vector routing protocol is a type of routing protocol used in
computer networks to determine the best path for forwarding packets from a
source to a destination. In a distance-vector routing protocol, routers exchange
information about the networks they know about with their neighboring routers.
Based on this information, each router builds a routing table that contains
information about the network topology and the best path to reach each
destination network.
The name "distance-vector" comes from the way these protocols operate:
Distance: Each router maintains a vector (a list) of distances (metrics) to reach
various networks. These distances can be measured in terms of hop count,
bandwidth, or other metrics depending on the specific protocol.

Vector: The vector component refers to the direction or next-hop router that
should be used to reach each destination network.
Routers periodically exchange routing information with their neighboring
routers to keep their routing tables up to date. When a router receives a routing
table update from a neighbor, it compares the received information with its own
routing table. If the received information contains routes that are not present in
its own table or if the received information offers a better path to a destination
network, the router updates its routing table accordingly. Distance-vector
routing protocols only exchange routing information with directly connected
neighbors. Routers make routing decisions based on the information received
from their neighbors. They don't have complete knowledge of the entire network
topology. Distance-vector protocols may take some time to converge, especially
in larger networks, due to the iterative nature of updating routing tables. In
addition to exchanging routing information when changes occur in the network,
routers using distance-vector protocols also send periodic updates to ensure
that neighboring routers have the most up-to-date routing information. The
frequency of these updates varies depending on the specific routing protocol and
configuration settings.

When a distance-vector routing protocol starts up, each router begins with only
its directly connected networks in its routing table.
As routing updates are received from neighboring routers, the routing table is
updated to reflect the learned routes.
Examples of distance-vector routing protocols:
1. RIP (Routing Information Protocol)
2. IGRP (Interior Gateway Routing Protocol)
3. EIGRP (Enhanced Interior Gateway Routing Protocol)
Distance-vector routing protocols have certain limitations, such as slow

convergence and susceptibility to routing loops, which have led to the
development of other routing protocols like OSPF and BGP
RIP (Routing Information Protocol)

It is one of the oldest distance-vector routing protocols used in computer
networks. RIP is designed for small to medium-sized networks and is relatively
simple to configure and manage. RIP uses a distance-vector algorithm to
determine the best path to a destination network. It measures distance in terms
of hop count, where each hop represents a router traversed along the path. RIP
has a maximum hop count limit of 15. If a route's hop count exceeds this limit,
it is considered unreachable. This limits the size of networks that RIP can

effectively support. RIP routers periodically broadcast their entire routing table
to neighboring routers. By default, updates are sent every 30 seconds, although
this interval can be adjusted. RIP employs the split horizon technique to prevent
routing loops. With split horizon, a router does not advertise routes back out the
interface from which they were learned. RIP uses route poisoning to inform other
routers that a route has become unreachable. When a route is no longer
available, the router advertises the route with an infinite metric (16 hops) to
indicate its unreachability.
There are two versions of RIP: RIP version 1 (RIPv1) and RIP version 2
(RIPv2). RIPv2 includes enhancements such as support for Variable Length
Subnet Masking (VLSM), authentication, and support for multicast routing
updates.
RIP has several limitations:
● RIP's periodic update mechanism and limited metric (hop count) can lead
to slow convergence, especially in larger networks.
● The maximum hop count limit restricts the size of networks that RIP can
support. RIP is not suitable for large or complex networks.
● In some scenarios, RIP may encounter routing loops.
● RIP's sole metric, hop count, does not consider factors such as bandwidth
or delay, which can lead to suboptimal routing decisions.
6.2.2 Link State Routing Protocols

Link-state routing protocols (LSRPs) are another major category of routing
protocols used in networks. Routers using distance-vector routing protocols
periodically exchange their routing tables or updates to those tables with their
directly connected neighbors only. But LSRPs share the entire network topology
with all routers.
Here's how LSRPs function:
Discovering the network: Each router learns about its directly connected
neighbors and the cost (bandwidth, delay) of those links.

Link-State Advertisements (LSAs): Routers periodically broadcast small

packets known as link-state advertisements (LSAs) to their neighboring routers.
LSAs contain information about the router's own state, as well as the state of its
directly connected links.
Building a network map: Each router uses the received information to
construct a complete picture of the network topology, essentially a map of all
routers and connections. Each router in the network maintains a detailed map,
or "link-state database," of the entire network topology. This map includes
information about all routers and links in the network.
Shortest Path Calculation: With the complete topology information gathered
from LSAs, each router independently calculates the shortest path to every other
router in the network.
Routing Table Calculation: Based on the shortest path calculations, routers
build their routing tables, which contain the best path to reach each destination
network.
Event-Driven Updates: Link-state protocols use event-driven updates rather
than periodic updates. Updates are triggered by changes in the network, such
as link failures or topology changes.
Some well-known link-state routing protocols include:
Open Shortest Path First (OSPF): A widely used link-state routing protocol
Intermediate System to Intermediate System (IS-IS): commonly used in large
service provider networks.
Here's a comparison of some key points between link-state and distance vector
routing protocols:
Example to Understand Link State Routing Algorithm:
Here is an example of how the Link State Routing algorithm works.
Consider the following network topology:

Assume that each link costs 1. All the routers start with an empty LSDB (Link
State Database).
The following steps illustrate how the Link State Routing algorithm would
operate in this network:
Discovery phase: Each router sends Hello packets to discover its neighbors.
Based on the topology, each router learns the following information:
P: Q, R //Router-P discovers its neighbors Router-Q and Router-R
Q: P, S, T //Router-Q discovers its neighbors Router-P, Router-S and

Router-T
R: P, U //Router-R discovers its neighbors Router-P and Router-U
S: Q //Router-S discovers its neighbors Router-Q
T: Q, U //Router-T discovers its neighbors Router-Q and Router-U
U: R, T //Router-U discovers its neighbors Router-R and Router-T
LSA flooding: Each router floods its own LSA (Link State Database) to all other
routers in the network. The LSA contains information about the router's own
links and the state of its neighboring routers.
After flooding is complete, the LSDB for each router will look like this:
P: P, Q, R, S, T, U

Q: P, Q, R, S, T, U
R: P, Q, R, T, U
S: Q, S
T: Q, T, U
U: R, T, U
SPF (Shortest Path First) calculation: Each router performs an SPF

calculation to determine the best path to each destination. The result of the SPF
calculation is used to build the forwarding table. For example, Router P's
forwarding table will look like this:
Destination Next Hop

Q Q
R R
S Q
T Q
U R
Updating LSAs: Suppose that Link P-R fails. Router R would detect the failure
and send a new LSA to all other routers in the network.
After flooding is complete, the LSDB for each router will look like this:
P: P, Q, S, T, U
Q: P, Q, S, T, U
R: P, Q, S, T, U
S: Q, S
T: Q, T, U
U: R, T, U

SPF calculation: Each router would perform another SPF calculation to

determine the best path to each destination. The result of the SPF calculation is
used to update the forwarding table. For example, Router P's forwarding table
would look like this:
Destination Next Hop
Q Q
R -
S Q
T Q
U R
In this example, the Link State Routing algorithm is used. It is used to maintain
an up-to-date view of the network topology. It is also used to determine the best
path to each destination. The algorithm is designed to quickly adapt to changes
in the network, such as link failures, and to provide a reliable and efficient way
to route packets.
Here's a comparison of some key points between link-state and distance vector
routing protocols:
TTL (Time-to-Live): The TTL (Time-to-Live) value is a field in the header of an

IP (Internet Protocol) packet. It is used to limit the lifespan or time that a packet
can remain in the network before it is discarded. When an IP packet is created,
the TTL field is set to a predefined value by the sender, typically 64. The specific
TTL value used for packets can vary depending on the operating system and
network configuration. As the packet traverses through routers in the network,
each router it encounters decrements the TTL value by one. This decrementing
process ensures that packets do not circulate indefinitely in the network in case

Link-State Routing Distance Vector Routing

Feature
Protocols (LSRPs) Protocols (DVRPs)
Information Link state information Distance to destinations

exchanged (network topology) (in hops)
Network map Each router builds a No overall network map is

construction complete map built
Path Each router calculates Routing information

calculation best paths exchanged iteratively
Routers have complete

knowledge of the network
Convergence Slower convergence, prone
topology. Hence, faster
speed to routing loops
convergence after
topology changes
More scalable for larger Less scalable as network

Scalability
networks size grows
of routing loops or other issues. If the TTL value of a packet reaches zero (0)
before it reaches its destination, the packet is discarded by the router that
decremented it to zero. Additionally, the router may send an ICMP (Internet
Control Message Protocol) Time Exceeded message back to the source indicating
that the packet was discarded due to TTL expiration.
MPLS
MPLS is an IP packet routing technique that enhances the delivery rate of

IP packets by using labels instead of complex routing tables. Unlike traditional
IP routing, which relies on network addresses, MPLS directs data based on these
labels. It’s like having express lanes for your network traffic, ensuring efficient
and rapid delivery. Imagine a network with routers. Instead of examining lengthy
routing tables, routers in an MPLS network use labels attached to IP packets.

Multi-Protocol Label Switching (MPLS) operates at a layer that is generally

considered to lie between traditional definitions of OSI Layer 2 (data link layer)
and Layer 3 (network layer). It is often referred to as a layer 2.5 protocol. MPLS
is not tied to a single protocol; it can operate with various network layer
protocols. It can carry different types of traffic, including IP, Ethernet, Frame
Relay, and ATM. The multiprotocol nature of MPLS enables service providers to
offer a wide range of services, including Layer 2 VPNs (Virtual Private Networks),
Layer 3 VPNs.
Components of mpls
● Label: A short, fixed-length identifier assigned to packets by ingress

routers. Labels are used to forward packets along predefined paths known
as Label Switched Paths (LSPs).
● Label Switched Path (LSP): A unidirectional path through the MPLS

network along which labeled packets are forwarded. LSPs are established
and maintained using signaling protocols such as RSVP-TE (Resource
Reservation Protocol - Traffic Engineering) or LDP (Label Distribution
Protocol).

● Ingress Router: The router at the edge of the MPLS network where packets
enter from external networks. The ingress router assigns MPLS labels to
incoming packets and forwards them into the MPLS network.
● Egress Router: The router at the edge of the MPLS network where labeled
packets exit the MPLS domain and are forwarded to their final destination.
The egress router removes MPLS labels from outgoing packets before
forwarding them to the next hop or destination.
● Label Switch Router (LSR): Routers within the MPLS network that
perform label switching based on incoming labels. LSRs make forwarding
decisions based on labels and swap labels as packets traverse the MPLS
network.
● Provider Edge (PE) Router: Routers within the service provider's MPLS
network that connect directly to customer networks via CE (Customer
Edge) routers. PE routers establish MPLS connectivity with CE routers. A
PE router can function as both an ingress and an egress router, depending
on the context and the flow of traffic within an MPLS (Multiprotocol Label
Switching) network.
● Customer Edge (CE) Router: Routers at the edge of customer networks

that connect to PE routers in the service provider's MPLS network.
● Label Distribution Protocol (LDP): A signaling protocol used to distribute

MPLS labels between routers within the MPLS network. LDP establishes
label bindings between neighboring routers to create LSPs and enable
MPLS forwarding.
● MPLS Forwarding Table: A data structure maintained by routers in the

MPLS network that maps incoming labels to outgoing interfaces or next-
hop routers. The MPLS forwarding table is used to make forwarding
decisions based on MPLS labels.
Virtual Routing and Forwarding (VRF) plays a crucial role in Multiprotocol
Label Switching (MPLS) networks. It allows the separation of traffic for different
customers within the MPLS cloud. Each VRF maintains its own routing table

and policies. Multiple VRFs can coexist on the same router. Each VRF
corresponds to a virtual packet-forwarding table. VRF configurations are
typically done on Provider Edge (PE) routers. Each VRF instance is bound to one
or more physical or logical interfaces on the PE router. These interface bindings
determine which interfaces belong to each VRF instance and where traffic
belonging to that VRF is received or forwarded. VRF instances are typically
denoted by assigning a unique name or identifier to each VRF. These identifiers
use a mix of letters and numbers. For example, VRF names like VRF123,
CustomerA, or Site42.


CHAPTER – 07 VLAN
CHAPTER-7
VLAN
7.1. Introduction
A VLAN is a logical grouping of network users and resources connected to

administratively defined ports on a switch. When you create VLANs, you’re given
the ability to create smaller broadcast domains within a layer 2 switched inter-
network by assigning different ports on the switch to different sub networks. A
VLAN is treated like its own subnet or broadcast domain, meaning that frames
broadcast onto the network are only switched between the ports logically
grouped within the same VLAN.
By default, hosts in a specific VLAN cannot communicate with hosts that

are members of another VLAN, so if you want inter-VLAN communication, the
answer is that you still need a router.
7.2. VLAN Basics

Figure shows how layer 2 switched networks are typically designed as flat
networks. With this configuration, every broadcast packet transmitted is seen by
every device on the network regardless of whether the device needs to receive
that data or not. The reason it’s called a flat network is because it’s one broadcast
domain, not because the actual design is physically flat. In Figure we see Host A
sending out a broadcast. All the ports except the receiving port of the switch
forward the packet.
Switched network

CHAPTER – 07 VLAN
When VLANs were not in the picture, we were using the type of network depicted
in the figure below.
Here you can see that each network is attached with a hub port to the router.
Notice that each department has its own LAN, so if you needed to add new users
to, let’s say, Sales, you would just plug them into the Sales LAN, and they would
automatically become part of the Sales collision and broadcast domain. This
design really worked well for many years. But there was one major flaw. What
happens if the hub for Sales is full, and we need to add another user to the Sales
LAN? Or, what do we do if there’s no more physical space available where the
Sales team is located for this new employee?
Well, let’s say there just happens to be plenty of room in the Finance section of
the building. That new Sales team member will just have to sit on the same side
of the Finance people, and we’ll just plug the system of that sales team
member into the hub for Finance. Doing this obviously makes the new user part
of the Finance LAN, which is very bad for many reasons. First and foremost, we
now have a major security issue. Because the new Sales employee is a member
of the Finance broadcast domain, the newbie can see all the same servers and
access all network services that the Finance folks can. Second, for this user to
access the Sales network services, they would have to go through the router to
log in to the Sales server—not exactly efficient!

CHAPTER – 07 VLAN
But, if you create a virtual LAN (VLAN). You can solve many of the problems
associated with these issues.
Here’s a short list of ways VLANs simplify network management:
● VLANs enable you to group devices together logically, even though they are
physically connected to the same switch.
● All the devices connected to the same switch are in the same broadcast
domain.
● But VLANs allow you to create separate broadcast domains within a single
physical switch.
● Devices within the same VLAN can communicate with each other as if they
were on the same physical network.
● Devices in different VLANs typically cannot communicate with each other
without routing.
● VLANs enhance network security by isolating traffic.

CHAPTER – 07 VLAN
● VLANs limit the scope of broadcast traffic. Broadcasts are confined to

devices within the same VLAN, reducing network congestion and
improving overall network performance.
● VLANs provide flexibility in network design and management. They allow
you to reconfigure the logical layout of your network without physically
relocating devices or rewiring connections.
● VLAN tagging adds a header to Ethernet frames, indicating which VLAN
the frame belongs to. This allows VLAN-aware devices to distinguish
between different VLANs and route traffic accordingly.
● To enable communication between devices in different VLANs, you
typically need a router or a Layer 3 switch capable of routing traffic
between VLANs. This process is known as inter-VLAN routing.
In what ways can devices be grouped into VLANs?
● Port-based VLANs: are a common method of assigning VLAN membership

to devices based on the physical switch port to which they are connected.
Administrators configure each switch port to be a member of a specific
VLAN. Any device plugged into that port will automatically be part of the
assigned VLAN.
● MAC address-based VLANs, also known as MAC-based VLANs: are a
method of assigning VLAN membership to devices based on their MAC
addresses. In traditional VLAN configurations, VLAN membership is
typically determined by the switch port to which a device is connected.
However, MAC address-based VLANs offer more granular control over
VLAN assignments by allowing specific devices to be associated with
particular VLANs, regardless of the switch port they are connected to. With
MAC-based VLANs, the switch creates a table that maps specific MAC
addresses to VLANs. When a frame arrives at the switch, the switch looks
up the source MAC address in the table. If a match is found, the switch
assigns the corresponding VLAN ID to the frame and forwards it within
that VLAN.

CHAPTER – 07 VLAN
● Policy-Based VLANs: VLAN memberships can also be determined based on

policies configured on the network devices. These policies can take into
account various factors such as IP address ranges, application types, or
specific protocols to determine VLAN assignments.
● VLAN Membership Policy Server (VMPS): is a system used in network
environments to dynamically assign VLAN memberships to devices based
on their MAC addresses. The VMPS is configured with a database that
maps MAC addresses to VLANs. When a device connects to the network,
it sends a request to the VMPS, typically using a protocol like VLAN
Membership Policy Protocol (VMPP) or Cisco VMPS Protocol (VMPS). This
request includes the device's MAC address. The VMPS checks its database
for the MAC address received in the request. If a matching entry is found,
the server responds to the device with the corresponding VLAN
assignment. If no matching entry is found, the server may assign the
device to a default VLAN or reject the request.
7.3. Access Port:
When a switch port is configured as an access port, it will only carry traffic for
the specified VLAN. Access ports are primarily used to connect end-user devices
such as computers, printers, IP phones, cameras, and other network peripherals
to the local network. By connecting these devices to access ports, they can
communicate with other devices within the same VLAN. In the fig: ___ Port nos
2,3,6 are the access ports of VLAN 3, Port nos 1,7 are the access ports of VLAN
4 and Port nos 4,5,8 are the access ports of VLAN 5.
VLAN trunking is a technique used in computer networking to carry traffic from

multiple VLANs over a single network link (trunk).
7.4. Trunk Port:
Trunk ports are switch ports configured to carry traffic for multiple VLANs
simultaneously. They are used to interconnect switches or to connect switches.

CHAPTER – 07 VLAN
This eliminates the need for separate cables for each VLAN when connecting
switches, promoting network efficiency. This allows VLAN traffic to traverse
multiple switches while maintaining VLAN segregation and ensuring that frames
reach their intended destinations. Trunk ports are also used to connect switches
to routers, servers, or other networking devices that support VLAN tagging. This
enables these devices to communicate with multiple VLANs on the network. Each
frame transmitted over a trunk port includes a VLAN tag that identifies the VLAN to
which the frame belongs.
7.5. VLAN Tagging:
VLAN tagging is a method used in computer networks to identify which VLAN a

data packet belongs to when it travels across trunk ports on switches. In a
standard Ethernet frame, there is no field to indicate the VLAN to which the
frame belongs. On access links, which are configured for a single VLAN, frames
are typically untagged. If the frame needs to traverse a trunk link, it will be
tagged with the appropriate VLAN ID before being sent out. The IEEE 802.1Q
standard defines how VLAN tagging should be implemented. According to this
standard, a 4-byte tag is added to the Ethernet frame header, which includes
information about the VLAN ID and other details. When a frame exits a trunk
port on a switch, the VLAN tagging process inserts a VLAN tag into each Ethernet
frame. This tag functions like a label, identifying the specific VLAN the data
belongs to. Upon receiving a tagged frame, switches examine the VLAN tag to

CHAPTER – 07 VLAN
determine the VLAN to which the frame belongs. This allows switches on the
receiving end to correctly forward the frames to the appropriate VLANs.
Inter VLANs Communication:
What we see in the above figure is that each router interface is plugged into an
access link. This means that each of the routers’ interface IP addresses would
then become the default gateway address for each host in each respective VLAN.

CHAPTER – 07 VLAN
Instead of using a router interface for each VLAN, you can use one Fast Ethernet interface
and run 802.1Q trunking (802.1Q trunking, also known as VLAN trunking. Above figure
shows how a Fast Ethernet interface on a router will look when configured with 802.1Q
trunking. This allows all VLANs to communicate through one interface. Cisco calls this a
“router on a stick.”
How Router on a Stick works.
● First, you configure the switch to support VLANs. Then create and assign VLANs
to specific switch ports where devices are connected.
● On the switch, configure a port as a trunk port. It carries traffic from multiple
VLANs across a single physical link.
● This trunk link is then connected to one of the physical interface of the router.
● Configure subinterfaces(Logical) on the above mentioned physical interface of the
router. Subinterfaces are commonly used in routers to perform inter-VLAN
routing.
● Each subinterface is configured with its own unique network settings, including IP
address, subnet mask, VLAN tagging. These settings allow the subinterface to
operate as if it were a distinct physical interface.

CHAPTER – 07 VLAN
● Configure the router to route traffic between the different subinterfaces.

● With the router configured, devices in different VLANs can communicate with each
other through the router.
● When a device sends traffic destined for another VLAN, the traffic is forwarded to
the router through the trunk link.
The router examines the VLAN tag, determines the appropriate subinterface for the
destination VLAN, and forwards the traffic accordingly.
Why use a Layer 3 switch?

Layer 3 switches make the use of virtual local area networks (VLANs) and inter VLAN
routing easier and faster. They make VLANs easier to configure because a separate router
isn't required between each VLAN; all the routing can be done right on the switch. Layer
3 switches also improve VLAN performance because they eliminate the bottleneck that
results from a router forming a single link between VLANs.

CHAPTER – 08 IP MULTICAST
CHAPTER-8
IP MULTICAST
There are three types of traffic that we can choose from for our networks:
● Unicast
● Broadcast
● Multicast
If you want to send a message from one source to one destination, we use
unicast. If you want to send a message from one source to everyone, we use
broadcast.
What if we want to send a message from one source to a group of receivers?

That’s when we use multicast.
Why do you want to use multicast instead of unicast or broadcast? That’s best
explained with an example. Let’s imagine that we want to stream a high
definition video on the network using unicast, broadcast or multicast. You will
see the advantages and disadvantages of each traffic type. Let’s start with
unicast:
Above we have a small network with a video server that is streaming a

movie and four hosts who want to watch the movie. Two hosts are on the same

LAN, the other two hosts are on another site that is connected through a 30
Mbps WAN link.
A single HD video stream requires 6 Mbps of bandwidth. When we are

using unicast, the video server will send the packets to each individual host.
With four hosts, it means the video server will be streaming 4x 6 Mbps = 24
Mbps of traffic.
Each additional host that wants to receive this video stream will put more
burden on the video server and require more bandwidth from the WAN link.
Hence it is not scalable.
What about broadcast traffic?
If our video server broadcasts its traffic then the load on the video server
will be reduced, it’s only sending the packets once. The problem however is that
everyone in the broadcast domain will receive it, whether they like it or not.
Another issue with broadcast traffic is that routers do not forward broadcast
traffic, it will be dropped.
What about multicast traffic?

Multicast traffic is very efficient. This time we only have two hosts that are
interested in receiving the video stream. The video server will only send the
packets once. switches forward multicast packets selectively to only interested
receivers, routers play a more active role in replicating and distributing multicast
packets across different network segments. This reduces the load of the video
server and network traffic in general.
When using unicast, each additional host will increase the load and traffic rate.
With multicast it will remain the same.
Multicast Components
1. Source of multicast data.

2. Multicast receivers.
3. Multicast enabled routers.
4. Distribution tree established by the routers using a multicast routing
protocol.
5. Data is delivered downstream in the distribution tree from the source to
the receivers.
Multicast is efficient but it doesn’t work “out of the box”. There are a
number of components that we require.

First of all we use a designated range of IP addresses that is exclusively

used for multicast traffic. We use the class D range for this: 224.0.0.0 to
239.255.255.255. These addresses are only used as destination addresses, not
as source addresses. In networking, a single multicast address is indeed referred
to as a "multicast group." Multicast groups are used to represent a set of
receivers interested in receiving the same multicast traffic. The source IP address
will be the device that is sending the multicast traffic, for example the video
server. We also require applications that support multicast. A simple example is
the VLC media player, it can be used to stream and receive a video on the
network.
When a router receives multicast traffic, somehow it has to know if anyone

is interested in receiving the multicast traffic.
Above you can see the router is receiving the multicast traffic from the
video server. It doesn’t know where and if it should forward this multicast traffic.
We need some mechanism on our hosts that tells the router when they want to
receive multicast traffic. We use the IGMP (Internet Group Management Protocol)

for this. Hosts that want to receive multicast traffic will use the IGMP protocol
to tell the router which multicast traffic they want to receive.
IGMP helps the router to figure out on what interfaces it should forward
multicast traffic but what about switches? Take a look at the following image:
To help the switch figure out where to forward multicast traffic, we can
use IGMP snooping. The switch will “listen” to IGMP messages between the
host(s) and router to figure out where it should forward multicast traffic to.

Above we have our video server that is forwarding multicast traffic to R1.
On the bottom there’s H1 who is interested in receiving it.
With unicast routing, each router advertises its directly connected

interfaces in a routing protocol. Routers who receive unicast packets only care
about the destination address. They check their routing tables, find the outgoing
interface and forward the packets towards the destination. With multicast
routing, things are not that simple. The destination is a multicast group address
and the multicast packets have to be forwarded to multiple receivers throughout
the network.
To accomplish this, we use a multicast routing protocol:
● DVMRP (Distance Vector Multicast Routing Protocol)

● MOSPF (Multicast Open Shortest Path First)
● PIM (Protocol Independent Multicast)
The most popular multicast routing protocol is PIM.
Multicast IP Addresses
One of the differences between unicast and multicast IP addresses, is that

unicast IP addresses represent a single network device while multicast IP
addresses represent a group of receivers. IANA (Internet Assigned Numbers
Authority) has reserved the class D range to use for multicast. The first 4 bits in
the first octet are 1110 in binary which means that we have the 224.0.0.0
through 239.255.255.255 range for IP multicast addresses.
Some of the addresses are reserved and we can’t use them for our own
applications. The 224.0.0.0 – 224.0.0.255 range has been reserved by IANA to
use for network protocols. All multicast IP packets in this range are not
forwarded by routers between subnets.
Few examples of reserved Multicast addresses
Address Usage
224.0.0.1 All Hosts
224.0.0.2 All Multicast Routers
224.0.0.5 OSPF Routers
224.0.0.9 RIPv2 Routers
224.0.0.10 EIGRP Routers
224.0.0.12 DHCP Server / Relay
224.0.0.13 All PIM Routers
224.0.0.18 VRRP

Multicast IP Address to MAC address mapping

Analyzing an Unicast MAC: 00:A0:C9:AB:0E:8F
Analyzing an Multicast MAC: 01:00:5E:00:00:05
Look at the above figure.

For all multicast IP addresses, the first 4 bits must be the same because of class
D.
For all multicast MAC addresses, the first 25 bits must be the same. Because
IANA has reserved the block from 01:00:5e:00:00:00 to 01:00:5e:7f:ff:ff for
encapsulating IP multicast datagrams.

From the above example, you can find that the MAC addresses for 224.11.2 and
225.11.1.2 are the same. Because the 5 bits of IP address (shown in the above
figure) are not relevant for IP to MAC mapping.
All the multicast IPs shown in the below table are mapped to the same multicast
MAC address - 01:00:5E:0B:01:02
224.11.1.2 225.11.1.2 226.11.1.2 227.11.1.2 228.11.1.2 229.11.1.2
230.11.1.2 231.11.1.2 232.11.1.2 233.11.1.2 234.11.1.2 235.11.1.2
236.11.1.2 237.11.1.2 238.11.1.2 239.11.1.2 224.139.1.2 225.139.1.2
226.139.1.2 227.139.1.2 228.139.1.2 229.139.1.2 230.139.1.2 231.139.1.2
231.139.1.2 232.139.1.2 233.139.1.2 234.139.1.2 235.139.1.2 236.139.1.2
237.139.1.2 238.139.1.2 239.139.1.2

2 = 32 different multicast IP can be mapped to the same MAC address.

5
IGMP (Internet Group Management Protocol): IGMP stands for Internet Group
Management Protocol. It is a communication protocol used by IPv4 hosts and
multicast routers to manage multicast group memberships within a network.
IGMP operates at the network layer (Layer 3) of the OSI model.
There are two main versions of IGMP: IGMPv1 and IGMPv2.
IGMP version 2 (IGMPv2) is widely used in IPv4 networks for managing multicast
group memberships.
IGMP message types
- Membership query
- Membership report
- Leave group message
IGMP Membership Query
● General Query: This query is sent to all hosts on a network segment,

asking them to report their membership status for all multicast groups.
General Queries are typically used by routers to periodically refresh their
knowledge of active multicast group memberships on the network.

● Group-Specific Query: This query targets a specific multicast group,

asking hosts if they are members of that particular group. Group-Specific
Queries are used by routers when they need to determine the status of a
specific multicast group's membership, such as when a router receives
multicast traffic for that group and wants to verify if there are active
members.
IGMP Membership Report: IGMP membership report is a message sent by an

IPv4 host to a multicast router in response to an IGMP Membership Query or to
announce its interest in receiving multicast traffic for specific multicast groups.
IGMP Leave Group message: IGMP leave group message is sent by an IPv4 host
to notify the local multicast router that it is no longer interested in receiving
traffic for a specific multicast group.
IGMP messages are sent with the TTL field in the IP header set to one.
Therefore, IGMP messages are never forwarded by routers.
IGMP Snooping
Layer two switches are simple devices. They learn source MAC addresses
and insert these in their MAC address tables. When a frame arrives, they check
for the destination MAC address, perform a lookup in the MAC address table
and then forward the frame. This works very well for unicast traffic but it’s a
problem for multicast traffic. Take a look at the example below:

Refer to the above figure: A video server is streaming multicast traffic to

destination 239.1.1.1. The destination MAC address will be 0100.5e01.0101.
When the switch receives this traffic then it will do a lookup for MAC address
0100.5e01.0101. Since this MAC address has never been used as a source, all
multicast traffic will be flooded. All hosts will receive this traffic whether they
want it or not.
IGMP snooping is a feature of network switches that monitors Internet

Group Management Protocol (IGMP) messages exchanged between multicast
routers and hosts. When the host sends a membership report for a multicast
group then the switch adds an entry in the CAM table for the interface that is
connected to the host. When the host sends a leave group for a multicast group
then the switch removes an entry in the CAM table for the interface that is
connected to the host.
By analyzing these messages, switches can intelligently forward multicast

traffic only to the ports where it's needed, rather than flooding it to all ports in
the network. Without IGMP snooping, switches will flood multicast traffic
everywhere, treating it like broadcast traffic.
Multicast Routing
When a router receives an unicast packet, it reads the destination

address, checks its routing table to find out the next hop address or exit interface
and forward the IP packet towards the destination.
What about multicast traffic?

Above figure: R1 receives a multicast packet from some video server, the
destination address is 239.1.1.1. But the routing table is a unicast routing table.
There’s no information about any multicast addresses in there. Router 1 will
have no idea where to forward this multicast traffic to.
To route multicast traffic, we need to use a multicast routing protocol.
Protocol Independent Multicasting (PIM)
Protocol Independent Multicasting (PIM) is a family of multicast routing

protocols used in computer networks. PIM depends 100% on the information in
the unicast routing table. But it doesn’t matter which unicast routing protocol
you use to fill the unicast routing table. PIM operates independently of any
specific unicast routing protocol. The primary goal of PIM is to efficiently deliver
multicast traffic from a source to multiple destinations across an IP network. It
achieves this by dynamically building multicast distribution trees, which
determine the path that multicast packets should take through the network. PIM
operates at the network layer (Layer 3) of the OSI model / internet layer of TCP/IP
model.
Protocol Independent Multicast (PIM) Hello packets are used to establish

and maintain neighbor adjacencies. These packets are exchanged between
routers to discover and maintain neighbor relationships, enabling the routers to
exchange multicast routing information effectively.
Different modes of PIM:
● PIM Dense mode
● PIM Sparse mode
Protocol Independent Multicasting (PIM) - Dense Mode
Dense Mode: Dense mode multicast routing protocols are used for networks
where most subnets in your network should receive the multicast traffic. When

a router receives the multicast traffic, it will flood it on all of its interfaces except
the interface where it received the multicast traffic.
In the example above both the hosts H1 and H2 are interested in multicast traffic
but what if there are hosts that don’t want to receive it?
A multicast router can tell its neighbor that it doesn’t want to receive the
multicast traffic anymore. This happens when:
● The router doesn’t have any downstream neighbors that require the
multicast traffic.
● The router doesn’t have any hosts on its directly connected interface that
require the multicast traffic.
Above we see R1 that receives the multicast traffic from our video server.
It floods this multicast traffic to R2 and R3. But these two routers don’t have
any interest in multicast traffic. They will send a prune message to signal R1
that it should no longer forward the multicast traffic.
Multicast routing is vulnerable to routing loops.
One simple loop-prevention mechanism is that routers will never forward

multicast packets on the interface where they received the packet on.

There is one additional check also to prevent loops. It is called RPF (Reverse
Path Forwarding).
Refer above figure. R1 receives a multicast packet which is flooded on all

interfaces except the interface that connects to the video server.
● R1 floods the packet to R3.
● R3 floods the packet to R2.
● R2 floods it back to R1.
Even Though routers are not forwarding multicast packets on the interface
where they received the packet on, there exists a multicast routing loop. This
can be prevented by implementing the RPF check:
When a router receives a multicast packet on an interface, it looks at the source

IP address and does two checks:
● Is there an entry that matches the source address in the unicast routing
table?
● If so, what interface is used to reach that source address?
When the multicast packet is received on the interface that matches the
information from the unicast routing table, it passes the RPF check and accepts
the packet. When it fails the RPF check, drop the packet.

Above we see R1 floods the multicast traffic to R2 and R3. R2 also floods
it to R3. R3 will now perform a RPF check. It sees the source address of the
multicast data is 192.168.12.2 and checks the unicast routing table. It finds a
route for 192.168.12.2 that points to R1.
The packet that it receives from R1 will pass the RPF check since we
receive it on the Fa0/0 interface, the one it receives from R2 fails the RPF check.
So, the multicast packet from R2 will be dropped.
R3 will then flood the multicast packet towards R2 who will also do a RPF
check. It will drop this packet since R2 uses its interface towards R1 to reach
192.168.12.2.
Another way to look at this is that the RPF check ensures that only
multicast packets from the shortest path are accepted. Multicast packets that
travel longer paths are dropped.
Upstream router - The router where we receive multicast traffic from (source
side)
Downstream router - The router where multicast traffic is forwarded (Towards

Receivers).

RPF neighbor
PIM (Protocol Independent Multicast), the term "RPF neighbor" stands for
"Reverse Path Forwarding neighbor."
When a router receives multicast traffic, it performs an RPF check. It looks at its
unicast routing table to determine the upstream interface from which it expects
to receive unicast traffic for the source of the multicast stream.
The router compares the incoming interface of the multicast packet with the
expected upstream interface determined by the RPF check.
If the incoming interface matches the expected upstream interface, the router
forwards the multicast packet. If they don't match, the router might discard the
packet to prevent loops.
In this context, the upstream neighbor from which the router expects to receive
multicast traffic is referred to as the "RPF neighbor" for that source.
PIM Dense Mode is a push method in which source-based trees are used.

Above we see a video server sending a multicast packet towards R1. H1 wants to
receive the same multicast. So H1 will send an ip igmp join request to R6. As
soon as R1 receives this multicast packet, it will create an entry in its multicast
routing table where it stores the source address and multicast group address. It
will then flood the traffic on all of its interfaces except the interface where it
received the multicast packets.
Other routers that receive this multicast packet will also create an entry
in its multicast routing table and are flooded on all of their interfaces except the
interface where it received the multicast packets. This does cause some issues,
one problem is that we will have multicast routing loops. You can see that the
packet that R1 receives is forwarded to R2 > R4 > R5 and back to R1 (and the
other way around).
Each router that is not interested in the multicast traffic will send a prune
to its upstream router, requesting it to stop forwarding it. Pruning of multicast
traffic helps to prevent looping.
To avoid the looping RPF(Reverse Path Forwarding) technique will also be

used. (When the multicast packet was received on the interface that we use to
reach the source, the RPF check succeeds. When the multicast packet was
received on another interface, it fails the RPF check and the packet is discarded.)
End Result will look like this:
Multicast data from server to H1 will flow through R1>R2>R6>H1

The interfaces of routers R2 and R6 where the arrow marks are shown will not send a
prune back message. Because H1 wants to receive the multicast packets.
Couple of reasons why a router can send a prune message:
● No directly connected hosts that are interested in receiving the multicast

traffic.
● No downstream routers are interested in receiving the multicast traffic.
● When downstream routers receive traffic on a non-RPF interface.
Now multicast traffic is flooded from R1 to R2 > R6 > H1. This flood and
prune behavior will occur every three minutes. This topology is called the source-
based distribution tree or SPT (Shortest Path Tree). The source is the root of
our tree. The routers in between that are forwarding traffic are the nodes. The
subnets with receivers are the branches and leaves of the tree. Depending on the
source and/or multicast groups that we use, you might have more than one
source tree in your network. We use the [S,G] notation to refer to a particular
source tree.
● S: the source address
● G: the multicast group address

Protocol Independent Multicasting (PIM) - Sparse Mode: With PIM dense

mode, multicast traffic will be flooded everywhere and then prune it. Dense mode
is very inefficient with its flooding of multicast traffic. Lot of bandwidth and
resources on the router is wasted due to flooding. The alternative is sparse mode
which is far more efficient. With PIM sparse mode multicast traffic will not be
forwarded unless another router requests it. It’s the complete opposite of dense
mode.
● Dense mode floods multicast traffic until a router asks you to stop.
● Sparse mode sends multicast traffic only when a router requests it.
Requesting multicast traffic sounds great but it introduces one problem.

Where are you going to send your request to? With dense mode, you will receive
the traffic whether you like it or not. With sparse mode, you have no idea where
the multicast traffic is coming from.
To fix this issue, sparse mode uses a special router called the RP
(Rendezvous Point). All multicast traffic is forwarded to the RP and when other
routers want to receive it, they’ll have to find their way towards the RP.
Above we see R1 which is the RP for the network. It’s receiving multicast
traffic from the video server but at the moment nobody is interested in it. R1 will
not send any multicast traffic on the network at this moment.

If R2 or R3 receive an IGMP join message from a host that is directly

connected or a request from another downstream router, then:
● H2 wants to receive this multicast traffic so it sends an IGMP join message

for multicast group 239.1.1.1 to R3
● R3 receives the IGMP join and will request R1 (Using PIM Join message)
to start sending the multicast traffic.
● R1 will now start forwarding the multicast to R3 and it reaches H2.
With this, wastage of network resources can be reduced.
When using sparse mode, all routers need to know the IP address of the RP.
(This will discussed later)

In the above diagram, a video server is streaming multicast traffic to 239.1.1.1.

At the bottom, R6 received an IGMP membership from a directly connected
host H1. But R6 is unaware of the source of multicast 239.1.1.1
● Router R5 is configured as RP for this multicast group
● Multicast traffic is received by R1.

● R1 will encapsulate the first multicast packet in a PIM register message

and forwarded to the RP.
● Once the RP receives the PIM register message there are two options:
o When nobody is interested in the multicast traffic then the RP will
reject the PIM register message.
o When there is at least one receiver, the RP accepts the RP register
message.
● When nobody is interested in the multicast traffic, RP will respond to R1

with a PIM register stop message.
● Then R1 stops forwarding any multicast traffic.
● R1 will start a suppression timer. By default this timer is 60 seconds
● When the timer is almost expired, R1 will send a PIM register null packet
to RP.
● PIM register null packet doesn’t carry the encapsulated multicast packet.
It’s a simple request to ask the RP if it is interested now.
● If still don’t have any receivers, the RP will send another PIM register stop
message.
● When there are receivers, the RP will not send a PIM register stop message
to R1
● Then R1 will start forwarding the multicast traffic.

● The host (H1) that is connected to R6 would like to receive multicast traffic.
● So H1 sends an IGMP membership report to R6.
● R6 now has to figure out how to get to the RP and request it to start
forwarding the multicast traffic.

● R6 will check its unicast routing table for the IP address of the RP and
send a PIM join message on the interface that is used to reach the RP.
● In this case, R6 will forward PIM join towards R4.
● When R4 receives the PIM join, it has to request the RP to start forwarding
multicast traffic
● So R4 will check its unicast routing table, find the interface that is used
to reach the RP and send a PIM join message towards the RP.
● When the RP receives the PIM join, it will start forwarding the multicast
traffic.
● Multicast traffic is now flowing from R1 towards the RP, down to R4, R6
and to our receiver (H1).
This concept of joining the RP is called the RPT (Rendezvous Point Tree) or
Shared Tree. The RP is the root of our tree which decides where to forward

multicast traffic to. Each multicast group might have different sources and
receivers so we might have different RPTs in our network.
If you look closely at the picture above then you might have noticed that R6 has
multiple paths towards the source. Right now multicast traffic is flowing like
this:
R1 > R5 > R4 > R6 (Rendezvous Point Tree)
This is not the most optimal path. The path from R1 > R2 > R6 has one less
router than the current path. So if all interfaces are equal, this path is probably
better.
Once H1 starts receiving multicast traffic through the RP, it’s possible to switch
to the SPT (Shortest Path Tree) - R1 > R2 > R6.
Refer the figure below
● When R6 received the multicast traffic through the RP, it also learned the
source address of this multicast.
● R6 checks its unicast routing table to find a better path to reach the
source. It finds that R1 > R2 > R6 is the better path.
● Now R6 decided to use the SPT (R1 > R2 > R6) instead of the RPT (R1 > R5
> R4 > R6) to receive this traffic.
● For this, R6 will send PIM join messages to R2. R2 will forward the PIM
join to R1


Refer the above figure
● R1 will start forwarding multicast traffic towards R6, using the best path:
R1 > R2 > R6 (SPT - Source Path Tree)
● Since R6 is now receiving multicast traffic through R2 and R1, it doesn’t

need it from the RP anymore.
● R6 will send PIM prune messages to R4.
● R4 will forward the PIM Prune message to RP
● Multicast data flow through RP will be stopped.
What have we learned?
● PIM sparse mode uses a RP (Rendezvous Point) as a “central point” for our
multicast traffic.
● Routers will use PIM register packets to register sources with the RP. The
first multicast packet is encapsulated and forwarded to the RP.
● When the RP is not interested in traffic from a certain group then it will
send a PIM register stop packet.
● The router that sent the PIM register will start a suppression timer (60
seconds) and will send a PIM register null packet a few seconds before the
suppression timer expires.
● Routers with receivers will join the RPT (Root Path Tree) for each group
that they want to receive.
● Once routers with receivers get a multicast packet from the RP, they will
switch from the RPT to the SPT when traffic exceeds 0 kbps (in other
words: immediately).
Multicast PIM Bootstrap (BSR)
PIM sparse mode requires an RP (Rendezvous Point) as a meeting point in

the network for all multicast traffic. Any router in the network can be configured

as an RP. We manually configured the RP on all routers. For a small network,

this is no problem. On large multicast networks, it’s not a good idea. First of all,
it takes time to manually configure each router, but it’s also prone to errors.
How to overcome these issues.
BSR (Bootstrap) is a protocol that is used to automatically find the RP

(Rendezvous Point) in the multicast network. BSR is included in PIMv2 (Version
2).
Candidate BSR: This is the router that collects information from all available
RPs in the network and advertises it throughout the network.
Candidate RP: These are the routers that advertise themselves that they want
to be the RP for the network.
The BSR sends messages on a hop-by-hop basis and does so by sending

its packets to multicast address 224.0.0.13 with a TTL of 1. Since TTL of BSR

messages is 1. So they are not routed. When a multicast router receives the
message, it will do an RPF check on the source address of the BSR and will
resend the message on all other PIM-enabled interfaces.
The BSR messages will contain information about the BSR and the RP-to-
group mappings.
Above we have a small network with six routers. R3 is the BSR and sends
BSR messages on its interfaces. All other routers will re-send these messages.
There can be only one active BSR in the network. There can be more than one
BSR router in a network. The BSR router with the highest priority will become
the active BSR.
Refer the above figure:
When a network is initiated, all the routers including candidate RPs will
receive a BSR message. Since it is the first BSR message, it will not have any RP-
to-group mappings data. Candidate RPs also learned the source address of the

BSR. Now Candidate RPs will start sending their RP announcement packets to
the unicast IP address of the BSR (3.3.3.3).
Once the BSR receives the RP announcements, it will build a list of all RPs and
the multicast groups they want to serve. This is called the group-to-RP mapping
set. The BSR will then include this list in its next BSR messages, so that all
multicast routers in the network receive it.
RP Selection: The multicast routers will receive multiple group-to-rp mapping

sets from the BSR and they’ll have to select the best RP from this list. When you
have multiple RPs then it’s very likely that you have multiple RPs that want to
serve the same multicast groups. When two RPs advertise the exact same groups
then the network will prefer the RP with the highest priority.
Multicast PIM Designated Router: The DR is the router that will forward the
PIM join message from the receiver to the RP (rendezvous point).
Above we see a small network with 4 routers. R1 is our RP and R4 is a

receiver. As you can see R2, R3 and R4 are connected to the same multi-access
network (switch). When R4 sends a PIM join message both R2 and R3 would

receive it and forward it to R1. This would mean that we have 2 multicast streams
which results in duplicate packets and wasted bandwidth.
To mitigate this issue, PIM-SM will elect only one Designated Router (DR) from
R2 and R3. In this, R3 has been elected as the Designated router on this
segment. Because by default the highest IP address will determine who
becomes the PIM DR. DR priority can be changed using suitable configuration.

CHAPTER – 09 VRRP, HSRP & GLBP
CHAPTER-9
PROTOCOLS
9.1. VRRP
High availability (HA) protocols are used in networking to ensure continuous

and uninterrupted operation of network services and applications, even in the
event of hardware failures, software issues, or network disruptions. These
protocols facilitate seamless failover and redundancy mechanisms, enabling
organizations to maintain service availability, minimize downtime, and ensure
reliability for critical network infrastructure.
VRRP is an open standard protocol, which is used to provide redundancy

in a network by ensuring continuous availability of the default gateway for local
hosts. It is a network layer protocol (protocol number-112). VRRP allows multiple
routers (group members) to act as a single virtual logical router. If one router
fails, another group member takes over the responsibility of forwarding traffic.
Some important terms related to VRRP:
Virtual IP address: A virtual IP (VIP) address in VRRP is an IP address shared

among multiple routers participating in a VRRP group. Virtual IP address shall
be an IP from the local subnet. It is configured as a default gateway for all the

local hosts, ensuring that hosts on the LAN can communicate directly with the
virtual IP address.
VRID (Virtual Router Identifier): VRID is a numeric identifier used to

identify VRRP groups within a network. Each VRRP group on the network must
have a unique VRID. Its values range from 1 to 255, allowing for up to 255 VRRP
groups within a network. VRID 0, as it has special significance (reserved for
configuration messages) shall not be used. All routers participating in a VRRP
group must be configured with the same VRID. Keep track of VRID assignments
and document them appropriately. This helps ensure consistency and simplifies
troubleshooting and maintenance tasks in the future.
Master router: One of the VRRP group members is elected as master router.
Routers in the group participate in an election process to determine the master
router. The master router is elected on the basis of priority. If the priority is the
same (by default 100) then the router having the highest IP address will become
the master router. Administrators can manually configure the priority value for
each router within the VRRP group. Once the master router is elected, it assumes
the responsibility of forwarding traffic destined for the virtual IP address
associated with the VRRP group. Hosts on the LAN send packets to the virtual
IP address, assuming it to be their default gateway. The master router receives
these packets and forwards them to their destinations as required.
Backup routers: Only one of the VRRP group members will become the master
router while others will be back up routers. Backup routers monitor the status
of the master router. If the master router fails or becomes unreachable, the
backup router with the next highest priority value takes over as the new master
router.
Priority Preemption: When a router with a higher priority value becomes

available again after a failure, it has the option to preempt the role of the master
router. Priority preemption allows routers with higher priority values to reclaim
the role of the master router. This ensures that routers with higher priority

values are given precedence in serving as the master router. VRRP

implementations may include a preemption delay timer, which specifies the
minimum time that must elapse after a router becomes available before it can
preempt the role of the master router. This delay helps prevent unnecessary
flapping or instability in the VRRP group caused by frequent changes in the
master router. Administrators can configure priority preemption settings,
including the preemption delay timer, to customize the behavior of VRRP
routers.
Virtual MAC address: Master router automatically generates a virtual MAC

(Media Access Control) address for the virtual IP (VIP) address associated with
the VRRP group. The virtual MAC address is derived from a predefined multicast
MAC address and the VRID (Virtual Router Identifier) associated with the VRRP
group. VRID is structured as: 00-00-5E-00-01-{VRID in Hex}. A virtual MAC
address is automatically generated by taking the last 8 bits as the VRRP group
number in hexadecimal.
For example, if the VRID assigned to a VRRP group is ‘10’, then the virtual MAC
address is 00-00-5E-00-01-0A
Master advertisement timer: This is the keep-alive messages from the master
router. The Master Advertisement Timer (MA Timer) is a timer used by the master
router in a VRRP group to periodically send VRRP advertisement messages to
announce its status as the master router. These advertisement messages are
multicast packets sent to a well-known IP multicast address (typically 224.0.0.18
for IPv4).at 224.0.0.18 in every 1 second.
Master dead timer: The Master Dead Timer (MD Timer) determines the time
duration during which a backup router waits for the master advertisement
message from the current master router. If the backup router does not receive
the master advertisement within this specified time, it assumes that the master
router is no longer operational. By default, the Master Dead Timer is set to 3.69
seconds. This means that if the backup router does not hear from the master

router for 3.69 seconds, it takes over the responsibilities of the master. The
Master Dead Timer plays a crucial role in triggering this failover process.
Object tracking: Object tracking is a powerful feature that allows routers to

dynamically adjust their priority based on the state of certain objects or
conditions. Object tracking in the context of VRRP refers to the ability to monitor
the status of certain objects or conditions, such as the availability of a specific
interface or the reachability of a particular IP address etc.
For example, let's say we have two routers configured with VRRP. Router A is the
primary router, and Router B is the backup. You can configure VRRP object
tracking on Router A to monitor the status of a specific interface (like an uplink
to an ISP) or a remote IP address (like the IP address of a critical server). If Router
A detects that the monitored object becomes unreachable, it can decrease its
VRRP priority, allowing Router B to take over as the active router. Once the object
becomes reachable again, Router A can increase its priority and potentially
reclaim its role as the active router.
By using VRRP object tracking, network administrators can ensure that failover
decisions are not based on local router state only, but also on the availability of
critical network resources. As a result, VRRP object tracking contributes to
improved network reliability and resilience, reducing the risk of downtime and
enhancing overall network performance.
Authentication: VRRP does not inherently include built-in authentication

mechanisms. However, to enhance security and prevent unauthorized routers
from participating in VRRP operations, you can implement authentication using
additional protocols or methods. VRRP supports
1. Plain Text Authentication: In this method, you can set a clear-text

password for authentication. However, plain text authentication lacks
robust security because the password is visible in VRRP messages.

2. MD5 Authentication: MD5 (Message Digest Algorithm 5) provides stronger

security. Each router in the VRRP group is configured with the same pre-
shared key. While sending a VRRP packet, the pre-shared key is combined
with the packet content, and the MD5 hashing algorithm is applied to
generate a hash value. The resulting hash value is included in the VRRP
messages sent between routers. Upon receiving a VRRP message, the
receiving router recalculates the hash value using the received packet
content and the pre-shared key it knows. If the calculated hash value
matches the one included in the VRRP message, the message is considered
authentic. If the calculated hash value does not match the one included
in the VRRP message, the message is considered invalid and is discarded.
By including the hash value in VRRP messages, routers can verify the
authenticity of messages exchanged within the VRRP group, thereby
enhancing security and preventing unauthorized routers from
participating in VRRP operations.
Simple Network Management Protocol (SNMP)

SNMP, which stands for Simple Network Management Protocol, is a widely used
protocol of application layer for managing and monitoring network devices and systems.
It allows network administrators to remotely monitor, configure, and manage network
devices such as routers, switches, servers, printers, and more, from a central management
station.
Components of SNMP
Managed Devices: These are the network devices that are being monitored or managed
using SNMP. Examples include routers, switches, servers, printers, etc.
Agents: SNMP agents are software modules running on managed devices. They collect
and store management information and make it available to SNMP managers.

Network Management System (NMS): The NMS is the central management station
responsible for monitoring and managing the managed devices. It communicates with
SNMP agents on managed devices to gather information and issue commands.
SNMP operates through a set of standardized protocol operations.
Get: The NMS requests specific data from a managed device, such as device configuration
or performance metrics.
Get Response: This is the response sent by the SNMP agent to the SNMP manager in
response to a GET request.
Set: The NMS sends instructions to a managed device to modify its configuration or
settings.
Trap/Inform: The managed device sends unsolicited messages (traps or informs) to the
NMS to notify it of specific events or conditions, such as system reboots, interface status
changes, or critical errors.

Get Next: Similar to the Get operation, but retrieves the next available data object in the
MIB (Management Information Base), which is a hierarchical database containing
managed objects representing various aspects of the device's configuration and status.
GetBulk: Retrieves a large amount of data from the MIB in a single operation, reducing
network overhead for large data requests.
Management Information Base (MIB): Management Information Base (MIB) files

are typically located on the device or system that is being managed. They are not
physically stored as separate files but rather represented within the SNMP agent software
running on the managed device. When an SNMP agent is running on a device, it contains
a database or repository of managed objects organized in a hierarchical structure
according to the MIB specifications.
The data available in a Management Information Base (MIB) can vary depending
on the specific MIB module being used, the device being managed, and the configuration
of the SNMP agent.
Here are some common types of data available in MIBs:
● System Information: Information about the managed device itself, including

its name, location, contact information, system description, and uptime.
● Network Interfaces: Details about the network interfaces on the device, such as
their status, speed, traffic statistics (e.g., packets transmitted and received), and
configuration parameters.
● Hardware Components: Information about the hardware components of the

device, including CPU usage, memory utilization, disk space, temperature, and fan
status.
● Network Protocols: Parameters and statistics related to network protocols

running on the device, such as TCP/IP, UDP, ICMP, SNMP, and routing protocols
(e.g., OSPF, BGP).
● Performance Metrics: Metrics related to the performance of the device and its
components, including bandwidth utilization, packet loss, error rates, and latency.

● Device Configuration: Configuration parameters and settings that can be read

or modified using SNMP, such as IP addresses, routing tables, VLAN
configurations, and security policies.
● Event Logs: Log entries and event notifications generated by the device,
including system events, error messages, security alerts, and administrative
actions.
● Software Modules: Information about installed software modules, running

processes, and software version numbers.
● Environmental Monitoring: Data related to the environmental conditions

surrounding the device, such as temperature, humidity, power supply status, and
physical sensor readings.
● Vendor-Specific Data: Vendor-specific extensions and proprietary

information, including device-specific parameters, custom configurations, and
manufacturer-specific features.
Versions: SNMP has evolved through different versions, including SNMPv1, SNMPv2c,
and SNMPv3. Each version offers improvements in security, performance, and
functionality. While SNMPv2c remains prevalent due to its simplicity and backward
compatibility,
SNMPv3 is increasingly being adopted, especially in environments where security is a top

priority. It introduces strong authentication, encryption, and access control mechanisms
to address the security shortcomings of earlier versions. Although SNMPv3 provides
enhanced security, its adoption has been slower due to the complexity of configuration
and the need for SNMP agents and management systems to support the new security
features.
INTERNET CONTROL MESSAGE PROTOCOL(ICMP)
The Internet Control Message Protocol (ICMP) is a network layer protocol that
provides a means for devices to send error messages and operational information, such
as diagnostics or route-change information, between hosts on an IP network. ICMP is an
integral part of the Internet Protocol Suite (TCP/IP).

Here are some key aspects of ICMP:
Error Reporting: ICMP is primarily used for reporting errors in packet processing. For
example, if a router encounters a problem forwarding a packet, it may send an ICMP
message back to the source indicating the nature of the problem.
Ping: "ping" utility sends ICMP Echo Request messages to a destination host and waits
for ICMP Echo Reply messages. This is used to test whether a host is reachable and to
measure round-trip time (RTT) between hosts.
Traceroute: The traceroute utility sends out a series of packets, typically using ICMP
echo requests to the destination host.
The first packet sent has a TTL value of 1. When this packet reaches the first router along
the path, the TTL is decremented to 0, and the router discards the packet. The router then

sends an ICMP Time Exceeded message back to the source indicating that the packet's
TTL expired.
The traceroute utility receives the ICMP Time Exceeded message and records the IP
address of the router that sent it. This IP address represents the first hop on the path to
the destination.
The traceroute utility then sends another packet, this time with a TTL value of 2. This
packet reaches the first router, which decrements the TTL to 1 and forwards the packet to
the next router along the path. When the TTL reaches 0, the second router sends an ICMP
Time Exceeded message back to the source, and its IP address is recorded by the
traceroute utility.
This process is repeated with increasing TTL values until the packet reaches the
destination host. When the destination host receives the packet, it responds with an ICMP
Port Unreachable message, indicating that the packet has reached its destination.
By analyzing the sequence of IP addresses received in response to the packets sent with
increasing TTL values, the traceroute utility can determine the path taken by packets from
the source to the destination. This information is useful for diagnosing network
connectivity issues, identifying routing problems etc.
While ICMP is essential for troubleshooting and managing IP networks, it can also
be misused for various attacks, such as ICMP flooding attacks or ICMP redirect attacks.
Therefore, network administrators often configure firewalls and routers to filter ICMP
messages to mitigate potential security risks.

DYNAMIC HOST CONFIGURATION PROTOCOL(DHCP)

The Dynamic Host Configuration Protocol (DHCP) is a network management
protocol used on IP networks to dynamically assign IP addresses and other network
configuration parameters like Subnet Mask, Default Gateway, DNS Server Addresses, etc
to devices. DHCP simplifies the process of network configuration.
How DHCP works:
● DHCP service can be enabled on various devices within a network, including
servers, routers, and layer 3 switches (Some layer 3 switches support DHCP server
functionality).
● DHCP service shall be enabled in one or more devices mentioned above.
● When a device (referred to as a DHCP client) connects to a network, it sends out a
broadcast message called a DHCP discover message to discover DHCP servers
available on the network.
● DHCP servers on the network receive the DHCP discover message and respond
with a DHCP offer message. The offer includes an available IP address from the
DHCP server's pool of addresses and other configuration parameters. If multiple
DHCP servers are available, the client may receive multiple offers to choose from.
● The DHCP client selects the offered IP addresses and sends a DHCP request
message to the DHCP server requesting the offered IP address and configuration
parameters.
● The DHCP server acknowledges the request by sending a DHCP acknowledge
(ACK) message to the client, confirming the lease of the IP address and providing
the configuration parameters.

● The DHCP client now has an IP address and other configuration settings for a
limited time period, known as the lease duration. During this time, the client can
use the assigned IP address and communicate on the network.
● Before the lease expires, the DHCP client can request to renew its lease with the
DHCP server. If the lease is not renewed, the IP address is released back to the
DHCP server for reuse by other clients.
● DHCP servers maintain a pool of available IP addresses and manage address
allocation to clients, ensuring efficient utilization of available addresses and
preventing address conflicts. Administrators can configure various settings on the
DHCP server, such as the size of the address pool, lease duration, and network
configuration parameters to be provided to clients.
DOMAIN NAME SYSTEM
DNS was designed with the primary function of resolving hostnames to IP

addresses. Without DNS on a network or even the internet, we will need to know and
remember all the IP addresses of each server and device we want to access.
DNS servers are devices that contain various records that are mapped with an
associated IP address for domain names. There are many publicly available DNS servers
on the internet.
● When a user inputs a domain name (e.g., "example.com") into a web browser or
any other application.
● The system first checks its local DNS cache (a temporary storage of recent DNS
lookups - operating systems, such as Windows, macOS, and Linux, maintain a local
DNS cache) to see if it has the IP address associated with the domain name.
● If found, the IP address is used, and the process ends here.
● If the IP address is not found in the local cache, the operating system sends a DNS
query to a DNS resolver.
● The DNS resolver is typically provided by the internet service provider (ISP), a
network administrator, or a third-party DNS resolver service (like Google DNS or
OpenDNS).
● The resolver sends the IP address(es) back to the requesting application or device.

ATSEP CBTA
NON-PLI
DATA
COMMUNICATION
NETWORKING, CYBER
SECURITY AND LINUX
Contents
 INTRODUCTION TO DATA COMMUNICATION

 INTRODUCTION TO TCP/IP
 CLASSIFICATION OF NETWORK &NETWORK DEVICES
 LOOP AVOIDANCE IN LAN
 IP ADDRESSING & SUBNETTING
 IP ROUTING
 VLAN
 IP MULTICAST
 PROTOCOL
AAI/ANS/CNS/CATC/2024/NON-PLI
सी.ए.टी.सी., प्रयागराज TRNG/DATA COMMUNICATION
NETWORKING/CYBER-SECURITY/
LINUX/MOD 1/Ver.1.0
C.A.T.C., PRAYAGRAJ

Module 1 DCN

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Module 1 DCN

Uploaded by

Copyright:

Available Formats

As per ICAO DOC 9868

and DOC 10057

Competency Based Training and Assessment for

Training Quality Policy

“To develop the human

Module Doc No. AAI/CATC/CNS/DCN/CYBER-SECURITY/LINUX/NPLI

This handout on “Data Communication Networking, Cyber Security and Linux” is

This handout is intended to be kept up to date. It will be amended periodically as new

Errors, if any or suggestions, if brought to the notice of undersigned would be highly

GM (CNS)/ Head of ATSEP training

Civil Aviation Training College, India

Civil Aviation Training College, India

1.1 Communications Model

Source Transmitt Transmission Receiver Destinati

Fig: General Block Diagram

Public Telephone network

Computer Modem Modem Computer

Fig: Communication through public network

The key elements of the model are

⮚ Source: This device generates the data to be transmitted; examples are

Civil Aviation Training College, India Page 1

⮚ Transmitter: Usually, the data generated by a source system are not

⮚ Destination: Takes electromagnetic signals that can be transmitted

⮚ Transmission System: This can be single transmission line or a complex

Information to be exchanged is done in the form of data. This data are in

In data communications, text is represented as a bit pattern, a sequence of

Civil Aviation Training College, India Page 2

⮚ ASCII: The American Nationals Standard Institute (ANSI) developed a code

⮚ EBCDIC: IBM’s 8-bit code Extended Binary-Coded-Decimal Interchange

⮚ Unicode: Neither of the foregoing represents symbols belonging to

The International Standard Organization, known as ISO, has designed a code

Civil Aviation Training College, India Page 3

to binary numbers. The reason is to simplify mathematical operations on

Video can be produced either as a continuous entity (e.g., by a TV camera),

Civil Aviation Training College, India Page 4

1.8 Data Communication Networking

In point-to-point connection two devices are connected through a dedicated link.

Civil Aviation Training College, India Page 5

Fig: Multi-point connection

Network topology can be classified as:

Civil Aviation Training College, India Page 6

Tree Topology: It is also known as Extended Star Topology wherein central

1.10 Protocols & Standards

Civil Aviation Training College, India Page 7

how is it communicated, and when it is communicated. The key elements of a

Civil Aviation Training College, India Page 8

How do network protocols and standards relate?

Why are network protocols and standards important?

Civil Aviation Training College, India Page 9

communicate effectively. When communication is simple (e.g. – Face to Face) we

Civil Aviation Training College, India Page 10

Civil Aviation Training College, India Page 11

Reference Model in Computer Networking

Civil Aviation Training College, India Page 12

Seven Layers of the OSI Model

1. Application Layer: Provides Network Services to various

Civil Aviation Training College, India Page 13

2. TCP/IP (DoD Model)

The DoD model is basically a condensed version of the OSI model—it’s

Fig 2 .1 The DoD and OSI models

Civil Aviation Training College, India Page 14

The original TCP/IP protocol suite was defined as four software

Civil Aviation Training College, India Page 15

The physical address / Layer 2 Hardware address / MAC address, is the