5.0 Chapter Introduction 5.0.1 Chapter Introduction Page ! We have seen how network appcatons and servces on one end devce can communcate wth appcatons and servces runnng on another end devce. Next, as shown n the gure, we w consder how ths data s communcated across the network - from the orgnatng end devce (or host) to the destnaton host - n an emcent way. The protocos of the OSI mode Network ayer specfy addressng and processes that enabe Transport ayer data to be packaged and transported. The Network ayer encapsuaton aows ts contents to be passed to the destnaton wthn a network or on another network wth mnmum overhead. Ths chapter focuses on the roe of the Network ayer - examnng how t dvdes networks nto groups of hosts to manage the ow of data packets wthn a network. We aso consder how communcaton between networks s factated. Ths communcaton between networks s caed routng. Learning O"#e$ti%es Upon competon of ths chapter, you w be abe to: Identfy the roe of the Network ayer as t descrbes communcaton from one end devce to another end devce. Examne the most common Network ayer protoco, Internet Protoco (IP), and ts features for provdng connectoness and best-ehort servce. Understand the prncpes used to gude the dvson, or groupng, of devces nto networks. Understand the herarchca addressng of devces and how ths aows communcaton between networks. Understand the fundamentas of routes, next-hop addresses, and packet forwardng to a destnaton network. 5&'& - C(apter Introdu$tion The dagram depcts the O S I mode wth the Network Layer hghghted. A man sttng at a PC s shown wth data owng down the seven ayers of the O S I ayers from the Appcaton Layer to the Physca Layer. The Physca Layer s connected to a group of nterconnected routers. Data s owng from the routers to a PC at the Appcaton Layer. As data s communcated, devces use the Transport Layer to connect processes, and the Network Layer enabes devces to reach each other. 5.1 IPv4 5.1.1 Network Layer - Communication from Hot to Hot Page ! )(e Network layer* or OSI Layer +* pro%ides ser%i$es to ex$(ange t(e indi%idual pie$es o, data o%er t(e network "etween identi-ed end de%i$es& To accompsh ths end-to-end transport, Layer 3 uses four basc processes: Addressng Encapsuaton Routng Decapsuaton )(e animation in t(e -gure demonstrates t(e ex$(ange o, data& Addressing Frst, the Network ayer must provde a mechansm for addressng these end devces. If ndvdua peces of data are to be drected to an end devce, that devce must have a unque address. In an IPv4 network, when ths address s added to a devce, the devce s then referred to as a host. En$apsulation Second, the Network ayer must provde encapsuaton. Not ony must the devces be dented wth an address, the ndvdua peces - the Network ayer PDUs - must aso contan these addresses. Durng the encapsuaton process, Layer 3 receves the Layer 4 PDU and adds a Layer 3 header, or abe, to create the Layer 3 PDU. When referrng to the Network ayer, we ca ths PDU a packet. When a packet s created, the header must contan, among other nformaton, the address of the host to whch t s beng sent. Ths address s referred to as the destnaton address. The Layer 3 header aso contans the address of the orgnatng host. Ths address s caed the source address. After the Network ayer competes ts encapsuaton process, the packet s sent down to the Data Lnk ayer to be prepared for transportaton over the meda. .outing Next, the Network ayer must provde servces to drect these packets to ther destnaton host. The source and destnaton hosts are not aways connected to the same network. In fact, the packet mght have to trave through many dherent networks. Aong the way, each packet must be guded through the network to reach ts na destnaton. Intermediary de%i$es t(at $onne$t t(e networks are $alled routers& )(e role o, t(e router is to sele$t pat(s ,or and dire$t pa$kets toward t(eir destination& )(is pro$ess is known as routing& Durng the routng through an nternetwork, the packet may traverse many ntermedary devces. Each route that a packet takes to reach the next devce s caed a hop. As the packet s forwarded, ts contents (the Transport ayer PDU), reman ntact unt the destnaton host s reached. /e$apsulation Fnay, the packet arrves at the destnaton host and s processed at Layer 3. The host examnes the destnaton address to verfy that the packet was addressed to ths devce. If the address s correct, the packet s decapsuated by the Network ayer and the Layer 4 PDU contaned n the packet s passed up to the approprate servce at Transport ayer. Unke the Transport ayer (OSI Layer 4), whch manages the data transport between the processes runnng on each end host, Network layer proto$ols spe$i,y t(e pa$ket stru$ture and pro$essing used to $arry t(e data ,rom one (ost to anot(er (ost. Operatng wthout regard to the appcaton data carred n each packet aows the Network ayer to carry packets for mutpe types of communcatons between mutpe hosts. 5&& - Network Layer - Communi$ation ,rom 0ost to 0ost The anmaton depcts one host communcatng wth another through the ayers of the O S I mode. Host A sends data down the O S I mode ayers on one sde through a group of nterconnected routers and then up the O S I mode ayers on the other sde to Host B. The anmaton concentrates on the Network Layer protocos and how they forward encapsuated Transport Layer PDU's between hosts. As the anmaton progresses, the foowng occurs: Step 1. Host A sends data from ts source address 192.168.32.11 to Host B destnaton address 192.168.36.5. Step 2. Host A data s encapsuated at the Transport Layer nto a segment. Step 3. The Host A segment s encapsuated at the Network Layer nto a packet. Step 4. The Host A packet s encapsuated at the Data Lnk Layer nto a frame. Step 5. The Host A frame s transmtted on the meda as bts at the Physca Layer. Step 6. The Host A bts (ones and zeroes) trave through a group of routers n a coud to the Physca Layer of Host B. Step 7. At Host B, the bts are receved on the meda at the Physca Layer and sent to the Data Lnk Layer. Step 8. The Host B frame s decapsuated at the Data Lnk Layer nto a packet. Step 9. The Host B packet s decapsuated at the Network Layer nto a segment. Step 10. The Host B segment s decapsuated at the Transport Layer nto data and sent to the destnaton appcaton. Page 1! Network Layer Proto$ols Protocos mpemented at the Network ayer that carry user data ncude: Internet Protoco verson 4 (IPv4) Internet Protoco verson 6 (IPv6) Nove Internetwork Packet Exchange (IPX) AppeTak Connectoness Network Servce (CLNS/DECNet) The Internet Protoco (IPv4 and IPv6) s the most wdey-used Layer 3 data carryng protoco and w be the focus of ths course. Dscusson of the other protocos w be mnma. 5&& - Network Layer - Communi$ation ,rom 0ost to 0ost The anmaton depcts the O S I mode wth the Network Layer hghghted and sts Network Layer protocos as foows: - Internet Protoco verson 4 (IPv4) - Internet Protoco verson 6 (IPv6) - Nove Internetwork Packet Exchange (IPX) - AppeTak - Connectoness Network Servce (CLNS, DECnet) 5.1.! "he IP v4 Protoco# - $%amp#e Network Layer Protoco# Page ! .ole o, IP%2 As shown n the gure, the Network ayer servces mpemented by the TCP/IP protoco sute are the Internet Protoco (IP). Verson 4 of IP (IPv4) s currenty the most wdey-used verson of IP. It s the ony Layer 3 protoco that s used to carry user data over the Internet and s the focus of the CCNA. Therefore, t w be the exampe we use for Network ayer protocos n ths course. IP verson 6 (IPv6) s deveoped and beng mpemented n some areas. IPv6 w operate aongsde IPv4 and may repace t n the future. The servces provded by IP, as we as the packet header structure and contents, are speced by ether IPv4 protoco or IPv6 protoco. These servces and packet structure are used to encapsuate UDP datagrams or TCP segments for ther trp across an nternetwork. The characterstcs of each protoco are dherent. Understandng these characterstcs w aow you to understand the operaton of the servces descrbed by ths protoco. The Internet Protoco was desgned as a protoco wth ow overhead. It provdes ony the functons that are necessary to dever a packet from a source to a destnaton over an nterconnected system of networks. The protoco was not desgned to track and manage the ow of packets. These functons are performed by other protocos n other ayers. IPv4 basc characterstcs: Connectoness - No connecton s estabshed before sendng data packets. Best Ehort (unreabe) - No overhead s used to guarantee packet devery. Meda Independent - Operates ndependenty of the medum carryng the data. 5&&1 - )(e IP%2 Proto$ol - Example o, Network Layer Proto$ol The dagram depcts how the Network Layer uses TCP/IP. IP packets ow through an nternetwork consstng of routers and a network coud. TCP segments are encapsuated nto IP packets. - Connectoness - No connecton s estabshed before sendng data packets. - Best Ehort (unreabe) - No overhead s used to guarantee packet devery. - Meda Independent - Operates ndependenty of the medum carryng the data. 5.1.& "he IP v4 Protoco# - Connection#e Page ! Conne$tionless Ser%i$e An exampe of connectoness communcaton s sendng a etter to someone wthout notfyng the recpent n advance. As shown n the gure, the posta servce st takes the etter and devers t to the recpent. Connectoness data communcatons works on the same prncpe. IP packets are sent wthout notfyng the end host that they are comng. Connecton-orented protocos, such as TCP, requre that contro data be exchanged to estabsh the connecton as we as addtona eds n the PDU header. Because IP s connectoness, t requres no nta exchange of contro nformaton to estabsh an end-to-end connecton before packets are forwarded, nor does t requre addtona eds n the PDU header to mantan ths connecton. Ths process greaty reduces the overhead of IP. Connectoness packet devery may, however, resut n packets arrvng at the destnaton out of sequence. If out-of-order or mssng packets create probems for the appcaton usng the data, then upper ayer servces w have to resove these ssues. 5&&+ - )(e IP%2 Proto$ol - Conne$tionless The dagram depcts connectoness communcaton by comparng posta routes to data networks. A etter s sent by pacng t n a post box. The etter then traves by truck to the recpent. Posta Route: The sender does not know: - If the recever s present. - If the etter has arrved. - If the recever can read the etter. The recever does not know when the etter s comng. Data Network: The sender does not know: - If the recever s present. - If the packet has arrved. - If the recever can read the packet. The recever does not know when the etter s comng. 5.1.4 "he IP v4 Protoco# - 'et $(ort Page ! 3est E4ort Ser%i$e 5unrelia"le6 The IP protoco does not burden the IP servce wth provdng reabty. Compared to a reabe protoco, the IP header s smaer. Transportng these smaer headers requres ess overhead. Less overhead means ess deay n devery. Ths characterstc s desrabe for a Layer 3 protoco. The msson of Layer 3 s to transport the packets between the hosts whe pacng as tte burden on the network as possbe. Layer 3 s not concerned wth or even aware of the type of communcaton contaned nsde of a packet. Ths responsbty s the roe of the upper ayers as requred. The upper ayers can decde f the communcaton between servces needs reabty and f ths communcaton can toerate the overhead reabty requres. IP s often referred to as an unreabe protoco. Unreabe n ths context does not mean that IP works propery sometmes and does not functon we at other tmes. Nor does t mean that t s unsutabe as a data communcatons protoco. 7nrelia"le means simply t(at IP does not (a%e t(e $apa"ility to manage* and re$o%er ,rom* undeli%ered or $orrupt pa$kets& Sin$e proto$ols at ot(er layers $an manage relia"ility* IP is allowed to ,un$tion %ery e8$iently at t(e Network layer& If we ncuded reabty overhead n our Layer 3 protoco, then communcatons that do not requre connectons or reabty woud be burdened wth the bandwdth consumpton and deay produced by ths overhead. In the TCP/IP sute, the Transport ayer can choose ether TCP or UDP, based on the needs of the communcaton. As wth a ayer soaton provded by network modes, eavng the reabty decson to the Transport ayer makes IP more adaptabe and accommodatng for dherent types of communcaton. The header of an IP packet does not ncude eds requred for reabe data devery. There are no acknowedgments of packet devery. There s no error contro for data. Nor s there any form of packet trackng; therefore, there s no possbty for packet retransmssons. 5&&2 - )(e IP%2 Proto$ol - 3est E4ort The dagram depcts best ehort devery for IP. Usng the IP protoco packets are routed qucky through the network wthout ensurng devery. As a resut, some packets may be ost. As an unreabe Network Layer protoco, IP does not guarantee that a sent packets w be receved. Other protocos better manage the process of trackng packets and ensurng ther devery. 5.1.5 "he IP v4 Protoco# - )edia Independent Page ! 9edia Independent The Network ayer s aso not burdened wth the characterstcs of the meda on whch packets w be transported. IPv4 and IPv6 operate ndependenty of the meda that carry the data at ower ayers of the protoco stack. As shown n the gure, any ndvdua IP packet can be communcated eectrcay over cabe, as optca sgnas over ber, or wreessy as rado sgnas. It s the responsbty of the OSI Data Lnk ayer to take an IP packet and prepare t for transmsson over the communcatons medum. Ths means that the transport of IP packets s not mted to any partcuar medum. There s, however, one ma|or characterstc of the meda that the Network ayer consders: the maxmum sze of PDU that each medum can transport. Ths characterstc s referred to as the Maxmum Transmsson Unt (MTU). Part of the contro communcaton between the Data Lnk ayer and the Network ayer s the estabshment of a maxmum sze for the packet. The Data Lnk ayer passes the MTU upward to the Network ayer. The Network ayer then determnes how arge to create the packets. In some cases, an ntermedary devce - usuay a router - w need to spt up a packet when forwardng t from one meda to a meda wth a smaer MTU. Ths process s caed fragmenting the packet or fragmentation. Lnks RFC-791 http://www.etf.org/rfc/rfc0791.txt 5&&5 - )(e IP%2 Proto$ol - 9edia Independent The dagram depcts how IP packets can trave over dherent meda. Two PC's are connected to a group of routers n a network coud. IP packets are not concerned wth the type of meda on whch they are traveng. Varous types of nks are shown: - Lnk from PC1 to Router1 - Meda s copper Ethernet. - Lnk from Router1 to Router2 - Meda s copper sera. - Lnk from Router2 to Router3 - Meda s optca ber. - Lnk from Router3 to Router4 - Meda s copper Ethernet. - Lnk from Router4 to PC2 - Meda s wreess. 5.1.* IP v4 Packet - Packa+in+ the "ranport Layer P,- Page ! IPv4 encapsuates, or packages, the Transport ayer segment or datagram so that the network can dever t to the destnaton host. Cck the steps n the gure to see ths process. The IPv4 encapsuaton remans n pace from the tme the packet eaves the Network ayer of the orgnatng host unt t arrves at the Network ayer of the destnaton host. The process of encapsuatng data by ayer enabes the servces at the dherent ayers to deveop and scae wthout ahectng other ayers. Ths means that Transport ayer segments can be ready packaged by exstng Network ayer protocos, such as IPv4 and IPv6 or by any new protoco that mght be deveoped n the future. Routers can mpement these dherent Network ayer protocos to operate concurrenty over a network to and from the same or dherent hosts. The routng performed by these ntermedary devces ony consders the contents of the packet header that encapsuates the segment. In a cases, the data porton of the packet - that s, the encapsuated Transport ayer PDU - remans unchanged durng the Network ayer processes. Lnks RFC-791 http://www.etf.org/rfc/rfc0791.txt 5&&: - )(e IP%2 Proto$ol - Pa$kaging t(e )ransport Layer P/7 The dagram depcts how the IP packet packages the Transport Layer PDU (segment or datagram). Step 1. Transport Layer encapsuaton. The Transport Layer adds a header to the upper ayer data so that segments can be accounted for and reordered at the destnaton. Step 2. Network Layer encapsuaton. The Network Layer adds a header so that packets can be routed through compex networks and reach ther destnaton. Step 3. In the TCP/IP based network, the Network Layer PDU s the IP packet. 5.1.. IP v4 Packet Header Page ! As shown n the gure, an IPv4 protoco denes many dherent eds n the packet header. These eds contan bnary vaues that the IPv4 servces reference as they forward packets across the network. Ths course w consder these 6 key eds: IP Source Address IP Destnaton Address Tme-to-Lve (TTL) Type-of-Servce (ToS) Protoco Fragment Ohset ;ey IP%2 0eader Fields Ro over each ed on the graphc to see ts purpose. IP /estination Address The IP Destnaton Address ed contans a 32-bt bnary vaue that represents the packet destnaton Network ayer host address. IP Sour$e Address The IP Source Address ed contans a 32-bt bnary vaue that represents the packet source Network ayer host address. )ime-to-Li%e The Tme-to-Lve (TTL) s an 8-bt bnary vaue that ndcates the remanng "fe" of the packet. The TTL vaue s decreased by at east one each tme the packet s processed by a router (that s, each hop). When the vaue becomes zero, the router dscards or drops the packet and t s removed from the network data ow. Ths mechansm prevents packets that cannot reach ther destnaton from beng forwarded ndentey between routers n a routng oop. If routng oops were permtted to contnue, the network woud become congested wth data packets that w never reach ther destnaton. Decrementng the TTL vaue at each hop ensures that t eventuay becomes zero and that the packet wth the expred TTL ed w be dropped. Proto$ol Ths 8-bt bnary vaue ndcates the data payoad type that the packet s carryng. The Protoco ed enabes the Network ayer to pass the data to the approprate upper-ayer protoco. Exampe vaues are: 01 ICMP 06 TCP 17 UDP )ype-o,-Ser%i$e The Type-of-Servce ed contans an 8-bt bnary vaue that s used to determne the prorty of each packet. Ths vaue enabes a Ouaty-of-Servce (OoS) mechansm to be apped to hgh prorty packets, such as those carryng teephony voce data. The router processng the packets can be congured to decde whch packet t s to forward rst based on the Type-of-Servce vaue. Fragment O4set As mentoned earer, a router may have to fragment a packet when forwardng t from one medum to another medum that has a smaer MTU. When fragmentaton occurs, the IPv4 packet uses the Fragment Ohset ed and the MF ag n the IP header to reconstruct the packet when t arrves at the destnaton host. The fragment ohset ed dentes the order n whch to pace the packet fragment n the reconstructon. 9ore Fragments <ag The More Fragments (MF) ag s a snge bt n the Fag ed used wth the Fragment Ohset for the fragmentaton and reconstructon of packets. The More Fragments ag bt s set, t means that t s not the ast fragment of a packet. When a recevng host sees a packet arrve wth the MF = 1, t examnes the Fragment Ohset to see where ths fragment s to be paced n the reconstructed packet. When a recevng host receves a frame wth the MF = 0 and a non-zero vaue n the Fragment ohset, t paces that fragment as the ast part of the reconstructed packet. An unfragmented packet has a zero fragmentaton nformaton (MF = 0, fragment ohset =0). /on=t Fragment <ag The Don't Fragment (DF) ag s a snge bt n the Fag ed that ndcates that fragmentaton of the packet s not aowed. If the Don't Fragment ag bt s set, then fragmentaton of ths packet s NOT permtted. If a router needs to fragment a packet to aow t to be passed downward to the Data Lnk ayer but the DF bt s set to 1, then the router w dscard ths packet. Lnks: RFC 791 http://www.etf.org/rfc/rfc0791.txt For a compete st of vaues of IP Protoco Number ed http://www.ana.org/assgnments/protoco-numbers 5&&> - )(e IP%2 Pa$ket 0eader The dagram depcts the IPv4 packet header eds. Informaton s provded for seected eds. Ver. IHL Type of Servce - Data O o S prorty. Enabes the router to gve prorty to voce and network route nformaton over reguar data. Packet Length Identcaton Fag - These 3 bts represent contro ags, such as DF and MF. Fragment Ohset - These 13 bts aow a recever to determne the pace of a partcuar fragment n the orgna IP datagram. Tme to Lve - Number of hops before the packet s dropped. Ths vaue s decremented at each hop to prevent packets beng passed around the network n routng oops. Protoco - Data payoad protoco type. Indcates whether the data s a UDP datagram or TCP segment because these Transport Layer protocos manage the recept of ther PDU's dherenty. Header Checksum Source Address - IPv4 address of the host sendng the packet. Remans unchanged throughout the passage of the packet across the nternetwork. Enabes the destnaton host to respond to the source f requred. Destnaton Address - IPv4 address of the host to receve the packet. Remans unchanged throughout the passage of the packet across the nternetwork. Enabes routers at each hop to forward the packet toward the destnaton. Optons Paddng Page 1! Ot(er IP%2 0eader Fields Ro over each ed on the graphc to see ts purpose. ?ersion - Contans the IP verson number (4). 0eader Lengt( 5I0L6 - Speces the sze of the packet header. Pa$ket Lengt( - Ths ed gves the entre packet sze, ncudng header and data, n bytes. Identi-$ation - Ths ed s prmary used for unquey dentfyng fragments of an orgna IP packet. 0eader C(e$ksum - The checksum ed s used for error checkng the packet header. Options - There s provson for addtona eds n the IPv4 header to provde other servces but these are rarey used. 5&&> - )(e IP%2 Pa$ket 0eader The dagram depcts the IPv4 packet header eds n the same sequence as Dagram 1. Informaton s provded for seected eds other than those n the prevous dagram. Ver. - IP verson number. IHL - Sze of the packet header. Ths s necessary because the Optons ed means that the header sze can vary, and the protoco needs to know where the header ends and the data starts when processng the packet. Type of Servce Packet Length - Sze of entre packet, ncudng the header and data, n bytes. The packet must be a mnmum of 20 bytes (20 bytes header + 0 bytes data) and a maxmum of 65,535. Identcaton - Unquey dentes fragments of an orgna IP packet. Fag Fragment Ohset Tme to Lve Protoco Header Checksum - For error checkng the packet header. At each hop, the header checksum must be compared to the vaue of ths ed. If the header checksum does not match the cacuated checksum, the packet s dscarded. At each hop, the TTL ed s decremented. Fragmentaton s aso possbe, so the checksum has to be recacuated at each hop. Ths checksum ony appes to the header, not the encapsuated data. Source Address Destnaton Address Optons - Addtona eds to provde other servces; rarey used. Paddng Page +! )ypi$al IP Pa$ket The gure represents a compete IP packet wth typca header ed vaues. ?er = 4; IP verson. I0L = 5; sze of header n 32 bt words (4 bytes). Ths header s 5*4 = 20 bytes, the mnmum vad sze. )otal Lengt( = 472; sze of packet (header and data) s 472 bytes. Identi-$ation = 111; orgna packet denter (requred f t s ater fragmented). Flag = 0; denotes packet can be fragmented f requred. Fragment O4set = 0; denotes that ths packet s not currenty fragmented (there s no ohset). )ime to Li%e = 123; denotes the Layer 3 processng tme n seconds before the packet s dropped (decremented by at east 1 every tme a devce processes the packet header). Proto$ol = 6; denotes that the data carred by ths packet s a TCP segment . 5&&> - )(e IP%2 Pa$ket 0eader The dagram depcts a typca IPv4 packet wth exampe vaues. Ver=4 IHL=5 Type of Servce Tota Length=472 Identcaton=111 Fag=0 Fragment Ohset=0 Tme=123 Protoco=6 Header Checksum Source Address Destnaton Address Optons Data 5.! Network - ,ividin+ Hot into /roup 5.!.1 Network - 0eparatin+ Hot into Common /roup Page ! One of the ma|or roes of the Network ayer s to provde a mechansm for addressng hosts. As the number of hosts on the network grows, more pannng s requred to manage and address the network. /i%iding Networks Rather than havng a hosts everywhere connected to one vast goba network, t s more practca and manageabe to group hosts nto specc networks. Hstorcay, IP-based networks have ther roots as one arge network. As ths snge network grew, so dd the ssues reated to ts growth. To aevate these ssues, the arge network was separated nto smaer networks that were nterconnected. These smaer networks are often caed subnetworks or subnets. Network and subnet are terms often used nterchangeaby to refer to any network system made possbe by the shared common communcaton protocos of the TCP/IP mode. Smary, as our networks grow, they may become too arge to manage as a snge network. At that pont, we need to dvde our network. When we pan the dvson of the network, we need to group together those hosts wth common factors nto the same network. As shown n the gure, networks can be grouped based on factors that ncude: Geographc ocaton Purpose Ownershp 5&1& - Networks - Separating 0osts into Common @roups The dagram depcts a arge compex network wth many servers, aptops, and prnters. It provdes reasons why network desgners dvde arger networks nto smaer ones, such as geography, purpose, and ownershp. A arge network s too compex to operate and manage emcenty. Geography: The arge network s dvded nto three smaer ones based on ocaton: West Omce, East Omce, and North Omce. Varous departments are present n each ocaton, ncudng Saes, HR, Lega, and Admn. Purpose: The arge network s dvded nto three smaer ones based on purpose or departmenta functon: HR Omce, Lega Omce, and Saes Omce. Ownershp: The arge network s dvded nto three smaer ones based on types of users: Pubc Foor, Prvate Foor, and Mobe. The pubc and prvate oor areas have a arge ova surroundng them ndcatng that they are owned by a common entty. The mobe users are outsde the ova. Page 1! @rouping 0osts @eograp(i$ally We can group network hosts together geographcay. Groupng hosts at the same ocaton - such as each budng on a campus or each oor of a mut-eve budng - nto separate networks can mprove network management and operaton. Cli$k t(e @EO@.AP0IC "utton on t(e -gure& @rouping 0osts ,or Spe$i-$ Purposes Users who have smar tasks typcay use common software, common toos, and have common tramc patterns. We can often reduce the tramc requred by the use of specc software and toos by pacng the resources to support them n the network wth the users. The voume of network data tramc generated by dherent appcatons can vary sgncanty. Dvdng networks based on usage factates the ehectve aocaton of network resources as we as authorzed access to those resources. Network professonas need to baance the number of hosts on a network wth the amount of tramc generated by the users. For exampe, consder a busness that empoys graphc desgners who use the network to share very arge mutmeda es. These es consume most of the avaabe bandwdth for most of the workng day. The busness aso empoys saespersons who ony ogged n once a day to record ther saes transactons, whch generates mnma network tramc. In ths scenaro, the best use of network resources woud be to create severa sma networks to whch a few desgners had access and one arger network that a the saespersons used. Cli$k t(e P7.POSE "utton on t(e -gure& @rouping 0osts ,or Owners(ip Usng an organzatona (company, department) bass for creatng networks asssts n controng access to the devces and data as we as the admnstraton of the networks. In one arge network, t s much more dmcut to dene and mt the responsbty for the network personne. Dvdng hosts nto separate networks provdes a boundary for securty enforcement and management of each network. Cli$k t(e OANE.S0IP "utton on t(e -gure& Lnks: Network desgn http://www.csco.com/en/US/docs/nternetworkng/desgn/gude/nd2002.htm 5&1& - Networks - Separating 0osts into Common @roups The dagram depcts a smar network dvson as the prevous dagram and sts advantages of breakng a network nto manageabe segments. Geography: The arge network s dvded nto three smaer ones based on ocaton: West Omce, East Omce, and North Omce. The smpe fact of wrng together the physca network can make geographc ocaton a ogca pace to start when segmentng a network. Purpose: The voume and type of data generated by a cass of users may make t approprate to group smar users nto a network. The arge network s dvded nto two smaer ones based on purpose or departmenta functon: Art Department - Contans vdeo deveopment workstatons and servers. A speech bubbe above the workstatons states: Artsts need hgh bandwdth to create vdeo. Saes Omce - Contans a aptop connected to a server. A speech bubbe above the aptop states: Saespeope need 100% reabty and speed. Ownershp: Groupng hosts nto networks based on ownershp can enhance data securty. The network s dvded nto two segments: corporate records and pubc web ste. An externa user s attemptng to access es n both ocatons. A rewa at the corporate records ocaton has an X on t, and the text states: STOP! No entry to the pubc. A speech bubbe above the servers states: We own these servers. A rewa at the pubc web ste ocaton has text that states: Enter wth permsson. A speech bubbe above the servers states: We own these servers. 5.!.! 1hy 0eparate Hot Into Network2 - Performance Page ! As mentoned prevousy, as networks grow arger they present probems that can be at east partay aevated by dvdng the network nto smaer nterconnected networks. Common ssues wth arge networks are: Performance degradaton Securty ssues Address Management Impro%ing Per,orman$e Large numbers of hosts connected to a snge network can produce voumes of data tramc that may stretch, f not overwhem, network resources such as bandwdth and routng capabty. Dvdng arge networks so that hosts who need to communcate are grouped together reduces the tramc across the nternetworks. In addton to the actua data communcatons between hosts, network management and contro tramc (overhead) aso ncreases wth the number of hosts. A sgncant contrbutor to ths overhead can be network broadcasts. A broadcast s a message sent from one host to all other hosts on the network. Typcay, a host ntates a broadcast when nformaton about another unknown host s requred. Broadcasts are a necessary and usefu too used by protocos to enabe data communcaton on networks. However, arge numbers of hosts generate arge numbers of broadcasts that consume network bandwdth. And because every other host has to process the broadcast packet t receves, the other productve functons that a host s performng are aso nterrupted or degraded. Broadcasts are contaned wthn a network. In ths context, a network s aso known as a broadcast doman. Managng the sze of broadcast domans by dvdng a network nto subnets ensures that network and host performances are not degraded to unacceptabe eves. .oll o%er OptimiBe @rouping in t(e -gure to see (ow to in$rease per,orman$e& 5&1&1 -- A(y Separate 0osts into NetworksC - Per,orman$e The dagram depcts separatng a network usng a router to mt broadcasts and mprove performance. Network Topoogy 1: Hosts PC1, PC2, PC3, and Server1 are connected to swtch S1. Hosts PC4, PC5, PC6, and Server2 are connected to swtch S2. Swtches S1 and S2 are connected to swtch S3. A devces n ths network are connected n one broadcast doman when the swtch s set to the factory defaut settngs. Because swtches forward broadcasts by defaut, broadcasts are processed by a devces n ths network. Network Topoogy 2: Hosts PC1, PC2, PC3, and Server1 are connected to swtch S1. Hosts PC4, PC5, PC6, and Server2 are connected to swtch S2. Swtches S1 and S2 are connected to router R1, whch repaces swtch S3. Repacng the mdde swtch wth a router creates two IP subnets, creatng two dstnct broadcast domans. A devces are connected, but oca broadcasts are contaned. Page 1! In ths actvty, the repacement of a swtch wth a router breaks one arge broadcast doman nto two more manageabe ones. Cli$k t(e Pa$ket )ra$er i$on to laun$( t(e Pa$ket )ra$er a$ti%ity& 5&1&1 -- A(y Separate 0osts into NetworksC - Per,orman$e Lnk to Packet Tracer Exporaton: Routers Segment Broadcast Domans In ths actvty, repacng a swtch wth a router breaks one arge broadcast doman nto two more- manageabe domans. 5.!.& 1hy 0eparate Hot Into Network2 - 0ecurity Page ! The IP-based network that has become the Internet orgnay had a sma number of trusted users n U.S. government agences and the research organzatons that they sponsored. In ths sma communty, securty was not a sgncant ssue. The stuaton has changed as ndvduas, busnesses, and organzatons have deveoped ther own IP networks that nk to the Internet. The devces, servces, communcatons, and data are the property of those network owners. Network devces from other companes and organzatons do not need to connect to ther network. Dvdng networks based on ownershp means that access to and from resources outsde each network can be prohbted, aowed, or montored. .oll o%er t(e A$$ess @ranted and A$$ess /enied "uttons on t(e -gure to see di4erent le%els o, se$urity& Internetwork access wthn a company or organzaton can be smary secured. For exampe, a coege network can be dvded nto admnstratve, research, and student subnetworks. Dvdng a network based on user access s a means to secure communcatons and data from unauthorzed access by users both wthn the organzaton and outsde t. Securty between networks s mpemented n an ntermedary devce (a router or rewa appance) at the permeter of the network. The rewa functon performed by ths devce permts ony known, trusted data to access the network. Lnks: IP network securty http://www.csco.com/en/US/docs/nternetworkng/case/studes/cs003.htm 5&1&+ - A(y Separate 0osts into NetworksC - Se$urity The dagram depcts separatng a network to provde ncreased securty and contro access from the Internet. Frewas contro access to the Admnstrator and Researcher segments of the network. Network Topoogy: On the Admnstrator and Student records segment, hosts PC1, PC2, PC3, Server1, and Server2 are connected to swtch S1. Swtch S1 s connected to router R1. Router R1 s connected to a rewa, whch s connected to the Internet. On the Researcher segment, hosts PC4, PC5, PC6, Server3, and Server4 are connected to swtch S2. Swtch S2 s connected to router R2. Router R2 s connected to a rewa, whch s connected to the Internet. Access Granted: Each user can reach servers n ts own department. Admnstrators are aowed access to Student records servers n the Admnstrator segment of the network. Researchers are aowed access to Research servers n the Research segment of the network. Access Dened: The rewas contro access between departments. Each user s bocked from reachng servers n other departments. A user from the Admnstrator segment of the network who attempts to access the Research segment s re|ected at the rewa. 5.!.4 1hy 0eparate Hot Into Network2 - 3ddre )ana+ement Page ! The Internet conssts of mons of hosts, each of whch s dented by ts unque Network ayer address. To expect each host to know the address of every other host woud mpose a processng burden on these network devces that woud severey degrade ther performance. Dvdng arge networks so that hosts who need to communcate are grouped together reduces the unnecessary overhead of a hosts needng to know a addresses. For a other destnatons, the hosts ony need to know the address of an ntermedary devce, to whch they send packets for a other destnatons addresses. Ths ntermedary devce s caed a gateway. The gateway s a router on a network that serves as an ext from that network. 5&1&2 - A(y Separate 0osts into NetworksC - Address 9anagement The dagram depcts separatng a network to provde address management. Network Topoogy 1: Hosts PC1, PC2, PC3, and PC4 are connected to swtch S1. Swtch S1 s connected to a gateway router. The gateway router s connected to a coud abeed Outsde. An externa PC s aso connected to the coud. An arrow ponts to PC1 wth text that states: Ths host has the addresses for the hosts n ts own network. An arrow ponts to the externa remote PC wth text that states: The address for ths destnaton s unknown, so packets are passed to the gateway router. Hosts do not know how to dever data to devces n a remote network. Ths s the roe of the gateway. 5.!.5 How ,o 1e 0eparate Hot Into Network2 - Hierarchica# 3ddrein+ Page ! To be abe to dvde networks, we need herarchca addressng. A herarchca address unquey dentes each host. It aso has eves that assst n forwardng packets across nternetworks, whch enabes a network to be dvded based on those eves. To support data communcatons between networks over nternetworks, Network ayer addressng schemes are herarchca. As shown n the gure, posta addresses are prme exampes of herarchca addresses. Consder the case of sendng a etter from |apan to an empoyee workng at Csco Systems, Inc. The etter woud be addressed: Employee Name Csco Systems, Inc. 170 West Tasman Drve San |ose, CA 95134 USA When a etter s posted n the country of orgn, the posta authorty woud ony ook at the destnaton country and note that the etter was destned for the U.S. No other address detas need to be processed at ths eve. Upon arrva n the U.S., the post omce rst ooks at the state, Caforna. The cty, street, and company name woud not be examned f the etter st needed to be forwarded to the correct state. Once n Caforna, the etter woud be drected to San |ose. There the oca ma carrer woud take the etter to West Tasman Drve, and then refer to the street address and dever t to 170. When the etter s actuay on Csco premses, the empoyee name woud be used to forward t to ts utmate destnaton. Referrng ony to the reevant address eve (country, state, cty, street, number, and empoyee) at each stage when drectng the etter onto the next hop makes ths process very emcent. There s no need for each forwardng stage to know the exact ocaton of the destnaton; the etter was drected n the genera drecton unt the empoyee's name was nay used at the destnaton. Herarchca Network ayer addresses work n much the same way. Layer 3 addresses suppy the network porton of the address. Routers forward packets between networks by referrng ony to the part of the Network ayer address that s requred to drect the packet toward the destnaton network. By the tme the packet arrves at the destnaton host network, the whoe destnaton address of the host w have been used to dever the packet. If a arge network needs to be dvded nto smaer networks, addtona ayers of addressng can be created. Usng a herarchca addressng scheme means that the hgher eves of the address (smar to the country n the posta address) can be retaned, wth the mdde eve denotng the network addresses (state or cty) and the ower eve the ndvdua hosts. 5&1&5 -- 0ow /o Ae Separate 0osts into NetworksC - 0ierar$(i$al Addressing The dagram depcts herarchca addressng usng a posta address. A etter from |apan s addressed to |ane Doe at 170 West Tasman Drve, San |ose, Caforna, zp code 95134, USA. The address on the enveope provdes answers to the foowng questons n a herarchca manner to factate the devery process. At each step of the devery, the post omce needs to ony examne the next herarchca eve. -Whch country? USA -Whch zp code? 95134 (San |ose) -Whch address? 170 West Tasman Drve -Whch person? |ane Doe 5.!.* ,ividin+ the Network - Network from Network Page ! If a arge network has to be dvded, addtona ayers of addressng can be created. Usng herarchca addressng means that the hgher eves of the address are retaned; wth a subnetwork eve and then the host eve. The ogca 32-bt IPv4 address s herarchca and s made up of two parts. The rst part dentes the network and the second part dentes a host on that network. Both parts are requred for a compete IP address. For convenence IPv4 addresses are dvded n four groups of eght bts (octets). Each octet s converted to ts decma vaue and the compete address wrtten as the four decma vaues separated by a dot (perod). For exampe - 192.168.18.57 In ths exampe, as the gure shows, the rst three octets, (192.168.18), can dentfy the network porton of the address, and the ast octet, (57) dentes the host. Ths s herarchca addressng because the network porton ndcates the network on whch each unque host address s ocated. Routers ony need to know how to reach each network, rather than needng to know the ocaton of each ndvdua host. Wth IPv4 herarchca addressng, the network porton of the address for a hosts n a network s the same. To dvde a network, the network porton of the address s extended to use bts from the host porton of the address. These borrowed host bts are then used as network bts to represent the dherent subnetworks wthn the range of the orgna network. Gven that an IPv4 address s 32 bts, when host bts are used to dvde a network the more subnetworks created resuts n fewer hosts for each subnetwork. Regardess of the number of subnetworks created however, a 32 bts are requred to dentfy an ndvdua host. The number of bts of an address used as the network porton s caed the prex ength. For exampe f a network uses 24 bts to express the network porton of an address the prex s sad to be /24. In the devces n an IPv4 network, a separate 32-bt number caed a subnet mask ndcates the prex. Note: Chapter 6 n ths course w cover IPv4 network addressng and subnetworkng n deta. Extendng the prex ength or subnet mask enabes the creaton of these subnetworks. In ths way network admnstrators have the exbty to dvde networks to meet dherent needs, such as ocaton, managng network performance, and securty, whe ensurng each host has a unque address. For t(e purposes o, explanation* (owe%er in t(is $(apter t(e -rst 12 "its o, an IP%2 address will "e used as t(e network portion& Lnks: Internet Assgned Numbers Authorty http://www.ana.org/ 5&1&: - /i%iding t(e Networks - Networks ,rom Networks The dagram depcts the structure of the herarchca IPv4 address. In the exampe, the 32-bt IP address 192.168.18.57 s dvded nto two parts, a network porton and host porton. The rst three octets (8 bts each) are the network porton, and the ast octet (8 bts) s the host porton. In the exampe shown, 192.168.18 s the network porton, and dot 57 s the host porton of the IPv4 address. 5.& 4outin+ - How 5ur ,ata Packet are Hand#ed 5.&.1 ,evice Parameter - 0upportin+ Communication 5utide 5ur Network Page ! Wthn a network or a subnetwork, hosts communcate wth each other wthout the need for any Network ayer ntermedary devce. When a host needs to communcate wth another network, an ntermedary devce, or router, acts as a gateway to the other network. As a part of ts conguraton, a host has a defaut gateway address dened. As shown n the gure, ths gateway address s the address of a router nterface that s connected to the same network as the host. Keep n mnd that t s not feasbe for a partcuar host to know the address of every devce on the Internet wth whch t may have to communcate. To communcate wth a devce on another network, a host uses the address of ths gateway, or defaut gateway, to forward a packet outsde the oca network. The router aso needs a route that denes where to forward the packet next. Ths s caed the next-hop address. If a route s avaabe to the router, the router w forward the packet to the next-hop router that ohers a path to the destnaton network. Lnks: RFC 823 http://www.etf.org/rfc/rfc0823.txt 5&+& - /e%i$e Parameters - Supporting Communi$ation Outside Our Network The dagram depcts how gateways enabe communcaton between networks. Network Topoogy: Hosts PC1 and PC2 are connected to swtch S1 n LAN1. Swtch S1 s connected to gateway router R1. Hosts PC3 and PC4 are connected to swtch S2 n LAN2. Swtch S2 s connected to gateway router R2. Gateway router R1 at the edge of LAN1 s connected to gateway router R2 at the edge of LAN2. LAN1 IP Addressng: PC1 IP address: 192.168.2.30/24 PC2 IP address: 192.168.2.31/24 Gateway Router R1: 192.168.2.1/24 LAN2 IP Addressng: PC3 IP address: 192.168.3.4/24 PC4 IP address: 192.168.3.5/24 Gateway Router R1: 192.168.3.1/24 A speech bubbe for PC1 n LAN1 states: I ony know the addresses of the devces n my network. If I don't know that address of the destnaton devce, I send the packet to the gateway address by defaut. 5.&.! IP Packet - Carryin+ ,ata $nd to $nd Page ! As you know, the roe of the Network ayer s to transfer data from the host that orgnates the data to the host that uses t. Durng encapsuaton at the source host, an IP packet s constructed at Layer 3 to transport the Layer 4 PDU. If the destnaton host s n the same network as the source host, the packet s devered between the two hosts on the oca meda wthout the need for a router. However, f the destnaton host and source host are not n the same network, the packet may be carryng a Transport ayer PDU across many networks and through many routers. As t does, the nformaton contaned wthn s not atered by any routers when forwardng decsons are made. At each hop, the forwardng decsons are based on the nformaton n the IP packet header. The packet wth ts Network Layer encapsuaton aso s bascay ntact throughout the compete process, from the source host to the destnaton host. If communcaton s between hosts n dherent networks, the oca network devers the packet from the source to ts gateway router. The router examnes the network porton of the packet destnaton address and forwards the packet to the approprate nterface. If the destnaton network s drecty connected to ths router, the packet s forwarded drecty to that host. If the destnaton network s not drecty connected, the packet s forwarded on to a second router that s the next-hop router. The packet forwardng then becomes the responsbty of ths second router. Many routers or hops aong the way may process the packet before reachng the destnaton. Cli$k t(e steps on t(e -gure to ,ollow t(e pat( o, t(e IP pa$ket& Lnks: RFC 791 http://www.etf.org/rfc/rfc0791.txt RFC 823 http://www.etf.org/rfc/rfc0823.txt 5&+&1 - IP Pa$kets - Carrying /ata End to End The dagram depcts how IP packets are routed. Network Topoogy: - Hosts PC1 and PC2 are connected to swtch S1 n LAN1 (network 192.168.2.0/24). - Swtch S1 s connected to router R1. - Host PC3 s connected to swtch S2 n LAN2 (network 192.168.3.0/24). - Swtch S2 s connected to router R1. - Router R1 s connected to router R3. - Host PC4 s connected to swtch S3 n LAN3 (network 192.168.4.0/24). - Swtch S3 s connected to router R2. - Router R2 s connected to router R3. - Host PC5 s connected to swtch S4 n LAN4 (network 192.168.5.0/24). - Swtch S4 s connected to router R3. Scenaro: PC2 wth IP address 192.168.2.30/24 n LAN1 needs to send a packet to destnaton PC5 wth IP address 192.168.5.6/24 n LAN4. The packet s routed as foows. Step 1: PC2 (192.168.2.30/24) asks: "Is ths packet destned for a devce on ths network? No. It s destned for devce 192.168.5.6/24, a devce on another network." Step 2: PC2 sends the packet to the router R1 gateway nterface wth IP address 192.168.2.1/24. Step 3: Router R1 asks: "Is ths packet destned for a drecty connected devce? No. Forward the packet to the next router." The packet s forwarded to router R2. Step 4: Router R2 asks: "Is ths packet destned for a drecty connected devce? No. Forward the packet to the next router." The packet s forwarded to router R3. Step 5: Router R3 asks: "Is ths packet destned for a drecty connected devce? Yes. Forward the packet to ths devce." The packet s forwarded to PC5. Step 6: The IP packet arrves at ts destnaton. The IP header s removed, and the TCP segment s passed to Layer 4 on devce PC5. 5.&.& 3 /ateway - "he 1ay 5ut of 5ur Network Page ! The gateway, aso known as the defaut gateway, s needed to send a packet out of the oca network. If the network porton of the destnaton address of the packet s dherent from the network of the orgnatng host, the packet has to be routed outsde the orgna network. To do ths, the packet s sent to the gateway. Ths gateway s a router nterface connected to the oca network. The gateway nterface has a Network ayer address that matches the network address of the hosts. The hosts are congured to recognze that address as the gateway. /e,ault @ateway The defaut gateway s congured on a host. On a Wndows computer, the Internet Protoco (TCP/IP) Propertes toos are used to enter the defaut gateway IPv4 address. Both the host IPv4 address and the gateway address must have the same network (and subnet, f used) porton of ther respectve addresses. Cli$k on t(e grap(i$ to display t(e Aindows Properties& Host gateway conguraton http://www.mcrosoft.com/technet/communty/coumns/cabeguy/cg0903.mspx 5&+&+ - A @ateway - )(e Aay Out o, Our Network The dagram depcts how each host on a partcuar LAN has the same defaut gateway address, whch s the address of the gateway nterface connected to ths network. The gateway for a Wndows PC s congured usng TCP/IP Propertes. A screenshot of the Wndows TCP/IP Propertes s shown for PC2. Network Topoogy: Hosts PC1, PC2, and PC3 are connected to swtch S1 n LAN1 (network 192.168.1.0/24). Swtch S1 s connected to gateway router R1. PC1 IP Address: 192.168.1.1/24 PC1 Gateway Address: 192.168.1.254/24 PC2 IP Address: 192.168.1.2/24 Gateway Address: 192.168.1.254/24 PC3 IP Address: 192.168.1.3/24 PC3 Gateway Address: 192.168.1.254/24 Router R1 gateway LAN nterface IP address: 192.168.1.254/24 PC2 Wndows TCP/IP Propertes Screenshot IP Address: 192.168.1.2/24 Subnet mask: 255.255.255.0 Gateway Address: 192.168.1.254/24 Page 1! Con-rming t(e @ateway and .oute As shown n the gure, the IP address of the defaut gateway of a host can be vewed by ssung the ip$on-g or route print commands at the command ne of a Wndows computer. The route command s aso used n a Lnux or UNIX host. 5&+&+ - A @ateway - )(e Aay Out o, Our Network The dagram depcts usng the Wndows p cong command to conrm gateway settngs. Sampe output shows the defaut gateway address. C:\> p cong Wndows IP Conguraton Ethernet adapter Loca Area Connecton: Connecton-specc DNS Sumx - no entry. IP Address 192.168.1.2 - IP address for ths host computer. Subnet Mask 255.255.255.0 - Loca network subnet mask. Defaut Gateway 192.168.1.254 - Defaut gateway address for ths host computer. Page +! No pa$ket $an "e ,orwarded wit(out a route& Whether the packet s orgnatng n a host or beng forwarded by an ntermedary devce, the devce must have a route to dentfy where to forward the packet. A host must ether forward a packet to the host on the oca network or to the gateway, as approprate. To forward the packets, the host must have routes that represent these destnatons. A router makes a forwardng decson for each packet that arrves at the gateway nterface. Ths forwardng process s referred to as routng. To forward a packet to a destnaton network, the router requres a route to that network. If a route to a destnaton network does not exst, the packet cannot be forwarded. The destnaton network may be a number of routers or hops away from the gateway. The route to that network woud ony ndcate the next-hop router to whch the packet s to be forwarded, not the na router. The routng process uses a route to map the destnaton network address to the next hop and then forwards the packet to ths next-hop address. Lnks: RFC 823 http://www.etf.org/rfc/rfc0823.txt 5&+&+ - A @ateway - )(e Aay Out o, Our Network The dagram depcts a smpe network wth two routers. The contents of the oca routng tabe for one of the routers s expanded. Network Topoogy: The oca router R1 nterface wth IP address 192.168.1.1/24 s connected to the remote router R2 nterface wth IP address 192.168.1.2/24. Router R2 aso has two oca networks connected on two of ts other nterfaces: network 10.1.1.0/24 and network 10.1.2.0/24. The R1 oca router routng tabe contans the foowng: Destnaton network: 10.1.1.0/24 Next hop address: 192.168.1.2 Destnaton network: 10.1.2.0/24 Next hop address: 192.168.1.2 Ths ndcates that for packets to reach ether the 10.1.1.0/24 or the 10.1.2.0/24 network on router R2, R1 must send the packet to the next hop, whch s R2's 192.168.1.2/24 nterface. 5.&.4 3 4oute - "he Path to a Network Page ! A route for packets for remote destnatons s added usng the defaut gateway address as the next hop. Athough t s not usuay done, a host can aso have routes manuay added through conguratons. Lke end devces, routers aso add routes for the connected networks to ther routng tabe. When a router nterface s congured wth an IP address and subnet mask, the nterface becomes part of that network. The routng tabe now ncudes that network as a drecty connected network. A other routes, however, must be congured or acqured va a routng protoco. To forward a packet the router must know where to send t. Ths nformaton s avaabe as routes n a routng tabe. The routng tabe stores nformaton about connected and remote networks. Connected networks are drecty attached to one of the router nterfaces. These nterfaces are the gateways for the hosts on dherent oca networks. Remote networks are networks that are not drecty connected to the router. Routes to these networks can be manuay congured on the router by the network admnstrator or earned automatcay usng dynamc routng protocos. Routes n a routng tabe have three man features: Destnaton network Next-hop Metrc The router matches the destnaton address n the packet header wth the destnaton network of a route n the routng tabe and forwards the packet to the next-hop router speced by that route. If there are two or more possbe routes to the same destnaton, the metrc s used to decde whch route appears on the routng tabe. As shown n the gure, the routng tabe n a Csco router can be examned wth the s(ow ip route command. Note! The routng process and the roe of metrcs are the sub|ect of a ater course and w be covered n deta there. As you know, packets cannot be forwarded by the router wthout a route. If a route representng the destnaton network s not on the routng tabe, the packet w be dropped (that s, not forwarded). The matchng route coud be ether a connected route or a route to a remote network. The router may aso use a defaut route to forward the packet. The defaut route s used when the destnaton network s not represented by any other route n the routng tabe. 5&+&2 - A .oute - )(e Pat( to a Network The dagram depcts conrmaton of the gateway and route usng the Csco I O S show p route command. Network Topoogy: Same as 5.3.3 dagram 3. The foowng s the parta routng tabe output of the show p route command for oca router R1: 10.0.0.0/24 s subnetted, 2 subnets R 10.1.1.0 |120/1| va 192.168.2.2, 00:00:08, FastEthernet0/0 R 10.1.2.0 |120/1| va 192.168.2.2, 00:00:08, FastEthernet0/0 C 192.168.2.0/24 s drecty connected, FastEthernet0/0 The next hop for networks 10.1.1.0/24 and 10.1.2.0/24 from oca router R2 s 192.168.2.2. Page 1! 0ost .outing )a"le A host creates the routes used to forward the packets t orgnates. These routes are derved from the connected network and the conguraton of the defaut gateway. Hosts automatcay add a connected networks to the routes. These routes for the oca networks aow packets to be devered to hosts that are connected to these networks. Hosts aso requre a oca routng tabe to ensure that Network ayer packets are drected to the correct destnaton network. Unke the routng tabe n a router, whch contans both oca and remote routes, the oca tabe of the host typcay contans ts drect connecton or connectons to the network and ts own defaut route to the gateway. Congurng the defaut gateway address on the host creates the oca defaut route. As shown n the gure, the routng tabe of a computer host can be examned at the command ne by ssung the netstat -r, route, or route PRINT commands. In some crcumstances, you may want to ndcate more specc routes from a host. You can use the foowng optons for the route command to modfy the routng tabe contents: route ADD route DELETE route CHANGE Lnks: RFC 823 http://www.etf.org/rfc/rfc0823.txt 5&+&2 - A .oute - )(e Pat( to a Network The dagram depcts a routng tabe on end devce PC1 after the netstat -r command s ssued. Network Topoogy: Host PC1 wth IP address 192.168.1.2 s connected to swtch S1, whch s connected to the router R1 defaut gateway 192.168.1.254. Output from the netstat -r command: Interface Lst 0x2 ...00 0f fe 26 f7 7b ... Ggabt Ethernet - Packet Scheduer Mnport Actve Routes: Network Destnaton: 0.0.0.0 Netmask: 0.0.0.0 Gateway: 192.168.1.254 Interface: 192.168.1.2 Metrc: 20 Network Destnaton: 192.168.1.0 Netmask: 255.255.255.0 Gateway: 192.168.1.2 Interface: 192.168.1.2 Metrc: 20 Defaut Gateway: 192.168.1.254 Output omtted. Note that the output shows a route to ts own oca network (192.168.1.0) and a defaut route (0.0.0.0) to the router gateway for a other networks. 5.&.5 "he ,etination Network Page ! .outing )a"le Entries The destnaton network shown n a routng tabe entry, caed a route, represents a range of host addresses and sometmes a range of network and host addresses. The herarchca nature of Layer 3 addressng means that one route entry coud refer to a arge genera network and another entry coud refer to a subnet of that same network. When forwardng a packet, the router w seect the most specc route. Returnng to the earer posta addressng exampe, consder sendng the same etter from |apan to 170 West Tasman Drve San |ose, Caforna USA. Whch address woud you use: "USA" or "San |ose Caforna USA" or "West Tasman Drve San |ose, Caforna USA" or "170 West Tasman Drve San |ose, Caforna USA"? The fourth and most specc address woud be used. However, for another etter where the street number was unknown, the thrd opton woud provde the best address match. In the same way, a packet destned to the subnet of a arger network woud be routed usng the route to the subnet. However, a packet addressed to a dherent subnet wthn the same arger network woud be routed usng the more genera entry. As shown n the gure, f a packet arrves at a router wth the destnaton address of 10.1.1.55, the router forwards the packet to a next-hop router assocated wth a route to network 10.1.1.0. If a route to 10.1.1.0 s not sted on the routng, but a route to 10.1.0.0 s avaabe, the packet s forwarded to the next-hop router for that network. Therefore, the precedence of route seecton for the packet gong to 10.1.1.55 woud be: 1. 10.1.1.0 2. 10.1.0.0 3. 10.0.0.0 4. 0.0.0.0 (Defaut route f congured) 5. Dropped 5&+&5 - )(e /estination Network The dagram depcts routng tabe entres usng the Csco I O S show p route command. 10.0.0.0/24 s subnetted, 2 subnets R 10.1.1.0 |120/1| va 192.168.2.2, 00:00:08, FastEthernet0/0 R 10.1.2.0 |120/1| va 192.168.2.2, 00:00:08, FastEthernet0/0 C 192.168.2.0/24 s drecty connected, FastEthernet0/0 In the routng tabe output, remote destnaton networks 10.1.1.0 and 10.1.2.0 and oca network 192.168.2.0 are hghghted. Packets wth destnaton host addresses n one of the network ranges shown are matched wth the next hop that eads to that network, whch n ths case s va 192.168.2.2. Page 1! /e,ault .oute A router can be congured to have a defaut route. A defaut route s a route that w match a destnaton networks. In IPv4 networks, the address 0.0.0.0 s used for ths purpose. The defaut route s used to forward packets for whch there s no entry n the routng tabe for the destnaton network. Packets wth a destnaton network address that does not match a more specc route n the routng tabe are forwarded to the next-hop router assocated wth the defaut route. Lnks: RFC 823 http://www.etf.org/rfc/rfc0823.txt 5&+&5 - )(e /estination Network The dagram depcts a routng tabe entry for a defaut route usng the Csco I O S show p route command. Gateway of ast resort s 192.168.2.2 to network 0.0.0.0 10.0.0.0/24 s subnetted, 2 subnets R 10.1.1.0 |120/1| va 192.168.2.2, 00:00:08, FastEthernet0/0 R 10.1.2.0 |120/1| va 192.168.2.2, 00:00:08, FastEthernet0/0 C 192.168.2.0/24 s drecty connected, FastEthernet0/0 S* 0.0.0.0/0 |1/0| va 192.168.2.2 In the routng tabe output, the statement: Gateway of ast resort s 192.168.2.2 to network 0.0.0.0 and the entry for the defaut destnaton network 0.0.0.0 va 192.168.2.2 are hghghted. Packets wth destnaton host addresses not n one of the network ranges are forwarded to the gateway of ast resort, whch s 192.168.2.2. 5.&.* "he Ne%t Hop - 1here the Packet /oe Ne%t Page ! A next-hop s the address of the devce that w process the packet next. For a host on a network, the address of the defaut gateway (router nterface) s the next-hop for a packets destned for another network. In the routng tabe of a router, each route sts a next hop for each destnaton address that s encompassed by the route. As each packet arrves at a router, the destnaton network address s examned and compared to the routes n the routng tabe. When a matchng route s determned, the next hop address for that route s used to forward of the packet toward ts destnaton. The router then forwards the packet out the nterface to whch the next-hop router s connected. The next-hop router s the gateway to networks beyond that ntermedate destnaton. Networks drecty connected to a router have no next-hop address because there s no ntermedate Layer 3 devce between the router and that network. The router can forward packets drecty out the nterface onto that network to the destnaton host. Some routes can have mutpe next-hops. Ths ndcates that there are mutpe paths to the same destnaton network. These are parae routes that the router can use to forward packets. Lnks: RFC 823 http://www.etf.org/rfc/rfc0823.txt 5&+&: - )(e Next 0op - A(ere t(e Pa$ket @oes Next The dagram depcts routng tabe output from the Csco I O S show p route command to focus on the next-hop entres. The foowng s output from the show p route command wth roover popup text. 10.0.0.0/24 s subnetted, 2 subnets Output ne: R 10.1.1.0 |120/1| va 192.168.2.2, 00:00:08, FastEthernet0/0 Roover text: Ths next-hop address s where the tramc destned to network 10.1.1.0/24 s sent. Next-hop address 192.168.2.2 s hghghted. Output ne: R 10.1.2.0 |120/1| va 192.168.2.2, 00:00:08, FastEthernet0/0 Roover text: Ths next-hop address s where the tramc destned to network 10.1.2.0/24 s sent. Next-hop address 192.168.2.2 s hghghted. Output ne: C 192.168.2.0/24 s drecty connected, FastEthernet0/0 Roover text: If a network s drecty connected, ony the name of the router nterface s shown. Interface FastEthernet0/0 s hghghted. 5.&.. Packet 6orwardin+ - )ovin+ the Packet "oward it ,etination Page ! Routng s done pa$ket-"y-pa$ket and (op-"y-(op. Each packet s treated ndependenty n each router aong the path. At each hop, the router examnes the destnaton IP address for each packet and then checks the routng tabe for forwardng nformaton. The router w do one of three thngs wth the packet: Forward t to the next-hop router Forward t to the destnaton host Drop t Pa$ket Examination As an ntermedary devce, a router processes the packet at the Network ayer. However, packets that arrve at a router's nterfaces are encapsuated as a Data Lnk ayer (Layer 2) PDU. As show n the gure, the router rst dscards the Layer 2 encapsuaton so that the packet can be examned. Next 0op Sele$tion In the router, the destnaton address n a packet header s examned. If a matchng route n the routng tabe shows that the destnaton network s drecty connected to the router, the packet s forwarded to the nterface to whch that network s connected. In ths case, there s no next-hop. To be paced onto the connected network, the packet has to be rst re-encapsuated by the Layer 2 protoco and then forwarded out the nterface. If the route matchng the destnaton network of the packet s a remote network, the packet s forwarded to the ndcated nterface, encapsuated by the Layer 2 protoco, and sent to the next-hop address. 5&+&> - Pa$ket Forwarding - 9o%ing t(e Pa$ket )oward Its /estination The dagram depcts how a router moves a packet toward ts destnaton when a route for the destnaton network exsts. An IP packet wth data nsde moves toward the router. It s abeed Data for network 10.1.2.0. A Data Lnk Layer 2 header and traer encapsuate the packet. The foowng are the man steps n the process. 1. The router removes the Layer 2 encapsuaton. 2. The router extracts the destnaton IP address. 3. The router checks the routng tabe for a match. 4. Network 10.1.2.0 s found n the routng tabe. 5. The router re-encapsuates the packet. 6. The packet s sent to network 10.1.2.0. Page 1! 7sing t(e /e,ault .oute As shown n the gure, f the routng tabe does not contan a more specc route entry for an arrvng packet, the packet s forwarded to the nterface ndcated by a defaut route, f one exsts. At ths nterface, the packet s encapsuated by the Layer 2 protoco and sent to the next-hop router. The defaut route s aso known as the Gateway of Last Resort. Ths process may occur a number of tmes unt the packet reaches ts destnaton network. The router at each hop knows ony the address of the next-hop; t does not know the detas of the pathway to the remote destnaton host. Furthermore, not a packets gong to the same destnaton w be forwarded to the same next-hop at each router. Routers aong the way may earn new routes whe the communcaton s takng pace and forward ater packets to dherent next-hops. Defaut routes are mportant because the gateway router s not key to have a route to every possbe network on the Internet. If the packet s forwarded usng a defaut route, t shoud eventuay arrve at a router that has a specc route to the destnaton network. Ths router may be the router to whch ths network s attached. In ths case, ths router w forward the packet over the oca network to the destnaton host. 5&+&> - Pa$ket Forwarding - 9o%ing t(e Pa$ket )oward Its /estination The dagram depcts how a router moves a packet toward ts destnaton when there s no route entry for the destnaton network, but a defaut route exsts. An IP packet wth data nsde moves toward the router. It s abeed Data for network 172.16.2.0. A Data Lnk Layer 2 header and traer encapsuate the packet. The foowng are the man steps n the process. 1. The router removes the Layer 2 encapsuaton. 2. The router extracts the destnaton IP address. 3. The router checks the routng tabe for a match. 4. Network 172.16.2.0 s not n the routng tabe, but a defaut route to 192.168.1.2 exsts. 5. The router re-encapsuates the packet. 6. The packet s sent to nterface 192.168.1.2. Page +! As a packet passes through the hops n the nternetwork, a routers requre a route to forward a packet. If, at any router, no route for the destnaton network s found n the routng tabe and there s no defaut route, that packet s dropped. IP has no provson to return a packet to the prevous router f a partcuar router has nowhere to send the packet. Such a functon woud detract from the protoco's emcency and ow overhead. Other protocos are used to report such errors. Lnks: RFC 823 http://www.etf.org/rfc/rfc0823.txt 5&+&> - Pa$ket Forwarding - 9o%ing t(e Pa$ket )oward Its /estination The dagram depcts what happens when no route entry and no defaut route for the destnaton network exst. An IP packet wth data nsde moves toward the router. It s abeed Data for network 10.1.2.0. The routng tabe entres sted are for networks 192.168.1.0, 10.3.5.0 and 11.1.3.0. Because there s no matchng address n the routng tabe and no avaabe defaut address, the IP packet s dropped. It s not forwarded and not returned. Page 2! In ths actvty, the rues (agorthms) that routers use to make decsons on how to process packets, dependng on the state of ther routng tabes when the packet arrves, are examned. Cli$k t(e Pa$ket )ra$er i$on to laun$( t(e Pa$ket )ra$er a$ti%ity& 5&+&> - Pa$ket Forwarding - 9o%ing t(e Pa$ket )oward Its /estination Lnk to Packet Tracer Exporaton: Router Packet Forwardng In ths actvty, the rues (agorthms) that routers use to make decsons on how to process packets dependng on the state of ther routng tabes when the packet arrves are examned. 5.4 4outin+ Procee7 How 4oute are Learned 5.4.1 4outin+ Protoco# - 0harin+ the 4oute Page ! Routng requres that every hop, or router, aong the path to a packet's destnaton have a route to forward the packet. Otherwse, the packet s dropped at that hop. Each router n a path does not need a route to a networks. It ony needs to know the next hop on the path to the packet's destnaton network. The routng tabe contans the nformaton that a router uses n ts packet forwardng decsons. For the routng decsons, the routng tabe needs to represent the most accurate state of network pathways that the router can access. Out-of-date routng nformaton means that packets may not be forwarded to the most approprate next-hop, causng deays or packet oss. Ths route nformaton can be manuay congured on the router or earned dynamcay from other routers n the same nternetwork. After the nterfaces of a router are congured and operatona, the network assocated wth each nterface s nstaed n the routng tabe as a drecty connected route. 5&2& - .outing Proto$ols - S(aring t(e .outes The dagram depcts usng nformaton n a routng tabe to forward a packet. Network Topoogy: The oca router R1 nterface wth IP address 192.168.2.1/24 s connected to the remote router R2 nterface wth IP address 192.168.2.2/24. Router R2 aso has two oca networks connected on two of ts other nterfaces: network 10.1.1.0/24 and network 10.1.2.0/24. An IP packet arrves at R1 destned for network 10.1.1.0. A speech bubbe for router R1 states: I want to forward ths packet so t can take the next hop toward ts destnaton. I can use the nformaton n my routng tabe to determne where to forward ths message. 5.4.! 0tatic 4outin+ Page ! Routes to remote networks wth the assocated next hops can be manuay congured on the router. Ths s known as statc routng. A defaut route can aso be statcay congured. If the router s connected to a number of other routers, knowedge of the nternetworkng structure s requred. To ensure that the packets are routed to use the best possbe next hops, each known destnaton network needs to ether have a route or a defaut route congured. Because packets are forwarded at every hop, every router must be congured wth statc routes to next hops that reect ts ocaton n the nternetwork. Further, f the nternetwork structure changes or f new networks become avaabe, these changes have to be manuay updated on every router. If updatng s not done n a tmey fashon, the routng nformaton may be ncompete or naccurate, resutng n packet deays and possbe packet oss. 5&2&1 - Stati$ .outing The dagram depcts how statc routes can be used to aow routers to forward packets. Network Topoogy: The router A nterface wth IP address 192.168.2.1/24 s connected to an nterface on router B wth IP address 192.168.2.2/24. The router B nterface wth IP address 192.168.1.1/24 s connected to an nterface on router C wth IP address 192.168.1.2/24. Router C aso has two oca networks connected on two of ts other nterfaces: network 10.1.1.0/24 and network 10.1.2.0/24. Routers A and B are congured wth routes. Router A Conguraton: Router A IP address 192.168.2.2/24 s congured manuay as the next hop for networks 10.1.1.0/24 and 10.1.2.0/24 on router C. Router B Conguraton: Router B IP address 192.168.1.2/24 s congured manuay as the next hop for networks 10.1.1.0/24 and 10.1.2.0/24 on router C. 5.4.& ,ynamic 4outin+ Page ! Athough t s essenta for a routers n an nternetwork to have up-to-date extensve route knowedge, mantanng the routng tabe by manua statc conguraton s not aways feasbe. Therefore, dynamc routng protocos are used. Routng protocos are the set of rues by whch routers dynamcay share ther routng nformaton. As routers become aware of changes to the networks for whch they act as the gateway, or changes to nks between routers, ths nformaton s passed on to other routers. When a router receves nformaton about new or changed routes, t updates ts own routng tabe and, n turn, passes the nformaton to other routers. In ths way, a routers have accurate routng tabes that are updated dynamcay and can earn about routes to remote networks that are many hops way. An exampe of router sharng routes s shown n the gure. Common routng protocos are: Routng Informaton Protoco (RIP) Enhanced Interor Gateway Routng Protoco (EIGRP) Open Shortest Path Frst (OSPF) Athough routng protocos provde routers wth up-to-date routng tabes, there are costs. Frst, the exchange of route nformaton adds overhead that consumes network bandwdth. Ths overhead can be an ssue, partcuary for ow bandwdth nks between routers. Second, the route nformaton that a router receves s processed extensvey by protocos such as EIGRP and OSPF to make routng tabe entres. Ths means that routers empoyng these protocos must have sumcent processng capacty to both mpement the protoco's agorthms and to perform tmey packet routng and forwardng. Statc routng does not produce any network overhead and paces entres drecty nto the routng tabe; no processng s requred by the router. The cost for statc routng s admnstratve - the manua conguraton and mantenance of the routng tabe to ensure emcent and ehectve routng. In many nternetworks, a combnaton of statc, dynamc, and defaut routes are used to provde the necessary routes. The conguraton of routng protocos on routers s an ntegra component of the CCNA and w be covered extensvey by a ater course.