kenics.net

Technical notes on perl, python, php, sql, cgi, c/c++, q/kdb+, unix/shell, revision control tools, data structures & algorithms, and their applications into web services and other various forms of software engineering.

computer networks

########################################### 
###    computer network  -  overview    ### 
########################################### 
 
### 
###   OSI reference model : 7 layers 
### 
 
1. physical : 
  - voltage, cable, light/electrical signal, connector, etc (transmission methods like simplex, half-duplex, duplex) 
 
2. data link : transmit "frame" between physical addresses of the NIC interfaces (of devices). tries to be error-free. frame encapsulates higher layers. 
  - it's a point-to-point protocol. i.e. your local post office delivers a package directly to your house. in contrast, international package delivery may hop across many intermediate post offices, which is not point-to-point. 
  - ARP, RARP protocols 
  there are two sub layers: 
  - MAC (media access control) 
     - data transmission medium can be coax, fiber optic, infrared, radio, etc. 
     - to standardize the way each medium can be accessed, there are common MAC layer protocols e.g  ethernet (IEEE 802.3 for 10Mbps ethernet), token ring (IEEE 802.5), FDDI 
     - suppose you have a LAN using ethernet, and another LAN using token ring. to connect the two LANs, you need "bridge" device which basically works as 'translator' of the two protocols. 
     - MAC addr is immutable uuid assigned to every hardware device, usually NIC interface. 
  - LLC (logical link control): IEEE 802.2 
     - defines how to initiate, maintain, terminate connections, how to detect error, how to share "turns" among participants, in what bits pattern, etc 
     - encapsulates upper layers. 
 
====> IEEE specifies 802.x for L1 & L2 
 
 
3. network : 
    - facilitates end-to-end communication. e.g. you just specify an address in manhattan, and ship it from a local mail box in australia, and still it gets delivered thru various middle men. 
    e.g. IP addr / DNS 
    - note the 'network' layer address is "logical" in nature, as opposed to physical. physical address of your house can be latitude/longitude, but logical addr might be apt no. street number, zip code, etc. 
    - commom L3 protocols are IPX (comes with SPX), IP (comes with TCP), ICMP (internet control msg protocl, used by ping), IGMP (internet group mgmt protocol) 
    - "router" is an L3 device 
 
4. transport 
    - flow control (notifies the receiver, tries to re-transmit if no ack, checks the message/packet sequence/order etc) 
    - common L4 protocols are SPX, TCP 
 
5. session 
    - further abstracts/virtualizes coeections of lower layers. e.g. we call "putty ssh session" which keeps one "session" once you login until you logout, but if you are idle, your session may be kept alive, but the lower layer network status may be changing/rebooting/disconnecting/refreshing etc. 
 
6. presentation 
    - presentation of byte streams (little/big endian?ASCII or UTF8 or Shift-JIS ? how to represent numeric ? IEEE float ?) 
 
7. application (i.e. service) 
    - "service" for users, like email, FTP app, browsers, network directory, "putty" for ssh terminals/sessions. 
 
 
 
### 
###   LAN MAN WAN 
### 
 
LAN - end node computers. relatively fast high bandwidth. (fast used to mean 1MBps, but now easily 1000MBps) 
MAN - interconnects LANs. usually the fastest bandwidth. but sometimes covers the functionality of LAN/WAN. 
WAN - interconnects MANs / various telecom facilities. usually the slowest bandwidth. 
 
==> nowadays, the distinction can get blurry as we more often think in terms of a holistic perspective. access control may not be LAN/WAN based, but rather just other mechanism of more peer-to-peer authentication between user(client) and service(server/resource). this leads to a decline of traditional NOS. 
 
common usages of LAN: 
- sharing resources over network across multiple nodes (like desktop computers) 
-- printer 
-- netapp filers / storage 
-- email / file transfer 
-- DB 
-- remote access 
 
==> obviously access control mechanism becomes important, e.g. somebody decides to print 1000 page document, then might block everybody else trying to use a printer. NOS (network OS) needs to control LAN in a robust way that can accommodate failover. 
 
LAN consists of: 
- computers (like desktop, laptop, servers) 
- shared services/resources (aka peripherals) like disk, printer. 
- NIC 
- cables 
- NOS / NRS (network routing software) 
 
LAN mechanism: 
- NIC 
- topology : ring, bus, star (most common) 
- access control : implemented in MAC layer, like random/centralized/distributed 
- transmission medium: fiber optic, coax wire, radio, etc 
- signal/data encoding: baseband (digital pulse), broadband (analog wave), etc as regulated by MAC layer 
 
===> obviously LAN has physical (L1,L2) & logical (L3,L4) aspects, but due to the trend of LAN/WAN all becoming one cohesive unit, the notion of LAN as a distinct logical network unit is becoming obsolete, but LAN is still very much tied to a certain geographical unit, like a building floor, etc. (generally speaking) 
 
 
 
### 
###  SLIP, CSLIP, PPP   : L2 protocols 
### 
 
LAN with ethernet is one common way to connect to the internet. another is to connect your computer to a modem. 
an old modem connects to a serial port (aka RS232) over SLIP (serial port internet protocl). 
SLIP packet encapsulates IP datagram. SLIP header is 40 bytes, considered too big, hence CSLIP (compressed SLIP), which eliminates dupe info. 
then PPP (point-to-point) protocols took over, with many advantages: 
- eliminates dupe info to reduce header/overhead size 
- supports more protocols than just IP (whereas SLIP only does IP) 
- dynamically negotiates IP addrs (whereas SLIP requires hard-code src/dst IP addrs) 
- implements LLC protocols (essentially) 
- supports CRC (cyclic redundancy check) on every frame (whereas SLIP does none) 
 
MTU (max transfer unit) : single frame max size.   e.g. ethernet v2 MTU = 1500 bytes.  PPPoE MTU is 1492 (cos 8bytes are used as PPPoE header) 
 
(ref) https://en.wikipedia.org/wiki/Maximum_transmission_unit 
 
 
### 
###  generic vocab 
### 
 
protocl VS interface: generally protocl is each layer, and interface is how diff layers interface/connects/interacts. 
service access point: available at each layer where a request is made/serviced. 
 
 
########################## 
###   physical layer   ### 
########################## 
 
### 
###  L1 services 
### 
 
- circuit establishment/release (only used in circuit switched networks) 
- bit sync 
- data processing 
  - how to receive from / send to upper layers 
  - manager receive/send bit sequence 
  - corrupt/lost data notification 
- network mgmt (loopback transmission/reception) 
- collision detection, beaconing, carrier sense (some of L2/MAC layer feature) 
 
 
### 
###  the medium 
### 
 
e.g. 
- (un)shielded twisted pair (copper wire) 
  - two insulated copper wires twisted on each other to reduce elecromagnetic induction (cross talk). each signal requires both wires. 
  - shielded means 'grounded' (the shield absorbs/disperse electromagnetic waves to the ground before they touch the wires) 
  - common user level cable is UTP  (see CAT standards by ANSI/EIA) 
 
- coax cable 
  - commonly used by TV companies to connect home/office and community antenna. 
  - used to be used for LAN/ethernet in business. 
  - shielded, designed to transmit long distance (kind of), invented by AT&T 
  - read more about the physics https://en.wikipedia.org/wiki/Coaxial_cable 
 
- fiber optic (aka optical fiber) 
  - transmit light pulse thru a glass/plastic wire(fiber) 
  - generally carries more data than conventional copper wire, and more robust against electromagnetic interference. 
  - sensitive material and thus expensive to install/maintain. 
  - commonly used for important long distance transmission. (phone lines, high end switches) 
  - single mode optic fiber: used for long distance. single ray(mode) of light. 
                             fiber core is smaller (light travels close to straight) than multi-mode optic fiber. 
  - multi mode optic fiber : transmit multi light rays simultaneously (each going thru a diff reflection angle), 
                             hence a larger fiber core than single mode. (i.e. light reflects a lot within the cable) 
                             only used for short distance (because they disperse over distance, aka "modal dispersion") 
 
(ref) https://en.wikipedia.org/wiki/Single-mode_optical_fiber   (see how the core is thinner) 
(ref) https://en.wikipedia.org/wiki/Multi-mode_optical_fiber    (see how the core is thicker) 
 
 
- radio frequency 
- infrared 
  - both RF and infrared have specs well defined (signal strength, distance, etc) 
 
====> L1 spec specifies the voltage, how to generate signal, signal strength, cable structure (material, pin layout, connectors, topology), transmission techniques like simplex, half-duplex, duplex. 
 
 
### 
###  signaling methods 
### 
 
there are two. 
 
(1) baseband 
   - bi-directional, signal can travel both directions 
   - digital pulse : cannot use modulate analog wave by amplitude/frequency/phase. only TDMA among devices to coordinate the timing to transmit (i.e. channel utilization method). 
   - full-channel : the whole bandwidth of a channel is used for a single signal, 
   - signal boost : only repeater (regen) of digital pulse. canot use amplifier 
 
(2) broadband 
   - uni-directional: needs a mechanism to facilitate both directions (send & receive) 
                      e.g. dual-physical-cable, or FDMA (2 channels within one cable) 
   - analog wave: continous non-discrete electromagnetic wave with 3 properties by which you can modulate. 
                  - amplitude (of voltage) : AM 
                  - frequency              : FM 
                  - phase                  : PM 
   - multiplexing : multi-channel multi-signal transmission on a carrier channel/signal 
   - signal boost : amplifier of analog transmission (but amplifies both signal and noise) 
 
 
==> which one is better for long distance comm ?  digital is easy to regenerate. but many techniques in broadband facilitate reliable long distance communication. 
 
 
### 
###  common UTP cable standard  (by ANSI/EIA) 
### 
 
defines cable materials, connectors, etc for UTP (ushielded twisted pair) copper cable.  usually 100 meter max length. 
 
- CAT 1 :   1Mbps  (old phone cable) 
- CAT 2 :   4Mbps  (token ring network) 
- CAT 3 :  10Mbps  (10base-t ethernet) 
- CAT 4 :  16Mbps  (token ring network) 
- CAT 5 : 100Mbps  (100base-t, fast ethernet, token ring) 
- CAT 5e:   1Gbps  (10G ethernet, gigabit ethernet) - only 55 meters 
- CAT 6 :  10Gbps  (10G ethernet, gigabit ethernet) - only 55 meters 
- CAT 6a:  same as CAT6 but more robust against electromagnetic interference 
- CAT 7 :  same as CAT6 but 100 meters 
 
 
### 
###  signal encoding 
### 
 
e.g. you transition from negative voltage to positive voltage to encode "1" and vice versa to encode "0" 
- manchester encoding 
- NRTZ (non return to zero inverted) 
- more 
 
"bit time" : aka bit duration - a length of time in which you transmit a bit 
"bit clock": aka bit synch - a mechanism for all devices in the network to synch (share) bit time 
"start/stop bit" : how to encode start & end of transmission 
"delimiter bit" : how to encode delimiter 
 
 
 
### 
###  network (physical) topology 
### 
 
(1) bus 
 
  o   o   o        #  every node is connected to a common line. 
  |   |   |        #  used for baseband where everybody gets every message by any node 
-----------        #  no loop, every node can freely join/leave without impact to topology 
|   |   |          #  easily gets congested. so usually gets split into segments connected by bridge/switch/router 
o   o   o 
 
 
(2) ring 
 
  o - o         # closed loop toplogy, i.e. joining/leaving a node can disrupt 
 /     \        # each node is a repeater 
o       o       # data travels to a single direction 
 \     /        # sometimes we see dual ring, i.e. two physical lines instead of one, which allows data travel both direction. 
  o - o 
 
 
(3) star 
 
    o        # a "hub" device (usually a switch) 
    |        # the hub can be a single point of failure, 
o - o - o    # but if it's intelligent, it can manager/control the traffic/network very efficiently 
   / \ 
  o   o 
 
 
(4) tree 
 
    o        # topologically, this is an interconnection of of multiple buses (i.e. no closed loop) 
   / \       # you can branch off of an existing network, also routing can be efficient, if done in binary search way. 
  o   o 
 / \   \ 
o   o   o 
 
 
(5) snowflake 
 
    o     o       # a star of stars where hubs are interconnected 
    |     | 
o - o --- o - o 
   / \   / \ 
  o   o o   o 
 
 
(6) mesh 
 
  o -- o      # every node is connected directly to every other node in the network 
  | \/ |      # resiliant, performant 
  | /\ |      # can be expensive/complex to manage 
  o -- o      # e.g even adding a node can be expensive if the network is already big. 
              # only makes sense when reliability is crucial, and not too many nodes (backend server cluster, WAN) 
              # usually not used in LAN 
 
 
NOTE: the above is physical topology. 
      logical topology includes 
      1. ethernet (uses bus topology) 
      2. token ring (uses single ring topology) 
      3. FDDI (uses dual ring topology) 
 
(ref) https://ccnabasics.wordpress.com/2012/08/01/network-topologies/ 
 
 
################################# 
###    Data Link Layer (L2)   ### 
################################# 
 
recall L2 consists of two sub layers: 
- MAC 
- LLC 
 
 
### 
###  MAC (media access control) 
### 
 
recall transmission "media" refers to copper wire, coaxial cable, optical fiber, RF/infrared, etc 
as the media are shared, users need to operatoe on the same access control mechanism. 
 
MAC functionality 
- how to determine media availability 
- how to initiate/end access/connection 
- how to transmit/listen for what interval, 
- (dis)assemble headers/preemble/delimiters, bit pattern, 
- flow control (buffering, etc) 
- error detection 
-- transmission error (dest not reachable, etc) 
-- frame format error (CRC error, etc) 
-- processing error (persistent frames, etc) 
- interface with L1/L3 
 
Common MAC layer protocols 
- ethernet (IEEE 802.3) : based on CSMA/CD 
- token passing 
 
if you try connec to two LANs, one based on ethernet, the other based on token passing, then you need a bridge (translator) device. 
 
 
### 
###  MAC - methods for access control 
### 
 
lets look at 3 access control methods. 
 
(1) random access control 
(2) distributed access control 
(3) central access control 
 
 
## 
##  (1) random access control 
## 
 
any node can transmit without permission. 
 
(1.1) CSMA/CD : carrier sense multiple access / collision detection 
              - used in Ethernet 
              - most common method for bus access control 
               (recall buss topology, where everything is brainlessly broadcast, so each node discards if the frame dst MAC addr is not himself) 
              - carrier sense == listen to the medium 
              -- if the medium free, then transmit 
              - collision detection : keep listening while transmitting, then detect collision 
              - obviously the more devices in the bus, the more collision, in general. 
              - 'switch' device can manage traffic more intelligently to reduce collision 
 
(1.2) slotted ring 
      - recall a ring topology 
      - every node sends a fixed lendgth slot (N-byte-length) of frame, with a bit in the header indicating "empty" or "used" 
      - if empty, the node can insert data into the payload, and fwd the frame to the next node. 
      - either dst frame marks it empty upon receipt, or fwd it along until it reaches the sender node itself who can release it (i.e. mark it empty) 
      - in theory, everybody has a fair equal random chance. 
      - note the distinction from Token Ring method which distributes token, instead of up for grab slots. 
 
(1.3) register insertion 
      - kind of like more laborate slotted ring. each frame has register space where user can put dest addr and data. 
 
## 
##  (2) distributed access control 
## 
 
access control is distributed (think of everybody taking turns) based on token or some mechanism of wait period assignment. 
 
(2.1) token passing 
 
empty frame "aka token" is distributed among nodes, and if a node receives a token, then can write the dest addr and insert datagram. 
specs define rules, like how long a node can keep the token, how can issue a new token under what conditions, etc 
there is usually a monitor node that monitors tokens. (e.g. removes corrupt tokens) 
 
example of token passing method: 
- token ring 
- ARCNET 
- FDDI 
 
(2.2) CSMA/CA  :  carrier sense multiple access / collision avoidance 
 
each node listens to see if any ongoing transmission (carrier sense), then once any existing transmission ends (or after certain idle period is observed), each node waits for a unique, predetermined length of time, then if no others started transmittion then the node can start transmitting. 
how to determine unique wait period for each node? - based on MAC addr or some kind of math. 
 
there is usually an associated collision detection/correction mechanism. 
 
## 
##  (3) central access control 
## 
 
a central/master/primary node governing access control for the rest. 
 
(3.1) polling 
 
a master node polls on each node who responds yes or no (to transmit), then the master node grants individually the right to transmit. 
this method is used when nodes are not intelligent. (not a bad thing, it may help to bring down manufacture cost of each node) 
 
(3.2) circuit switching 
 
each node sends a request to the master node "my addr is XYZ, and i want to transmit to node ABC" 
then the master node called "switch" will (reject or) establish the connection called "curcuit" between the sender node and receiver node. 
a switch can handle multiple connections concurrently. 
 
commonly used in telephone network. you dial (request) and gets connected or rejected (busy line) 
 
(3.3) TDMA  (time division multiple access) 
 
pretty much like CSMA/CA, except transmission time was determined by a central/master node in TDMA. in CSMA/CA, it was decided by distributed network nodes. 
in case the master dies, TDMA lets you implement an backup master. 
 
 
### 
###  L2 addressing 
### 
 
recall two sub layers of L2, each has its own addressing scheme 
 
(1) LLC - SAP addr     # SAP (service access point) 
(2) MAC - MAC addr 
 
 

#  (1)  SAP addr 

 
see the next LLC section notes 
 

#  (2)  MAC addr 

 
48 bits: as specified IEEE 
- first 24 bits for manfacture 
- last 24 bits for individual device (usually a NIC interface card) 
 
just like NAT global -> private IP addr translation, some LAN protocols manage/admin a 16-bit local MAC addr (not globally unique) but unlike NAT, usually if you use this local 16bit MAC addr, that device doesnt need to extend to external/public network. 
 
 
 
### 
###  LLC   (logical link control) 
### 
 
recall L2 layer consists of two sub layers 1. MAC,  2. LLC 
 
lets look at LLC  aka  IEEE 802.2 
 
LLC does two things: 
- acts as an interface (called "device driver") that binds physical (i.e. MAC layer, your NIC) to logical (L3 protocol software) 
- facilitates concurrent multiple-device multiple-protocol communication / service links. e.g. your computer may concurrently query DB, print stuff, send email, etc. 
 
on the L2 MAC side, you have "device driver" firmware installed on / run by your specific hardware (like your printer, mouse, etc). 
on the L3 NW layer side (usually IP but can be other protocol), you have some software that speaks IP installed on your workstation that uses CPU to run it. 
 
===> fortunately, IEEE 802.2 standardized LLC. so any LAN technologies (ethernet, token ring, roken bus, FDDI, etc) can follow the same LLC spec. 
 
LLC properties 
- bi-directional: e.g. (L2 -> L3)  ethernet NIC card may send frames up to L3 layer. 
                       (L3 -> L2)  L3 layer software may send packets down to MAC layer for printing paper 
- multiplex: able to bind multiple L2/MAC devices (NICs) to multiple L3/NW layer protocols 
             e.g. your laptop can connect to wired/wireless LANs, over IP or non-IP protocols. 
             e.g. your one NIC may connect to multiple other devices over LAN. 
 
### 
###  SAP (service access point) address 
### 
 
suppose you have a laptop connecting to a network, you ssh into some server to run some code. also you may separately have other program on your laptop querying a DB on the same server. i.e. physically you have a single connection (laptop NIC to server NIC) but you have multiple active channels of comm ongoing. 
 
--> so an incoming frame needs to know which application it needs to reach. 
    this is facilitated by SAP which is essentially an extention of MAC addr, as in you append service ID to MAC addr. 
 
 
an L2 frame contains two SAPs 
- SSAP : source SAP            # just like src IP addr  (this is always singular) 
- DSAP : destination SAP       # just like dst IP addr  (this can be plural if you are, for example, broadcasting) 
 
note: frame is aka PDU (protocol data unit) in LLC context 
 
if the first bit of SSAP is 0 = "command" LLC PDU 
                            1 = "response" LLC PDU 
 
### 
###  SNAP (sub network access protocol) 
### 
 
it's a mechanism for LLN to identify L3 protocols (IP, IPX, etc) to send PDU (frame) to upper layer. 
e.g. 
suppose a MAC frame arrives at a NIC card (based on MAC addr), then the NIC sends IO interrupt signal to CPU who then calls the LLC device driver. 
LLC then takes the MAC frame and processes it as PDU to send to the right DSAP / upper layer. 
 
 
### 
###  types of LLC 
### 
 
recall LLC does 2 things: 
- acts as device driver interface btwn MAC layer and L3 protocol software. 
- facilitates multi-protocol service links/connections over a single physical connection. --> there are 3 types. 
 
type 1: connectionless  (aka "datagram" service) 
       - most common 
       - least protocol overhead, no synchronization/sequencing of PDUs ==> we tend to leave this to TCP/L4 layer 
       - can use any of group/broadcast/individual SAPs 
 
type 2: connection oriented 
       - most robust 
       - establishes a one-to-one connectioin using ONLY individual SAP, to guarantee all PDUs are sent, and maintains PDU sequence 
       -- each PDU receives ACK, otherwise resent 
       -- sequence checking (suppose PDU sequence 1-9, if 4 is missing, then the receiving side discards PDU 4> and requests resend. TCP is smarter and buffers PDU>4 already received, so LLC takes longer to correct out of sequence error) 
       - most protocol overhead 
       - note you can have multiple connections (based on SAPs) over a single physical connection. (the whole point of LLC) 
 
type 3: connectionless with ack  (aka ack'ed connectionless) 
       - this is just connectionless where each PDU reception is acked 
       - no connection established, no retransmission, no sequence checking. 
 
### 
###   PDU types  (as specified in IEEE 802.2) 
### 
 
there are 3 types: 
 
         PDU type      | description 
--------------------------------------------------------------------------------------- 
Information (I-Format) | carry user data. may additionally carry LLC control info 
Supervisory (S-Format) | carry information to control LLC protocol operations 
Unencumbered(U-Format) | carry data or other special functions like initialization procedures and diagnostic sequences 
 
a PDU fram contains 
 
     field    | size 
---------------------------- 
DSAP          | 1 octet 
SSAP          | 1 octet 
control       | 1 for U-format, 2 for I/S formats 
info/data     | 0~N octets 
 
 
 
     I-format PDU 
 
bits    value 
-------------------------- 
1       0                // always 0 
2-8     send count N     // only used for sequence checking for connection oriented (type 2 LLC) 
9       poll/final       // poll aka intermediary. 0=poll, 1=final for PDU. if this bit is 1, then type 2 & 3 must reply ack 
10-16   receive count N  // only used for sequence checking for connection oriented (type 2 LLC) 
 
 
    S-format PDU 
 
bits    value 
----------------------- 
1-2     10 
3-4     funtion       // 00=received ready, 01=reject, 10=received not ready 
5-8     reserved 
9       poll/final 
10-16   receive count N 
 
 
    U-format PDU 
 
bits    value 
----------------------- 
1-2     11 
3-4     function 1 
5       poll/final 
6-8     function 2 
 
func 1 & func 2 encode 5 bit length function. lets look at the description below 
 
f1 f2 
------ 
00 000  |  UI: unencumbered info 
00 110  |  UA: unencumbered ack 
11 101  |  XID: exchange info 
00 111  |  test 
11 110  |  SABME: set async balance mode extended 
11 010  |  DM: disconnect mode 
00 010  |  DISC: disconnect 
10 001  |  FRMR: frame reject 
10 110  |  AC0: ack connectionless seq 0 
10 111  |  AC1: ack connectionless seq 1 
 
 
 
### 
###  IEEE 802.x  standards 
### 
 
IEEE standards for L1/L2 
 
e.g. 
 
802.2  : LLC 
802.3  : ethernet - CSMA/CD spec for random control LAN 
802.5  : token ring - distributed token passing LAN based on ring topology 
802.11 : wireless LAN - RF based. many derivatives. (a/b/g/n) 
802.15 : wireless PAN - personal area network. many derivatives. 802.15.1 = bluetooth,  802.15.4 = used for zigbee, mifi, etc 
 
see the full list  https://en.wikipedia.org/wiki/IEEE_802 
 
 
### 
###   10Mbps ethernet  -  CSMA/CD 
### 
 
- defined by IEEE 802.3 
- random access control method 
- shared bus topology 
 
recall out discussion from prev section: 
 
(1.1) CSMA/CD : carrier sense multiple access / collision detection 
              - most common method for bus access control 
               (recall bus topology, where everything is brainlessly broadcast, so each node discards if the frame dst MAC addr is not himself) 
              - carrier sense == listen to the medium 
              -- if the medium free, then transmit 
              - multiple access : simply means multiple devices access the same medium 
              - collision detection : keep listening while transmitting, then detect collision. (to be distinguished from collision avoidance) 
              - obviously the more devices in the bus, the more collision, in general. 
              - 'switch' device can manage traffic more intelligently to reduce collision 
 
## 
##  CSMA/CD frame format 
## 
 
preamble: - a 7-byte (56-bit) field consisting of alternating 0s and 1s, used for synchronization (timing of bits). 
          - each node listens to he medium to determine where each bit transmission begins and ends. 
          - to keep the implementation cost low, no internal clocking mechanism in NIC. 
          - instead, the devices use the actual (preamble) transmission to synchronize to the bit cycle. 
          - by having a predictable/recognizable pattern of 0s and 1s for a relatively long duration, each node can adjust its starting and ending listening points to the exact cycle of the encoding scheme. 
 
start frame delimiter : identifies the beginning of a frame. value is 10101011 
 
addressing : CSMA/CD can be implemented with either local (16 bit) or global (48 bit) addressing. 
 
length count : size of the info field, i.e. where the info field ends and the pad field begins. 
 
pad field : additional bits if necessary to ensure that the transmission time interval is long enough for all nodes to detect a collision. 
            this is related to the maximum physical length of a segment of the network. 
 
frame check sequence : CRC (cyclical redundancy check) value appended to end of frame. 
                       CRC determines frame corruption during transmission. 
 
## 
##  collision detection  &  frame padding 
## 
 
each node needs to detect when a collision occurs. if the duration of time that the collision occurs is too short for nodes far away from the collision to detect it, then those nodes will not invoke the recovery procedure. 
 
a collision is when two or more nodes simultaneously attempt transmitting bits on the medium. the electrical current on the line will be twice as high when two nodes add power to the medium. if the increase is only there for a short time it will be undetectable by nodes far away. thus, creating frame lengths that guarantee transmissions that will transverse the entire medium before they are completed ensures that all nodes will hear a collision. 
 
## 
##  frame propagation  & collision window 
## 
 
the longest distance a frame can travel is between the two farthest nodes at each end of the medium. the time it takes a frame to travel the entire length of the network is called the "propagation time". this is directly related to the maximum length specified for the cables in a segment of the network. 
 
since a frame initiated at one end of the medium could incur a collision at the other end, the longest time it takes a node to detect a possible collision is twice the propagation time (because the collision must travel all the way back to the node at the other end of the medium). this is called the "collision window" 
 
the "slot time" is the worst case time interval that a node must wait to reliably know that a collision has not occurred. the slot time is twice the propagation time plus a small incremental safety margin. 
 
CSMA/CD specifies a total medium distance of 2500 meters for each CSMA/CD sub-network (or segment). at 10Mbps transmission speed, by the time the 512th bit is transmitted, the first bit would have traveled 2500 meters. thus, any frame that does not contain 512 bits is padded with additional bits to ensure that the frame is at least 512 bits. the extra bits are placed in the pad field. 
 
## 
##  signal regeneration 
## 
 
recall CSMA/CD specifies a maximum segment length of 2500 meters. the standard also requires any transmission to be regenerated over 500 meters. repeaters are added every 500 meters to ensure the signal strength up to the maximum 2500 meters. 
 
an CSMA/CD Segment is one physical sub-network. i.e. all the nodes on the segment hear the transmissions of all the other nodes on the segment and must contend for access to the medium. segments are managed at MAC layer, therefore repeaters, which function at the physical and MAC layer for frame generation only, do not create new segments or sub-networks; they simply extend them. to create new segments or split existing ones, you need a node that operates L2 or above. 
 
## 
##  ethernet 
## 
 
originally invented by Xerox as LAN specification, later adopted by IEEE 802.3 
 
xerox original ethernet goals: 
- simplicity 
- low cost 
- compatibility (at L2 layer) 
- address flexibility (allow for single/group/broadcast addr capability) 
- high speed (10Mbps) 
- low delay (of frame transmission, at network level, as well as protocol overhead) 
- maintainability 
- layered architecture (distinction of L1 & L2) 
 
[ethernet implementation] 
- multi-access, packet-switched network using a passive broadcast medium with no central or distributed control. It has error detection but no error correction. A frame check sequence CRC value is used to identify corrupt frames but no retransmit request is generated. 
- ethernet frames are broadcast across the entire network rather than regenerate at each station like a token ring. Therefore the signal can weaken and become unintelligible if it travels over 500 meters. 
- repeaters are used to regenerate the signal when it must travel more than 500 meters. The standard specifies max distance 2500 meters, i.e. you need at least 5 repeaters. 
- repeaters will regenerate the signals received on both sides connected to it. 
- hubs can provide the same segment extensibility as repeaters by providing "multi-port" repeating capability. Instead of having an extensively elongated Ethernet segment throughout the facility interconnected with repeaters, Smaller sections of the medium can be extended from a central hub. 
 
[frame reception process] 
- incoming signal detected 
- set carrier sense on (stops the node from initiating its own transmission and passes the carrier signal to the collision detection device) 
- obtain bit synchronization (align signal detection device with the beginning of each bit transmission) 
- wait for start frame delimiter 
- begin frame reception (disregard all previously received bits and store remaining bits in NIC buffer) 
- perform FCS 
- discard frame if invalid and return to Receive Ready state 
- if valid, check destination address. Pass to LLC if address is recognized. Clear buffer and discard frame if not recognized. 
 
NOTE: if a collision is detected at any point during the reception process, the device immediately stops processing the frame and initiates the collision recovery process. 
 
[collision recovery] 
- the probability of collisions in random access method is relatively high due to the fact that two devices at the far extremes of the topology could complete their transmission initialization process at the same time and each begins transmitting before the others signal is detected. When a collision occurs, every device on the network (every device hears all transmissions including collisions) initiates its collision back-off process. Each device randomly selects the number of slot times that it waits before initiating (or re-initiating) a transmission. If a collision occurs again, the random number range slot times to wait is increased thereby decreasing the probability of another collision. 
 
this algorithm is called "binary exponential back-off". It is designed to dynamically adapt to increases in the number of stations attempting to transmit. 
 
if 16 consecutive collisions are detected, all frames waiting to be sent at all stations are rejected (NACK returned as response to the SDU) and all NIC devices return to their idle state (waiting for frame from higher level or carrier sense signal detected) 
 
collision was prolific in the early ethernet networks. but less so today, as ethernet switch device improved. (more on this later) 
 
 
### 
###  100base-t  (fast ethernet - 100Mbps) 
### 
 
ethernet has enjoyed tremendous success. While cost and simplicity were key drivers in its design and initial acceptance by the market, it was continuous performance improvements in the technology that has fueled its growth to dominance. While technology enhancements in segmentation and switching significantly improved the robustness, scalability, and performance of Ethernet, it was recognized that a gain in transmission rate would geometrically leverage all the improvements that were achieved at 10Mbps. 
 
the objective of the Fast Ethernet technology was to remain as compatible with 10BaseT as possible. This was accomplished by keeping all the functionality identical with the exception of the bit generation process. Advances in signal detection circuitry along with the lower attenuation characteristics of Cat5 twisted pair cabling allowed bit generation using a lower current. Using a lower current means the voltage transition of the signal takes less time. Less time means more bits can be generated in the same amount of time. 
 
[implementation] 
- Fast Ethernet reduced the bit time to one-tenth the bit time of 10base-t Ethernet. This allowed ten bits to be generated in the time it takes 10base to generate just 1 bit resulting in a tenfold increase in speed. 
- since all the other characteristics and functions (carrier sense, collision detection, etc) of the 10base MAC are the same (bit transmission is a physical layer function not a MAC layer one) both 10base and Fast Ethernet frames can be generated on the same shared segment. Devices that are only 10base will recognize "noise" on the network through their carrier sense mechanisms but will not be able to recognize the signal. It is however sufficient enough noise for these stations to recognize that the network is busy and will not attempt a transmission. 
- Fast Ethernet devices also recognize and support 10base transmissions (cards are identified as "10/100 Ethernet") 
 
[benefits] 
- Fast Ethernet allowed for a gradual transition to 100Mbps speed rather than requiring a wholesale swap out of all devices on the network. Some or all of the hubs and servers in the network, along with high bandwidth requirement workstations, could be upgraded to 10/100 devices while other devices requiring less bandwidth can continue at the older 10Mbps speed. 
- that made Fast Ethernet the most popular for LAN requirements. Its popularity has also resulted in significant cost reduction in Fast Ethernet components to the point where the incremental cost over 10base became insignificant. 
- another advantage is that advancements that were made in 10Mbps intermediary devices were applied at the 100Mbps speed. Hence 10/100 EtherSwitch hubs provide a tenfold increase in bandwidth management and utilization over 10Mbps EtherSwitches. 100Mbps port switched Fast Ethernet also offered an alternative to (the more expensive) FDDI as a 100MBPS backbone or back-end solution, driving the adoption of Fast Ethernet deployments for most core networks, until the advent of Gigabit Ethernet. 
- 10Base has effectively disappeared in networks over the years, and 100Base is now fading, especially in new deployments, as Gigabit Ethernet has become cheap. 
 
 
### 
###  gigabit ethernet 
### 
 
Gigabit Ethernet represents the next wave in tenfold increase Ethernet speed. Unlike Fast Ethernet however its intended purpose was mostly for backbone and backend usage, but because the costs have reduced significantly, most new NIC cards provided in laptops and desktops are now Gigabit, and even home networks are increasingly becoming Gigabit. 
 
Earlier the core networks for businesses would often be FDDI if there was a need for high reliability and fault tolerance. The cost, however, has encouraged the deployment of Fast Ethernet and now Gigabit Ethernet in the core network. Advances in redundant network configurations and reliability of devices has mitigated the need for high-fault-tolerant systems in most core networks. 
 
Since Gigabit Ethernet significantly leverages on Ethernet, companies are able to leverage their existing knowledge base to manage and maintain Gigabit networks. The modern network interface cards and devices that support Gigabit Ethernet also are compatible and interoperate with the Fast Ethernet equipment seamlessly, providing a simple migration path for IT managers and administrators. 
 
Recent advances and reduction in costs have introduced 10Gigabit Ethernet into the field as well. This is typically fiber-based and used for backbone connections and Gigabit switch to Gigabit switch connections, allowing for higher bandwidth between switches as more and more we see core switches using VLANs to overlay multiple distinct logical networks over a common core switch network. 
 

# [gigabit ethernet protocol architecture] 

In order to accelerate speeds from 100 Mbps Fast Ethernet up to 1 Gbps, several changes need to be made to the physical interface. It was decided that Gigabit Ethernet would look identical to Ethernet from the data link layer upward. The challenges involved in accelerating to 1 Gbps have been resolved by merging two technologies together: 
 
- IEEE 802.3 Ethernet 
- ANSI X3T11 FiberChannel 
 
Leveraging these two technologies means that the standard can take advantage of the existing high-speed physical interface technology of FibreChannel while maintaining the IEEE 802.3 Ethernet frame format, backward compatibility for installed media, and use of full- or half-duplex carrier sense multiple access collision detection (CSMA/CD). This scenario helps minimize the technology complexity, resulting in a stable technology that can be quickly developed. 
 

# [Gigabit Ethernet Interface Carrier] 

The Gigabit interface converter (GBIC) allows network managers to configure each gigabit port on a port-by-port basis for short-wave (SX), long-wave (LX), long-haul (LH), and copper physical interfaces (CX). LH GBICs extended the single-mode fiber distance from the standard 5 km to 10 km. As stated earlier, Gigabit Ethernet initially supports three key media: short-wave laser, long-wave laser, and short copper. In addition, fiber-optic cable comes in three types: multimode (62.5 um), multimode (50 um), and single mode. An example of an GBIC is shown in diagram 4. 
 
The FiberChannel physical medium dependent (PMD) specification currently allows for 1.062-gigabaud signaling in full duplex. Gigabit Ethernet increases this signaling rate to 1.25 Gbps. The 8B/10B encoding (to be discussed later) allows a data transmission rate of 1000 Mbps. The current connector type for FibreChannel, and therefore for Gigabit Ethernet, is the SC connector for both single-mode and multimode fiber. The Gigabit Ethernet specification calls for media support for multimode fiber-optic cable, single-mode fiber-optic cable, and a special balanced shielded 150-ohm copper cable. 
 
In contrast, Gigabit Ethernet switches without GBICs either cannot support other lasers or need to be ordered customized to the laser types required. 
 

# [Long-Wave and Short-Wave Lasers over Fiber-Optic Media] 

Two laser standards are supported over fiber: 1000BaseSX (short-wave laser) and 1000BaseLX (long-wave laser). Short- and long-wave lasers are supported over multimode fiber. Two types of multimode fiber are available: 62.5 and 50 micron-diameter fibers. Long-wave lasers are used for single-mode fiber, because this fiber is optimized for long-wave laser transmission. There is no support for short-wave laser over single-mode fiber. 
 
The key differences between the use of long- and short-wave laser technologies are cost and distance. Short-wave lasers cost less, but they transverse a shorter distance. In contrast, long-wave lasers are more expensive but they transverse longer distances. 
 
Single-mode fiber has been traditionally used in the networking cable plants to achieve long distance. In Ethernet, for example, single-mode cable ranges reach up to 10 km. Single-mode fiber, using a 9-micron core and 1300-nanometer laser, demonstrate the highest-distance technology. The small core and lower-energy laser elongate the wavelength of the laser and allow it to transverse greater distances. This setup enables single-mode fiber to reach the greatest distances of all media with the least reduction in noise. 
 
Gigabit Ethernet is supported over two types of multimode fiber: 62.5 and 50 micron-diameter fibers. The 62.5-micron fiber is typically seen in vertical campus and building cable plants and has been used for Ethernet, Fast Ethernet, and FDDI backbone traffic. This type of fiber, however, has a lower modal bandwidth (the ability of the cable to transmit light), especially with short-wave lasers. In other words, short-wave lasers over 62.5-micron fiber are able to transverse shorter distances than long-wave lasers. Relative to 62.5-micron fiber, the 50-micron fiber has significantly better model bandwidth characteristics and is able to transverse longer distances with short wave lasers. 
 

# [Gigabit Ethernet over Copper] 

Gigabit Ethernet connections were originally designed to support copper connections using special balanced cables - however, with advances in cable technology and designs, the Cat-6 cables allow for fairly simple installations of Gigabit Ethernet using patch cables much as network adminstrators had used with the other Ethernet varieties. Due to the more stringent requirements of Gigabit Ethernet, all of the wiring components must be rated to handle the higher speed or you will introduce issues with performance - this includes not only the Cat-6 cabling itself, but also the connectors used on the cable, and the connectors used on the network interfaces. 
 
There are also now Cat-6a (augmented) cables available that provide even better isolation and reduced crosstalk, allowing for longer distance runs between devices. 
 

# [Serializer/Deserializer] 

The physical media attachment (PMA) sublayer for Gigabit Ethernet is identical to the PMA for FibreChannel. The serializer/deserializer is responsible for supporting multiple encoding schemes and allowing presentation of those encoding schemes to the upper layers. Data entering the physical sublayer (PHY) will enter through the PMD and will need to support the encoding scheme appropriate to that media. The encoding scheme for FiberChannel is 8B/10B, designed specifically for fiber-optic cable transmission. Gigabit Ethernet uses a similar encoding scheme. The difference between FiberChannel and Gigabit Ethernet, however, is that FiberChannel utilizes 1.062-gigabaud signaling whereas Gigabit Ethernet utilizes 1.25-gigabaud signaling. A different encoding scheme is required for transmission over UTP. This encoding is performed by the UTP or 1000BaseT PHY. 
 

# [8B/10B Encoding] 

 
The FiberChannel FC-1 layer describes the synchronization and the 8B/10B encoding scheme. FC-1 defines the transmission protocol, including serial encoding and decoding to and from the physical layer, special characters, and error control. Gigabit Ethernet utilizes the same encoding/decoding as specified in the FC-1 layer of FiberChannel. The scheme utilized is the 8B/10B encoding. This scheme is similar to the 4B/5B encoding used in FDDI; however, 4B/5B encoding was rejected for FibreChannel because of its lack of DC balance. The lack of DC balance can potentially result in data-dependent heating of lasers because a transmitter sends more 1s than 0s, resulting in higher error rates. 
 
Encoding data transmitted at high speeds provides some advantages: 
 
Encoding limits the effective transmission characteristics, such as ratio of 1s to 0s, on the error rate 
Bit-level clock recovery of the receiver can be greatly improved by using data encoding 
Encoding increases the possibility that the receiving station can detect and correct transmission or reception errors 
Encoding can help distinguish data bits from control bits 
All these features have been incorporated into the FibreChannel FC-1 specification. 
 
In Gigabit Ethernet, the FC-1 layer takes decoded data from the FC-2 layer 8 bits at a time from the reconciliation sublayer (RS), which "bridges" the FibreChannel physical interface to the IEEE 802.3 Ethernet upper layers. Encoding takes place via an 8- to 10-bit character mapping. Decoded data comprises 8 bits with a control variable. This information is, in turn, encoded into a 10-bit transmission character. 
 
Encoding is accomplished by providing each transmission character with a name, denoted as Zxx.y. Z is the control variable that can have two values: D for Data and K for Special Character. The xx designation is the decimal value of the binary number composed of a subset of the decoded bits. The y designation is the decimal value of the binary number of remaining decoded bits. This scenario implies that there are 256 possibilities for Data (D designation) and 256 possibilities for Special Characters (K designation). However, only 12 Kxx.y values are valid transmission characters in FibreChannel. When data is received, the transmission character is decoded into one of the 256 8-bit combinations. 
 
 
### 
###  IEEE 802.11  (aka Wireless ethernet LANs) 
### 
 
- recall "wired" ethernet (802.3) uses CSMA/CD 
- 802.11 uses CSMA/CA  (collision avoidance, instead of collision detection) because in wireless LAN, the medium is air, so there is no real topology, and hard to control traffic the same way as wired network. CA in this case refers to a mechanism where all devices listen to the channel for a predetermined duration of time before transmitting, to avoid collision. but once the number of devices increase, collision still occurs. 
 
802.11    # original version, only max 1~2MBps, now obsolete, and been replaced by the subsequent derivatives 
802.11a   # 5GHz, max 54MBps, uses OFDM (orthogonal frequency division multiplexing) modulation 
802.11b   # 2.4GHz, max 11MBps, uses DSSS (direct sequence spread spectrum) modulation 
802.11g   # interoperable with 802.11b (2.4GHz) but uses OFDM (theoretical max 54MBps), 
          # but to implement this backward compatible with 802.11b, the actual thruput is only approx 22MBps 
          # note: this means, 11a & 11b can coexist, but 11b & 11g will interfere, bandwidth wise 
802.11n   # MIMO (multiple in multiple out) actually uses multiple transmission physical devices (antennas, transmitters, receivers) to use multi channels. uses both 2.4GHz & 5GHz. thruput increases, but can interfere with 11.a/b/g 
 
 
"channels" - 14 channels in 2.4GHz (used by b/g/n). but there can be local/country regulation. e.g. in the US, you can only use channel 1~11. 
           - adjacent channels still intefere, so it is common to deplay using 1,6,11 for adjacent devices. 
 
 
################################# 
###    Token Ring  &  FDDI    ### 
################################# 
 
both are MAC layer LAN technology, just like ethernet. but recall ethernet is bus topology with random access (CSMA/CD) method, while TR & FDDI are distributed access (token-based) method with ring topology. 
 
note: both TR and FDDI are obsolete. but they inspired SONET protocol which is actively used for high-availability networks for the ring topology and fault tolerance (at least one of the specific modes) 
 
### 
###  Token Ring 
### 
 
https://en.wikipedia.org/wiki/Token_ring 
 
originally implemented by IBM, then later IEEE 802.5 
at the time, it was considered distributed media access control was the way to go, more deterministic and reliable than ethernet's random access control method, but ethernet won prominence as a result of improved switching technology & data rates. 
 
## 
##  TR signaling 
## 
 
Since media access control needed to be distributed to all devices, it was recognized that a fair amount of overhead traffic associated with maintenance and control of the network would be generated. One way to minimize this overhead was to allow for the generation of two additional signals that could be interpreted as something other than a Zero or a One. Using these additional signals, a distinct control signal could be generated using significantly fewer bits than would be necessary if they were generated using the same two bits used for everything else including data. 
 
Token Ring takes advantage of "Differential Manchester Encoding" to allow for transmission of two additional control bits for a total of 4 distinct transmission values. The four bit values are 0(zero),1(one),J, and K. 
 
==> google more for details. 
 
A "J" bit is when the same polarity of the preceding bit is generated for the entire bit time. 
A "K" bit is when the opposite polarity of the preceding bit is generated for the entire bit time. 
 
This is simply one type of encoding - it was the one chosen for Token Ring, but there are some common things about encoding choice that can help us understand why encodings are chosen in different protocols - this same logic applies to the current protocols in use today: 
 
- Presence/absence of DC values. Different encoding schemes result in either no DC component, or generate a varying DC component, or further - some can be layered on top of a DC component without issue. The reasons for this are important - DC values can be added to signals that do not introduce a net DC change - this is useful for providing power along with a data signal. This can also be important for the situations where a DC value would be harmful for the application. 
 
- Encoding more than one "bit" per clock cycle. The most simple encodings result in simply one bit per "data unit" or "clock unit". This means that if you need to send control data along with application data, you would need to serialize it, provide preambles/id sequences to separate data and control, etc. Encodings like DME above allow for the data itself (1/0) but also allow control signals J and K to be applied in a single clock cycle - allowing that to be interleaved with data efficiently. Whenever these features are added, you are trading off something, whether that be clock speed, bandwidth, complexity, etc - and all of this needs to be weighed against the application and the overhead needed by a particular protocol. Some protocols need a lot more control information due to complexities in the transmission - these are the kinds of aspects that drive the ultimate decisions. 
 
- Reliability. Some encoding schemes trade off speed or bandwidth in exchange for susceptibility to noise and signal strength. The key with different encodings is typically the application - how long are the distances that are to be supported? What are the levels of noise or interference that might be present on the transmission lines? These kind of questions drive the decision for what kind of encoding would be present on any given technology. 
 
 
## 
##  TR topology 
## 
 
Token Ring is not a broadcast medium. It is a series of point to point links in a closed loop circle. 
 
The ring has to have sufficient enough delay (be long enough) to contain a complete Token capable of circulating the ring when all stations are idle. Each station on the ring adds a 1-bit delay to the ring. 
 
## 
##  TR interface 
## 
 
Each Token Ring NIC has a switch that remains in the closed position (connecting the inbound and outbound connections) when powered off. When the NIC is powered on the switch opens allowing incoming bit to be passed to the internal NIC buffer. Each bit passed to the buffer is subsequently regenerated on the outbound connection by the NIC. This is where the 1 bit delay is introduced. 
 
## 
##  token format 
## 
 
The Token is a 3 byte frame: 
 
Byte 1 = Starting Delimiter (SD) 
Byte 2 = Access Control (AC) 
Byte 3 = Ending Delimiter(ED) 
 
SD Value = JK0JK000 
ED Value = JK1JK1IE 
 
The ED "I" bit (Second bit from right) is the "Intermediate" bit. This bit is set to 1 for first and intermediate frames transmitted and set to 0 for last frame (always a zero when it is a token). 
 
The ED "E" bit (first bit from the right) is the "Error" bit. This bit is set to 0 by the station sending the frame. It is changed to a 1 by any subsequent station that detects an error in the frame. The intended receiving station (destination address is the station's address) will reject any frame with the E bit set to 1. The sending station will know an error occurred when the frame returns (again, always set to zero when it is a token). 
 
It is the responsibility of the station generating a frame to remove it from the ring when it returns. The receiving station processes the frame but does not remove it. It regenerates the frame on the ring to be returned to the sending station. 
 
AC Field = PPPTMRRR 
PPP = 3 bit priority designation of the token. Valid priorities are 0,2,4,or 6. 
T = Token Bit. Identifies a token if set to 0; a frame if set to 1. 
M = Monitor bit. Set to zero by sending station; changed to 1 by monitoring station. 
RRR = 3 bit priority request. Used by a station to request token of a lower priority. 
 
## 
##  TR frame format 
## 
 
see http://docwiki.cisco.com/wiki/Token_Ring/IEEE_802.5#Frame_Format 
 
- start delimeter 
- acess control 
- Frame control 
- dest addr 
- src addr 
- data 
- FCS (frame check sequence) 
- end delimieter 
- frame status 
 
## 
##  TR optional priority control mechanism 
## 
 
Token Ring uses the "PPP" and "RRR" bits in Access Control (AC) field to set and adjust frame priorities allowed to be transmitted. When a station receives a token it can only transmit frames that are the same or higher priority than the PPP value in the token. If that station does not have any frame > PPP but does have frames > RRR the station can change the RRR on the token to a higher level. 
 
Each Token Ring NIC maintains two sets of value registers at the MAC level to manage priorities. 
 
- Value Set 1 
-- Pm Highest priority of frame at the station waiting to be transmitted 
-- Pr Priority value of most recent repeated token or frame 
-- Rr Reserve value of most recent repeated token or frame 
 
- Value set 2 
-- Sr Old ring service priority 
-- Sx New ring service priority 
 
The old ring service priority is kept by a station whenever it changes the ring priority. After it has been serviced it changes the priority value of the ring back to the old ring priority level, unless the requested priority value of the most recent repeated frame or token (Rr) is higher than the old ring service priority (Sr), in which case the priority of the new token will be set to Rr. 
 
## 
##  TR frame transmission process 
## 
 
- Receive Token 
- Stop clock on TRT timer 
- Store Token PPP and RRR in Pr and Rr registers. 
- Compare TRT to TTRT. 
-- If TRT < TTRT: 
--- Compare Pm register (highest priority of frames awaiting transmission) to Token PPP. 
 
-- If Pm > PPP 
--- transmit frame in ascending priority order until each priority timer expires, TTRT expires or, all frames are processed whichever comes first. 
--- Go to regenerate token 
 
-- If TTRT or priority timer expires 
--- continue to transmit all priority 6 frames until HPTHT (high priority token hold timer) expires 
--- regenerate token. 
 
-- If TRT > TTRT: 
--- transmit priority 6 frames until HPTHT (high priority token hold timer) expires 
--- regenerate token. 
 
Re-generate Token: 
 
- If Pm < PPP compare Pm to Token RRR 
-- If Token RRR > Pm release token with same RRR 
-- If Token RRR < Pm, Store token RRR in Sr. Change RRR to Pm, Store Pm in Sx. 
-- Release Token 
 
- If Pm > PPP (HPTHT expired) 
-- set RRR to PPP of current Token 
-- release token 
 
## 
##  TR maintenance 
## 
 
[Add Station] 
 
Since Token Ring is a physical ring consisting of a series of point to point connections, the add station process is much different than the one required for Token Bus. Once a station is activated (Switch on the NIC is Opened) it automatically begins receiving and transmitting the bits on the ring. The station does however have to validate that a duplicate address (in the case of local addressing) does not exist. 
 
[Ring Monitoring] 
 
Two error conditions requiring resolution can occur on the ring: 
 
- Lost token 
- Persistently busy token or frame 
 
A device functioning as the "Active Monitor" takes on the responsibility for resolving these errors. 
 
Usually the first station to come on line functions as the active monitor. All other stations function as "Passive Monitors" determining a replacement if the current active monitor is removed. 
 
The active monitor periodically generates an "Active Monitor Present" control frame to inform the other stations that it is still on the ring. 
 
The role of the active monitor is to: 
 
- generate new or replacement tokens 
- remove persistent tokens or frames 
 
The active monitor constantly monitors the ring. If no token or frame is detected within the Token Rotation Window a new token is generated. 
 
If a corrupt token circulates the ring such that no station recognizes the DU as a token (persistent token) the active monitor will replace it with a valid token. 
 
When a data frame (LLC Frame) is generated by a sending station, it sets the monitor bit in the AC field to 0. When the frame is regenerate by the Active Monitor it changes the monitor bit to 1. If frame is subsequently received again by the Active Monitor with the M bit changed to 1 it knows that it has already seen the frame The implication is that the sending station is no longer available to remove it from the ring. At this time the frame is removed by the Active Monitor and a new token is generated in its place. 
 
[Token to frame transition] 
 
Reviewing the format of the token frame and data frame presented earlier, you will notice that they are identical up to the AC field (which includes the T and M bits). Thus the regenerated bits up to this point are valid for a token as well as frame. Since frames as well as tokens are regenerated onto the ring every bit up the the M bit in the AC field is identical and can be regenerated on the ring. 
 
When the T bit is received, its value triggers either the token or frame handling process at the station. If it is labeled a token the station checks to see if it has any frames to send.. If yes, the frame transmission process described above is initiated. If the station does not wish to transmit it continues to place the remaining bits of the token on the ring allowing it to pass to the next station. 
 
If the T bit identifies the transmission as a frame the frame reception process is initiated. The entire frame is copied into buffer memory. 
 
If the destination address of the frame is the station's address: 
 
- CRC is checked 
- If invalid: 
-- the "E" bit of the Ending Delimiter field is set to 1 (denoting an error detected) 
-- the "A" bit of the Frame Status field is changed to 1 indicating the address was recognized 
-- the frame is re-generated on the ring to be returned to the sending station. 
- If the CRC is valid 
-- the LLC portion of the frame is passed to the higher layer. 
-- the entire frame is regenerated on the ring with the "A" and "C" bits changed to 1's. 
 
If the destination address is not recognized by the station the source address is compared to the stations address. 
 
If the source address is recognized and the stations transmit timers have not expired: 
- Determine next frame to be transmitted subject to priority and "A and C" recognition policies 
- Generate a new frame onto the ring 
 
If Address is recognized and transmit timers are expired: 
- retain or delete frame from buffer based on "A and C" bit recognition policies 
- regenerate token (same regenerate token process as described in transmission process above) 
 
If the source address is not the stations address: 
- Perform the CRC check on the frame 
- regenerate the frame on the ring with the "E" "bit set to 1 if the CRC was invalid. 
 

# Beaconing 

 
Beaconing is a process used to detect and isolate breaks or faults in the ring. 
 
If a break in the ring occurs no token or frame will circulate and all stations timers will expire. Each station will begin to transmit a special frame called a beacon. The station places its address in the beacon frame. Any station receiving a beacon from another station will stop transmitting its own beacon and repeat the beacon frame (and address) from the upstream system. Eventually the station immediately following the break or fault in the network will be the only beacon message being transmitted (since it never receives a beacon from n upstream system. A LAN analyzer placed anywhere on the ring will identify the address in the beacon frame of the station immediately downstream from the fault. The engineer will know where to investigate the failure on the ring. 
 
## 
##  TR summary 
## 
 
Token Ring is a technology based on distributed medium access control. This distributed management requires additional functionality and processing power to be incorporated on the NIC. This added complexity of the distributed control mechanism along with the additional processing and storage requirements of the priority mechanism adds significant cost to a Token Ring NIC. 
 
On the plus side, the elimination of medium contention and collisions results in the ability to get higher throughput (better usage of available bandwidth) Hence token ring LANs can perform effectively closer to their capacity than shared mediums where contention occurs. 
 
So if it is more performant than a shared medium, like Ethernet, why is Ethernet so much more common? The answer is simple - the costs and benefits, coupled with the advances in switching technology for Ethernet and proper network design make Ethernet provide more than sufficient performance and much less cost and complexity of deployment. As a result, Token Ring has all but disappeared from the landscape. It does, however, provide us with a foundation for how high-availability, fault-tolerance networks can be designed and implemented. This is extended by looking at how FDDI took the Token Ring concepts, and made them more effective for a backbone network to add some of these same features. 
 
 
#### 
####  FDDI  (fiber distributed data interface) 
#### 
 
FDDI is a technology that was designed to meet the requirements of high performance LANs and high-speed connections between LANs. Although we still see a number of installations of FDDI in the field, much of this has been replaced by newer technologies, primarily Ethernet and now Gigabit Ethernet. It does provide a good basis for aspects of the technologies, especially aligning with many of the telecommunications technologies that are still actively and widely used, like the ring behavior for SONET telco rings. 
 
Unlike IEEE 802.3 and 802.5 which were standards heavily based on existing Ethernet and Token Ring technologies, FDDI was created as a standard before implementation by vendors occurred. 
 
FDDI also had the benefit of knowing the shortcomings and undesirable attributes of the existing 802.X LAN technologies and was able to adopt and improve upon the good features of these technologies and eliminate or minimize the impact of the bad features. 
 
FDDI was developed by the Accredited Standards Committee (ASC) of the American National Standards Institute (ANSI). ANSI assigned the project (labeled X3T9.5) to this committee rather than the 802 committee because of its prior work and experience with high-speed I/O interface standards. 
 
FDDI was designed to support three types of networks: 
 (1) As a backend "System to System" or "System to Sub-System" interconnection network. 
 (2) As a backbone to LANs 
 (3) As a high speed LAN 
 
FDDI played a dominant role in the backend and Backbone network space and a minimal role in the high speed LAN market space prior to extensive adoption of Ethernet due to switching advances. FDDI provides a robust, fault tolerant mechanism for interconnecting back end systems like Disk Array subsystems and System Clusters. It also has provided an excellent backbone mechanism for interconnection of lower speed LANs and "glass housed" server farms. 
 
FDDI was very seldom cost justified as a high speed LAN solution therefore widespread implementation in this space never occurred. The cost of rebuilding a fiber optic cabling plant to replace the copper infrastructure as well as the cost of FDDI componentry (costing 5 to 10 times the mount of existing 10base componentry) made FDDI's implementation at the desktop too expensive. 
 
The development and proliferation of Fast Ethernet and more recently Gigabit Ethernet has for all practical purposes eliminated FDDI as an alternative in the 100MBPS/1000MBS LAN network environments. 
 
To understand the evolution of the protocols that we see today, the design of FDDI does offer the benefit of proving an extremely robust, fault tolerant solution. One of the key features incorporated into FDDI was the ability to detect and correct network faults. Its dual ring token passing configuration was an improvement over Token Ring's single ring configuration. Stations can switch to the secondary ring if the primary ring fails. This attribute also allows for devices to be physically added or removed from the network without bringing the network down; a feature not present in 802.5 Token Ring. 
 
FDDI also included a priority mechanism like token ring but improved upon the Token Ring implementation by streamlining the priorities into high and normal priority frames providing synchronous or asynchronous bandwidth allocation on demand. 
 
## 
##  FDDI architecture 
## 
 
The IEEE 802.2 LLC used in all other major LAN standards was adopted by FDDI as well. The common LLC allows FDDI to easily serve as a backbone for other (802.2 compatible) lower speed LANs. 
 
The MAC is a distributed access control technology responsible for the standard MAC functions: 
 
- Frame formatting 
- Error Checking 
- Token Handling 
- Addressing 
 
The PHY layer handles the 4B/5B encoding and decoding of packet data into symbol streams for the wire. It also handles clock synchronization on the FDDI ring by establishing the bit sampling time. 
 
The PMD layer handles the NRZI baseband or MLT-3 transmission between nodes on the physical media. The PMD is the media dependent layer therefore the PMD standards include TP-PMD for twisted-pair copper wires and Fiber-PMD for fiber optic cable. 
 
TP-PMD, an ANSI standard, replaced the proprietary (or "prestandard") approaches previously used for running FDDI traffic over copper wires. The TP-PMD standard is based on an MLT-3 encoding scheme; prestandard implementations used the less reliable (over copper) NRZ encoding scheme. TP-PMD interfaces are compliant with U.S. and international emission standards and provide reliable transmission on Cat 5 certified cabling over distances up to 100 meters. 
 
With TP-PMD in place, network managers had a standard means to implement FDDI over inexpensive UTP cable, cutting cabling costs by about a third compared with fiber optic cabling. While this reduced the cabling costs it did not reduce the cost of the network interface cards. Thus FDDI even over copper was still significantly more expensive than 100BaseT, leading to its demise. 
 
SMT is an independent set of functions that handles the management of the FDDI ring. Functions handled by SMT include neighbor identification, fault detection and ring reconfiguration (fault correction), insertion and de-insertion from the ring, and traffic statistics monitoring. 
 
The functions associated with ring maintenance in Token Ring are embedded in the physical and DLL layers of the standard. The designers of FDDI recognized that these functions should be separate and independent of the core layer functions of the implementation. 
 
## 
##  FDDI signal and encoding 
## 
 
(1) fiber implementation 
(2) copper implementation 
 

#  (1) fiber implementation 

 
FDDI uses a Non Return to Zero Inverted (NRZI) 4bit/5bit encoding scheme. Each encoded bit is generated on the medium through baseband light signals where the presence of light indicates a "1" and the absence of light indicates a "0". 
 
Unlike electrical based signaling which uses positive and negative voltage for signaling FDDI can only use the presence or absence of light for signaling since there is no such thing as negative light. The concept of "returning to zero" in signaling is an electrical one where the point of signaling where neither positive or negative voltage exists is "zero", i.e., No current flowing. Since light has no positive or negative it is inherently a non-return to zero signaling mechanism. Since there is no benefit to stopping the signal between two bits when two consecutive ones are generated the light signal continues into the next bit time. 
 
FDDI uses symbols to represent values in its encoding scheme. Each symbol is comprised of a 4-bit value. Two symbols equal an octet. 
 
Since there is no positive to negative and vice versa transition of signals, there is no mechanism for stations to synchronize their signal reception from the transmission itself (as is the case with Token ring and its frame preamble). Therefore each station must maintain its own internal clocking mechanism. Stations periodically broadcast control timing frames so all stations can synchronize their clocks. This was sufficient for FDDI due to the lower speeds compared to modern telecommunications networks - for high-speed networks that span large distances, typically it is required to have an external clock source, that is synchronized between large distances - usually through the use of satellites in space that transmit clock information, specifically for this purpose. 
 
The problem with a light based signaling technique where the absence of light during the bit time equals a zero data bit is that absence of light also represents an idle or non-functioning network. Therefore, the generation of too many consecutive zero bits can have two detrimental impacts on other stations on the network. One is that the stations may erroneously assume the network is idle. The second potential problem is the station may lose its bit synchronization (timing). Thus it was determined that any symbol used should not contain three or more consecutive zeros. Since this would eliminate too many of the available symbols in a 4 bit encoding scheme the actual encoding symbols transmitted are 5 bit symbols. Only those 5 bit symbols that avoid the three consecutive zeros are used. Each of these 5 bit symbols used is associated back to one of the 16 4 bit symbols used by the higher layers. the remaining 5 bit symbols that have less than three consecutive zeros are used as control symbols by the MAC layer. 
 
Hence every 4 bits received from the higher layer gets translated to an equivalent 5 bit symbol for transmission (4 bit / 5 bit encoding). This five bit encoding provides 16 data symbols (0-F), 8 control symbols (Q, H, I, J, K, T, R, S), and 8 violation symbols (V). The coding of these symbols results in never having 4 consecutive zeros in a row during normal transmission. This ensures that each station's clock remains in sync with all the other stations as long as there is traffic flowing - idle frames or data frames. The violation symbols (V) are the symbols which may allow the reception of 4 or more zero bits in a row. They are not used by FDDI. The same fundamental method is used for modern fiber-based telecommunications networks - the encoding requires that the bit patterns used to encode all data and control sequences must maintain a specific duty-cycle - a constant transition between 1s and 0s at a rate that would not allow a system to misinterpret real data as idle and vice versa. 
 
[FDDI coding symbols] 
 
Symbol                  bit stream 
----------------------------------- 
0 (binary 0000)         11110 
1 (binary 0001)         01001 
2 (binary 0010)         10100 
3 (binary 0011)         10101 
4 (binary 0100)         01010 
5 (binary 0101)         01011 
6 (binary 0110)         01110 
7 (binary 0111)         01111 
8 (binary 1000)         10010 
9 (binary 1001)         10011 
A (binary 1010)         10110 
B (binary 1011)         10111 
C (binary 1100)         11010 
D (binary 1101)         11011 
E (binary 1110)         11100 
F (binary 1111)         11101 
Q (Quiet)               00000 
I (Idle)                11111 
H (Halt)                00100 
J (Starting Delimiter) 11000 
K (Starting Delimiter) 10001 
T (Ending Delimiter) 01101 
R (Reset)               00111 
S (Set)                 11001 
V or H                  00100 (some V symbols may also be taken as H) 
V or H                  00010 
V                       00011 
V                       00101 
V                       00110 
V or H                  01000 
V                       01100 
V or H                  10000 
 
Each FDDI NIC contains a 125mhz clock which clocks the bits out onto the network at 125MBPS. Since only 4 out of every 5 bits transmitted are data (one being overhead of the 4 to 5 bit conversion) only 100 of the 125MBPS transmitted are data. 
 

#  (2) copper implementations 

 
[Multiple Level Transition - 3 levels (MLT-3) encoding] 
 
MLT-3 encodes a bit as presence or lack of transition, exactly as in NRZI. What makes MLT-3 different is that the base waveform is a 3-state alternating wave. Rather than alternating between 0 and 1 as in Manchester encoding and NRZI, MLT-3 alternates from -1 to 0 to +1, back to 0, then back to -1, repeating indefinitely. A zero is encoded as a halt in the back-and-forth progression. With MLT-3, it is possible to represent four or more bits with every complete waveform, at 0, +1, 0, and -1. 
 
 
### 
###  FDDI topology 
### 
 
FDDI uses a dual ring topology comprised of two "counter-rotating" rings. While FDDI may not be deployed extensively, a significant portion of the high-speed, public telco network uses SONET, which leverages a dual, counter-rotating ring structure very similar to FDDI, and in one of the fault-tolerant modes that is an option, behaves very similar to FDDI's fault recovery mechanism, making the basics of this important to understand. 
 
As with Token Ring, FDDI's rings are a series of point to point connections between adjacent devices forming a closed loop. FDDI however has two rings as opposed to Token Ring's one. Transmissions generated on the inner ring are sent out in the opposite direction of transmissions sent on the outer ring resulting in the counter rotation capability. 
 
Normal transmission occurs on the Primary (outer) ring. The Secondary (inner) ring is dormant and provides an alternate data path in the event a fault occurs on the primary ring. All FDDI stations directly attached to the rings will switch to this secondary ring when necessary to route traffic around a fault. 
 
 
 SAS  SAS  SAS 
  |    |    | 
concentrator/DAC 
 | |        | | 
o| |i      i| |o 
u| |n      n| |u 
t| |n      n| |t 
e| |e      e| |e 
r| |r      r| |r 
 | |        | | 
concentrator/DAC 
  |    |    | 
 SAS  SAS  SAS 
 
 
The Rings can extend up to 200 kilometers and support up to 500 dual attached devices. FDDI can be implemented with up to 1000 single attached devices supported on both rings (500 on each). This however eliminates FDDI's fault tolerance and recovery capability and hence eliminates one of the key benefits and justifiers for the added expense of the technology. 
 
The Design specification calls for no more than 1 bit error out of 2.5 X 1010 bits transmitted. Most implementations however, exceed this standard! 
 
[Device Classes] 
 
There are four classes of connection devices supported by FDDI. They are: 
 
- 1. Dual Attached Stations (DAS) 
- 2. Single Attached Stations (SAS) 
- 3. Dual Attached Concentrators (DAC) 
- 4. Single Attached Concentrator (SAC) 
 
A dual attached device is one that has connections to both rings. A single attached device is one that attaches only to one ring. 
 
All devices directly connected to the rings must be dual attached. This means that SAS and SAC devices can only be attached to the network through a DAC. DAS devices can be attached directly to the rings or to DAS ports on a DAC. 
 
DAC and SAC devices are concentrators which means that they are not end nodes on the network but rather multiple port concentrators for several end devices. End Devices are either DACs or SACs. 
 
Mission critical devices or devices with high fault tolerance requirements are usually dual attached. These include business application servers, 7X24 workstations and shared peripherals like high speed, high volume laser printers. Desktop systems and less critical servers/peripherals are usually single attached since their availability would not effect as large a population of users or a mission critical business process that must be completed and dual attaching them is not cost justifiable. 
 
### 
###  FDDI token & frame format 
### 
 
## 
## (1) FDDI token format 
## 
 
an FDDI token consists of [PA|SD|FC|ED] where 
 
PA = Preamble: 4 or more symbols of Idle. 
SD = Starting Delimiter: The symbols 'J' and 'K'. 
FC = Frame Control: 2 symbols describing what type the token is. 
ED = Ending Delimiter: two 'T' symbols. 
 
[Preamble] 
The preamble consists of a minimum of 16 symbols of Idle. Physical Layers of subsequent repeating stations may change the length of the Idle pattern as Physical Layer clocking requirements change. Thus, repeating stations may see a variable length preamble that is shorter or longer than the originally transmitted preamble. Tokens are recognized and acted upon when received with a preamble of zero or greater length. If a valid token is received but cannot be repeated (due to ring timing or latency constraints), the station shall issue a new token. 
 
[Starting Delimiter] 
The Starting Delimiter is a unique indicator that identifies the start of the token. It consists of the symbols 'J' and 'K' . These symbols are exclusevely used for the start of a frame or token resulting in a unique sequence of bits that will not be seen anywhere else. The symbol names of "J" and "K" relate back to FDDI's Token Ring roots where the "J" and "K" bits made up the Token Ring SD. 
 
[Frame Control] 
The frame control tells what kind of token it is. A frame control of (hex) 80 is a Nonrestricted Token, while a frame control of (hex) C0 is a Restricted Token. 
 
[Ending Delimiter] 
The Ending Delimiter consists of two 'T' symbols. These 'T' symbols indicate that the token is complete. Any data sequence that does not end with these 'T' symbols is not considered a token. 
 
## 
## (2) FDDI frame format 
## 
 
an FDDI frame consists of [PA|SD|FC|DA|SA|INFO|FCS|ED|FS] where 
 
PA - Preamble: 4 or more symbols of Idle. 
SD - Starting Delimiter: The symbols 'J' and 'K'. 
FC - Frame Control: 2 symbols describing the type of frame (MAC or LLC). 
DA - Destination Address: 12 symbols indicating who the recipient of the frame will be. 
SA - Source Address: 12 symbols indicating who sourced the frame. 
INFO - Information Field: 0 to 4478 bytes of information. 
FCS - Frame Check Sequence: 8 symbols of Cyclic Redundancy Check. 
ED - Ending Delimiter: a 'T' symbol. 
FS - End of Frame Sequence: 3 indicator symbols. 
 
[Preamble] 
Preamble (PA). The PA of a frame is transmitted by the frame originator as a minimum of 16 symbols of Idle. The physical Layers of subsequent repeating stations may change the length of the Idle pattern consistent with Physical Layer clocking requirements. Thus, repeating stations may see a variable length preamble that is shorter or longer than the originally transmitted preamble. A given MAC implementation is not required to copy frames received with less than 12 preamble symbols. 
 
[Starting Delimiter] 
The Starting Delimiter is an indicator of the start of the frame. It consists of the symbols 'J' and 'K' and these symbols will not be seen anywhere else but at the start of a frame or a token. 
 
[Frame control] 
The frame control tells what kind of frame follows in the INFO field. The most common Frame types are: 
 
40  Void frame 
41  Station Management (SMT) frame 
4F  Station Management (SMT) frame 
C2  MAC frame 
C3  MAC frame 
50  LLC frame 
51  LLC frame 
60  Implementer frame 
70  Reserved frame 
 
 
[Destination Address] 
 
The Destination Address is a 12 symbol (48bit) code that indicates which station the frame is destined to. Each station has a unique 12 symbol address that identifies it. When a station receives a frame, it compares the DA of that frame to its own address. If the two match, the station will copy the contents of the frame into its buffers. 
 
A frame can also be intended for more than one station using group addressing. The first bit transmitted in the destination address is an indictor of whether the address is an individual address, or a group address. If the first bit is set (1), the address is a group address. If it is not set (0), the address is an individual address. Group addresses can be used to address a frame to multiple destination stations. 
 
A broadcast address is a special type of group address which applies to all of the stations on the network. In this address, all of the bits are set to one, so the broadcast address is 12 'F' symbols. 
 
Addresses can either be locally or universally administered. If the addresses are universally administered, then the first 6 symbols of the address is the manufacturer's OUI. Each manufacturer is assigned a unique OUI to use for all of its products. The last 6 symbols of the address differentiate between stations with the same manufacturer. In a universally administered addressed network, the manufacturers assigned address is used. Note that this address assignment and allocation is the same method for Ethernet MAC addresses as well. 
 
In a locally administered addressing scheme, a network manager sets the address for each of the stations. The second bit transmitted is the indicator of whether the address is a universal or a local address. A set bit (1) means a locally administered address, while an unset bit (0) is a universally administered address. 
 
[Source Address] 
 
The Source Address is the address of the station that created the frame. In FDDI, the frame will be passed from one station to the next until it returns to the originating station. The originating station then strips the frame (remove the frame from the physical medium). When a station receives a frame and the source address of that frame matches the address of the station, the station will strip the frame from the network. Each station is responsible for removing its own frames from the ring. 
 
As with Token Ring, the potential exists for a source station to be removed from the network before a frame it sourced returns. 
 
[INFO] 
 
The INFO field contains all the data of the frame. The frame is essentially built around this field as a mechanism for getting the info from one station to another. The Frame Control field identifies what kind of information is contained in the INFO field. For Example: 
 
A frame with an FC of X'50' indicates an LLC frame, so the INFO field of a frame with a FC of X'50' will contain an LLC header followed by the upper layer headers (i.e. SNAP, ARP, IP, TCP, SNMP, etc.) and their associated data (e.g., IP Packet, TCP Frame, etc.) 
 
A frame with an FC of X'41' or X'4F' will contain SMT (Station Management) information. The INFO field in these you will see an SMT header followed by SMT information (e.g., synchronize clock, activate secondary ring reception/transmission, etc.). 
 
A frame with an FC of X'C2' or X'C3' is a MAC frame, and the info field will contain information relevent to the MAC protocol (e.g. Claim token, etc.) 
 
[LLC Frame] 
The first two bytes of every LLC header are addresses within each station called Service Access Points (SAPs). DSAP is the SAP on the destination machine, and SSAP is the SAP on the source machine. SAPs are connection points for upper level programs. If you have several application tasks running, each can have its own SAP. By selecting the correct DSAP, you can control which task at the receiving end of the transmission processes the LLC frame. 
 
The LLC control field will be one byte and may or may not be followed by data or information. It all depends on what type of LLC frame is indicated within the control field. Three types are possible. Two of these can carry user data. Refer back to Class # 3 for the description of I-Format, S-Format and U-Format LLC Frames. 
 
[SMT Frame] 
For Station Management frames, the INFO field is occupied by an SMT Header and an SMT Information portion. The SMT header is the protocol header for all SMT frames. SMT Information is the information that is indicated by the header. These two fields together make up an SMT Protocol Data Unit (PDU). 
 
[MAC Frame] 
There are two different types of MAC frames: 
 
- Claim frames 
- Beacon frames 
 
A Claim frame has an FC of X'C3' and the MAC Info is the station's attempt to initiate a new token on the ring (and become the Active Monitor). 
A Beacon frame has an FC of X'C2' and the MACInfo for a Beacon frame is as follows: 
1 Byte describing the Beacon Type 
X'00': Regular Beacon (broadcast to all stations) 
X'01': Directed Beacon (attempt to reach a specific device) 
X'02': Jam Beacon (notification of ring failure) 
3 bytes of pad (X'00 00 00') Upstream Neighbor Address (optional) 
 
[SMT Frame] 
 
The SMT Info field consists of a list of parameters. The parameters are of the form: 
 
- Parameter Type (2 bytes) 
- Parameter Length (2 bytes) 
- Resource Index (4 bytes) 
- Parameter Value (n bytes) 
 
If more than one parameter is present in the frame, they will be listed one after another. The Parameter Type is the value that identifies specific parameter is being transmitted. SMT parameters deal with issues like which ring to transmit or receive on, which port to activate/deactivate etc. 
 
[Frame Control Sequence (FCS)] 
 
The FCS is used by a receiving station to verify that the frame traversed the network without incurring any bit errors. The FCS is calculated by the station that sourced the frame using the bits of the FC, DA, SA, INFO, and FCS fields. The FCS is recalculated by the receiving station and compared to the value on the incoming frame. If any of the bits in those fields have been altered the will notice the receiving station will discard the frame. 
 
FDDI performs error detection but does not provide error recovery. No request for regeneration occurs. Requests for retransmissions can be made by higher layer protocols like an LLC connection oriented service (FCS is a MAC layer function). 
 
[Ending Delimiter] 
 
The Ending Delimiter consists of a single 'T' symbol. This 'T' symbol indicates that the frame is complete. Any data sequence that does not end with this 'T' symbol is not a considered a frame. 
 
[Frame Status] 
The Frame Status consists of 3 indicators which may have one of two values. The indicators can either be Set ('S') or Reset ('R') 
 
Since the FS is outside of the FCS calculation the indicators could be corrupted. A corrupted indicator is detected when the value is neither an 'S' or an 'R'. Every frame is originally transmitted with all of the 
 
indicators set to 'R' (reset). The indicators can be set by intermediate stations when they retransmit the frame. The three indicators are: 
 
- 1. Error ('E') 
- 2. Address recognized (or Acknowledge) ('A') 
- 3. Frame Copy ('C'). 
 
1. Error: 
 
This indicator is set when a station determines that the frame is in error. This may be due to a format error, or to a failure of the CRC. If a frame is received and the 'E' indicator is anything other than Reset ('R'), then that frame is disregarded. 
 
2. Address Recognized: 
 
This indicator is set by a station when it receives the frame and determines that the address applies to itself. This could be because the destination address of the frame is the MAC address of the station, or because the destination address of the frame is a broadcast address. 
 
3. Copy: 
 
This indicator is set when the station receives the frame and is able to copy the contents into its buffers. Most stations do not copy the contents unless the frame is explicitly destined to them (or broadcast), so the 'A' and the 'C' indicators are usually set at the same time. However, sometimes a station will be receiving so much traffic that it cannot copy all the information to its buffers even though the frame is addressed to it. In this case, it would retransmit the frame with the 'A' indicator set, but the 'C' indicator will remain reset. 
 
 
### 
###  FDDI transmission process 
### 
 
A station gains the right to transmit its information onto the medium when it detects a token passing on the medium. The token is a control signal comprised of a unique symbol sequence that circulates on the medium following each information transmission. Any station, upon detection of a token, may capture the token by removing it from the ring. The station may then transmit one or more frames of information. At the completion of its information transmission, the station issues a new Token, which provides other stations the opportunity to gain access to the ring. 
When a station has something to send, it captures the Token, sends the information in formatted FDDI frames, then releases the token. The header of these frames includes the address of the station(s) that will copy the frame. All nodes read the frame as it is passed around the ring to determine if they are the recipient of the frame. If they are, they extract the data, retransmitting the frame to the next station on the ring. 
 
When the frame returns to the originating station, the originating station strips the frame. The token-access control scheme thus allows all stations to share the network bandwidth in an orderly and efficient manner. 
 
When the station receives the token it compares the time it took for the token to circulate (TRT) to the Target Token Rotation Time (TTRT). If the token arrived early the station can transmit its synchronous frames for the allocated amount of time (known as the Synchronous Allocation (SA). 
 
The station can transmit its asynchronous frames if the remaining transmission allocation has not expired. If the token arrives past the TTRT the station can only transmit its synchronous frames and relinquish the token. Any asynchronous frames must continue to be held until an early token with an appropriate amount of available transmit time arrives. 
 
### 
###  FDDI station management (aka SMT) 
### 
 
Station Management provides the control necessary at the station (node) level to manage the processes in the various FDDI layers. SMT provides services such as connection management, station insertion and removal, station initialization, configuration management, fault isolation and recovery, communications protocol for external authority, scheduling policies, and collection of statistics. 
 
SMT maintains knowledge of both the uniqueness of the node and the current network structure to the extent that the node's function is affected. 
 
A variety of internal node configurations are possible. It may have multiple instances of MACs, PHYs, and PMDs defined by the implementer. A node however can have only one SMT entity. The capability to do this is the result of the isolation and independence of the SMT functions from the other core layer functions. Hence, a device with multiple FDDI connections (NICs) like a Hub can be viewed and managed by SMT as a single entity 
 
## 
##  SMT functions 
## 
 
(1) physical connection mgmt 
(2) token establishment 
(3) ring failure 
 

# (1) physical connection mgmt 

 
Within every FDDI station there are SMT entities called PCM (Physical Connection Management). The number of PCM entities within a station is exactly equal to the number of ports that the station has. This is because each PCM is responsible for one port. 
 
The PCM entities are the part of SMT that control the ports. In order to make a connection, two ports must be physically connected to each other by means of a fiber-optic or copper cable. When this happens, the PCMs that are responsible for those ports can recognize each other's existence and begin communicating. They do this by sending Line States out of the port and onto the fiber. The PCM at the other end of the connection will recognize the line state and respond accordingly. When the PCM sees another PCM on the other end of the connection, they will synchronize and communicate with each other. During this communication, a couple of important things happen: 
 
- The PCMs figure out the type of port at the other end and determine if they are compatible. 
- The PCMs Perform an LCT (Link Confidence Test). The LCT determines if the quality of the link is good enough to establish a connection. If it is not, the PCMs will not make a connection. 
 
If the line state signaling is successful, the PCMs will establish a connection and place the ports on the token path that goes through that station. 
 
At this point, data (in the form of frames) can be sent through these ports and the ports become part of the network. 
 
PCM entities have a number of internal states that they can be in. While in any state, the PCM has the port send out a certain line state. This line state will be received by the PCM on the other side of the connection. The other PCM entity (at the other end of the connection) will be able to tell which state the original PCM is in. PCMs use this information to signal data across the connection. 
 
There are 7 basic states that the PCM can be in: 
 
- Connect 
- Break 
- Next 
- Signal 
- Join 
- Verify 
- Active 
 

# (2) token establishment 

 
If a station has established connectivity to the upstream and down stream devices the station moves to a ready or Active state. In this state the station will continue to sample the medium looking for a token or frame transmission. If no transmission is detected after a predetermined wait period, the station will begin its claim token process. 
 
Each station begins to transmit a continuous stream of control frames called "claim frames". Each frame contains a suggested "Target Token Rotation Time" (TTRT). If the station receives a claim frame from another station it compares the TTRT value in the received frame to the one the station used in its claim frame. If its suggested TTRT is lower than the received frame it discards the received frame and continues to transmit its own claim frame. If the value on the received frame is lower it stops generating its own claim frames and retransmits the other station's claim frame. 
 
Eventually the claim frame with the lowest TTRT will be transmitted back to its originating station. At that point the station declares itself the winner of the claim token process and will generate the token onto the ring. This token will contain the winning TTRT value which will be copied and used by every other station in the ring. 
 

# (3) ring failure 

 
When a serious failure occurs in the network, i.e., a break in one or both rings in one or more places, the fault isolation and recovery process is initiated. 
 
Similar to previously discussed Token Ring, Each station begins transmitting a special frame called a beacon. As each station receives the beacon from its upstram predecessor it stops transmittiong its own beacon and regenerates the beacon received from the upstream system. Eventually the station immediately down stream from the break recognizes that the break is immediately up stream (since no other beacon signal has been received). 
 
Unlike Token Ring, FDDI with its dual counter rotating ring configuration is able to bypass the faulty station by reconfiguring its ports to close the loop by utilizing the "good side" of the primary and secondary rings. 
 
Since all other stations were able to communicate with this station on the primary ring, it can communicate with the system that was immediately upstream of the break. This station will also initiate its port management function to close the loop by transmitting all outgoing signals on the secondary ring. 
 
 
############################### 
###    network layer (L3)   ### 
############################### 
 
## 
##  intro 
## 
 
The network layer concerns itself with getting data all the way from the source to the destination It is concerned with the end-to-end delivery of the data, over intermediate nodes if necessary. 
 
In the OSI reference model, this layer lies above the datalink layer and below the transport layer. An understanding of how the network layer relates to the layers above and below will be discussed before discussing the relationship between the network layer at the peer level with other systems. 
 
The interaction between the network and transport layers is defined in terms of the service provided to the transport layer. While the transport layer may provide a guaranteed data transmission, it has no influence over how the information is delivered in terms of identifying where it should go and how it should get there. If the information being transferred between two end systems needs to be processed at as higher level of quality ,i.e., received in packet order sequence, then it is the responsibility of the transport layer to negotiate and manage this process. The Network layer makes its "best attempt" to reach the end station for each packet received from the transport layer. It will not however guarantee its delivery or the order of its delivery in relation to other packets destined for the same end station. 
 
The datalink layer's responsibility is to take a raw communication channel (provided by the physical layer) and transform it into an error free bit transmission facility. The important thing to note here is that this "raw" communication channel is built over a single link between two nodes or on a shared link with a finite number of nodes. In most instances the two "end" systems wishing to communicate will not be directly connected or on the same shared medium. Communication between the two has to be routed through one or more intermediate nodes. The routing of the information is handled by the network layer. The Network Layer establishes and maintains a logical set of source and destination addresses that are retained within the data from end to end of the transmission as opposed to the DLL physical addresses which are used only when two systems have a direct physical path between them. There is a exception to this case, which we will discuss later - the idea of NAT and PAT, Network Address Translation and Port Address Translation - these technologies may alter the Network Layer payload addresses during transmission, but in a special case, and only at one point, typically at the edge of a private network. 
 
The network layer needs to know: 
 
- The physical attributes (directly attached networks and hosts) of the underlying communication network to which the device is attached 
- The specific paths or path options to all other networks not immediately attached to the device's network 
- the most efficient way to reach those networks without causing congestion. 
 
Congestion can be caused by the speed of the system processing the packet or the speed of the network connection on which the packets travel. 
 
System congestion is the result of packets being transferred through the network at such a rate that it absorbs all the buffers within the one or more systems along the path. It has nothing to do with the bandwidth between the systems. Regardless of the capacity of the connection between the systems, if the buffers are too slow to deal with the traffic entering a device, then queues will build up. 
 
The other situation is where the buffers have plenty of available capacity but the rate of incoming packets exceeds the output line capacity. This is actually a very common occurance, even for home networks. If you consider your home router - it is likely that you would have multiple "internal" LAN connections on your home router, but only one WAN port. If all of them at 100MB/s ports - and you have more than one system on the LAN - if the multiple systems all try to send the full bandwidth of their individual connections to a device on the WAN, the WAN port would be half or less the capacity of the inbound traffic to the router. (This is assuming that the router itself could handle more than one full connection bandwidth internally.) 
 
Congestion has a domino effect on the network. When congestion due to buffer absorption occurs, any additional incoming packets will be "dropped" (not copied into a buffer). This results in additional network requests to re-generate the dropped packets causing even more congestion if not controlled. If congestion is caused by line speed, this will result in more packets being held in the buffers which will eventually lead to buffer congestion if left uncontrolled. Since each intermediary system holds packets until their transmission to the next "hop" in the network is confirmed, their buffers will begin to fill up as packets are dropped from downstream systems. This can cascade all the way back through the network. 
 
Each network layer device must have a mechanism to control congestion. Some common types of congestion control include: 
 
- Packet Discarding 
- Pre-allocation of Buffers 
- Flow Control 
- Choke Packets 
 
### 
###  Routable vs. Non Routable Protocols 
### 
 
Routing is the selection of paths for packets and is performed by the network layer protocol software. In some implementations, the source can also identify the path that the packets will follow. 
 
Not all network layer protocols are "Routable". A routable protocol contains intelligence and an addressing scheme to facilitate routing. Examples of routable protocols are: 
 
- XNS (Xerox Networking System) 
- IPX (Netware) 
- IP 
- DecNet Phase IV 
- DecNet 10SI 
- Apple talk 
 
Two key components are necessary for a protocol to be routable. First, the protocol must specify a logical addressing scheme that provides a way to identify all the networks where the protocol is operating and all devices on each of those networks. Secondly, the protocol must be capable of binding to the LLC as a recognizable subnet access protocol (SNAP). Obviously, a third condition for success is that a (physical or wireless) transmission path must exist all the way from the sending to the receiving node. 
 
Later in this class when we discuss the Internet Protocol (IP) you will see that the IP address is comprised of two components. The first part of the address is a "network" identifier and the second part is a "host" or system identifier. These two pieces of information are used by the IP software in each system to move the data to its final destination. 
 
Routable protocols maintain their routing information in "routing tables." Routing tables are data stored in buffers that identify the MAC (physical) addresses of: 
- systems or hosts on the same network 
- intermediary devices that connect all other networks directly attached to the station's network 
- the default path when neither of the above will result in proper delivery of the data 
 
Non-routable protocols contain no unique intelligence or inter-networking IDs in the address scheme. Most non-routable protocols rely on broadcast address capability at the physical (MAC) layer level to communicate with other systems. However, if intermediary devices (like bridges/switches or routers) have their "broadcast filtering" capability on, all broadcast transmissions will not move off of the segment upon which they were generated. Therefore no traffic will move beyond the physical subnet where the broadcast was generated. 
 
Examples of non routable protocols are: 
 
- NetBIOS 
- SNA Subarea Networking 
- SNA APPN(Adv. Peer to Peer Networking) 
 
### 
###  Routing Process and Alternatives 
### 
 
Routing is the main process used by networked devices to deliver packets to their end destination. Since the transmission of information at the data link level requires physical source address to physical destination address frame transmission, routing can be thought of as a hop-by-hop process transcending one or more point to point physical connections. This means that each host or router that handles a packet examines the logical (network layer) destination address in the network layer packet header and determines the next hop (physical connection) that will bring the packet one step closer to its destination. Once this is determined the network layer will construct a PDU that is passed to the MAC layer for delivery to the next physical point in the path. The MAC layer constructs a new frame to deliver to the next device. This process is repeated at the next and all subsequent devices until the end destination is reached. 
 
Hence routed frames contain two addresses for both source and destination: 
 
1) The network layer source and destination addresses which stay intact until delivered, stored inside the network layer PDU (which is inside the LLC Info field of the frame). 
 
2) The current system's (the original source machine, or the current router processing the packet) source MAC address and next-hop or final destination MAC address which changes as the frame is passed from one intermediate node to another. 
 
The following table shows how addresses are changed at the physical layer but remain the same at the logical layer as the information moves from hop to hop. 
 
Station         MAC Address      Network Addr  MAC Src Addr     MAC Dest. Addr   IP Src Addr   IP Dst Addr 
Sending Station 0100100101011011 203.105.31.14 0100100101011011 0100111101000011 203.105.31.14 202.15.31.6 
Router 1        0100111101000011 203.105.31.2  0100111101000011 0101110001000011 203.105.31.14 202.15.31.6 
Router 2        0101110001000011 202.15.31.11  0101110001000011 0101110001001111 203.105.31.14 202.15.31.6 
Rcving Station  0101110001001111 202.15.31.6                                     203.105.31.14 202.15.31.6 
 
In the above table three distinct DLL frames are created: 
 
- A frame from the sending station to router 1 
- A frame from router 1 to router 2 
- A frame from router 2 to the receiving station 
 
However only one distinct Network Layer packet (with the appopriate higher layer data encapsulated in the payload) was created which remains intact from the sender to the receiver. 
 
Routes can pass across LANs with different DLL & physical protocols & types. In the above table, the sending station could be an wired Ethernet NIC connected via Twisted Pair and the receiving device 802.11a wireless to a final destination. 
 
## 
##  Routing Tables 
## 
 
Network Layer protocols use routing tables to compute the next hop for a packet. Routing tables can take many forms depending on the protocol. 
 
In IP each entry in a routing table has at least three fields: 
 
- Routing Address 
- Routing Mask 
- Next Hop 
 
The Next Hop is always the IP address of another host or router that is directly reachable via an Ethernet, serial link, or some other physical connection. The Routing Address and Routing Mask specify a set of destinations for which the routing entry is valid . In other words, if the network ID (calculated by using the subnet mask) of the destination address in the packet matches the routing address and routing mask then the packet is sent to the identified next hop. 
 
If no routing table entries match a packet's Destination Address, the packet is processed using the "default gateway" or "default route" entry in the table, or discarded as undeliverable if no default route is defined. 
 
If multiple routing tables entries match (i.e., there is more than one path to the destination known), the longest match is preferred. The longest match is the entry with the most 1 bits in its routing mask - meaning the most "specific" match. 
 
Bridged and MAC layer switched networks are invisible to the network layer and regarded as a single connection - this is because from the DLL the sender does not need to know anything about the topology/layout because the DLL devices will move the data to the destination within that logical segment. 
 

#  Routing Mask 

 
To avoid needing routing entries for every possible Internet destination, most hosts and routers use a default route (some routing tables contain nothing but a single default route). A default route has a Routing Address/Mask pair of 0.0.0.0/0.0.0.0. In other words, it matches every IP address, but since there are no 1 bits in its Routing Mask, any other match would be selected by the longest match rule referenced earlier. The default route will only be used if there are no other matches in the routing table. Default routes are quite common, and are put to best use on networks with only a single link connecting to the global Internet or to an external network. On such a network, routing tables will have entries for local networks and subnets, as well as a single default route leading to the outbound link. However, remember that all Next Hops must be directly reachable, so the default routes won't necessarily point to the same IP address. Also, some networks (large Internet service providers, mostly) use routing tables without defaults that must be able to match every IP address in the global network. 
 
## 
##  Routing Protocols 
## 
 
Routers can use pre-defined routing tables which identify all paths, or can use discovery packets to solicit node information and build their own maps. 
 
Static routing has no real time adaptation. All routing information is hand coded (data manually entered) into the routing tables. Any changes to the network or devices on the network need to be re-entered in all the affected tables. Static routing is no longer used except in highly secured private networks as an added safety valve against encroachment. 
 
Quasi-static is static routing with alternate (multiple) paths. While all routing information is again hand-coded into the system, the network can adapt to congestion or line failure by switching to an alternative hard-coded route. 
 
For all routing techniques except for static and quasi-static, a mechanism for responding to routing information requests needs to be implemented. Examples of these implementations include: 
 
Centralized (a central device provides routing information to the requesting router) 
 
Distributed (routing information is distributed among some or all of the routing devices in the network) 
 
Centralized routing has some drawbacks in that the central device can be a bottleneck or worse take entire network down if it fails. 
 
Distributed routing has drawbacks in that changes in the network, even if minor, can result in flooded proliferation of update information across the network. 
 

#  Centralized Routing 

 
Centralized routing requires a Routing Control Center (RCC) to make the routing decisions from a single network node. Each node periodically reports its path information to the RCC (e.g. lists of neighbors, current queue lengths, amount of traffic processed since last report, etc.) The RCC has an overall picture of the network, and can use the supplied information as metrics to make a routing decision. While this method, with its seemingly complete knowledge of the network, seems ideal for finding optimal paths there are several problems with this approach. 
 
The links into the RCC will be heavily loaded with status packets adding overhead and potentially congestion to the network. If the RCC fails or becomes disconnected then no routing information will be returned to stations requesting the path resulting in no packets being routed. If the network topology or traffic fluctuates frequently, then status reports will potentially provide an inaccurate picture of the network's overall state. 
 
Setting up two or more RCCs and distributing routing alternatives instead of single best paths eliminate or reduce the impacts of the central approach. This, however contradicts rationale behind a centralized routing paradigm. 
 

#  Distributed Routing 

 
Distributed routing is where routing information is distributed among all the devices that perform the routing function. The amount of information distributed to each device varies by protocol in terms of understanding all or some of the network. 
 
-- [Distance-Vector Routing Protocols] 
 
This routing protocol requires that each router simply inform its neighbors of its routing table. For each network path, the receiving routers pick the neighbor advertising the lowest cost, then add this entry into its routing table for re-advertisement. Hello and RIP are common Distance-Vector routing protocols. 
 
-- [Link State Routing Protocols] 
 
This type of routing protocol requires each router to maintain at least a partial map of the network. When a network link changes state (up to down, or vice versa), a notification is flooded throughout the network. All the routers note the change, and re-compute their routes accordingly. This method is more reliable, easier to debug and less bandwidth-intensive than Distance-Vector. It is also more complex and more compute- and memory-intensive. OSPF and OSI's IS-IS are link state routing protocols. 
 
## 
##  Routing Demarcations 
## 
 
-- [Interior Routing] 
 
Interior routing occurs within an autonomous system. Most common routing protocols, such as RIP and Open Shortest Path First (OSPF), are interior routing protocols. The basic routable element is the IP network or subnetwork, or CIDR (Classless Inter-Domain Routing) prefix for newer protocols. 
 
-- [OSPF-2 Protocol] 
 
Open Shortest Path First (OSPF) is a relatively common Internet interior routing scene. OSPF Version 2 is documented in RFC 1583. Sanctioned by the Internet Engineering Task Force (IETF), OSPF is a link-state protocol with a complex set of options and features. Not all of these features are available on all implementations, but some of its advantages are: 
 
Scalability: 
- OSPF is specifically designed to operate with larger networks. It does not impose a hop-count restriction and permits its domain to be subdivided for easier management. 
 
Hello packets: 
- OSPF uses small "hello" packets to verify link operation without transferring large tables. In stable networks, large updates occur only once every 30 minutes. 
 
Type Of Service (TOS) routing: 
- OSPF can route packets by different criterion based on their Type Of Service (TOS) field. For example, file transfers could be routed over a satellite link while terminal I/O could avoid such high delays. This requires cooperative applications on the end systems. 
 
Tagged routes: 
- Routes can be tagged with arbitrary values, easing inter-operation with EGPs, which can tag OSPF routes with AS numbers. 
 
Full subnetting support: 
- OSPF can fully support subnetting, including VLSM and non-contiguous subnets. 
 
OSPF has some disadvantages as well. Chief among them are its complexity and its demands on memory and computation resources. Although link-state protocols are not difficult to understand, OSPF adds complexity with a host of options and features. 
 
OSPF divides its routing domain into areas. Area 0, the backbone, is required. This divides interior routing into two levels. If traffic must travel between two areas, the packets are first routed to the backbone. This may cause non-optimal routes, since inter-area routing is not done until the packet reaches the backbone. Once there, it is routed to the destination area, which is then responsible for final delivery. This layering permits addresses to be consolidated by area, reducing the size of databases. Small networks can operate with a single OSPF area. 
 
 
RIP Protocol Overview 
Of Internet interior routing protocols, RIP was the most widely used early on, but the significant limitations have made it less common. It is a distance-vector protocol based on a 1970s Xerox design. Ported to TCP/IP when LANs first appeared in the early 80s, RIP has changed little in the past decade and suffers from several limitations including: 
 
Width restriction: 
- RIP uses a 4-bit metric to count router hops to a destination. A RIP network can be no wider than 15 hops (16 is infinity). If hop counts are elevated on slower or less reliable links, this can quickly becomes a problem. 
 
Subnet support: 
- RIP was deployed prior to subnetting and has no direct support for it. It can be used in subnetted environments, subject to restrictions. VLSM can not be used in RIP networks. 
 
Bandwidth consumption: 
- Every 30 seconds or so, a RIP router will broadcast lists of networks and subnets it can reach. Depending on the lengths of these lists, which depend on the size of the network, bandwidth usage can become prohibitive on slow links. 
 
Security: 
- RIP itself has no security features. Some developers have produced RIP implementations that will only accept updates from specific hosts, to minimize the risk. 
 
RIP however, has several benefits. It has the highest level of interoperability and compatibility in products that use interior gateway protocols. RIP is also easy to configure. Finally, RIP processing does not impose serious CPU utilization or flash memory storage requirements on the devices where it is installed. 
 
## 
##  Exterior Routing 
## 
 
Exterior routing occurs between autonomous systems, and is of concern to service providers and other large or complex networks. The basic routable element is the Autonomous System, a collection of CIDR prefixes identified by an Autonomous System number. While there may be many different interior routing scheme, a single exterior routing system manages the global Internet, based on the BGP-4 exterior routing protocol. 
 

#  BGP-4 Protocol 

 
Border Gateway Protocol Version 4 (BGP-4), documented in RFC 1771, is the current exterior routing protocol used for the global Internet. BGP is essentially a distance-vector algorithm, but with several twists that resemble link-state operation. 
 
On connection start, BGP peers exchange complete copies of their routing tables, which can be quite large. However, only changes (deltas) are then exchanged, which makes long running BGP sessions more efficient than shorter ones. 
 
BGP's basic unit of routing information is the BGP path, a route to a certain set of CIDR prefixes. Paths are tagged with various path attributes. The sender of the path is noted as the next hop. It the responsibility of the BGP implementation to select among competing paths . 
 
In store and forward networks packets can be transported one of two ways: 
 
- For datagram transport the network selects the path for each packet individually. 
- For virtual circuit transport the network makes one path selection for all the packets of the same connection. 
 
Useful Routing Algorithm Characteristics: 
 
The following metrics should be considered when evaluating routing protocols: 
 
- Robustness - it should adapt the routing decisions to changing conditions (i.e . network traffic and topology). 
- Stability - a small change in conditions should result in a small change in routing decisions. 
- Fairness - different users should experience equitable delays and transmission rates. 
- Optimization - maximizing the network designers objective function while satisfying the design constraints. 
 
 
### 
###  Network Layer Addressing 
### 
 
[MAC versus Networking Layer Addressing] 
 
At this point in the learning process you should understand that a data communication between two physical devices can only occur if there is a physical or (wireless) communication path between the two devices. You should also understand that the MAC layer controls how that communication between those two physical devices is initiated (access to the Medium), how to read it (Frame Format), and who it is for (MAC Address). 
 
Communications at the Network Layer are logical communication channels not physical ones. The Network layer assigns a unique, Logical, Network address (or Internet Address) to each system in the entire network. This logical address is not the same in terms of its structure or its unique value assigned to each system for different network protocols e.g., IP network addressing is different than IPX's. A system that participates in both IP and IPX networks has an IP address assigned to it by IP administration and an IPX address assigned by IPX. If that device is attached to one network (has only one NIC) it will have only one physical address and two logical addresses that both reference the same physical address in their routing tables. (The ARP physical address is the same in both protocols). 
 
The MAC Address identifies a specific (unique) physical Interface Card (NIC) attached to the network. A device that is attached to more than one physical network (like a Bridge or a Router) will have two Network interface cards and hence two physical addresses. 
 
Routers which function at the Network Layer are capable of passing messages through intermediate nodes until its final destination is reached. Therefore Information that needs to be routed must have two address types associated with it: 
 
1) the original source and final destination (Network Layer) addresses which stay intact in the information field of the frame until delivered to the final destination. 
 
2) the current sender and next intermediate hop or final destination (MAC Layer) addresses which change as the frame is passed from one intermediate node to another. 
 
### 
###  Network Layer and the LLC 
### 
 
## 
##  Services 
## 
 
The interface to upper Network Layer defines the services LLC should provide in order for the data transmission be transparent to Network layer. 
 
For Type 1 LLC services a connection is not required. Only two service primitives are needed: 
 
- the DATA.request from the Network layer to the LLC for transmission of a connectionless frame 
- the DATA.indication from the LLC to pass a connectionless frame up to Network Layer. 
 
For Type 2 LLC services a connection between two systems via their SAP points is required. Thus the services must include the data link CONNECT, DISCONNECT, CONNECTION-FLOWCONTROL, and connection RESET services as well. All of these services have three primitives: 
 
- request 
- indication 
- confirmation 
 
The only exception is the CONNECTION-FLOWCONTROL, which does not need to be confirmed. 
 
 
## 
##  Sub-network access protocol frame: 
## 
 
As LANs evolved into multiple interconnected networks and interconnected with Wide Area Networks the requirement to support internetwork routing became essential. Even though LANs only address the DLL and Physical layers, they must define the interface specifications for the adjacent layers. Since the upper network layer could be running any of a multiple of network layer protocols, the LLC must have a mechanism to determine what Network layer protocol needs to be called to accept the Info stripped from the frame. 
 
To solve this problem, an extension to the original 802.2 format was provided called the SNAP (Subnetwork Access Protocol). When this format is used, the LLC frame encapsulates the SNAP header: 
 
Setting the DSAP and SSAP to 0xAA indicates that a SNAP header follows in the next 5 bytes. The first 3 bytes identify the Organization Code which is assigned by IEEE. The next 2 bytes contain the LLC specific control header information (1byte) which is specific to the underlying LAN standard and the actual SNAP header fields (1byte). 
 
### 
###  Internet Protocol Introduction 
### 
 
In the 1960's and 1970's the US Department of Defense (DoD) in conjunction with several universities established a workgroup to develop a standard communications system and universal protocols. In 1980, the Defense Advanced Research Projects Agency (DARPA) was established. It formed a group to develop the set of standards for the Internet called the Internet Configuration Control Board (ICCB) which became the Internet Activities Board in 1983, and they were tasked with designing, engineering, and managing the Internet. TCP/IP was born out of this group. 
 
### 
###  IP Addressing 
### 
 
The IP Address and Classes 
 
-- [Hosts and networks] 
 
IP addressing is based on the concept of "hosts" and "networks". A host is essentially any device on the network that is capable of receiving and transmitting IP packets such as a workstation or a router. It is not to be confused with a server or a "mainframe host". Servers, mainframes and desktop workstations are all IP hosts. 
The hosts are connected together by one or more networks. The IP address of any host consists of its network address plus its own host address on the network. IP addressing uses one address number to represent both network and host address. 
 
How much of the address is used for the network portion and how much for the host portion varies depending on the address "Class" and how they are individually configured from network to network (with or without subnetting.) 
 
-- [IP addressing] 
 
The IP address is 32 bits or 4 bytes wide, and as discussed above, composed of two parts: the network number, and the host number. By convention, each byte in its binary value is expressed as four decimal numbers separated by periods, such as "200.1.2.3" Each dotted group represents the decimal value of each of the four bytes. Valid addresses thus range from 0.0.0.0 to 255.255.255.255 for a theoretical total of about 4.3 billion addresses. 
The first few bits of the address number are known as the prefix and indicate the Class that the address belongs to: 
 
Class  Prefix    Network Number Host Number 
A      0         Bits 1-7       Bits 8-31 
B      10        Bits 2-15      Bits 16-31 
C      110       Bits 3-23      Bits 24-31 
D      1110      N/A            N/A 
E      1111      N/A            N/A 
 
The bits are labeled in network order, so that the first bit is bit 0 and the last is bit 31, reading from left to right. 
 
Class D addresses are multicast, and Class E are reserved. 
 
The range of network numbers and host numbers may be derived from the above table: 
 
 
Class     Range of Net Numbers    Range of Host Numbers 
A         0 to 126                0.0.1 to 255.255.254 
B         128.0 to 191.255        0.1 to 255.254 
C         192.0.0 to 233.255.255  1 to 254 
 
Any address starting with 127 is a loopback address and should never be used for addressing outside the host. A host number of all binary 1's indicates a directed broadcast over the specific network. For example, 200.1.2.255 would indicate a broadcast over the 200.1.2 network. If the host number is 0, it indicates "this host". If the network number is 0, it indicates "this network" . 
 
All the reserved bits and reserved addresses severely reduce the available IP addresses from the 4.3 billion theoretical maximum. Most users connected to the Internet will be assigned addresses within Class C, as space is becoming very limited. This is the primary reason for the development of IPv6, which will have 128 bits of address space. 
 
### 
###  IP Subnetting 
### 
 
Subnetting is a process for splitting or dividing a single larger IP Class A, B, or C network into smaller pieces. Subnetting was introduced to overcome some of the problems that parts of the Internet were beginning to experience with the two-level class based addressing hierarchy of IP: 
 
- Internet routing tables were beginning to grow. 
- Local administrators had to request another network number from the Internet before a new network could be installed at their site. 
 
Subnetting addressed both of these problems by adding another level of hierarchy to the IP 
addressing structure. Subnetting created a three-level hierarchy: 
 
- Network ID 
- Host Number 
- Subnet MASK 
 
The basic process of subnetting is to divide the standard IP host-number field into two parts - the subnet-number and the host-number on that subnet. 
 
## 
##  Subnet Address Hierarchy 
## 
 
Subnetting helped the expanding routing table problem by ensuring that the subnet structure of a network is never visible outside of the organization's private network. The route from the Internet to any subnet of a given IP address is the same, no matter which subnet the destination host is on. This is because all subnets of a given network number use the same network-prefix but different subnet numbers. The routers within the private organization need to differentiate between the individual subnets, but as far as the Internet routers are concerned, all of the subnets in the organization are collected into a single routing table entry. This allows the local administrator to utilize the three layer complexity of subnetting into the private network without affecting the size of the Internet's routing tables. 
 
Subnetting helped the registered number issue by assigning each organization one (or at most a few) network number(s) from the IPv4 address space. The organization is then free to assign a distinct subnetwork number for each of its internal networks. This allows the organization to deploy additional subnets without needing to obtain a new network number from the Internet. 
 
Example of how subnetting reduces the unique class address requirements 
 
The deployment of subnetting within the private network provides several benefits: 
 
- the size of the global Internet routing table does not grow because the site administrator does not need to obtain additional address space 
- the routing advertisements for all of the subnets are combined into a single routing table entry. 
- the local administrator has the flexibility to deploy additional subnets without obtaining a new network number from the Internet. 
Route flapping (i.e., the rapid changing of routes) within the private network does not affect the Internet routing table since Internet routers do not know about the reachability of the individual subnets. 
 
### 
###  Extended-Network-Prefix 
### 
 
Internet routers use only the network-prefix of the destination address to route traffic to a subnetted environment. Routers within the subnetted environment use the extended-network- prefix to route traffic between the individual subnets. The extended-network-prefix is composed of the class network-prefix and the subnet-number. 
 
Extended-Network-Prefix 
 
The extended-network-prefix has traditionally been identified by the subnet mask. For example, if you have the address of 130.5.0.0 and you want to use the entire third octet to represent the subnet-number, you need to specify a subnet mask of 255.255.255.0. The bits in the subnet mask and the Internet address have a one-to-one correspondence. The bits of the subnet mask are set to 1 if the system examining the address should treat the corresponding bit in the IP address as part of the extended-network-prefix. The bits in the mask are set to 0 if the system should treat the bit as part of the host-number. 
 
The prefix length is equal to the number of contiguous one-bits in the traditional subnet mask. This means that specifying the network address 130.5.5.25 with a subnet mask of 255.255.255.0 can also be expressed as 130.5.5.25/24. The /[prefix-length] notation is more compact and easier to understand than writing out the mask in its traditional dotted-decimal format. 
 
It is important to note that modern routing protocols carry the subnet mask. There are no Internet standard routing protocols that have a one-byte field in their header that contains the number of bits in the extended-network prefix. Rather, each routing protocol is still required to carry the complete four-octet subnet mask. 
 
## 
##  Subnet Design Considerations 
## 
 
The deployment of an addressing plan requires careful thought on the part of the network administrator. There are four key questions that must be answered before any design should be undertaken: 
 
1) How many total subnets does the organization need today? 
2) How many total subnets will the organization need in the future? 
3) How many hosts are there on the organization's largest subnet today? 
4) How many hosts will there be on the organization's largest subnet in the future? 
 
The first step in the planning process is to take the maximum number of subnets required 
and round up to the nearest power of two. For example, if a organization needs 9 subnets, 2^3 (or 8) will not provide enough subnet addressing space, so the network administrator will need to round up to 2^4 (or 16). 
 
When performing this assessment, it is critical that the network administrator also allow for adequate future growth. For example, if 14 subnets are required today, then 16 subnets might not be enough in three years. 
 
The next step is to make sure that there are enough host addresses for the organization's largest subnet. If the largest subnet needs to support 50 host addresses today, 2^5 (or 32) will not provide enough host address space so the network administrator will need to round up to 2^6 (or 64). 
 
The final step is to make sure that the organization's address allocation provides enough bits to deploy the required subnet addressing plan. For example, if the organization has a single /16, it could easily deploy 4-bits for the subnet-number and 6-bits for the host number. However, if the organization has several /24s and it needs to deploy 9 subnets, it may be required to subnet each of its /24s into four subnets (using 2 bits) and then build the Internet by combining the subnets of 3 different /24 network numbers. An alternative solution, would be to deploy network numbers from the private address space 
 
## 
##  Other Considerations 
## 
 
RIP-1 Permits Only a Single Subnet Mask. When using RIP-1, subnet masks have to be uniform across the entire network-prefix. RIP-1 allows only a single subnet mask to be used within each network number because it does not provide subnet mask information as part of its routing table update messages. In the absence of this information, RIP-1 is forced to make very simple assumptions about the mask that should be applied to any of its learned routes. 
 
How does a RIP-1 based router know what mask to apply to a route when it learns a 
new route from a neighbor? 
 
If the router has a subnet of the same network number 
assigned to a local interface, it assumes that the learned subnetwork was defined using 
the same mask as the locally configured interface. However, if the router does not have a 
subnet of the learned network number assigned to a local interface, the router has to 
assume that the network is not subnetted and applies the route's natural classful mask. 
 
How does a RIP-1 based router know if it should include the subnet-number bits in a 
routing table update to a RIP-1 neighbor? 
 
A router executing RIP-1 will only advertise the subnet-number bits on another port if the update port is configured with a subnet of the same network number. If the update port is configured with a different subnet or network number, the router will only advertise the network portion of the subnet route and "zero-out" the subnet-number field. For example, assume that Port 1 of a router has been assigned the IP address 130.24.13.1/24 and that Port 2 has been assigned the IP address 200.14.13.2/24. Also, assume that the router has learned about network 130.24.36.0 from a neighbor. Since Port 1 is configured with another subnet of the 130.24.0.0 network, the router assumes that network 130.24.36.0 has a /24 subnet mask. When it comes to advertise this route, it advertises 130.24.36.0 on Port 1, but it only advertises 130.24.0.0 on Port 2. 
 
For these reasons, RIP-1 is limited to only a single subnet mask for each network number. However, there are several advantages to be gained if more than one subnet mask can be assigned to a given IP network number: 
 
- Multiple subnet masks permit more efficient use of an organization's assigned IP address space. 
- Multiple subnet masks permit route aggregation which can significantly reduce the amount of routing information at the "backbone" level within an organization's routing domain. 
 
VLSM supports more efficient use of an organization's assigned IP address space. 
 
### 
###   IPv6 - The Next generation of IP 
### 
 
-- [Introduction] 
 
IPng was recommended by the IPng Area Directors of the Internet Engineering Task Force. It is documented in RFC 1752, "The Recommendation for the IP Next Generation Protocol" (July 25, 1994). The recommendation was approved by the Internet Engineering Steering Group and made a Proposed Standard on November 17, 1994 . 
 
The formal name of this protocol is IPv6 where the "6" refers to it being assigned version number 6. The current version of the Internet Protocol is version 4 (referred to as IPv4). 
 
IPv6 is a new version of IP which is designed to be an evolutionary step from IPv4. It is a natural increment to IPv4. It can be installed as a normal software upgrade in Internet devices and is interoperable with the current IPv4. IPv6 is designed to run well on high performance networks (e.g., ATM) and at the same time is still efficient for low bandwidth networks (e.g., wireless). In addition, it provides a platform for new Internet functionality that will be required in the future. 
 
-- [Key Issues] 
There are several key issues that should be considered when reviewing the design of the next generation Internet protocol. Some are very straightforward. For example the new protocol must be able to support large global internetworks. Others are less obvious. There must be a clear way to transition the current large installed base of IPv4 systems. It doesn't matter how good a new protocol is if there isn't a practical way to transition the current operational systems running IPv4 to the new protocol. 
 
-- [Growth] 
 
Growth is the basic issue which caused there to be a need for a next generation IP. Our experience with IPv4 it is that the addressing and routing must be capable of handling reasonable scenarios of future growth. It is important that we have an understanding of the past growth and where the future growth will come from. 
 
Currently IPv4 serves what could be called the computer market. The computer market has been the driver of the growth of the Internet. It comprises the current Internet and countless other smaller intranets which are not connected to the Internet. Its focus is to connect computers together in the large business, government, and university education markets. This market has been growing at an exponential rate. The computers which are used at the endpoints of Internet communications range from PC's to Supercomputers. Most are attached to Local Area Networks (LANs) and the vast majority are becoming more mobile. 
 
The next phase of growth will probably not be driven by the computer market. While the computer market will continue to grow at significant rates due to expansion into other areas such as schools (elementary through high school) and small businesses, it is doubtful it will continue to grow at an exponential rate. What is likely to happen is that other kinds of markets will develop. These markets will fall into several areas. They all have the characteristic that they are extremely large. They also bring with them a new set of requirements which were not as evident in the early stages of IPv4 deployment. The new markets are also likely to happen in parallel with one another. 
 
It may turn out that we will look back on the last ten years of Internet growth as the time when the Internet was small and only doubling every year. The challenge for an IPv6 is to provide a solution which solves today's problems and is attractive in these emerging markets. 
 
Nomadic personal computing devices are proliferating as their prices drop and their capabilities increase. A key capability is that they will are networked. Unlike the majority of today's networked computers they will support a variety of types of network attachments. When disconnected they use RF wireless networks, when used in networked facilities they can use infrared or WiFi attachment, and when docked they may use physical wires. This makes them an ideal candidate for internetworking technology as they will need a common protocol which can work over a variety of physical networks. These types of devices are general consumer devices and will replace the current generation of cellular phones, pagers, and personal digital assistants over time, or the features integrated into tablets and other general purpose devices that may serve as all of these. In addition to the obvious requirement of an Internet protocol which can support large scale routing and addressing, they require an Internet protocol which imposes a low overhead and supports auto configuration and mobility as a basic element. The nature of nomadic computing requires an Internet protocol to have built in authentication and confidentiality. It also goes without saying that these devices will need to communicate with the current generation of computers. The requirement for low overhead comes from the wireless media. 
 
Unlike LAN's which will be always increasing and very high speed, the wireless media will typically always be several orders of magnitude slower due to constraints on available frequencies, spectrum allocation, error rates, and power consumption. 
 
Another market is networked entertainment. This emerging market has new proposals being discussed for 500 channels of television, video on demand, etc. This is clearly a consumer market. The possibility is that every television set will become an Internet host. As the world of only digital high definition television approaches, the differences between a computer and a television will diminish. As in the previous market, this market will require an Internet protocol which supports large scale routing and addressing, and auto configuration. This market also requires a protocol suite which imposes the minimum overhead to get the job done. Cost will be the major factor in the selection of an appropriate technology. 
 
Another market which could use the next generation IP is device control. This consists of the control of everyday devices such as lighting equipment, heating and cooling equipment, motors, and other types of equipment which are currently controlled via analog switches and in aggregate consume considerable amounts of electrical power. The size of this market is enormous and requires solutions which are simple, robust, easy to use, and very low cost. The potential pay-back is that networked control of devices will result in cost savings which are extremely large. 
 
The challenge the IETF faced in the selection of an IPng is to pick a protocol which meets today's requirements and also matches the requirements of these emerging markets. These markets will happen with or without an IETF IPng. If an IETF IPng is a good match for these new markets it is likely to be used. If not, these markets will develop something else. They will not wait for an IETF solution. If this should happen it is probable that because of the size and scale of the new markets the IETF protocol would be supplanted. If the IETF IPng is not appropriate for use in these markets, it is also probable that they will each develop their own protocols, perhaps proprietary. The result of the development of the protocols and the design has been a settling on IPv6 as the appropriate IPng that has gained traction. While adoption has been slow, there is a fair amount of deployment in Japan and other countries, and it is slowly becoming more common with the backbone of the US networks and almost all modern OS versions have IPv6 support standard. 
 
## 
##  Transition 
## 
 
Slowly, we are seeing a conversion and adoption of IPv6, starting with the core networks and working their way out to the end systems over time. Two factors are driving this: routing and addressing. Global Internet routing based on the on 32-bit addresses of IPv4 is becoming increasingly strained, although a large amount of the pressure was relieved with widespread use of NAT (Network Address Translation), which allowed more sparing use of IPv4 addresses for public facing interfaces, but allowed internal systems in corporate and home networks to use private, non-routable IP ranges. IPv4 address do not provide enough flexibility to construct efficient hierarchies which can be aggregated, and while the deployment of Classless Inter- Domain Routing has extended the life time of IPv4 routing by years, the effort to manage the routing will continue to be strained. Even if the IPv4 routing can be scaled to support a full IPv4 Internet, the Internet will eventually run out of network numbers. There is no question that an IPv6 is needed, but only a question of when. 
 
The challenge for an IPv6 is for its transition to be complete before IPv4 routing and addressing break. The transition will be much easier if IPv4 address are still globally unique. The two transition requirements which are the most important are flexibility of deployment and the ability for IPv4 hosts to communicate with IPv6 hosts. There will be IPv6- only hosts, just as there will be IPv4-only hosts. 
 
The capability must exist for IPv6-only hosts to communicate with IPv4-only hosts globally while IPv4 addresses are globally unique. The deployment strategy for an IPv6 must be as flexible as possible. The Internet is too large for any kind of controlled roll out to be successful. 
 

#  IPv6 Overview 

 
IPv6 was designed to take an evolutionary step from IPv4. Functions which work in IPv4 were kept in IPv6. Functions which didn't work were removed. The changes from IPv4 to IPv6 relate mostly to expanded Routing and Addressing capabilities. 
 
IPv6 increases the IP address size from 32 bits to 128 bits to support more levels of addressing hierarchy and a much greater number of addressable nodes and simpler auto-configuration of addresses. 
 
The scalability of multicast routing is improved by adding a "scope" field to multicast addresses. 
A new type of address called a "anycast address" is defined, to identify sets of nodes where a packet sent to an anycast address is delivered to one of the nodes. The use of anycast addresses in the IPv6 source route allows nodes to control the path which their traffic flows. 
 
[Header Format Simplification] 
 
Some IPv4 header fields have been dropped or made optional, to reduce the common-case processing cost of packet handling and to keep the bandwidth cost of the IPv6 header as low as possible despite the increased size of the addresses. Even though the IPv6 addresses are four times longer than the IPv4 addresses, the IPv6 header is only twice the size of the IPv4 header. 
 
[Improved Support for Options] 
 
Changes in the way IP header options are encoded allows for more efficient forwarding, less stringent limits on the length of options, and greater flexibility for introducing new options in the future. 
 
[Quality-of-Service Capabilities] 
 
A new capability is added to enable the labeling of packets belonging to particular traffic "flows" for which the sender requests special handling, such as non-default quality of service or "real- time" service. 
 
[Authentication and Privacy Capabilities] 
 
IPv6 includes the definition of extensions which provide support for authentication, data integrity, and confidentiality. This is included as a basic element of IPv6 and will be included in all implementations. The IPv6 protocol consists of two parts, the basic IPv6 header and IPv6 extension headers. 
 

#  IPv6 Extensions 

 
IPv6 includes an improved option mechanism over IPv4. IPv6 options are placed in separate extension headers that are located between the IPv6 header and the transport-layer header in a packet. Most IPv6 extension headers are not examined or processed by any router along a packet's delivery path until it arrives at its final destination. This facilitates a major improvement in router performance for packets containing options. In IPv4 the presence of any options requires the router to examine all options. 
 
The other improvement is that unlike IPv4 options, IPv6 extension headers can be of arbitrary length and the total amount of options carried in a packet is not limited to 40 bytes. This feature plus the manner in which they are processed, permits IPv6 options to be used for functions which were not practical in IPv4. A good example of this is the IPv6 Authentication and Security Encapsulation options. 
 
The IPv6 extension headers which are currently defined are: 
- Routing 
- Extended Routing (like IPv4 loose source route). 
- Fragmentation 
- Fragmentation and Re-assembly. 
- Authentication 
- Integrity and Authentication. Security 
- Encapsulation 
- Confidentiality. 
- Hop-by-Hop Option (Special options which require hop by hop processing.) 
- Destination Options (Optional information to be examined by the destination node.) 
 
note: IPv4 can encapsulate IPv6 packets (aka tunnel) 
 

#  IPv6 Addressing 

 
IPv6 addresses are 128-bits long and are identifiers for individual interfaces and sets of interfaces. 
IPv6 Addresses of all types are assigned to interfaces, not nodes. Since each interface belongs to a single node, any of that node's interfaces' unicast addresses may be used as an identifier for the node. A single interface may be assigned multiple IPv6 addresses of any type. 
 
There are three types of IPv6 addresses. These are unicast, anycast, and multicast. Unicast addresses identify a single interface. Anycast addresses identify a set of interfaces such that a packet sent to a anycast address will be delivered to one member of the set. Multicast addresses identify a group of interfaces, such that a packet sent to a multicast address is delivered to all of the interfaces in the group. There are no broadcast addresses in IPv6, their function being superseded by multicast addresses. 
 
IPv6 supports addresses which are four times the number of bits as IPv4 addresses (128 vs. 32). This is 4 Billion times 4 Billion (2^^96) times the size of the IPv4 address space (2^^32). This works out to be: 
 
340,282,366,920,938,463,463,374,607,431,768,211,456 
 
This is an extremely large address space. 
 
The assignment and routing of addresses requires the creation of hierarchies which reduces the efficiency of the usage of the address space. 
 

#  IPv6 Routing 

 
Routing in IPv6 is almost identical to IPv4 routing under CIDR except that the addresses are 128- bit IPv6 addresses instead of 32-bit IPv4 addresses. With very straightforward extensions, all of IPv4's routing algorithms (OSPF, RIP, IDRP, ISIS, etc.) can used to route IPv6. 
 
IPv6 also includes simple routing extensions which support powerful new routing functionality. These capabilities include: 
 
- Provider Selection (based on policy, performance, cost, etc.) 
- Host Mobility (route to current location) 
- Auto-Readdressing (route to new address) 
 
The new routing functionality is obtained by creating sequences of IPv6 addresses using the IPv6 Routing option. The routing option is used by a IPv6 source to list one or more intermediate nodes (or topological group) to be "visited" on the way to a packet's destination. This function is very similar in function to IPv4's Loose Source and Record Route option. 
 

#  IPv6 Quality-of-Service Capabilities 

 
The Flow Label and the Priority fields in the IPv6 header may be used by a host to identify those packets for which it requests special handling by IPv6 routers, such as non-default quality of service or "real-time" service. This capability is important in order to support applications which require some degree of consistent throughput, delay, and/or jitter. These type of applications are commonly described as "multi- media" or "real-time" applications. 
 
[Priority] 
 
The 4-bit Priority field in the IPv6 header enables a source to identify the desired delivery priority of its packets, relative to other packets from the same source. The Priority values are divided into two ranges: Values 0 through 7 are used to specify the priority of traffic for which the source is providing congestion control, i.e., traffic that "backs off" in response to congestion, such as TCP traffic. Values 8 through 15 are used to specify the priority of traffic that does not back off in response to congestion, e.g., "real-time" packets being sent at a constant rate. 
 

#  IPv6 Security 

 
The current Internet has a number of security problems and lacks effective privacy and authentication mechanisms below the application layer. IPv6 remedies these shortcomings by having two integrated options that provide security services. These two options may be used singly or together to provide differing levels of security to different users. This is very important because different user communities have different security needs. 
 
The first mechanism, called the "IPv6 Authentication Header", is an extension header which provides authentication and integrity (without confidentiality) to IPv6 datagrams. While the extension is algorithm- independent and will support many different authentication techniques, the use of keyed MD5 is proposed to help ensure interoperability within the worldwide Internet. This can be used to eliminate a significant class of network attacks, including host masquerading attacks. The use of the IPv6 Authentication Header is particularly important when source routing is used with IPv6 because of the known risks in IP source routing. Its placement at the Internet layer can help provide host origin authentication to those upper layer protocols and services that currently lack meaningful protections. 
 
This mechanism should be exportable by vendors in the United States and other countries with similar export restrictions because it only provides authentication and integrity, and specifically does not provide confidentiality. The exportability of the IPv6 Authentication Header encourages its widespread deployment and use. 
 
The second security extension header provided with IPv6 is the "IPv6 Encapsulating Security Header" . This mechanism provides integrity and confidentiality to IPv6 datagrams. It is simpler 
than some similar security protocols (e.g., SP3D, ISO NLSP) but remains flexible and algorithm-independent. To achieve interoperability within the global Internet, the use of DES CBC is being used as the standard algorithm for use with the IPv6 Encapsulating Security Header. 
 

#  Transition Mechanisms 

 
The key transition objective is to allow IPv6 and IPv4 hosts to interoperate. A second objective is to allow IPv6 hosts and routers to be deployed in the Internet in a highly diffuse and incremental fashion, with few interdependencies. A third objective is that the transition should be as easy as possible for end- users, system administrators, and network operators to understand and carry out. 
 
The IPv6 transition mechanisms are a set of protocol mechanisms implemented in hosts and routers, along with some operational guidelines for addressing and deployment, designed to make transition the Internet to IPv6 work with as little disruption as possible. 
 
note: regarding "hardware" compatibility, yes IPv6 is just a protocol so any HW that can run IPv4 should be in theory able to run IPv6 because L3 protocl is really dependent on firmware/software but in reality firmware/software may be coupled with HW when it comes to routers/computers so it is not quite correct to say "any HW that currently runs IPv4 can run IPv6" 
 

#  Summary 

 
There are a number of reasons why IPv6 is appropriate for the next generation of the Internet Protocol. It solves the Internet scaling problem, provides a flexible transition mechanism for the current Internet, and was designed to meet the needs of new markets such as nomadic personal computing devices, networked entertainment, and device control. It does this in a evolutionary way which reduces the risk of architectural problems. 
 
IPv6 is designed to interoperate with IPv4. Specific mechanisms (embedded IPv4 addresses, pseudo- checksum rules etc.) were built into IPv6 to support transition and compatibility with IPv4. It was designed to permit a gradual and piecemeal deployment with a minimum of dependencies. 
 
IPv6 supports large hierarchical addresses which will allow the Internet to continue to grow and 
provide new routing capabilities not built into IPv4. It has anycast addresses which can be used for policy route selection and has scoped multicast addresses which provide improved scalability over IPv4 multicast. It also has local use address mechanisms which provide the ability for "plug and play" installation. 
 
The address structure of IPv6 was also designed to support carrying the addresses of other Internet protocol suites. Space was allocated in the addressing plan for IPX and NSAP addresses. This was done to facilitate migration of these Internet protocols to IPv6. 
 
IPv6 provides a platform for new Internet functionality. This includes support for real-time flows, 
provider selection, host mobility, end-to- end security, auto-configuration, and auto-reconfiguration. 
 
 
### 
###  Internetworking networks 
### 
 

#  Introduction 

 
In the early 1980s LANs were strictly local area networks that is a mechanism to link small contiguous groups of computers in company departments. As these department LANs proliferated within these companies, users began connecting them together to allow inter-department communications and resource sharing. This gave birth to LAN internetworks. Initially these were strictly data link layer (bridged) internetworks. As the geographical boundaries of the interconnected departments expanded more complexity in the form of multiple and alternate paths and public network components (WANs) required internetworking to move beyond the data link layer into the network layer. While this provided communication capability for LAN based end devices, many companies still had additional network infrastructure to support their traditional, non LAN based computing environment, i.e., their mainframe and/or supermini computing networks. Since these were based on a proprietary network architecture and standards they were not readily adaptable to the LAN intermediary and end devices. The desire to merge two totally different network architectures into a single interconnected physical environment gave birth to network "gateways." 
 
In class # 1 we discussed how LANs can be thought of from two perspectives: 
 
- From a data link technology perspective 
- From a networking software perspective 
 
When we talk about internetworking we can also think of the process from two similar perspectives. 
 
- From a physical componentry perspective 
- From a logical software perspective 
 
The logical software perspective is often referred to as "Interoperability" rather than internetworking. Neither the physical or logical perspective falls neatly into either of these labels. Physical components like routers also include network layer software necessary for them to provide internetworking. Middleware products like those based on CORBA or DCE standards provide networked systems interoperability but are not network standards. Finally Gateways combine both hardware and software to provide interoperability. 
 
For purposes of this course, Internetworking from a physical perspective will refer to network interconnection devices such as Bridges, Routers and Switches/Hubs. Internetworking from a logical perspective will refer to the process for supporting multiple network layer protocols and the mechanisms for handling higher layer information across dissimilar layer three protocols. 
 
This class will focus on internetworking from a logical perspective. The next class will focus on the physical perspective. 
 
## 
##  Internetworking from a Logical Perspective 
## 
 
Internetworking is ability to send messages from one network segment (data link layer) to another. Along with congestion control and routing, internetworking is a important function of the network layer. Internetworking has added complexities in addition to those associatesd with single network routing. There is the added problem of understanding how to reach many different networks to get to the network we want and the bigger problem of encountering different protocols on those networks. There are many methods of internetworking. Which one(s) are used depends on what higher layer services need to be supported and how much control one has over the entire network path from end to end. 
 
Logical internetworking is addressed from two interdependent perspectives: 
 
- The protocols and protocol encapsulation/resolution capabilities of intermediary network devices. 
- The protocols and protocol translation capabilities supported within the end devices. 
 
It is important to recognize that the selection of which protocol to use is made by the application on the originating station, and unlike MAC layer protocols, must also be utilized by the ultimate receiving station as well. In other words, an IP packet can be sent from a station on Ethernet to a destination station on Token Ring or FDDI. The destination station does not have to be on Ethernet. The destination station does however have to be running IP since the LLC will identify the IP SNAP address and attempt to call the IP program stack. 
 
It is also important to recognize that any intermediary networks in the path between the originating and receiving station do not necessarily have to utilize the same protocol. Techniques can be employed to allow the original protocol information to be preserved and transported across a different network and restored to its original protocol format when processed on the receiving stations network. 
 
## 
##  Network Protocol Tunneling 
## 
 

#  What is Tunneling ? 

 
Tunneling is the technique of "wrapping" a packet generated by one protocol inside a packet generated by a different protocol and sending it across the network based on the (second) outside protocol. When the packet reaches the router at the destination networks edge that supports both protocols the router strips off the secondary header, leaving the original protocol packet which is then placed on the destination network. In this manner, workstations and servers on different networks interconnected by alternate protocols can see each other . There is a performance penalty compared to end to end native transmissions. 
 
The "wrapping" and "unwrapping" (or more formally known as encapsulation and decapsulation) can be supported within an end device like a server as well as within an intermediary device like a router. 
 

#  IP Tunneling of IPX 

 
IP Tunneling is the act of wrapping an IPX packet inside an IP packet and sending it to the closest IP router. This IP router then routes the packet to a destination IP router that strips off the IP header, leaving a native IPX packet on the destination network. 
 
There are two ways to set up IP tunneling of IPX: 
 
1. workstation-to-server 
2. server-to-server 
 
Workstation-to-Server IP Tunnel allows a NetWare workstation to tunnel to a NetWare server on another network, even if there is no NetWare server on the workstation's local network. 
 
Server-to-Server IP Tunnel sets up a tunnel between two NetWare servers that will allow IPX workstations attached to either server to see the remote server on the other end of the tunnel. 
 

#  Predominant Usage of Tunneling 

 
While tunneling can be used in local area internetworking, it is most often used in wide area network interconnections of local area networks. IP can be "tunnelled" over a Frame Relay or ATM network with the edge device routers stripping away the Frame Relay packets or re-assembling the ATM cells. This IP packet in turn could have encapsulated an IPX packet to be delivered to a local Netware workstation or server. 
 

#  Virtual Private Networks 

 
Virtual Private Networks, or VPNs implement tunnelling to allow clients to have a secure connection from an end system to an otherwise firewalled or secure network. This allows your local endpoint to be able to create a tunnel through the public internet to a VPN gateway that is running in the target network. The VPN client performs a handshake and authentication with the gateway, and then established a connection along with IP routes that make sure that addresses on the remote network would be routed through the tunnel. These tunnels are usually just IP packets tunnelled inside another IP packet - where the outer IP packet is used to move the encrypted data through the public internet to the VPN gateway and back to the end station. This is useful for connecting from public places like coffee shops that may be insecure. 
 
### 
###  Multiple Protocol Support 
### 
 
In the previous section tunneling addressed the problem of moving packets across networks where a different protocol than that used by the two end devices sits along the routing path. This does not however address the issue of how to support another application on the end devices that uses a different, additional protocol. As stated in the introduction section of this class, it is the application that determines the protocol to use. If applications requiring different protocols are used on the same end station, then that end station must be able to support all those protocols either directly or indirectly. Each protocol directly supported must be capable of being loaded and run on the supporting device. These programs are often referred to as the "protocol stacks". This is distinct and different from tunnelling - which does not need to understand the protocol being tunnelled at all, due to the encapsulation in a native protocol that can be directed through the normal means. While this is one mechanism that was used - you will rarely, if ever, see this in production today. This is shown to illustrate the challenge of handling interoperability, and one solution that was put in place early on. 
 
## 
##  Supporting Multiple Protocol Stacks 
## 
 
There are three ways that multiple protocol stacks can be supported: 
 
- In the Client 
- In a Server 
- Through a Gateway 
 
Each implementation has its positives and negatives and provides a different set of capabilities. Which one to use is a factor of the requirements of the specific user's desktop applications. The following diagrams help to describe these three above options and will be referenced in the descriptions of these three options that follows. 
 
## 
##  Multiple Protocol Stacks in the Client 
## 
 
Today, the most common way for supporting multiple protocols is to have those protocols installed on every end device that requires them. Even this is rare, because IP has become ubiquitous. This was not always the case; especially where PC clients were concerned. Memory restrictions on old DOS/Intel PC's limited the available memory for loading TSR (Terminate and Stay Resident) programs often restricting use to a single protocol. The replacement of DOS as the PC operating systems and the advent of virtual drivers that could load and operate in extended memory alleviated this restriction. A second major improvement in all end devices was the replacement of "static" LLC stack managers with "Dynamic" managers. Static managers required that all protocols be bound to the network device and loaded into the stack memory register at boot time. This meant that all the protocols had to be loaded and in a "callable" state even if they were not used. Dynamic manages allowed the boot bindings to occur but dynamically link the protocol libraries only when needed. This freed up stack register and environment space for other programs. 
 
In the client, both protocols are controlled by the LLC which has bound both to the MAC layer of the NIC. For outgoing messages the higher layer application makes its call to the appropriate lower layer protocol. For example, the browser application on the client makes a call to TCP/IP to connect to a Web Server. A file print command from that browser to print the web page to a network printer invokes the Netware client module to call SPX/IPX to send the print file to the print queue on the Netware server. 
 
At the network layer, the IP or IPX packet will be constructed with the appropriate destination address inserted as determined by the higher layer application. The LLC Encodes the appropriate SNAP address and passes the information down to the MAC layer for frame encapsulation and transmission. 
 
The mechanism for determining the network layer destination address is specific to the protocol being used. This process is described in a later section of this weeks class (Naming Services). This allows the client to use more than one protocol. 
 
The advantage of this approach is that multiple protocol clients can support and run applications designed or configured for any of the installed protocols. Some applications can only use a specific underlying protocol and therefore, cannot be loaded on the client unless the underlying protocol is also loaded. Any applications that can access the Internet like FTP or PING for example must use the IP protocol. 
 
The disadvantage of this approach is a more complex client configuration and more complicated routing tables in intermediary devices to support all the client installed protocols. 
 
## 
##  Multiple protocol stacks in a server 
## 
 
A second way to support multiple protocols is within a server. 
 
The advantage of this approach is that it simplifies the client configurations necessary to communicate with the server. While it cannot facilitate the end to end communications of two devices with dissimilar protocols it can resource access and sharing to provide indirect communication. 
 
 
The disadvantage of this approach is that client can only run programs designed or configured for their specific, installed protocol. The other disadvantage of this approach is the added complexity of the multi protocol configured server. The danger is allowing these multi protocol servers to act as routers in addition to their intended primary purpose. This routing can drain server resources and slow performance of the primary functions. 
 
## 
##  Multiple protocol support through gateways 
## 
 
A third way to support multiple protocols is through a gateway. A gateway is a device that at a minimum translates from one network layer protocol to another and potentially one full seven layer architecture to another. Full Network translation gateways usually require a piece of installed software on the client designed to run within the client's installed protocol that "tricks" the application into thinking that it is running in its native network environment. This transaction however is encapsulated in the non native protocol in the client and routed by that protocol to the gateway device. Once received by the gateway all the underlying non native components are removed leaving only the native components generated by the application. This portion is then formatted with the appropriate native components for all the underlying layers and sent out over the native network. Hence gateways can have the following characteristics: 
 
- They can be connected to and participate in two separate networks. 
- These two networks are potentially two totally different network architectures. 
- A full translation of all services at every network layer is performed if necessary. 
 
The advantage of a gateway is that it allows devices on one network architecture to communicate with devices on a totally different network architecture. Without the gateway server (and the associated emulation software on the client) PCs would be incapable of connecting to IBM SNA networks. 
 
The disadvantage of gateways is that they can create bottlenecks. Translating up to seven layers from one network architecture to another is a resource intensive process. There may be speed mismatches between the two networks which may introduce further delays 
 
One final note - the reality of the current networks is that this has become essentially non-existent because of tunnelling. The technology referenced above has all disappeared from the technology landscape, and typically everything is implemented in IP and using tunnelling for things like VPNs. 
 
### 
###  Internetworking Enabling Services 
### 
 
Routers compile and maintain information on how to reach other networks. The question that needs to be answered before routing begins is exactly what device on which specific network do I want to reach. In other words, the network layer destination address is all the router needs to identify an appropriate route but how is the destination address determined? 
 
In the case of tunneled protocols, how does the tunneling protocol know which address in its protocol tables represents the edge device to the network that knows how to reach the encapsulated protocols destination address? 
 
Three examples of mechanisms that help applications identify resources across networks are Host Files, Domain Name Services (DNS) and Windows Internet Naming Service (WINS). 
 

#  Host Files 

 
Host files contain mappings of network addresses to host names. Host name is not to be confused with the Host ID portion of the network address. The host name is an arbitrary name associated to the service within the application. When the  local system attempts to connect to a host by name, it can use this file to lookup the network address using the hostname and the host file. 
 
Host files are stored on the local device and used by local applications. One disadvantage of using host files is that the information has to be maintained on all local devices that use the host. If the need arises to change the network address of the host system the host name to network address mapping in all the host files distributed on devices throughout the network have to be updated. 
 
An example of a host name could be "mailserver" which is used by the mail client software to identify the destination device where the mail post office resides. The host table would identify the network address of the device on the network known as the mailserver. This address is then inserted as the destination address of the packet processed by the network layer protocol. 
 

#  DNS 

 
Domain Name Services provide a role similar to host files. Domain Name Services are provided by an application and database running on a server instead of the client like the Host file and process. Internal Domain Name Servers are set up inside a companies private network for identifying internal named services. External Domain Services are a component of the Internet and provide all Internet and WWW users with Domain name to IP address resolution world wide. DNS is discussed further in the next section. 
 

#  WINS 

 
WINS is a service run on Windows NT server machines to provide Windows clients (Windows NT, Windows 9X, Windows For Workgroups & Microsoft LanMan) a way to find other Windows based machines. WINS, which stands for Windows Internet Naming Service, resolves Windows network machine names (also known as NetBIOS names) to Internet IP addresses, allowing Windows machines on a network to find and communicate with each other. 
 
Utilizing a WINS server is essential for any Windows client machine that intends to work with other Windows machines over the Internet. To utilize WINS services you must insert the IP address of the WINS servers you wish to use into your TCP/IP networking configuration. 
 
WINS servers function as network layer protocol tunneling gateways, the tunnelled protocol is the non-routable NetBIOS protocol. 
 
### 
###  DNS: Domain Name Services 
### 
 
When you look for a particular web site on the Internet, entering a value like "WWW.UML.EDU" in your browser is a lot easier than remembering the site's numeric IP address. But if you examined the packets that pass between your browser and the UML site, you'd see the specific UML IP addresses in the packet header. You may ask yourself, "Where did the knowledge of which IP address is associated with UML come from?" 
 
Domain Naming Service (DNS), an Internet protocol and distributed database, provides the mapping between these "names" associated with the site and the actual IP address for that site. 
 
Having a basic understanding of how DNS works is key to successfully administering an Internet-connected network. First we need to take a quick look at the structure of Internet host names. The last portion of a host name, such as .com, is the top-level domain to which the host belongs. In addition to the .com domain, there are six other top-level domains assigned by InterNIC, the coordinating body for Internet name services. 
 
If the site is outside the United States, the organization that assigns domain names has its own standards. In most cases, top-level domains for non-U.S. hosts look something like .co.uk or .ac.uk, which indicate a company or academic institution in the United Kingdom. 
 
At the top of the DNS database tree are root name servers, which contain pointers to master name servers for each of the top-level domains. For example, to find out the numeric address of www.uml.edu, a DNS server would ask the root name server for the address of the master name server for the .edu domain. 
 
In turn, the master name servers for each of the top-level domains contain a record and name-server address of each domain name. So in trying to find out the numeric address of www.uml.edu, the DNS server asks the .edu server for the name of the server that handles the uml.edu domain. 
 
The individual name servers for each domain name, such as uml.edu, contain detailed address information for the hosts in that domain. So in our example, the DNS server then asks the uml.edu server for the name of the server that handles the uml.edu domain. 
 
Finally, this most specific name server supplies the DNS server with the IP address of the machine called www.uml.edu. 
 
Providing DNS to your users is an important part of linking them to the Internet. There are two basic ways to configure DNS. One option is to use your ISP's (Internet service provider's) DNS server. Many ISPs will let you do this. Another option is to set up a DNS server on your own network. 
 
## 
##  ISP provided DNS service 
## 
 
There are three steps to this process. First, have your ISP inform the InterNIC that it is providing both primary and secondary DNS services for your organization. 
 
Second, your ISP will give you the numeric IP addresses of the primary and secondary DNS servers, which you'll need to configure your users' TCP/IP stacks. You can do this by entering the information manually either at the desktop or at your Dynamic Host Configuration Protocol (DHCP) server. 
 
Finally, you need to tell your ISP about the DNS records that you wish to publish to allow outside users to interact with your network. 
 
In addition, if you want to receive E-mail from the Internet, you will need to have a Mail Exchange (MX) record for your domain in your ISP's DNS database. MX refers to a machine that accepts E-mail connections for your domain. 
 
If you plan to use your ISP's DNS server, you'll also need to have the ISP set up some A records, which associate IP addresses with computer names. Each of the computers mentioned in your MX records needs an A record to associate them with an IP address. 
 
You may also want to set up A records for each of your workstations if your users need to use ftp (File Transfer Protocol) to download software from the Internet. This is because some ftp sites perform a look up to get the DNS name of the machine from which they receive download requests. If the machine has no name, the sites deny the request. 
 
You'll also need A records for any public servers you maintain. For example, if you have a World Wide Web server, you'll need to have the ISP set up an A record linking the name www.zzzz.com to the IP address of your Web server. 
 
## 
##  Internal Domain Name Servers 
## 
 
If your ISP does not provide name services or if you need to have a DNS server at your site to support internal networking applications, the first thing you need to know is that you must have at least two name servers--a primary and a secondary. 
 
This is because the InterNIC will not grant you a domain name unless there are at least two DNS servers on the Internet with information about that domain. Another reason for a second server is that you really need the fault tolerance a second name server can provide. If your one and only DNS server goes down, your users will be cut off from the Internet names and would need to rely on IP addresses only. 
 
Some sites take a middle-of-the-road approach and use an on site DNS server as well as their ISP's. Because maintenance of the domain names is done at the primary name server, choosing which one is primary and which is secondary is quite important. 
 
If you choose to administer the primary name server yourself, keep in mind that you'll have to maintain the DNS records. 
 
If you choose to have a secondary name server on site, your ISP will do all of the work, and your secondary name server will simply download the data about your domain from the primary server periodically. 
 
Why should you bother with having a DNS server on your LAN in the first place? There are a few reasons. 
 
First, if you are running IP network-based applications inside your network that require users to connect to internal machines by name, it is not a great idea to advertise the names and addresses of these machines. DNS can give hackers a map of your network, so setting up an internal DNS server that does not publish information to the world is a good idea. 
 
Second, a DNS server inside your network lets you be the master of your own domain. You can make changes, additions, and deletions on your own schedule. 
 
Finally, name resolution will be faster for your users because your DNS server is probably not as heavily loaded as your ISP's server. 
 
## 
##  Top-level domains 
## 
 
The core three-letter top-level domains are .COM, .NET, .ORG, .EDU, .INT, .MIL and .GOV. The first three are operated on commercial principles, while the last four have restrictive conditions on who can register names in those domains (respectively, four-year degree granting institutions in North America, organisations that were established by international treaty, the USA military, and the USA federal government). More TLDs are being added over time and as demand rises. 
 
In addition, there are two-letter top-level domains for each country, and a special domain .ARPA which currently contains some Internet infrastructure databases. 
 
### 
###  SNA Gateways 
### 
 
[Introduction] 
The continuously increasing demand for access to TCP/IP based applications like the World Wide Web and Corporate Intranets forced more and more companies to deal with the integration of SNA with TCP/IP, although most new networks and systems are focused exclusively on TCP/IP and do not need to deal with SNA at all. 
 
The remaining SNA applications, because they are more often than not mission-critical, are firmly entrenched in many corporations. The desire to run SNA applications in parallel with newer TCP/IP applications arises. SNA and TCP/IP however are two very distinct ways of connecting computing devices, and the potential for compromising the functionality of end users or network management during the integration is very real. Common problems that arise include loss of such SNA functions as terminal control keys or other bad keyboard mappings and loss of print completion acknowledgment over TCP/IP. 
 

#  The Evolution of SNA 

Since IBM began selling modern business systems, Systems Network Architecture (SNA) has been coming with them. SNA has proved to be reliable, predictable and manageable. SNA Networks were built to link these business systems based on low-bandwidth point-to-point connections. 
 
Personal computers with SNA emulation software started replacing fixed function terminals. In the following years, coax controllers with SDLC links were superseded by LANs. With this second evolution came advanced router technology and high-bandwidth enterprise networks. 
 
The single largest technology to impact the role and ultimately existence of SNA is TCP/IP and the explosion of its use on personal computers, workstations, and servers, both inside and outside the enterprise. TCP/IP provides peer-to-peer connectivity and simple access to a myriad of resources, all linked together by a common protocol. 
 
User demands for accessing internal resources and the Internet, has IS organizations struggling with the implementation of TCP/IP and related technologies on legacy systems and their supporting infrastructures. 
 
Many IS managers, unwilling to sacrifice their trusted 3270 SNA applications insist that it's just too expensive to rewrite their incumbent 3270 applications. With the ready availability of TCP/IP application environments now, this is fading quickly. In the cases where this is still an issue for their legacy applications, they make a conscious decision to forfeit the benefits of TCP/IP in the process. Others, eager to erase all traces of SNA, learn-too late-that TCP/IP information access applications lack important functionality that was deeply embedded in the application and hence required for the application to run. 
 
Integrating SNA with TCP/IP is one solution to satisfy the user demands while protecting the legacy investment. 
 
Implementing TCP/IP throughout your enterprise is a smart move because it has become the de facto industry standard for open network computing, and it will continue to grow.  Vendors are almost all offering support for TCP/IP, and the best of both worlds when legacy apps are required to be supported can be achieved by keeping SNA on the host and finding a sleek integration path. 
 

#  Integration Challenges 

While host access with TCP/IP is becoming functionally more SNA-like in many ways, distinct methodological differences remain between the two protocols. Application compatibility, network management, and functionality are typical concerns of IS managers as they attempt to integrate these two technologies. 
 

#  Application compatibility 

Generally 3270 applications were built with SNA networks in mind. They assume that the transport is SNA and tend to rely on functionality specific to SNA. On the other hand, an overwhelming majority of today's desktop systems are personal computers based on the Intel architecture and running some version of the Microsoft Windows operating system. Today, TCP/IP is a native part of that operating system. Therefore, providing access to host-based applications while avoiding the expense of SNA at the desktop or TCP/IP on the host becomes a challenge. While there are a number of ways to address this issue, the most popular is the use of an SNA gateway to integrate PC and host networks. 
 
SNA gateways can support batch, interactive, and transaction-based access to host applications from client workstations on a TCP/IP LAN and WAN. SNA gateways are so widely used because they can wear so many "hats." They can function as TCP/IP-to-SNA protocol converters, supporting TN3270 emulators and split-stack clients. Additionally, SNA gateways can act as servers for LU6.2 applications such as file transfer or database access. SNA gateways allow integration of SNA networks and TCP/IP networks by providing a transport protocol translation for the host applications being used by the clients. Some SNA gateways (like Microsoft SNA Server) even provide an "application" gateway that can convert FTP to AFTP (APPC) for transferring a file between LAN-based and host systems. Consequently, more and more IS managers have come to a comforting conclusion about SNA gateways: application compatibility just doesn't rear its troublesome head. 
 
## 
##  Basic SNA Concepts 
## 
 
SNA defines the standards, protocols, and functions used by devices-from mainframes to terminals-to enable them to communicate with each other in SNA networks. 
 
SNA functions are divided into a hierarchical structure of separate layers, each performing a specific set of functions. This division of network functions into layers enables network devices to share information and processing resources without having detailed information about each device on the network. A user at a workstation can communicate with another user without knowing anything about the physical devices on the network or the connections between those devices. 
 
SNA as a hierarchical architecture is not comprised of equal or "peer" components. As you move from the top of the hierarchical structure (the host mainframe) towards the bottom of the architecture (the "dumb terminal") the devices become less intelligent and contain less capability/functionality. This was a major drawback of the SNA architecture as originally designed brought to the forefront of interoperability as more and more dumb peripheral devices (terminals) were replaced with intelligent devices that could function as peer devices on a network. This shortcoming was addressed through the expansion of SNA to include peer processing capability with Advanced Peer to Peer Networking (APPN) 
 

#  SNA Network Types 

 
SNA supports the following types of networks: 
 
- A subarea network is a hierarchically organized network consisting of subarea nodes and peripheral nodes. Subarea nodes, such as hosts and communication controllers, handle general network routing. Peripheral nodes, such as terminals, attach to the network without awareness of general network routing. 
- A peer network is a cooperatively organized network consisting of peer nodes that all participate in general network routing. 
- A mixed network is a network that supports both host-controlled communications and peer communications. 
 

#  SNA Nodes 

In SNA networks, a node is a system, workstation, or other device-with associated software components-that implements SNA protocols and has at least one communication path to another node in the network. Each node manages its end of the network communication paths, and uses SNA protocols to communicate with the node at the other end of each path. 
 
Because subarea networks and peer networks define the relationships among nodes differently, they also use different terms for node types (to describe the roles that nodes play in the network). 
 
Node Types in a Subarea Network: 
 
- Subarea nodes control communication and network resources for all attached nodes. SNA classifies subarea nodes according to their capabilities and the amount of control they have over other nodes: 
 
- Type 5 nodes provide SNA functions that control network resources, support transaction programs, support network operators, and provide end-user services. Because these functions are often provided by host processors, type 5 nodes are also known as host nodes . The devices and resources controlled by a type 5 subarea node constitute the domain of that node. 
 
- Type 4 nodes provide SNA functions that route and control the flow of data in a part of the network. Because these functions are often provided by communication controllers, type 4 nodes are also known as communication controller nodes . 
Peripheral nodes serve subordinate roles in subarea networks. For example, a peripheral node can support 3270 emulation or dependent LU 6.2 communication. Peripheral nodes are devices such as distributed processors, cluster controllers, or workstations; they are also classified into type 2.0 and type 2.1 nodes: 
 
Type 2.0 nodes are always controlled by a type 4 or 5 node. They cannot establish communication with other nodes without the participation of a type 4 or 5 node. Type 2.0 nodes are referred to as dependent nodes . 
 
Type 2.1 nodes can act as dependent nodes, but they can also communicate directly with other type 2.1 nodes. 
 
A type 4 or 5 subarea node to which a peripheral node is attached acts as a boundary node. It performs a boundary function by translating between the network addresses used by a subarea node and the local addresses used by a peripheral node. 
 
A simple subarea network includes the following components: 
 
Host: 
- A host is a mainframe computer compatible with the original IBM System/370. A host is a type 5 node. 
 
Communication controller: 
- A communication controller, also known as a front-end processor (FEP), is a separate processor attached to the host. It manages the host's communications with other computers. 
 
Communications link: 
- A communications link connects the host site with an end-user site. The users are usually on a separate site from the host, so the two sites need to be connected by a communications link. 
 
Terminal controller: 
- At the remote end of the communications link is a terminal controller, also known as a cluster controller. It is responsible for controlling the use of the link, and routes data to the terminals. The most well-known IBM terminal controllers are the 3174 and 3274. 
 
Terminals: 
- Users run host applications or submit work to the host from terminals. The best-known IBM terminal is the 3270. A terminal can be connected through a terminal controller or directly connected to a communication controller. 
 
Printers: 
- Printers such as the IBM 3287 can also be attached to the terminal controller. They can receive output from the host. 
The traditional subarea SNA set-up enables the users to use the resources of a single host system. The terminals provide only simple data entry and display functions to and from the terminal controller; the terminal controller is responsible for handling SNA communications between the terminals and the host. 
 
## 
##  Gateway integration 
## 
As stated earlier SNA gateways consist of two components: 
 
- A server based component that connects to the SNA network on one side and the LAN on the other side. 
- A Client based component that runs on the workstation and provides SNA network services (from the Transport Layer to the Application Layer) to applications running on the client. 
 
The Server component of the SNA Gateway connects to the SNA network as an SNA node in place of a terminal controller and its terminals. From the host's point of view, the node appears as a terminal controller. However, the gateway provides the users with additional functions, such as the ability to access more than one host system and facilities for customizing screen displays. In addition, the gateway can be used for other tasks not related to SNA (unlike the terminal controller, which is used solely for communications with the host). 
 
The Server component also connects to the LAN and participates in that network as a peer or server device. Layer 1 and 2 can be any LAN technology such as Ethernet or Token Ring. Layer three is the Network Layer protocol (IP, IPX, etc.) installed on the clients accessing the gateway server. 
 
The client software component provides a transport layer service to applications that looks identical to an SNA transport layer service. The software encapsulates this transport service in the underlying LAN based protocols for delivery to the Gateway Server. When received by the gateway server the underlying three layers of LAN associated components are stripped off leaving the SNA compliant components of layers 4-7. These are transmitted down the SNA side of the gateway in full SNA node compliant format. 
 
The process is reversed for communications going the other way. 
 
Although TCP/IP integration solutions abound, some are clearly more effective than others. The two primary means of accomplishing the integration are: 
 
- Conversion of the SNA data stream to TCP/IP protocols 
- Encapsulation of SNA in TCP/IP 
 

#  Conversion examples 

 
[Direct Connection] 
TCP/IP access to an IBM host can be achieved with a TN3270E client-server connection. In this scenario, the TN3270E server converts the SNA data stream to Telnet. Next, the Telnet protocol transports the 3270 data across the network to the TN3270E client. The session services and delivery of the payload (3270 data), which are traditionally handled by SNA, are now assumed by the Telnet connection. Host applications that are dependent on LU services now operate just as smoothly over TCP/IP as they did over traditional SNA links. 
 
[MPTN Connection] 
Multi-Protocol Transport Networking (MPTN), developed by IBM and marketed under the brand name AnyNet, allows applications to pass data over a logical session spanning two incompatible networks (or allows an application to run over a non-native network.) 
 
For example, an application written to APPC/LU 6.2 can run over TCP/IP using MPTN. MPTN uses a translator called "Common Transport Semantics," which interprets application calls to a particular network API (APPC) and maps them to actions on another network API (sockets). With MPTN, an application can still speak its "native language" (in this case, APPC) but can be transported over any network type. There is no need to load or run multiple protocols from your workstation; a single protocol is used to pass applications transparently across MPTN. 
 

#  Encapsulation Methods 

 
[Gateway Connection] 
 
SNA gateways, like Microsoft's SNA Server and Novell's SAA, allow the integration of SNA and TCP/IP with no impact on functionality to the end user, and little impact on local system resources. The client requires only a TCP/IP protocol stack and emulation software. The emulation software transports the 3270 data stream and application data over the network to the gateway, which is supporting the SNA session and network services. In a gateway arrangement, SNA is effectively encapsulated through TCP/IP to the gateway server. From the gateway to the host, the exchange is all SNA. Current applications do not have to be modified to run in this configuration. End users retain the key SNA or APPC functionality they need. 
 
[Data Link Switching] 
 
Data Link Switching (DLS) is a router-to-router technology. DLS encapsulates SNA in TCP/IP and "tunnels" it across the network. Workstations are unaffected by the transaction. DLS-capable routers perform the encapsulation and de-encapsulation of SNA at both ends. Separate TCP circuits are established for each pair of communicating end stations, while the DLS router appears to the SNA devices as a link-terminating bridge. The switch's available resources are perceived by the end node to be just on the other side of the DLS bridge. This solution has some built-in bonuses for complex networks, because it does not impact host memory or require the rewriting of end system drivers. 
 

#  The Peer-to-Peer Topology 

 
In the late 1980's, IBM recognized the growing importance of peer-oriented, client/server networks. New products were introduced which allowed for the construction of peer-to-peer network topologies in which PU types 4 and 5 were not present. This new network model is called Advanced Peer-to-Peer Networking (APPN). 
 
[Node Types in a Peer Network] 
 
Peer networks do not classify nodes hierarchically, as is done in a subarea network. Exchanges with other nodes are not controlled by a host or other centralized processor. Instead, any node can establish communication with any other node. 
 
A peer network is composed of type 2.1 nodes. The nodes in a peer network can serve the following roles: 
 
- APPN network nodes (NNs) identify the locations of network resources, determine routes for sessions between these resources, route sessions, and serve 
- end nodes (EN) and low-entry networking (LEN) nodes directly attached to the network node. The domain of an APPN network node consists of itself and any end nodes for which it provides network services. 
- APPN end nodes can access remote resources without requiring that those resources be configured on the end node. An end node can communicate with adjacent nodes on its own, but requires the services of a network node server to access nonadjacent nodes. The domain of an APPN end node includes only itself. 
 
SNA Gateways support Peer to Peer Processing by facilitating the communication between two peer level devices. Hence two workstations could initiate a peer to peer process between themselves. The encapsulated packets would up and down the same (LAN) side of the gateway to reach the other peer device. In this example the host device (as well as the communications controller) never participate in the peer to peer communication. 
 
### 
###  TN3270 & 3270 Emulation 
### 
 
3270 emulation programs that communicate over TCP/IP (rather than over an SNA network) are referred to as TN3270 programs. The TN stands for "Telnet" which is the terminal application of the TCP/IP Protocol Suite. 
 
TN3270 programs can also include support for TN3270E (Telnet 3270 standard extensions). TN3270E supports 3270 device emulation (including both terminals and printers) using Telnet. It enables a Telnet client to select a particular device (by specifying the LU name), and provides enhanced support for various SNA functions. 
 

#  TN3270E 

 
This new specification has enabled 3287 printing over TCP/IP with the kinds of functionality that end users expect. In addition to supporting print enhancements, TN3270E also provides: 
 
- Resource Association 
- Assigned LU 
- SSCP (System Services Control Point) Support 
 
[Resource Association] 
 
LU sessions in an SNA network are generally static resources, where specific logical units can be assigned to specific users or applications. In this way, a printer LU can be associated with a display LU. Grouping resources is important, since it enables the applications to print directly to the printer associated with a particular user or workgroup. 
 
[Assigned LU] 
 
Coax controllers have LUs that are configured on a per-port basis, with each user having his own physical "port" connection to the controller; thereby having a known LU or LU address. Since the connection is "wired" to the controller and the controller has structured LU/port assignments, the LU is almost always available to the user and is considered relatively secure. When the user calls with a problem, the help desk person can quickly identify the connection in question. In some cases where TN3270 connectivity is used, the LU assignments are invisible to the user and the help desk person. But with TN3270E, an LU can be tagged to an IP address, providing enhanced security and manageability. 
 
[SSCP (System Services Control Point) Support] 
 
The SSCP-to-LU session is important to the functional capabilities of a 3270 user since it is the control mechanism for SNA sessions. This provides functions such as SysReq and Attn key support, as well as the response messages for functions like printing. 
 
The progress of the IETF's TN3270E working group is ongoing. The group, whose mission is to enrich host access via TCP/IP, is committed to the maturation of TCP/IP access to mainframe and AS/400 applications. 
 
## 
##  TN Server 
## 
 
A TN server provides access to 3270 host computers for TN3270 users on other computers. TN server enables TN3270 users to share a host connection with the TN Server or with other TN3270 users, instead of requiring a direct link. TN Server also enables TN3270 users to access hosts that are not running TCP/IP. 
 
The TN Server provides an association between a TN3270 user and a 3270 LU on the TN Server. All data from the TN3270 user is routed to the LU. This means that the configuration for both the host and the TN3270 user is as though they were connected directly; neither needs to be aware that data is being routed through the TN server. 
 
TN Server supports all TN3270 client emulation programs that correctly implement the protocols defined in RFCs 1123, 1576, 1646, and 1647. 
 
When a TN3270 program communicates with TN server, the server identifies the program by the TCP/IP address of the computer where the TN3270 program is running. The TN Server cannot distinguish between two different TN3270 programs being used by different users on the same computer. 
 
Each TN server user is normally configured to access a single 3270 LU, and so is restricted to one host session at a time. However, you can also configure a TN server user to access a pool of 3270 LUs, instead of having a single dedicated 3270 LU for each user. This enables the user to access as many sessions as there are available LUs in the pool. 
 
Examples of Applications supported by TN Servers: 
 
- 3270 emulation programs. 
- 5250 emulation programs (AS/400 Terminal Emulation). 
- APPC Application Suite 
 
Once a TN Server is established it will be relied upon to carry potentially mission critical application activity previously transported over the dedicated SNA network. In general, you should define at least one backup TN Server in addition to the master server. Any additional servers can be defined as additional backup servers, or they can be left as peer servers used for load balancing. 
 
If the master server fails, the backup server will take over as the master. 
 
## 
##  3270 Emulation 
## 
 
You can use 3270 emulation software to log on to and use SNA host systems from your computer, control display and printer emulation sessions, and to transfer files between the local and host computers. 3270 emulation uses the node's LU type 0-3 resources. 
 
To use 3270 emulation, you need to define the 3270 users on your system, identified by their login IDs, and the 3270 features available to each user or group of users. 3270 users are defined as domain resources, which simplifies the configuration required to support emulation across the domain. 
 

#  Benefit of TN3270 over 3270 Emulation 

 
Use of TN3270 does not have to be restricted to just SNA. TN3270 is emerging as the standard way for a 3270 emulator to communicate with its host, whether that host is the mainframe itself or a gateway device functioning as a TN3270 server. No longer do vendors have to code their emulators and/or comm servers for multiple interfaces between the client and server parts of the 3270 connectivity solution. No longer are IS managers locked into a particular micro-to-mainframe connectivity vendor, because the TN3270 standard means they can mix and match 3270 emulators and servers to meet the needs of their users rather than the marketing strategies of vendors. 
 
The TN3270 standard lets vendors do unique things with their products and know that they will still interoperate with other vendors products. 
 
Aside from a handful of SNA-specific functions that are not meaningful in the world of non-SNA host connectivity, non-SNA implementations of TN3270E are quite full-featured. 
 
And because TN3270E is a standard, users benefit from the ability to connect any TN3270E compliant client to any TN3270E-compliant server able to support a non-SNA connection to the host. In a practical sense it means that organizations with a mix of SNA and non-SNA hosts can standardize not only on TCP/IP for interconnectivity, but also TN3270E for host access, and any TN3270E emulator to provide that host access. For organizations with only non-SNA hosts, it means that mainframe data suddenly becomes as Internet, intranet, or extranet accessible as they wish to make it, whether through Java-based or more traditional TN3270E terminal emulation packages. 
 
############################################################################ 
###   physical internetworking  (hub/repeater, bridge, switch, router)   ### 
############################################################################ 
 
The term internetworking refers to linking individual LANs together to form a single internetwork. This internetwork is sometimes called an enterprise network because it interconnects all of the computer networks throughout the entire enterprise. Workgroup LANs on different floors of a building or in separate buildings on a business campus can be linked together so that all of the computing systems at that site are interconnected. Geographically distant company sites can also be tied together in the enterprise-wide internetwork. 
An individual LAN is subject to limits on such things as how far it can extend, how many stations can be connected to it, how fast data can be transmitted between stations, and how much traffic it can support. If a company wants to go beyond those limits -- link more stations than that LAN can support, for example -- it must install another LAN and connect the two together in an internetwork. 
 
There are two main reasons for implementing multiple LANs and internetworking them. One is to extend the geographic coverage of the network beyond what a single LAN can support -- to multiple floors in a building, to nearby buildings, and to remote sites. The other key reason for creating internetworks is to share traffic loads between more than one LAN. A single LAN can only support so much traffic. If the load increases beyond its carrying capacity, users will suffer reduced throughput and much of the productivity achieved by installing the LAN in the first place will be lost. One way to handle heavy network traffic is to divide it between multiple internetworked LANs. 
 
There are three major types of devices used for internetworking: bridges, routers, and switches. Today the most commonly used internetworking devices are high-speed routers, especially in wide area internetworks linking geographically remote sites. But routers are also heavily used in building and campus internetworks. 
 
Bridges have also been popular, even though they offer less functionality than routers, because they are less expensive to purchase, implement, and maintain. 
 
LAN switches are the most common, latest class of internetworking devices, and are found in most even small office and home office environments as well as larger office deployments. 
 
 
### 
###  repeaters (non-intelligent hub) 
### 
 
Repeaters are devices that regenerate signals so they can travel farther on a cable. The term "repeater" is often used to describe non intellegent hubs. 
Repeaters simply take in a digital signal received from one segment, "reshape" it to it's original strength and send it out on another segment. 
 
Some repeaters are designed to support different media types on each segment. Therefore the signal can be repeated across any combination of copper. coax, or fiber cabling. Repeaters can also interface to wireless networks as well. 
 
A network built with repeaters is simply one large extended segment therefore all MAC addresses on segments connected with repeaters must be unique. 
 
Since repeaters function exclusively at the physical layer they do not know what frames or addresses are, but they do understand the data link layer frame format in order to be able to interpret the incoming frames and regenerate them on the output. Repeaters do not know what protocols are being used. 
 
All segments connected by repeaters must 
- use the same MAC method 
- use the same physical transmission techniques (baseband) 
 
Repeaters are both the least expensive and most simple form of interconnection. They are not however internetworking devices since they have no physical or logical network awareness or intelligence. 
 
## 
##  Repeaters  vs  Amplifiers 
## 
 
Repeaters regenerate digital signals which means they are used to connect segments that utilize baseband signaling techniques. 
Analog or broadband signals are amplified not repeated. A broadband signal based on Frequency Modulation (FM) or Amplitude Modulation (AM) is "boosted" by regenerating the incomming electromagnetic wave at the full transmission signal strength. 
 
The terms AM and FM should sound familiar to anyone who has used a radio. The radio employs an amplifier to boost the signal. Anyone who has ever used a radio also has experienced the negative aspects of amplified signals. If the signal is distorted or corrupted prior to being received the amplifier will boost the distortion as well. Increasing the amplification of a "staticky" signal by turning up the volume makes the static louder. 
 
We say a repeater "reshapes" the signal because baseband transmissions generate an electrical or light based signal that is interpreted as a specific bit value. As long as the repeater can recognize the incoming signal as a specific bit it will generate a new pulse to the exact specifications of the signaling standard on the other side. Hence, any distortion or corruption on the incoming signal is eliminated from the outgoing signal. 
 
It is this capability to reshape the signal that makes baseband the transmission technique of choice for long distance transmissions. 
 
### 
###  Bridges and Routers  - overview 
### 
 
Bridges and routers are both special kinds of devices used for internetworking LANs -- that is, linking different LANs or LAN segments together. Many organizations have LANs located at sites that are geographically distant from each other. Routers were originally designed to allow users to connect these remote LANs across a wide area network, but bridges can also be used for this purpose. By placing routers or bridges on LANs at two distant sites and connecting them with a telecommunications link, a user on one of the LANs can access resources on the other LAN as if those resources were local. 
Bridges and routers link adjacent LANs. Local bridges and routers were first used to extend the area a network could cover by allowing users to connect two adjacent LANs to maintain performance by reducing the number of users per segment. 
 
Both Ethernet and Token Ring specify limits on maximum distances between workstations and hubs, hubs and hubs, and a maximum number of stations that can be connected to a single LAN. To provide network connectivity for more people, or extend it to cover a larger area, it is sometimes necessary to link two different LANs or LAN segments. Bridges and routers can both provide this function. 
 
Today, however, these internetworking devices are also increasingly used to segment LANs to maintain performance by reducing the number of users per segment. When users on a single LAN begin to experience slower response times, the culprit is often congestion: too much traffic on the LAN. One method users are employing to deal with this is to break large LANs with many users into smaller LANs, each with fewer users. Adding new network users may require the organization to create new LANs to accommodate them. Implementing new applications on an existing LAN can create so much incremental traffic that the organization may need to break the LAN into smaller LANs segments to maintain acceptable performance levels. 
 
In all of these cases, it is still critical that users on one LAN be able to reach resources on other LANs within the organization. But the LANs must be connected in such a way that packets are filtered, so that only those packets that need to pass from one LAN to another are forwarded across the link. This keeps the packets sent between two stations on any one LAN from crossing over onto the other LANs and thereby congesting them. A general rule of thumb suggests that 80 percent of the packets transmitted on a typical workgroup or department LAN are destined for stations on that LAN. 
 
The lowered costs of switching devices, coupled with the significantly higher speeds like gigabit Ethernet, have made much of the worry of congestion go away for typical office environments. The congestion problem still comes into play whenever there is an aggregation of the services or connections, such as a heavily used server, or a common Internet link used by a large office. 
 
### 
###  Bridges 
### 
 
The discussion of bridges is for historical reference primarily, as switching technology has come down so far in cost that bridges have all but disappeared. Bridges function at the Data Link Layer of the OSI Model making them simpler and less expensive than routers. Bridges filter packets between LANs by making a simple forward/don't forward decision on each frame they receive from any of the networks they are connected to. Filtering is done based on the MAC destination address of the frame. If a frame's destination is a station on the same segment where it originated, it is not forwarded. If it is destined for a station on another LAN it is fowarded to the port on the other side of the bridge. 
Bridges are not as simple as repeaters. They have MAC layer processing intellegence. They are also more expensive than repeaters. 
 
Most bridges are standalone devices or a card in a hub. A Bridge could however be a dedicated PC or other end node device connected to two segments and running bridging software. 
 
(FYI)  https://www.diffen.com/difference/Hub_vs_Switch 
 
## 
##  Bridging process 
## 
 
A Bridge is connected to two network segments. 
 
The Bridge "Listens" to all the traffic on the two the segments (reads the source and destination MAC addresses of all frames transmitted 
 
Based on the address it makes a decision whether to pass the frame to the other segment or keep it on the segment from which it was received. 
 
Additional information needed to make the decision to pass or filter the frame may come from one of the following : 
 
- Information stored in the bridge 
- Information within the frame 
 
If the information used to make the decision comes from a table inside the bridge the device is a "Transparent Bridge". 
 
If the information used to make the decision comes from within the frames it is a Source Routing Bridge. 
 
Bridges may operate at the Media Access Control (MAC) Layer or the Logical Link Control (LLC) Layer. 
 
Bridges can interconnect different network types as long as both sides are functioning at the LLC level. 
 
MAC Layer Bridges are Ethernet-to-Ethernet or Token-to-Token 
 
LLC Layer Bridges can be for example, Ethernet-to-Token , Token-to-FDDI or Ethernet to FDDI. 
 
All the addresses of the devices on both sides of the bridge must be unique. 
 
## 
##  Transparent Bridge 
## 
 
When the bridge is connected to the two segments it begins listening to the frames transmitted on both sides. It learns which devices are on each side of the bridge by recording the "source" address of each frame in the filter table. All frames will be forwarded if there is an entry in the forwarding table for the "destination" address on the frame. If a subsequent response frame is generated from a forwarded destination addresss device and received from the same side as the original frame then all subsequent frames sent to that device will be filtered. Eventually the bridge will build a complete internal table of devices and their location in terms of which side they reside on. 
 
(i.e. bridge/switch learns the filter/switch table based on "src" addr, and then filter/switch based on "dest" addr of L2 frames) 
 
Transparent Bridges will by default filter any broadcast or multicast transmissions. This feature can be turned off but doing so severeley limits the effectiveness of the Bridge. 
 
Bridges must be controlled to avoid frames being forwarded in an endless loop. A mechanism known as a "Spanning Tree" algorithm is used to help prevent loops. The spanning tree algorithim effectively limits the Bridge to filtering and forwarding in one direction only. This means that all traffic heading in the other direction will automatically be filtered by the bridge. This traffic will be forwarded if necessary by a second bridge attached to the same segment. 
 
All Transparent Bridges periodically "Flush" their forwarding tables and rebuild them from scratch. This is to adjust for any network changes or reconfigurations that may have occured. Since the MAC address is physical it can move to other segments if the end device is moved. Since the Bridge filters on this address it would not pass frames destined for it if it moved to the other side. 
 
## 
##  Source Routing Bridge 
## 
 
Source Routing Bridges contain no internal tables. Instead they look at Routing Information (RI) that has been embedded in the frames . 
 
Unlike Transparent Bridges, Source Routing Bridges can support Multi-Path routing. If multiple paths exist, the bridge must have a mechanism for finding resources and the best way to reach them. This is accomplished via a process known as "discovery". 
 
As the name implies, the source device is responsible for determining the entire route. 
 

#  Source Routing Bridge - Discovery Process 

 
The source device begins by sending out a data link layer control frame known as a "discovery packet". Each SR bridge inserts its routing information (RI) into the frame as each bridge is crossed . 
 
Each device stamps its ID into the frame so that when it returns to the source system the exact path taken can be embedded in subsequent data frames. 
 
When the target device is found it constructs a return path based on the reversed RI information in the frame and re-transmits it back to the original source. The return path is embedded in the frame. The source device will use this discovered path (or the shortest one received if multiple are returned) for all subsequent transmissions. 
 
If the path fails, it re-discovers the resource. Other advantages of SR Bridges are dynamic load balancing , Fastest path (at discovery time) utilization and higher fault tolerance through path redundancy. 
 
The biggest disadvantage is that they generate network traffic which errodes available bandwidth. 
 
Mechanisms need to be established to prevent endless discovery frames. These mechanisms include: 
 
Hop-count limits 
 
Recognition of previously seen discovery frames so the Bridge will not pass same frame twice. 
 
## 
##  Mixed bridges 
## 
 
Source Routing and Transparent bridges may co-exist •Called Source Routing Transparent (SRT) Bridges. These are LLC layer bridges used to support Ethernet on the Transparent side and Token Ring or FDDI on the Source Routing Side. 
 
Many bridges today filter and forward frames with very little delay, making them good for large traffic volumes. They do however have some negative aspects. 
 
Bridges still have inhent shortcommings the most significant being the linier intercinnection of segments. If traffic needs to be sent over multiple segments it must pass through all the bridges (and segments) in the middle. Switches and routers help solve this problem. 
 
## 
##  Store-and-Forward  vs  Cut-Through 
## 
 
Transparent Bridges initially used a mechanism known as "Store and Forward" when forwarding or filtering frames. This process requires that the entire frame be stored in a buffer in the bridge and validated as error free before it was forwarded or filtered. This process added delays to the network. 
A different type of bridge was developed that began the forwarding or filtering process as soon as the destination address on the frame was known. These are known as "cut through" Bridges. While these bridges shortened the delay, they also increased traffic by forwarding error and runt (incomplete due to a collision or some other fault) frames to the other segment. 
 
A third variation of a Bridge known as a Hybrid Bridge was developed that began the forwarding/filtering process after the "collision window" time was paseed but potentially before the end of the frame and the CRC check was processed. 
 
### 
###  Routers 
### 
 
Routers transfer data packets between multiple LANs. With the transmission capabilities built-in, the router is able to evaluate the network environment (traffic) on a per packet basis to make intelligent routing decisions. 
 
Routers are frequently tied to other routers so there may be multiple "hops" between the originating source and final destination. Thus, a packet may have to pass through several routers (with multiple pathways) to reach its ultimate destination. In such a case, the intelligence behind the router allows each routing device (along the transmission path of a packet) to identify which path to the destination is best in terms of hop count, congestion and outages. 
 
Routers are more complex and more expensive than Bridges and switches. Routers function at the Network Layer of the OSI Model. 
 
A frame may pass through many routers on the way to its destination. 
 
Routing requires knowledge of two addresses: 
 
- the address of the destination device 
- the address of the next router 
 
The Network Layer protocol and by default, the network layer addresses used must be compatable accross all devices in the route. The Physical and Data Link layers need not match. 
 
Routers are designed for a specific protocol, Multiple protocols may be routed within the same box. These are called a multi-protocol routers. 
 
## 
##  Multi-Protocol Routers 
## 
 
Each protocol is purchased and installed seperately just as each network interface is purchased separately. Each protocol requires its own routing tables and routing software. 
 
Each protocol needs to be "bound" to the lower layer NIC just as in end devices. If the router is connected to multiple network with different LAN configurations (e.g., Token Ring, Ethernet and FDDI) then each protocol must be bound to each of these devices. 
 
Multi-protocol routers handle information and communication between different networks. For example, Windows systems using NETBUEI protocol, Macintosh systems using AppleTalk protocol, IBM PCs using IPX/SPX protocol, and Internet systems using TCP/IP protocol can all communicate with each other. The multi-protocol router gets all these different types of data packets to the proper destinations. 
 
## 
##  Single-Protocol Routers 
## 
 
Single Protocol Routers are usually used to do a specific task. Routers that provide premis edge device access or Internet Firewall security are usually single protocol devices. 
 
### 
###  Routing  -  Reasons and Options 
### 
 
Routing operates on L3 of the OSI model which means that they have knowledge of how to reach the logical end nodes of the network. Routers can therefore make more intelligent decisions about sending a packet across the network by examining the logical network layer source and destination address of each packet. It only forwards packets destined for a remote network. This eliminates unnecessary traffic and makes better use of bandwidth. Routers are used for the following reasons: 
 
- Support multiple and alternate network paths for fault tolerance and load balancing 
- Provide security and other network restrictions 
- Efficiently support and utilize complex networks 
 

# [Multiple paths] 

 
Since routers understand the end to end delivery of the network transmission it can make intelligent decisions about the delivery of the transmission. Routers can be made aware of alternate paths and use those paths when congestion or failure occurs on the preferred path. This allows for routing layer fault tolerance for mission critical applications. 
 

# [Security] 

 
Because routers have processing intelligence, they can support processing logic designed to control and restrict network transmissions. A "firewall" is a router that has routing restriction policies incorporated in ts routing process intelligence. A bridge or layer 2 switch is designed by default to forward transmissions destined for physical devices which it does not know. This is very bad from a security perspective. Routers on the other hand will only forward traffic for which it has a identified path. Whereas an internal router has a default gateway as the path when no routing information can be ascertained, a Firewall has no default gateway and will only forward traffic to known paths and only if all the policy conditions are met. 
 

# [Complexity] 

 
Not all networks are comprised of of contiguous Local Area Networks confined to a single building. Many networks consist of devices in multiple, geographically disparate locations. They include WANs, LANs, and perhaps MANs. WANs and MANs do not understand MAC layer LAN addresses, nor do they process data at speeds and packet sizes that would allow their seamless transition from the LAN. Routers can connect to and understand WAN and MAN technologies ans well as LAN technologies. They can use this intelligence to "Tunnel" traffic to a distant location delivering what appears to be a seamless native to native delivery of the information. 
 
## 
##  Ways to route 
## 
 
Today, most routers are dedicated devices designed specifically for routing. They are the most effective and efficient way to route. They also can handle multiple and many physical connection types, multiple and many network types and multiple and many routing mechanisms. They are also very expensive. There are alternatives that can be used for routing besides a dedicated box: 
 
- Use a server (Netware, NT, Unix) as a router 
- Use a dedicate PC running a routing program 
 
In both cases the PC or Server needs connections to all the networks that it wishes to have direct route paths. While using these alternatives allows one to route without investing in additional hardware (assuming the Server or PC and NICs were spares) they will do so at a significantly slower speed than a dedicated router. When you buy a dedicated router you are buying throughput horsepower to avoid or minimize network delays. 
 
 
### 
###  LAN Switches 
### 
 
Using LAN switches allows a network designer to create several small network segments. These smaller segments mean that fewer stations are competing for bandwidth, thereby diminishing network congestion. 
 
Today's local-area networks (LANs) are becoming increasingly congested and overburdened. In addition to an ever-growing population of network users, several factors have combined to stress the capabilities of traditional LANs: 
 
- Faster CPUs. (process work faster therefor want faster and more often network services) 
- Multitasking operating systems. (Multitasking allows users to initiate simultaneous network transactions. ) 
- Network-intensive applications. (Client-server and Internet/Intranet applications are proliferating) 
 
Switching is a technology that alleviates congestion in Ethernet, Token Ring, and Fiber Distributed Data Interface (FDDI) LANs by reducing traffic and increasing bandwidth. Such switches, known as LAN switches, are designed to work with existing cable infrastructures so that they can be installed with minimal disruption of existing networks. Often, they replace shared hubs or other intermediary devices like bridges. 
 
Switches are used to increase performance on an organization's network by segmenting large networks into many smaller, less congested LANs, while still transparently providing necessary interconnectivity between them. Switches increase network performance by providing each port with dedicated bandwidth, without requiring users to change any existing equipment, such as NICs, hubs, wiring, or any routers or bridges that are currently in place. Switches can also support numerous transmissions simultaneously. While they are very easy to deploy to improve older LANs, new installations will almost exclusively use switches. 
 
Switches provide more flexible segmentation with the ability to "switch" to the appropriate segment to complete transmission. A switch extends the bridging concept from linking two networks together to linking multiple separate segments of the same LAN type. The switch, like the bridge, filters and speeds the data flow between LANs. Unlike a bridge however, the switch can forward the frame to any of the segments attached to it. The following pictures of a bridged versus switched environment shows how switches provide further traffic reduction over bridges. 
 
 
(imagine at least a few computers hanging off of each hub segment) 
 
            [hub/bridge-connected LAN] 
 
hub segment A ---|-|            |-| 
                 |H|            |H|--- hub segment D 
hub segment B ---|U|--[bridge]--|U| 
                 |B|            |B|--- hub segment E 
hub segment C ---|-|            |-| 
 
 
 
            [switch-connected LAN] 
 
hub segment A ---|S| 
                 |W|--- hub segment D 
hub segment B ---|I| 
                 |T|--- hub segment E 
hub segment C ---|C| 
                 |H| 
 
 
In the bridge environment frames from segment A devices to segment E devices must be forwarded across all segments in between. Therefore the frame will also be traffic on segments B,C,and D as well. 
 
In the Switched environment the switch will bridge directly to segment E. The frame from segment A will never hit segments B, C, or D. 
 
A switch like bridges can be one of three types: 
 
(1) Cut-through/ fast forward (Address recognition) 
(2) Cut-through/ fragment free (Hybrid - Collision Window) 
(3) Store-and-Forward 
 
The process is the same as the bridge. 
 
You can think of a Switch as a device that controls and operates a number of bridges. Each port is a bridge port. 
 
 
(nice visualization)  http://www.fiber-optic-solutions.com/buy-ethernet-switch-hub.html 
 
 
## 
##  FDDI and Switching 
## 
 
FDDI Switching is a way to multiply an FDDI backbone bandwidth by subdividing the shared FDDI backbone with FDDI switching. 
 
Conceived as a high capacity LAN backbone technology, FDDI was designed specifically to serve the needs of high-performance mission-critical LAN applications. No other standard LAN medium has the reliability features of FDDI. 
 
The dual counter-rotating ring, and dual homing at the MAC layer give FDDI a unique ability to provide redundant, therefore highly reliable, station connection at the MAC layer. These features, and the maturity and reliability of FDDI products and management procedures, make many users wish to extend the life of FDDI networks. Although the 100 Mbps bandwidth of FDDI is sufficient for server and high-end work station connections, 100 Mbps is often not enough total bandwidth for the LAN backbone. FDDI switching can alleviate this problem. 
 
An FDDI switch operates by subdividing a single ring into several distinct rings so that the total LAN traffic can greatly exceed 100 Mbps. 
 
FDDI Switches (and to a lesser degree, Token Ring Switches) are much more complex than Ethernet switches. They must deal with priorities, frame removal, and ring control/maintenance). 
 
As a result of the cost and the low adoption of FDDI, the most commonly found switches are all Ethernet. 
 
### 
###  Virtual LANs 
### 
 
A virtual LAN (VLAN) is a group of hosts or network devices, such as routers (running transparent bridging) and bridges/switches, that form a single bridging domain. Layer 2 bridging protocols, such as IEEE 802.10 and Inter-Switch Link (ISL) allow a VLANs to exist across a variety of equipment supporting layer 2 functionality. 
 
VLANs are formed to group related users regardless of the physical connections of their hosts to the network. The users can be spread across a campus network or even across geographically dispersed locations. A variety of strategies can be used to group users. For example, the users might be grouped according to their department or functional team. In general, the goal is to group users into VLANs so that most of their traffic stays within the VLAN. 
 
When you configure VLANs, the network can take advantage of the following benefits: 
 
Broadcast control--Just as switches physically isolate collision domains for attached hosts and only forward traffic out a particular port, VLANs provide logical collision domains that confine broadcast and multicast traffic to the bridging domain. 
 
Security--If you do not include a router in a VLAN, no users outside of that VLAN will be able to communicate with the users in the VLAN and vice versa. This extreme level of security can be highly desirable for certain projects and applications. 
 
Performance--You can assign users that require high-performance networking to their own VLANs. You might, for example, assign an engineer who is testing a multicast application and the servers the engineer uses to a single VLAN. The engineer experiences improved network performance by being on a "dedicated LAN," and the rest of the engineering group experiences improved network performance because the traffic generated by the network-intensive application is isolated to another VLAN. 
 
Network Management--Software on the switch allows you to assign users to VLANs and, later, reassign them to another VLAN. Recabling to change connectivity is no longer necessary in the switched LAN environment because network management tools allow you to reconfigure the LAN logically. 
 
### 
###  Gateways 
### 
 
A gateway is a hardware and software solution that handles internetwork communication between programs that have different network, hardware, and software protocols. Gateways at a minimum mediate incompatible protocol communications between networks. In most cases they are used to interconnect networks that have entirely different architectures. The device understands the data handling formats of each network it interconnects. Gateways are used primarily to interpret mainframe protocols. 
 
Gateways link LANs at the session, presentation layers and application layers of the OSI model. 
 
Conversions functions performed by Gateways include: 
 
(1) message format conversion - Frame format, Min/Max size, Coding 
 
(2) Address translation (eg 16 to 48 bit) 
 
(3) Protocol Conversion - restructure of control information relating to comparable functions on each net , eg. message segmentation & reassembly, data flow control, AND error detect & recovery. 
 
## 
##  Three types of gateways 
## 
 
(1) Encapsulating router 
An Encapsulating router gateway encloses packets from one network in the packet format of the second network for transmission. 
 
(2) Transport Level gateways 
Transport Level gateways also enclose packets in the second protocols packet format but perform this function by using a Layer 4 protocol instead of the layer 3 protocol used in encapsulating routers. 
 
(3) Application Layer gateways 
Application Layer gateways translate all seven layers of one network architecture to the seven layer protocols of another architrecture. 
 
Products like Microsoft's NT SNA Gateway and Novell's SAA are application layer gateways that translate the full seven layers of the IBM SNA architecture. 
 
TN3270 is a transport layer gateway that transports a TCP/IP program called TN3270 directly to an IBM host running TCP/IP or to gateway server that runs a TN3270 Server on one side and an SNA node on the other. At the session layer the TN3270 connection from the client looks identical to a native 3270 session to the SNA host. 
 
 
####################################### 
###     WAN  (wide area network)    ### 
####################################### 
 
A WAN is a computer network that covers a broad geographic region, ranging in diameter from a few miles to span entire continents. WANs can transmit all types of information across their lines They are often used to link other networks like private LANs together. 
 
WANs can be a comprised of physical media (e.g. cable and fiber optic cabling), travelling along shared or dedicated paths. WANs can also be comprised of wireless mediums using satellite transmission and microwave communication, usually in places where physical media plants cannot be constructed or are cost prohibitive. 
 

#  WAN structure 

WAN is similar to LAN, in terms of configuration. However, while LANs link pieces of equipment (e.g., workstations, printers, FAX machines, etc.), WANs usually link other networks. 
 
The traditional definition of wide area networking has been "connecting two or more networks existing at widely separate geographic sites." Traditionalists tend to believe that the separate networks must be connected by means of common carrier telecommunication facilities (private companies that rent resources such as T1 lines and microwave transmission equipment). 
 
like any general term used in connection with rapidly changing technology, not everyone will agree on an exact definition of wide area networking. What is "widely separate" and, does the connection really have to be through a common carrier? Many major companies now own their own equipment linking networks many miles apart. 
 
Suppose you connect two networks in two different buildings 100 yards apart by means of asynchronous modems and common telephone lines. Is that a wide area network? Most computer networking people would say no. They would consider this a "campus" network. What if the networks were two miles apart and separated by a major interstate highway? Or, what if they were 15 miles apart, on opposite sides of a major city? There are many computer networking people who would still not call this wide area networking; but rather a "metropolitan area network." Others consider metropolitan area networking a part of wide area networking. Everyone would agree that two networks connected on opposite sides of a continent by means of a satellite microwave link rented from a common carrier is an example of a wide area network. 
 
Speed of the network can no longer be a determining factor either. In the past, higher speed local networks (like 10MBPS Ethernet) were connected via lower speed WANs (1.54MBPS T1's). Today these LANs can be interconnected over technologies like 155MBPS ATM or higher DS/OC rates. 
 
The point is that the distinction between LANs MANs and WANs are becoming blurred delineated more by a tariff structure rather than a technology or speed. 
 

#  WAN Components 

the most critical internetworking component to the WAN environment is the Router. 
 
Routers link LANs and WANs together, to facilitate a network connection. Routers can integrate components that support the bottom three layers of LAN and WAN technologies supplying translation logic and a common shared backplane for transferring information from LANs to WANs and vice versa. 
 
Routers can connect to all types of networks providing integration across the Layer 1-3 protocols. On the LAN side they connect through traditional LAN technologies like Ethernet, Token Ring or FDDI and provide layer three routing functionality (usually IP or IPX). On the WAN side, they connect to standard Telco "premise" devices like DSU/CSUs (Digital Service Unit/Channel Service Unit.) The router can support a Layer 2 WAN connection providing a point to point dedicated link between two end nodes or full Layer 3 services over virtual packet or cell switched links. 
 

#  WAN use case 

WANs are often used to transmit other forms of information like voice and video in addition to transmitting computer data. In fact data WANs were developed out of the telephone network. A single WAN connection can be "channel split" to provide voice, data or other transmissions over a single connection. 
 
 
### 
###  Public Facilities 
### 
 
A WAN uses communications facilities that are outside the organization's properties and cross public areas that are regulated by local, national or international authorities. The public switched telephone network (PSTN) typically provides the links between remote sites but some organizations have established their WAN links using microwave, satellite or other communication technologies. 
 
WAN infrastructures, unlike LANs, are not owned by the company using them. The company contracts for the right of use of these public channels from a governmentally regulated supplier of these services. Even Microwave and Satellite WANs must be authorized to use the frequency or spectrum of bandwidth on which their data transmissions ride. 
 
Public data Networks are nearly always used to build WANs, especially in the case of the Internet. A Public Data Network is a network that is owned the company that owns the WAN. It provides access and use of its public infrastructure to its network customers. 
 
The first Data Network was gradually established using the PSTN. 
 
### 
###  WAN Technologies 
### 
 
Wide area technologies include: 
 
Dial up lines   :where modems are used to establish a transmission link over a PSTN. 
Dedicated lines :where a "T" or "Fractional T" line is "Leased" to provide a point to point dedicated connection between two facilities. 
Frame Relay     :A virtual packet switched "pay as you go" service. 
SONET           :A dedicated Fiber optic facility that is ring based rather than point to point. 
X.25            :Traditional packet switched network that dominated the virtual service market before Frame Relay. 
ATM             :A cell switching virtual service. 
 
Frame Relay (FR) networks are one form of WAN which has been gaining in popularity over the past few years. Frame Relays' popularity has grown out of its dynamic (virtual) nature and its ability to support (tunnel) SNA as well as TCP/IP network traffic making it highly desirable to companies with unpredictable traffic to unpredictable locations and/or traffic over two distinct network environments. 
 
As above, there are a multitude of connectivity options that should be considered when planning a wide-area network installation. The most critical phase of this planning is in the design of the network. There are different topologies that will provide the best possible throughput for the data to your remote locations. In addition, with the most advanced hardware available which allows voice/fax connections to ride free on the existing data lines, thereby giving you "free" long distance service between your geographically spread facilities. 
 
A WAN can also be constructed via the Internet which is in a sense a "World-Wide Area Network." Many organizations are looking to the Internet for connecting their remote offices and mobile employees rather than investing in expensive WANs. For example, a single employee at a remote site (perhaps even working out of their home) can log on to the internet via their local ISP connection and access their corporate web site. Using a secured client at their remote location (using for example a digital certificate) they can link into their secured corporate Intranet through their corporate web site. From the Intranet they could launch an order entry system, run reports, view backlogs etc. just as if they had a dedicated remote connection to the corporate systems. 
 
This is just one example of how both technology and human work habits have changed the Wide Area Network Paradyme. WAN's as originally implemented served two major functions: 
 
1. Provide a back end (usually a batched oriented file transfer) connection between two geographically dispersed host systems. 
2. Provide remote terminal access to the host. 
 
Almost all the devices were located in stationary, very static locations. They were very seldom moved to different wide area locations. They were also very deterministic and predictable. The fact that a particular terminal accessed a single application on the host and was used to enter orders from 9-5 EST was known by the network engineer. The exact size of the transmissions between the terminal and the host each time a transmission was sent was also known (limited to an 80 by 24 character array plus a small amount of control overhead). This made WAN very easy to size and support. 
 
Today, users of intelligent PC devices want access to any amount of data or any transaction process on any system from any location. And thanks to Multi-Tasking, they want to do this simultaneously with many systems. This is clearly a more complex and nebulous environment that is significantly more difficult to estimate and manage. 
 
 
### 
###   Public Network Components 
### 
 
The PSTN can be described in terms of the following components: 
 
[Local Loops] :Carries a analog or digital signal from business or personal premise to the nearest switch 
[Switch]      :Establishes the connection to another switch in order to go from the source to the destination. Many switches can be involved in this circuit between source and destination. 
[Trunk Lines] :Carries the digital signal from one switch to another switch over a larger geographical area 
 

#  Local Loop 

The Local Loop is the part of the network that extend from the Telephone company's central office. 
 
Local Loops are the last remaining components that have analog signaling components. Eventually all local loops will be digital as well. Integrated Services Digital Networks (ISDN) and Digital Subscriber Loop (DSL) as well as digital based solutions from non traditional suppliers (Cable Company, Electric Company, etc.) will replace the remaining analog households. 
 
When the Local Loop service is analog, the switch nearest the sender and the switch nearest the receiver (the last ones in the circuit) translate signal between digital and analog) 
 
Analog networks require the "edge devices" (the computers that communicate over the analog circuit) to be connected by modems to a telephone line. Once a connection is established via the telephone network, data can be transmitted and received by the two edge devices.There are many communications packages that can establish such a path. 
 
With digital networks, the attached devices don't need a modem. They are capable of directly transmitting digital data onto the network without having to modulate it. The digital network uses very different techniques for transmission and is much faster and more reliable. 
 
Packet switched networks involve a digital data service that does not establish a physical connection between the sender and the receiver. Each packet of data is individually addressed and sent independently from the other packets. The network software will assemble and disassemble the packets and each end. This facilitates network performance, reliability and reduces costs. 
 
Cell switched networks also do not establish a physical connection between the sender and the receiver. Unlike packet switching which addresses each packet individually, cell switching establishes a "virtual switched path" for all cells with the same address to follow. 
 
You can have a private network, which means that you have a permanent link that you lease, called a leased line or dedicated line. You do not have to 'dial-up' this line, it always exists. 
 
All of these Network options connect to the customer through the local loop. 
 

#  Switches 

The Telephone switch is the heart of the telephone network. The switch establishes the virtual circuit between the caller and the dialed receiver. A call placed to neighbor within the same "exchange" may be processed by a sing switch. A call placed to another continent will involve several switches. The "address" used to determine the route of the call is the phone number. The most important information for routing is placed at the beginning of the phone number address. Dialing a "1" immediately triggers the first rout path to an interexchange switch rather than the local exchange. 
 
The local CO (Central Office) exchange switch supports the local telephone services (Local Loop). In the case of an analog local loop the switch supports analog transmissions on the local dial tone side. All transmissions from that point forward will be digital until it reaches the destination local loop in which case will be converted back to analog it the destination exchange is analog. A local call within the same exchange will be processed entirely as an analog transmission if the exchange is analog. 
 
PBX's or Private Branch Exchanges are switches that create a local loop exchange inside the boundaries of a private facility. To the telephone network the PBX is just another switch in the telephone routing hierarchy. 
 

#  Trunk Lines 

Trunk Lines are the cabling plant that interconnect the switches. The trunk lines provide multiplexed digital signaling of calls from one switch to another. All trunk lines in operation today utilize digital signaling over fiber optic cable. 
 
### 
###  Intro to Digital Signaling 
### 
 
[Digital Signaling History] 
Telephone systems were originally all analog systems. They were conceived as a mechanism to move voices or sounds. The concept of "data transmission" was decades away. The system did however have to move the voice transmissions over greater distances as the telephone system became more popular. Earlier in the semester we talked about the drawbacks of analog signaling; most notably, the unavoidance of noise and interference amplification and retransmission. 
 
In the early 1960's the "T-carrier" system was implemented by the Bell System as a means of increasing the capacity of existing trunks between Central Offices. Research performed at Bell Labs led to the technology which allowed 24 voice channels to be "multiplexed" and digitally transmitted in one direction using Pulse Code Modulation (PCM) on a single twisted pair. The required electronics were much cheaper than installing more cable. Since the PCM transmission was much less susceptible to noise and crosstalk, an added benefit of this increased capacity solution was a dramatic improvement in the signal quality as well. This was due to the fact that the digital signal could be "re-shaped" to its original form and regenerated at its original strength and quality. As technologies advanced digital signaling capabilities increased as well. Digital signaling was standardized on a hierarchical structure that was based on: 
 
- The analog signaling system 
- The PCM conversion of the analog signal 
 
The PCM conversion of the analog signal to digital to support the 24 channel multiplexed transmission identified above became the base digital signaling rate. Higher rates were accomplished by multiplexing these signals into higher bandwidth transmissions. In other words the base digital signal is a direct multiple of the analog signaling rate and all higher digital signaling rates are multiples of the base signaling rate. 
 
### 
###  Digital Signaling(transmission) Hierarchies 
### 
 
There are two hierarchical structures that exist for digital networks: 
 
- Plesiochronous hierarchies (Plesiochronous means "nearly synchronous") 
- Synchronous hierarchies 
 
To further complicate things, North American standards (usually derived from US standards bodies) are different from the International ITU-T recommendations. 
 
## 
##  Plesiochronous Hierarchies 
## 
In a Plesiochronous hierarchy, the higher level multiplex functions include "bit stuffing" techniques. This allows the input bit streams from I/O channels to use free-running" clocks. As such, the user's clock rate is propagated (plus a little "Jitter") through the higher level multiplexer. Slip rates requirements between End-User multiplex equipment must still be met, for adequate performance of voice and (particularly) data. 
 

#  North American Digital hierarchy 

The North American Digital hierarchy starts off with a basic Digital Signal level of 64 KBPS (DS0). Thereafter, all facility types are usually referred to as "T x", where "x" is the Digital Signal level within the hierarchy (e.g. T1 refers to the DS1 rate of 1.544 MBPS). Up to the DS3 rate, these signals are usually delivered from the provider on Twisted-Pair or Coaxial cables. 
 
DS stands for "Digital Stream". The transmission speed of each digital stream is identified by the number that follows the DS. The letter "T" was originally used in reference to the physical "Transmission repeater" system developed to transmit over four wire twisted pair (bi-directional transmission with outgoing signals on one pair and incoming on the other.) 
 
North American T1 service providers often refer to the signal interface between the User and the Network as "DS-1" signals. The DS hierarchy and associated speeds for the first five levels are listed in the following table. 
 
Name  Rate          # of DS0s 
----------------------------- 
DS0   64 KBPS        1 
DS1   1.544 MBPS     24 
DS1C  3.152 MBPS     48 
DS2   6.312 MBPS     96 
DS3   44.736 MBPS    672 
 
DS1 signals can be multiplexed with other DS1's into higher rate signals for transmission via other media, e.g., coaxial cable, microwave, and fiber optic cable. 
 
Hence a DS1C is 2 DS1's (plus additional framing overhead) and a DS2 is 4 DS1's plus overhead. 
 
DS1 is the lowest rate that can be multiplexed asynchronously. As long as the signal is within specifications, the telephone network multiplexers will lock on the framing pulses, transport the signal through the network and hand it back at the same frequency it was received. In order to accomplish this, the subscriber's equipment must generate the signal in accordance with stringent requirements. The frequency of the bit stream must be 1544000 + or - 75 bits per second. The pulse shape must conform to FCC rules. A zero is represented by zero volts; a one is represented by either plus 3 volts or minus 3 volts (opposite polarity of the preceding one). This is called bipolar signaling or Alternate Mark Inversion (AMI). This type of signaling places a null in the signal at DC allowing power to be sent on the line. It also allows timing to be extracted from the bit stream provided there are no long strings of zeros. 
 
12.5% of all bits must be ones, and there can be no more than 15 zeros in a row. These are known as "ones density" requirements and are necessary to insure that the network repeaters do not jitter and lose sync. Framing pulses must conform to a pattern known as D4. This pattern is recognized by the network multiplexers and is required if the DS1 signal is to be multiplexed with other DS1 signals for transmission over microwave or fiber optic cable. 
 
Since the early 1980's, DS1 service has been available to individual subscribers as a tariffed point to point dedicated service. Virtually any twisted pair can be configured as a T1. It can be ordered as a point to point DS1 or T1 circuit. DS1 and T1 tend to be used interchangeably. It may also be called 1.5 Megabit service. 
 

#  International (CCITT) Digital hierarchy 

The ITU-T Digital hierarchy's basic level is the DS0 rate of 64 KBPS. These signals are usually delivered from the provider on Twisted-Pair or Coaxial cables. The European standards are summarized below. 
 
Name  Rate 
----------------- 
DS0   64 KBPS 
E1    2.048 MBPS 
E2    8.448 MBPS 
E3    34.368 MBPS 
E4    139.264 MBPS 
 
An important consequence of the different digital hierarchies between Europe and the US is that only a discreet set of fixed rates are available for transmissions that cross the digital hierarchies. 
 
## 
##  Synchronous Hierarchies 
## 
In the later 1980s, synchronous network hierarchies were defined. In Synchronous networks, all multiplex functions operate using clocks derived from a common source. 
 

#  North American SONET (Synchronous Optical NETwork) 

This system is based upon multiples of a fundamental rate of 51.840 MBPS, called STS-1 (Synchronous Transport Signal, Level 1). The facility designators are similar, but indicate the facility type, which is usually Fiber Optic Cable (e.g. OC-1 is an Optical Carrier supporting a STS-1 signal; while OC-3 supports a STS-3 signal, etc). Some typical rates are listed below: 
 
Name    Rate 
-------------------- 
STS-1   51.840 MBPS 
STS-3   155.520 MBPS 
STS-9   466.560 MBPS 
STS-12  622.080 MBPS 
STS-48  2488.320 MBPS 
 

#  International SDH (Synchronous Digital Hierarchy) 

This system is based upon a fundamental rate of 155.520 MBPS, three times that of the SONET system. This fundamental signal is called STM-1 (Synchronous Transport Module, Level 1). The typical transmission media is defined to be fiber, but the Broadband ISDN specification does define a User-Network Interface (UNI) STM-1 (155.520 MBPS) operating over coaxial cables. Some typical rates within this hierarchy: 
 
Name    Rate 
--------------------- 
STM-1   155.520 MBPS 
STM-3   466.560 MBPS 
STM-4   622.080 MBPS 
STM-16  2488.320 MBPS 
 
### 
###  Analog versus Digital 
### 
Analog signals are continuous waves that can represent an unlimited number of values. Telephone systems use analog-switched lines to provide voice communications. Data communication over analog lines has a limited transmission speed because of the narrow bandwidth of voice lines. 
 
When transmitting data over phone lines, a modem is required to convert the digital data signals to analog signals. When analog signals are transmitted over long distances, they need to be amplified, which can distort the value of the data transmitted. 
 
When analog data is converted to digital data it can be transmitted over digital signals faster and without distortion. Discreet samples of binary data make up the content of the payload. Digital data is precise, but can never transmit the range of information available with analog. 
 
The digital signal is transmitted in a binary code using 0's and 1's. Either the signal is on (1) or it is off (0). The analog signal, on the other hand, is a wave of information that contains a continuous flow of varying voltage. As the analog wave travels over the air and into homes, it can collect noise (snow, ghosts). The digital signal, on the other hand, arrives exactly as it was sent. 
 
when a device receives a digital signal, it is given precise data on how to reproduce an exact duplication of the original image or sound. An analog receiver only gets a narrower range of information, and will approximate the original image or sound. This representation may be close to the original image, but usually will not be an exact duplication. 
 
### 
###  AD conversion 
### 
 
x-axis = time 
y-axis = voltage 
 
## 
##  Sampling frequency 
## 
 
recall digital signaling was developed as a mechanism to increase CO back end capacity by multiplexing 24 analog transmissions. The analog signal (an electromagnetic wave) generated on each channel is "sampled". The sample is converted into an 8bit representation of the sampled signal. 
 
A sample is simply a detection of a distinct point along the electromagnetic wave. 
 
By knowing the sample detection points in terms of where they lie on the Y axis (in terms of their +/- distance from zero) and on the X axis (by knowing the exact time intervals between samples) the exact location of the sampled value can be documented. This value is documented by an 8bit value as a digital representation of the sample location. 
 
On the other side of the transmission, the digital signal is converted back to analog and sent down each of the 24 channels. The 8bit digital "points" provide enough information about the height and slope to be able to "plot" the structure of the wave. The height (maximum +/- from zero) allows the amplitude to be reconstructed and the slope (the uniform grade at which the line moves from/towards zero as it moves down the x axis) allows the frequency to be reconstructed. 
 
## 
##  Quantization 
## 
In order to "digitize" an analog signal, the signal level at the instant of sampling is converted to a binary number by an analog to digital converter. The number of bits in this binary number determines the number of levels that the signal will be "quantized" into. Because the information that lies between these levels is lost, the number of levels used determines the dynamic range and distortion of the recovered analog signal. If eight bits are used, 256 levels can be determined. This yields a dynamic range of about 48 kB and about 0.5% distortion at full output. Each bit added doubles the number of levels, increases the dynamic range by 6 dB, and decreases the distortion by a factor of two. For example, 14 bits yield 16384 levels, a dynamic range of about 84 dB, and about .01% distortion. 
 
## 
##  Analog Telephone Sampling 
## 
in 1930s, Harry Nyquist defined a formula which states that if an analog signal is sampled at a rate greater than "twice" its bandwidth the samples will provide all the information needed to accurately reconstruct the signal. 
 
A 3 kHz analog voice telephone channel is first band limited to around 3300 Hz. This signal is sampled at an 8 kHz rate (8000 samples per second). Each sample is quantized to 8 bits. This means that a voice channel requires 64000 bits per second to transmit (8000 samples X 8bits). This 64Kbit signal is called a DSO (Digital Stream hierarchy level 0) channel. 24 DS0 channels are combined along with 8000 bits per second for framing to make a DS1 (T1) signal. The equipment that accomplishes this is called a Channel Bank. The DS1 (T1) signal has a bit rate of 1544000 bits per second (1.544 Mbps) [(64000 X 24) + 8000]. 
 
Bell Lab research team found that a telephone cable twisted pair could accept this high a bit rate provided the terminating impedance was lowered to 100 ohms and regenerative repeaters were installed every 6000 feet maximum. These repeaters "interpreted" the degraded incoming signal as a one or a zero and sent a perfect (re-shaped) one or zero to the next repeater. Hence the quality of the bit stream at the terminating end was as good as the original signal generated at the other end. 
 
Since the analog signal is encoded in the numbers represented by the digital bit stream, the distortion and noise of the recovered analog signal is not affected by the transmission medium so long as there are no bit errors. 
 
### 
###  Switching Techniques 
### 
while original telegraph systems were comprised of point to point connections between two end nodes (i.e. your phone always only connects to a particular end point only), it was recognized that the telephone needed to connect any combination of end nodes to form a communication connection. This was originally accomplished by a "Switch board" where a human operator would physically connect on pair of wires to another pair by plugging in the appropriate jacks. Thus the concept of switching was born. 
 
there are a few ways to perform switching: 
 
- Circuit Switching 
- Packet Switching 
- Message Switching 
- Cell Switching 
 
[Circuit Switching] 
This method involves the physical interconnection of two devices. A good example of circuit switching involves the Public phone network. A data example would be the classic A/B switch used to switch from one printer to another (in the old DOS days!) 
 
[Packet Switching] 
Packet Switching techniques switch packets of data between destinations. Traditionally, this applied to X.25 techniques, but this also applies to TCP/IP and IPX/SPX routers also. Frame Relay switches are also packet based. 
 
[Message Switching] 
Message Switching techniques were originally used in data communications. 
e.g. 
- early "store and forward" paper tape relay systems. 
- email delivery 
- in voice systems, you can find Voice Mail delivery systems on the Internet. The "forward voice mail" capability in some voice mail systems. 
 
[Cell Switching] 
Cell Switching is similar to packet switching, except that the switching does not necessarily occur on packet boundaries. This is ideal for an integrated environment and is found within Cell-based networks, such as ATM. Cell-switching can handle both digital voice and data signals. 
 
### 
###  Packet switching VS Cell switching 
### 
[similarity] 
- breaks data stream into packets which are then placed on lines that are shared by several streams. 
[difference] 
- cells have a fixed size while packets can have different sizes. This makes it possible in principle to offer bounded delay guarantees (since a cell will not get stuck for a surprisingly long time behind an unusually large packet). 
- how the route is established and maintained. Packet switches route each packet individually. Packets can arrive at their destination by taking different paths depending on least cost delivery and congestion algorithms used by the network. Hence packet switching, like routing, is often referred to as a "route and forget" technology. Cell switching establishes a dedicated path in the form of a virtual connection upon which all cells destined for the same end node will ride. it is a "learn once route many" approach. 
 
 
### 
###  X25  packet switching 
### 
 
Packet switching was devised to solve problems in the telephone system infra where telephone lines having various quality levels not sufficient to provide reliable connections for data applications. Packet switching was a solution that provided an effective workaround for unpredictable reliability on the network. 
 
Traditional voice services are TDM (time division multiplexing) where data (voice) is sent as a continuous stream through the network from one end to the other - if any problem during transmission (e.g. some data was lost or corrupted) the two people conversing would simply ask each other to repeat what they had said. With the data services, loss or corruption of data could mean that whole sections of data are of no use to the end destination. Imagine the case of someone transferring a bank statement from one computer to another- an error anywhere in the transmission could prove disasterous. 
 
Packet switching method breaks up data into smaller pieces, and provides a way for the data to be verified by the destination. In this mode, in case of missing/corrupt pieces, then only those pieces need to be resent, drastically reducing the amount of time (and the opportunities for errors) in overall data transmissions. 
 
-- [Impact of Packets] 
 
Packet switching comes at a cost - because the process takes large pieces of data and breaks it up into smaller ones, the smaller pieces need to be "labelled" so the destination can put the pieces togther again. This labelling means that there is additional overhead, and consequently more bandwidth. When X25 was first being implemented, the network reliability demanded a method to ensure that the data was getting from one end to another without errors, so the additional overhead was accepted to address the issue at hand. 
 
 
### 
###  HDLC and Packet Info 
### 
 
HDLC = High-level Data Link Control 
 
recall packets contain some overhead used for data integrity check (e.g. CRC). HDLC is used to tell the equipment in the network what kind of data is contained within the packet. This is used to tell the equipment whether the packet contains customer data, or if it is information about other equipment in the network. The three types of HDLC frames are (I) Information, indicating the packet contains data, (S) Supervisory, indicating the packet contains information about the state of network equipment, and Unnumbered, indicating other control parameters that are used by the network devices. 
 
-- [Additional Packet Overhead] 
 
The Packet header contains additional information after the HDLC. Here are the next three pieces of data: 
 
GFI: General Format Identifier. This tells the equipment if the data is end-user data or network equipment data. 
LGN: Logical channel Group Number. This is half of the information used to identify a particular connection in the X.25 network. 
LCN: Logical Channel Number. This is the second half, indicating the channel number within the specifcied group. 
 
The LGN and LCN specify how the data is routed - PVCs are Permanent Virtual Circuits, that are setup my operators in the Central Office that are "fixed" routes from equipment to equipment. SVCs are Switched Virtual Circuits, and are setup on the fly by a system of signals sent from one piece of equipment to another. This is an automatic process that allows bandwidth to be actively changed depending on the load of the network. 
 
The Packet Type is then included in the overhead, which are the various requests and replies that the equipment will signal to each other to complete connections and transfer the data. 
 
-- [Cyclical Redundancy Check (CRC)] 
 
After the data in the packet comes a CRC field. This allows the receiving system to verify the contents in the packed received match the contents of the packet originally sent. The CRC is not perfect, but depending on how many bits the CRC field is, the closer to 100% guarantee that it will detect a difference in the data it gets. For example, a 16-bit CRC field will detect an error in 99.9999% of the potential cases. This is high enough that the chance that a bad packet would get through undetected is virtually zero. 
 
### 
###  Frame Relay 
### 
 
Frame Relay == an improvement on the X.25 packet switching concept. As the networks evolved, the needs changed, and the following were the major trends: 
 
- Applications were driving a need for increased speed and performance 
- The expanding base of intelligent data devices on the network 
- Increased reliability in the core telephone network 
- Increase of LANs and the need to internetwork across WANs 
 
 
-- [Guarantees] 
 
The key to Frame Relay is in the packet header - important fields are as follows: 
 
FECN : Forward Explicit Congestion Notification 
BECN : Backward Explicit Congestion Notification 
  DE : Discard Enable 
 
FECN and BECN bits are set by the network equipment as it processes the data and routes it along through the network. This allows the network equipment to automatically propagate messages that the network is getting congested in either direction of the data flow, and the systems can then accomodate the changes appropriately and effectively adjust their own transmission speeds to level the "burstiness" of the network overall. This means that the overall uage level of the network can go up, because the level of traffic is being monitored and adjusted on the fly. This allows the providers to place a price on a "guaranteed" level of data rate, and use more of the bandwidth of the network all the time. 
The guarantees are not perfect, though in the case of bursts of data, there is still a certain response time that the network has to deal with congestion, and this response time may mean that data during a heavy burst can still be lost. 
 
### 
###  ATM Cell Switching 
### 
 
recall the fundamental difference in Cell swtching VS Packet switching is that cell is fixed size, whereas packets are variable size. 
 
ATM (Asynchronous Transfer Mode) cells are 53 bytes (whereby 5 bytes = header information, and 48 bytes = data). 
53 may seem small, compared to upto 4000+ bytes for frame relay packets, and even 1500 bytes for Ethernet frame. The advantage comes from the way the data can be handled by the equipment. Within the header of the ATM cell, there is error correction, but at the cell level, there is little intelligence. The ATM cell by itself simply tells the receiver what "circuit" the data is in. 
 
 
-- [SAR (Segmentation and Reassembly)] 
 
SAR is an important piece to ATM protocol, as it is responsible for managing the process of conversion from protocol/service specific data into transmission ready cells. It is here that the advantages for bandwidth guarantees come in the form of Constant Bit Rate (CBR) and Variable Bit Rate (VBR) services. These services allow data streams to be monitored to provide a guarantee of a specific level of bandwidth to be allocated to a specific stream. 
 
These guarantees are why many network equipment manufacturers use ATM internally to their equipment to manage the data, even if the product is not an ATM switch. Sometimes you will see in a specification that a particular device uses an ATM backplane to accomplish the particular equipment's purpose- it is often the case because ATM has the guarantees and scales well to handle the higher speed transmissions. 
 
 
 
 
tagged vLAN 
 
 
 
#################################### 
###    IP (internet protocol)    ###   L3 / network layer 
#################################### 
 
IP facilitates packet(data) routing(delivery). 
IP is "best effort" protocol. no guarantee. some packets may be dropped if network is congested. error checking/correction is usually done in its upper layer (e.g. TCP/UDP) - it really depends on the application. for example, video streaming, UDP, but other more secure transaction where every bit counts, then TCP, etc. 
 
e.g. IP doesn't offer msg 'receipt' ack method. TCP does. 
 
IP encapuslates higher layer packets/data. IP packet is independent. i.e. no packet order is maintained. higher layer protocl needs to facilitate that. 
 
other L3 layer protocols include 
- ICMP (internet control msg protocol) - used in ping/traceroute. supports unicast. 
- IGMP (internet group mgmt protocol) - supports multicast (one-to-many), suitable for online video streaming, gaming. 
 
 
https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol 
https://en.wikipedia.org/wiki/Internet_Group_Management_Protocol 
 
 
### 
###  IP header         # we assume IPv4 for now 
### 
 
see this - https://en.wikipedia.org/wiki/IPv4#Packet_structure 
 
one word = 32 bit (i.e. 4 bytes) 
 
IP header is expressed by how many words. i.e. a multiple of 32 bits (i.e. 4 bytes) 
as below, IHL defines the length of each header. min = 5 words (i.e. 20 bytes), max = 15 words (60 bytes) 
note not every field is used in every packet. 
 
 4 bits : version (like v4, v6) 
 4 bits : IHL (internet header length) where min = 5 words (i.e. 20 bytes), max = 15 words (60 bytes) 
 6 bits : DSCP (differentiated services code point) - aka "ToS" (types of service) is specified e.g. "VoIP" voice over IP is a "real-time" type of service. 
 2 bits : ECN (explicit congestion notification) - used to facilitate end-to-end notification of network congestion. an optional feature. 
16 bits : total length - indicates the total packet size (= header + data). max is 65535 bytes (64KB) - but further fragmentation may be necessary (e.g. ethernet MTU is 1500 bytes) in which case, router or host fragments packets. 
 
e.g. max TCP packet size is 65535 bytes (64KB), but in practice, packet size is smaller because lower layers (e.g. ethernet) impose lower packet size limit. recall MTU (max transmission unit) for ieee 802.3 (ethernet) is 1500 bytes. 
 
 3 bits : flags where bit 0 = reserved, bit 1 = DF(dont fragment), bit 2 = more gragments.  so router discards packet if it needs to fragment but bit 1 = True 
13 bits : fragment offset 
 8 bits : TTL (time to live) : supposed to be in seconds, but in practice uased as max hop count. each router decrements TTL, if hits 0, then discard packet. 
          (prevents infinite loop of a packet) 
 8 bits : protocol number (.e.g 6=TCP, 17=UDP)  https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers 
16 bits : header checksum - each router computes the checksum of the header of every packet, and if mismatch, then discard the packet. 
          note the checksum/integrity of the payload/data must be handled by upper layer. 
          let me quote wikipedia - "An IP packet has no data checksum or any other footer after the data section. Typically the link layer encapsulates IP packets in frames with a CRC footer that detects most errors, and typically the end-to-end TCP layer checksum detects most other errors." 
 
32 bits : src IP addr 
32 bits : dst IP addr 
 X bits : options (theoretically cannot exceep 40 bytes) 
 
 
### 
###  IP routing table 
### 
 
contains 
- dest IP addr (can be network or host addr) 
- next hop IP addr (where to send next) 
- flags (specific instructions/config, etc) 
- available NICs (in the router/computer), gateway router may have multiple NICs, each with a distinct IP addr. 
 
routing table configuration/mgmt can be "static" or "dynamic" 
 
 
### 
###  IP routing protocols 
### 
 
in essence, every node in LAN needs to know "default router" aka "gateway" that can interface with external networks. 
 
every router: 
1. - if dest IP addr found in its routing table, then directly send to it 
2. - else if at least network addr found for desk IP addr (like IP addr in this range, send to this IP addr router), then send to it 
3. - else send to the default router (if available) 
4. - else discard the packet 
 
 
there are quite a few routing protocls. e.g. RIP, OSPF 
 
### 
###  classful networks, subnet & subnet mask 
### 
 
           nnn.nnn.nnn.nnn               # common octet form, nnn = [0,255] 
 
********.********.********.********      # binary form, * = {0,1} 
 
 
==> they break down the 32 bits into 
 
     first X bits = "network" ID 
      next Y bits = "subnet" ID     # can be Y=0 
 remaining Z bits = "host" ID 
 
 
==> obviously, if you need to service many users then you need a network with many host ID space. if you only need to host a small number of users, then you only need a network with just enough host ID space. 
 
==> we have class A/B/C/D/E network concept.   (D, E are for experiments. dont worry too much) 
 
(ref) https://en.wikipedia.org/wiki/Subnetwork 
(ref) http://www.tcpipguide.com/free/t_IPAddressClassABandCNetworkandHostCapacities.htm 
 
class|    addr range                 | network ID  | # of hosts 
--------------------------------------------------------------- 
  A  |    0.0.0.0 to 127.255.255.255 |   8 bits    | 2^24 - 2 = 16,777,214  (16.7 mil) 
  B  |  128.0.0.0 to 191.255.255.255 |  16 bits    | 2^16 - 2 = 65534 
  C  |  192.0.0.0 to 223.255.255.255 |  24 bits    |  2^8 - 2 = 254 
  D  |  224.0.0.0 to 239.255.255.255 |  --         | -- 
  E  |  240.0.0.0 to 247.255.255.255 |  --         | -- 
 
(quiz) how many class A networks are available ? 
     - there can be 2^8 = 256 class A networks in the world. 
     - because there are only 256 of them, you can google to find who are these 256 owners. 
     - e.g. AT&T, Apple, MIT, Xerox, IBM, Army, HP, Stanford 
 
 
note: another typical quiz is given an IP addr, it asks "which class is this IP addr?" which you can just look at the first byte, and reference the above. 
 
 
## 
##  why "-2" 
## 
 
it's because: 
- the first addr (all host bits = 0) of each subnet is reserved as "network" addr 
- the last addr (all host bits = 1) of each subnet is reserved as "broadcast" addr 
 
 
## 
##  what is subnet 
## 
 
suppose you are given a single class C network to manage your company's network. 
let's say the network bits are 192.168.432.xxx 
so you xxx = 000 is your network addr 
and xxx = 255 is your broadcast addr 
and xxx = {1,254} is your host addr space 
 
what if you need to service more than 254 users/node ? then NAT is your solution. 
 
NOTE: 
- IPv4 addr is 32 bits - i.e. 4 billion, and running out. 
- IPv6 (64bit) is a fundamental solution. 
- in the interium, as a more tactical solution, we had (and still use) NAT (network addr translation) : translates global IP addr to private IP addr. 
 
==> now assume your user space is within 254. 
    254 is a small number, but still imagine many nodes sending a broadcast packet in the LAN, it can impact the traffic. 
    so you may want to further segment (aka subnet) your class C network. 
 
e.g. 
 maybe HR has 25 people, IT has 14 people, Sales has 29 people, Marketing has 3 people, so on. 
 so lets subnet your single class C network into subnets based on those departments. 
 what is the biggest department ? (in this case, Sales has 29 people) 
 to host 29, your subnet needs 5 bits (2*5 = 32, but remember the first and last addrs are reserved, so in reality, you only get 32-2 = 30) 
 so, your 8 bit host space can be divided into 3 subnet bits, and 5 host bits. 
 
subnet ID bit 
     --- 
     11100000 
        ^^^^^ 
        host ID bit 
 
 how many subnets do you have ?   2^3 = 8 
 how many hosts can you service in each subnet ?  2^5 - 2 = 30 
 
notice you must allocate your usual network & broadcast addr for EACH subnet you create, so creating many subnets effectively reduce your host addr space slightly. 
 
if more than 8 departments, you can maybe consolidate smaller depts into one subnet. 
also, dont design your subnets based just on current user populatioin. think about potential future change. 
 
 
## 
##  what is subnet mask ? 
## 
 
"subnet mask" is all 1 for network & subnet ID bits, and all 0 for host ID bits 
 
e.g. if you have a class C network with no subnet, then your subnet mask is 
     11111111.11111111.11111111.00000000 
     (i.e. 255.255.255.0) 
 
     if your subnet ID is 3 bits like the above example, then your subnet mask is 
     11111111.11111111.11111111.11100000 
     (i.e. 255.255.255.224)             // notice how binary form is more intuitive than octet to see subnet mask 
 
     ==> that's 27 bits 
     ==> note sometimes we use CIDR (classless inter domain routing) notation 
       e.g. 
       192.168.432.210/27   # it's just an IP addr / length_of_subnet_mask 
 
 
subnet mask is useful, because as a router you can extract only the network addr to decide routing. 
then once reached the right network/subnet, you can extract only the host addr to deliver packet to the end node. 
 
 
(ref) http://www.cse.uconn.edu/~vcb5043/MISC/IP%20Intranet.html 
 
 
 
loopback (localhost) IP addr  = 127.0.0.1      // or  ::1 in IPv6 
 
 
 
### 
###  ARP / RARP     -   (reverse) addr resolution protocol 
### 
 
recall MAC addr is physical uuid, immutable, unique to the hardware, whereas IP addr is  a logical addr, dynamically reassigned. 
so once a device joins a network, then it gets assigned an IP addr, then as the packet arrives for that IP, we need to know which MAC addr "currently" occupies that IP addr. 
 
i.e. this is just L2 - L3 mapping 
 
on ethernet: 
- ARP : converts IP addr to MAC addr (48bit)    # used by LAN technologies (e.g. ethernet, token ring, FDDI) 
- RARP: converts MAC addr to IP addr (assigns IP addr to MAC addr if not one asigned yet)   # not used much any more. replaced by BOOTP, DHCP 
- inARP : inverse ARP 
- proxy ARP 
- gratuitous ARP 
 
[ARP example] 
user gives a hostname/URL to an application (http, ftp, telnet, ssh, etc) which uses DNS to discover IP addr. 
suppose a gateway device/router/switch device receives the packet with a dest IP addr, but doesn't have MAC-IP mapping table yet. 
then it sends the 'broadcast' ARP-discovery request (frame) to the local network "who has this IP addr?" 
every node receives the msg but discards the frame if it's not his IP addr. 
only the node whose IP is that exact dest IP addr will send 'unicast' ARP-reply frame back to the requester. 
then the requester updates his ARP cache/table, and sends unicast frame to the dest node. 
 
[RARP example] 
usually a client node sends a broadcast RARP msg to the local network. 
then RARP server device who maintains MAC addr - IP addr table responds "here is your IP addr" 
 
NOTE: in ARP, local hosts maintain ARP table, while RARP server maintains RARP table. 
 
 
### 
###  RARP 
### 
 
when a node doesnt know its IP addr, it sends a RARP request, asking for an IP addr based on its MAC addr. 
central RARP server in each LAN assigns an IP addr to the node. 
usually each node (like your desktop/laptop) can then store its IP addr, but there may be diskless workstation (very cheap, simplified device) may asks RARP every time. 
RARP is a simple L2 protocol, it does NOT span across L3 layers, i.e. does not span across routers. i.e. RARP server is needed in each LAN. 
DHCP can span across routers, thus DHCP replaced RARP. 
 
### 
###   ICMP  (internet control msg procotol) 
### 
 
a mechanism for TCP/IP to check the various network status of physical connections. 
an ICP packet is encapsulated in IP datagram. 
 
ICMP msg types - there are two kinds "query" and "error" 
 
8-bit "type" field indicates info as below. 
 
type description 
------------------------------------------------------------- 
 0   Echo Reply (Ping Reply, used with Type 8, Ping Request) 
 3   Destination Unreachable (error) 
 4   Source Quench 
 5   Redirect 
 8   Echo Request (Ping Request, used with Type 0, Ping Reply) 
 9   Router Advertisement (Used with Type 9) 
 10  Router Solicitation (Used with Type 10) 
 11  Time Exceeded  (error) 
 12  Parameter Problem 
 13  Timestamp Request (Used with Type 14)          // e.g. to sync the time btwn two hosts 
 14  Timestamp Reply (Used with Type 13) 
 15  Information Request (obsolete) (Used with Type 16) 
 16  Information Reply (obsolete) (Used with Type 15) 
 17  Address Mask Request (Used with Type 17) 
 18  Address Mask Reply (Used with Type 18) 
 
(ref) http://www.informit.com/articles/article.aspx?p=26557&seqNum=5 
 
===> note: each type has sub types (aka code) that indicates more granular detail. 
           e.g. type 3 has many sub codes. 
                code 0 = network unreachable 
                code 1 = host unreachable 
                code 2 = protocol unreachable 
                code 3 = port unreachable 
                many more 
                (google for details, or read TCP/IP illustrated) 
 
NOTE: depending on the msg type, ICMP pkt is handled at different layers of OS/applications. some ICMP msg is handled at TCP layer, othe rICMP msg is handled at user application layer. so on.  usually a layer tries to look at it and doesnt know what to do, then just sends it to upper layer. 
 
## 
##  ICMP error msg rules 
## 
 
ICMP error msg shall NOT be generated in response to 
- another ICMP error msg 
- IP multicast/broadcast(includinglink layer bcast)/loopback/zero addr  (basically any addr that doesnt specify an individual device) 
- a fragment (other than the first) 
 
---> the idea is to prevent infinite broadcast storm. 
 
## 
##  ICMP example 
## 
 
suppose a host A sends this ICMP msg to a host B, to measure timestamp difference. 
 
    field                      value 
---------------------------------------------------------------------- 
    type                       13 (timestamp req) 
    code                       0 (always 0 in type 13/14 ICMP msg) 
    checksum   checksum of the ICMP msg 
    identifier                 used by application to track requests/responses 
    sequence number            used by application to track requests/responses 
    32-bit origin timestamp    sender sets current time when sending 
    32-bit receive timestamp   receiver sets the time when receiving 
    32-bit transmit timestamp  receiver sets the time when responding 
 
 
==> host B repsonds with "type 14", and updates its own checksum, plus "receive/transmit" timestamp (often the same timestamp for both receive/transmit) 
    then host A can match the clock time (adjustment considers the roundtrip time of the ICMP packet too) 
 
 
### 
###  ping 
### 
 
- an application to determine if a dest host/network is reachable. ping origin was the name of sonar signal to locate submarines. 
- since ping is an application, the different implementations depending on the version of the TCP/IP tools, the response given may vary from platform to platform. e.g. HP vs Sun. but the fundamental is the same in various versions of ping implementations. 
- ping is really just ICMP "echo request" & "echo reply" 
 
see here for ICMP packet format   https://en.wikipedia.org/wiki/Ping_(networking_utility) 
 
- the identifier field is usually set to PID of the sender application. the sequence numbers are used by the ping program to identify each successive echo request - this allows us to determine if packets are missing/re-ordered/duplicated. recall IP does not guarantee datagram delivery (but TCP tries). routers may distribute packets across multiple paths (to load balance network traffic, rather than always using the shortest path), which can result in re-ordered packets. 
 
- an echo request must have a reply generated (it is not a passive response), systems may be configured to not respond for security reasons. a simple first attack on a system can be done by simply scanning the ports - i.e. sending requests to ports on a list of IP addresses to determine if systems are present, and if particular services are running on those systems. by disabling responses to ping requests (as well as other ICMP types), it will leave the system unexploitable by port scanning. once availables ports are scanned, attacker can try various things like DoS, or access the service, etc. 
- in addition to individual hosts/systems preventing replies to ping requests, many network administrators enable firewalls to block all ICMP packets from entering an internal network for security purposes. in sych case, individual hosts will never even receive ICMP pkts. 
 
[IP Record Route] 
- ping also allows IP addr at each hop to be recorded to determine the path a datagram takes through the network. there are some significant problems with this feature. the available space to record hops is limited to only 9 IP addr. In the early days of the Internet, 9 hops might have been plenty to get to the destination system, but in todays Internet, the number of hops a datagram can take can be significantly larger. 
- IP Record Route is a specific method that encodes the hop detail in the packet itself- it is not limited to ping alone, but does require that each device honor the request to record the route and implement it properly. This leads to another significant problem with the IP Record Route option is the consistency of implementation in the networking equipment. Although the RFCs describe the behavior that should be implemented, the actual behavior may be different. We will study next how Traceroute program can be significantly better. 
 
NOTE: a popular quiz: what's the diff btwn "destination host unreachable" VS "ping timeout" ? 
      -- usually, unreachable means the pkt got routed as much as possible but got to a point where a router doesn't know where to send that pkt any more, probably due to the dest IP non existent or the device shut down. timeout can be a result of ICMP filtering (at firewall layer or individual host layer) or simply pkt dropped due to network congestion / routing error, etc 
 
### 
###  traceroute program 
### 
 
- a highly effective (though not perfect) method of determining the path a datagram takes to get to a destination system. the traceroute program mechanism is to send a message that will generate a response from the first "hop" in the path, and after identifying that, send a mesage that will generate a response from the second "hop", and so on. 
 
- as such, traceroute is based on a major assumption - that all of the packets between two systems will travel the same path. this is often true, but when you look at larger networks, (worldwide), and the newer routing methods (dynamically weighting packets for transmission to more evenly distribute traffic across multiple paths), it is becoming increasingly more common that two packets sent from one system to another may actually traverse different paths. to mitigate this, traceroute makes multiple requests to try to determine the path from the sender to the target system. 
 
- traceroute uses the ICMP messages as the mechanism to determine the path a datagram takes through the network. the critical component is the TTL (time to live) value in the ICMP structure. TTL is used to force a packet to only travel a known number of hops before being returned as undeliverable. 
 
- TTL's purpose was to remove the chance that a packet could get caught up in a routing loop, where it would continuously traverse the same path, never finding the destination, and creating residual traffic that eventually could exhaust the available network bandwidth. TTL is simply a number that gets decremented by each hop, and when it reaches 0, it will not be forwarded. this allows a packet stuck in a loop to eventually be deleted. Traceroute takes advantage of the response that a device performs when a packet reached the end of its TTL. i.e. TTL forces a packet to only travel as far as the traceroute program wants it to.  A critical aspect of the ICMP structure that gives us the functionality of the traceroute program is the fact that an ICMP error is sent back to the originating system in the case of the TTL becoming 0, provided that the system is configured to generate ICMP error messages. In addition, the system that decremented the TTL to 0 will also attach its IP address to the "time exceeded in transit" message. 
 
e.g.  traceroute starts with TTL=1, then finds the next hop, then tries TTL=2, so on 
 
A few key notes about traceroute and the implementations: 
 
- An ICMP error message comes from the device generating it - so when a device in the network, like a router, drops a packet because of expired TTL, it sends the ICMP error message from its own address, with the destination the original source of the packet being dropped. This is how the traceroute application can get the IP address of each intermediate hop. 
- The traceroute application can set the TTL of the packet being sent - in fact, all systems have a default value that is used for the TTL for outgoing packets - but it can be overridden by specific applications. The default for the TTL is usually 32, 64, or 128, depending on the OS. Traceroute sets the TTL to the number of the "hop" that it is tracing to, this forces the TTL to expire at a specific point in the network on the way to the final destination. 
- Implementations vary slightly between systems - there are two primary differences that you may encounter if you are looking at the packet traces associated with the applications - and that is what the "request" looks like. For most Unix/Linux systems, a request is to a destination port (which identifies the service being requested) as an arbitrarily high, random port number (btwn 33434 - 33534). For Windows systems, the request is usually a standard "ping" request, to the ICMP port for the target system. This means that in both cases, the ICMP message that is returned by systems other than the final destination will be a "Time exceeded in transit" message - however, when the packet reaches the final target, the response will be an ICMP "echo reply" for traceroute running from a Windows machine, and typically a "port unreachable" from traceroute running on Unix/Linux boxes. 
While the reponse from the end system may be different - it is irrelevant to the operation of traceroute. Because traceroute is just trying to find the systems that make up the path from the sender to a target system, as long as it gets a response that comes from the target IP address, the type and nature of the response is not important. 
- Often, routers in the public internet may be configured to not respond to ICMP - in that case, the traceroute application will wait for the requests to time out. 
 
 
[traceroute example] 
 
- notice it tries 3 times for each TTL. sometimes you get "*" which means the router refused ICMP 
 
$ traceroute yahoo.com 
traceroute to yahoo.com (98.138.219.232), 30 hops max, 60 byte packets 
 1  ve-304.juniper1.sfc.wide.ad.jp (203.178.142.129)  0.499 ms  0.500 ms  0.494 ms     # see results for 3 attempts 
 2  ve100.nexus1.fujisawa.wide.ad.jp (203.178.137.65)  1.001 ms  1.105 ms  1.420 ms 
 3  ve-46.brocade1.nezu.wide.ad.jp (203.178.136.93)  10.627 ms  10.628 ms  10.621 ms 
 4  ve-43.foundry6.otemachi.wide.ad.jp (203.178.136.101)  1.926 ms  1.926 ms  2.008 ms 
 5  ve-51.juniper1.notemachi.wide.ad.jp (203.178.141.142)  10.526 ms  10.528 ms  10.521 ms 
 6  ge-102-0-0-37.r03.tokyjp05.jp.bb.gin.ntt.net (203.105.72.17)  4.048 ms  2.895 ms  2.890 ms 
 7  * * * 
 8  * ae-1-3501.ear2.Denver1.Level3.net (4.69.206.189)  148.040 ms  148.041 ms 
 9  4.34.62.118 (4.34.62.118)  147.977 ms  147.983 ms  147.980 ms 
10  ae-5.pat2.nez.yahoo.com (216.115.96.70)  164.377 ms  164.381 ms  164.377 ms 
11  et-0-0-0.msr1.ne1.yahoo.com (216.115.105.25)  144.412 ms et-18-1-0.msr2.ne1.yahoo.com (216.115.105.185)  149.314 ms et-19-1-0.msr2.ne1.yahoo.com (216.115.105.181)  154.322 ms 
12  et-0-0-0.clr1-a-gdc.ne1.yahoo.com (98.138.97.61)  144.367 ms et-1-1-0.clr2-a-gdc.ne1.yahoo.com (98.138.97.67)  144.870 ms et-1-0-0.clr1-a-gdc.ne1.yahoo.com (98.138.97.69)  134.788 ms 
13  po255.bas2-1-flk.ne1.yahoo.com (98.138.0.99)  146.422 ms po254.bas2-1-flk.ne1.yahoo.com (98.138.0.87)  135.003 ms po254.bas1-1-flk.ne1.yahoo.com (98.138.0.85)  146.306 ms 
14  media-router-fp2.prod1.media.vip.ne1.yahoo.com (98.138.219.232)  130.151 ms  129.809 ms  133.621 ms 
 
 
===> looks like the 7th hop router ignores ICMP but it's ok we got to know IP addrs for the rest of the route. 
     onviously, like any other program, traceroute can fail if the destination is unreachable. 
 
 
notice traceroute works well only if the route remains consistent. through Strict Source Routing we can specify the path that the packets should follow, and with a little experimentation, you could potentially gather information that would give you an exact path from one address to another. it is important to note, however, that the specific route you determine using Strict Source Routing may not be the only path that the data could take, and unless you are using Strict Source Routing all the time, there is no guarantee that it will follow it.  Also, Strict Source Routing will break if devices on the network in that path become unavailable, where most dynamic routing protocols will generate a new path to route around network problems. 
 
With smaller networks, especially within corporations, the networks are fairly predictable. The difficulty for this tool shows up with large networks, where the path may be comprised of multiple networks, multiple providers, and large distances with lots of hops. 
 
 
########################### 
###     IP routing     #### 
########################### 
 
Today's IP routing protocols are complex, and offer a number of different methods that data can be routed, even from one device. (One router may support many protocols, and can be configured to use different routing protocols on different interfaces.) 
 
Some protocols distribute traffic across multiple paths/routes, in an effort to create evenly distributed traffic, rather than just using the fastest/shortest (or other criteria) path. 
 
- a gateway, where data can be directed outside of a local network. 
 
- routers, where the data could cross from one network to others. earlier routeres only had a couple of interfaces. Today's routers can have many interfaces (16+) that allow connectivity to many different networks). 
 
It is important to note that each system with an IP layer will have its own routing table.  Typically, when people mention a routing table they are referring to the table maintained by a network router, but the same principles apply for both. 
 
 
### 
###  routing table 
### 
 
lets look at an example 
 
$ netstat -rn 
Kernel IP routing table 
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface 
0.0.0.0         203.178.142.129 0.0.0.0         UG        0 0          0 em1 
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 em2 
203.178.142.128 0.0.0.0         255.255.255.224 U         0 0          0 em1 
 
$ ifconfig 
em1       Link encap:Ethernet  HWaddr 00:22:19:6a:3b:70 
          inet addr:203.178.142.142  Bcast:203.178.142.159  Mask:255.255.255.224 
          inet6 addr: 2001:200:0:8803:203:178:142:142/64 Scope:Global 
          inet6 addr: fe80::222:19ff:fe6a:3b70/64 Scope:Link 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1 
          RX packets:5965994563 errors:0 dropped:859660 overruns:0 frame:0 
          TX packets:2421129610 errors:0 dropped:0 overruns:0 carrier:0 
          collisions:0 txqueuelen:1000 
          RX bytes:7811149037513 (7.8 TB)  TX bytes:1948379461562 (1.9 TB) 
 
em2       Link encap:Ethernet  HWaddr 00:22:19:6a:3b:72 
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0 
          inet6 addr: fe80::222:19ff:fe6a:3b72/64 Scope:Link 
          UP BROADCAST RUNNING MULTICAST  MTU:9000  Metric:1 
          RX packets:15572689576 errors:0 dropped:858226 overruns:0 frame:0 
          TX packets:16922129586 errors:0 dropped:0 overruns:0 carrier:0 
          collisions:0 txqueuelen:1000 
          RX bytes:4909689294941 (4.9 TB)  TX bytes:10509195108068 (10.5 TB) 
 
em3       Link encap:Ethernet  HWaddr 00:22:19:6a:3b:74 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1 
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0 
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B) 
 
em4       Link encap:Ethernet  HWaddr 00:22:19:6a:3b:76 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1 
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0 
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B) 
 
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0 
          inet6 addr: ::1/128 Scope:Host 
          UP LOOPBACK RUNNING  MTU:65536  Metric:1 
          RX packets:2325907 errors:0 dropped:0 overruns:0 frame:0 
          TX packets:2325907 errors:0 dropped:0 overruns:0 carrier:0 
          collisions:0 txqueuelen:0 
          RX bytes:9837761466 (9.8 GB)  TX bytes:9837761466 (9.8 GB) 
 
$ arp -a | head 
? (192.168.1.17) at 00:0c:29:76:16:91 [ether] on em2 
ve-304.juniper1.sfc.wide.ad.jp (203.178.142.129) at 00:10:db:ff:10:01 [ether] on em1 
mail2.sfc.wide.ad.jp (203.178.142.148) at 00:0c:29:33:1d:72 [ether] on em1 
dash.sfc.wide.ad.jp.128.142.178.203.in-addr.arpa (203.178.142.138) at 00:0c:29:de:ec:60 [ether] on em1 
web.sfc.wide.ad.jp (203.178.142.145) at 00:0c:29:78:0d:e7 [ether] on em1 
? (203.178.142.154) at <incomplete> on em1 
? (192.168.1.13) at 00:0c:29:78:0d:f1 [ether] on em2 
ldap2.sfc.wide.ad.jp (203.178.142.135) at 00:0c:29:2f:44:33 [ether] on em1 
ldap1.sfc.wide.ad.jp (203.178.142.144) at 00:22:19:d4:4a:19 [ether] on em1 
www.sfc.wide.ad.jp (203.178.142.131) at 00:0c:29:45:14:6a [ether] on em1 
... 
 
 
 
The IP Layer itself maintains the routing table, through a number of ways. 
 
First, a routing daemon is typically running on a system. A daemon is a small program that resident in the system, and is usually started up when the system first starts up. These programs run in the background, and provide services to the system and its applications. Other examples are Print daemons and HTTP daemons (used by web servers). In the case of the routing daemon, it provides updates for the routing table, based on data sent to and from the system. The daemon takes care of the "Routing Policy" - which is what information will go into the routing table. (Rules govern this, and are configured as part of the installation of the routing daemon). 
 
Take a look at the listing in the table. This is the information that the IP layer will use to make the routing decisions. First take a look at the Destination column. This information is the address of either the destination host id (a complete IP address) or a network that is reachable through a specified "hop". The "hop" is indicated by the Gateway column of the table. The gateway could be a system, or it could be a router. The next field, Flags, gives us a lot of information about the entry. The first "U" indicates that the link is "up". A "G" indicates that the connection is a router - rather than simply an interface to a local network. The "H" indicates that the address in the destination field is a complete IP address of a destination system. If the "H" is not there, is indicates that the destination address field is a network ID. By default, if you look at the address for a destination that is a network id, any trailing zeros are the bits used to create the subnet mask. (In the example given, 140.252.13.32 has 5 trailing zeros. These 5 bits are the hostid field.) 
 
Not shown in the example are the "D" and "M" flags. These are used to indicate that another router had been asked to forward a packet that should not have been sent to it, and subsequently replied with a "Redirect" ICMP message. We will discuss this further, as this was one of the bugs in a major router manufacturer's software that caused some major routing problems on the internet. 
 
 
### 
###  using a routing table 
### 
 
When there is data to be routed, the first step is to scan the routing table for an exact match for the host id.  We saw from the last section that if the "H" flag is set, it is a hostid - therefore this first pass only makes comparisons with the entries with the "H" flag.  If it matches, the packet is sent off to the interface corresponding with that entry in the routing table.  Although we only looked at a system with one interface, routing tables for systems with multiple interfaces would show more than one interface name in the last column (excluding, of course the localhost interface lo0). 
 
The next step is to look for a match for a network, and appropriately route the packet to the appropriate gateway. If it still cannot find a matching network id, it searches for a default entry. 
 
If it cannot find any match, an appropriate ICMP message is generated, and the datagram is discarded. 
 
### 
###  Forwarding Rules 
### 
 
Forwarding of packets is usually applied to routers, but other systems can also act like routers and forward packets to appropriate destinations based on the routing table.  This is only true on systems that are configured to do so.  It is important to note that in most circumstances, the gateway of a local are network should be the only system that is configured to forward packets external to the network.  As we have seen before, within a local network, routing isn't really necessary (except for the host sending the data directly to the destination computer on the network.) 
 
### 
###  ICMP Redirect 
### 
 
In some cases, a routing table could have incorrect information. In this case, data could be forwarded to the wrong router on the network.  In this case, the router should put back an ICMP redirect error message.  The premise of the ICMP redirect is to inform the sender that data headed to the specific destination should be routed through a specific router. (Not the one generating the message). This is one of the first examples of how the routing of the networks can become very sophisticated, as the routers will "learn" the topology of the network by passing information to each other. This is the premise of the more sophisticated routing protocols used today. 
 
Similar in concept to the redirect message, routers can also generate periodic router information messages, that are used to appropriately update and propagate routing information throughout the network.  As we see examples of this, we can also see how poorly programmed protocols can bring a whole network down, by passing around invalid routing table information. 
 
### 
###  Dynamic Routing Protocols 
### 
 
as opposed to statically (manually by human) configured routing table, 
the routers in a network dynamically communicate with each other to continuously update the routing tables for all the routers. This can be very effective, as it means the network can adapt to equipment going in and out of service without human intervention, and often with little or no impact to the users. Many different routing protocols exist, but let us cover RIP and OSPF. 
 
### 
###  Routing Information Protocol (RIP) 
### 
 
RIP is one of the original routing protocols, and is still supported in most routers today.  The essential concept of RIP is that each router will broadcast its routing table to every connected router every 30 seconds.  The information is received by all of the neighboring routers, and they in turn update their own routing tables appropriately.  Not only can this system provide updates on routes that are new to the network, as connections are removed, that information is also propagated throughout the network.  The update times for adds/deletes to the routing table can take minutes to occur, as the protocol also has some delays put in to make sure that a link is completely down before removing it from the list, and since it takes 30 seconds between updates, in a large network it can take many minutes to propagate route information to all routers in the network. 
 

#  Problems with RIP 

 
RIP was an early protocol, and was limited in scope. RIP only works well in smaller networks, and the time that it can take to detect and propagate a down link can be troublesome for heavier traffic networks. Many variations of RIP have come about that have alleviated a lot of these problems. 
 
Even looking at simply the notification time of 30 seconds between updates - even having three nodes between systems could mean that a failure of a route could take 30 seconds before the "middle" system detects the problem, and up to 30 seconds more before the next system detects the problem. As a result, this delay can be large, and cause a huge impact in the event a system intermittently becomes available - this allows for gaps to exist and propagate in the routing tables across the network. This problem alone makes the early RIP implementation liable to have intermittent connection issues to end systems that take minutes to clear. 
 
### 
###  Open Shortest Path First (OSPF) 
### 
 
OSPF is another routing protocol that offers some big advantages over RIP. Primarily, OSPF can recover considerably faster than RIP to equipment failure on the network, and does not have the size limitations for the network.  In addition, OSPF actively checks the status of links and uses that information to propagate the routing tables throughout the network. 
 
OSPF also manages the network in a more practical way - it is centered around the idea of multiple areas connected by systems that are focused on understanding interconnections of the individual areas. This allows for a hierarchy of routing - there is a relationship between the larger areas, where the core routers understand that relationship, and then each individual logical area may be made up of multiple internal routers to manage to connections to the end systems. The combination of a number of smaller areas, connected by a routing backbone, is called an Autonomous System (AS) within OSPF - the edge of the AS is an AS Border Router - this is a system that can learn about other AS's on the network through other large scale routing protocols, like Border Gateway Protocol (BGP). 
 
This hierarchy allows for a considerably larger overall scale, and because of the ability to manage multiple routes and monitor health, it can recover much more quickly in the event of failure. 
 
 
########################################## 
###    User Datagram Protocol (UDP)    ### 
########################################## 
 
The User-Datagram Protocol (UDP) is a transport protocol available as part of the TCP/IP protocol suite.  There are significant differences in the application and the method of transfer between TCP and UDP.  Although we will go into a lot of detail, TCP transmissions usually span more than one datagram.  Each datagram is sequenced, and reassembled at the destination to complete the transfer of data.  With UDP, however, it still uses datagrams, but the information to be sent is placed into one datagram. 
 
Another significant difference is the method of communcation and reliability.  UDP provides no guarantee that the data ever gets to the destination.  Also, TCP establishes a "link" with the destination system before transmitting the data, and uses this link to verify the destination is there, and to provide a mechanism to ensure that the data is reassembled properly.  UDP sends the data out blind - no sequencing is defined or guaranteed. 
 

#  UDP Structure 

 
The following is a list of the fields in a UDP datagram: 
 
- Source Port Number 
- Destination Port Number 
- UDP Length 
- UDP Checksum 
- Data 
 
The fields shown are specific to the UDP data - there is also an associated IP header with the datagram. 
 
Port numbers are used to identify the sending and receiving applications that the data needs to be forwarded to.  The UDP  length is the length of the UDP header and the data, but not the additional IP header length. 
 
## 
##  IP Fragmentation 
## 
 
We have mentioned that the UDP datagram contains all of the information to be sent.  One of the problems with the various networking interfaces and protocols, is that the internet can span many different hardware types, platforms, applications, network interfaces, and so on.  This diverse set of hardware and software means that various limitations may be placed on the data that is to be transmitted.  For instance - ethernet has a limit to the size of the frame of data that can be sent at any one time.  This could be a problem if the UDP datagram exceeds this size.  To get around the problem of size limitations on various networks, IP fragmentation is used to break the data up into smaller pieces, and then reassemble them at the destination. 
 
The IP layer is responsible for determining the Maximum Transmission Unit size (MTU) that will be used.  When this is determined (by querying the network interfaces), if the datagram is larger than the MTU, the IP layer fragments the datagram and sends the smaller pieces. It is also possible that other "hops" can further fragment the data - all of the reassembly information is stored in the IP header, and is used by the final destination to reassemble the data before passing it on to the appropriate UDP and TCP handlers. 
 
TCP does not typically fragment - the applications are designed to avoid this to provide better performance and reliability of the data.  UDP on the other hand, uses only one datagram for all of the data to be sent (of course the application has control over how it will ultimately break up data to be sent so this can be tuned by the application somewhat), and can easily exceed the network MTU, and will be fragmented. 
 
One of the primary differences between TCP and UDP regarding fragmentation is what happens in the event that data is lost.  If one fragment in the middle of a transmission is lost, the entire fragmented data must be resent.  With TCP, the data is a "stream" of datagrams, and in the event that it gets fragmented, only the one "piece" that was fragmented would need to be resent.  TCP can reassemble the rest of the data.  UDP uses only one large datagram for the information, and therefore, if any piece is lost, the entire set of data would need to be resent. 
 
## 
##  Path MTU 
## 
 
One thing to keep in mind with the MTU of a network is that the MTU will vary from path to path, and from system to system.  For instance - if the MTU was 1500 bytes in the network that generates a datagram, but a link in the middle of the path had a smaller MTU - say 1000 bytes - the overall MTU for the "path" is 1000 bytes. 
 
Like the TTL used in the traceroute program, a similar procedure can be used to determine the MTU of a network between two systems.  IP provides a "Don't Frament" (DF) flag that informs the network components that they are not allowed to fragment the data.  In the event that the data is too large for the physical components, and the DF flag is set - the receiving system will generate an ICMP "Can't Fragment" error.  In newer implementations, it also provides the necessary MTU for the "next hop".  Similar to starting out with a TTL of 1, and incrementing it each time to determine each "hop" between two systems, the DF flag, in conjunction with a varying UDP datagram size, can be used to determine the MTU of a network link.  A datagram with a large length (~1500 bytes) can be sent with the DF flag set, and then continuously reduced until the data reaches the destination.  If the newer systems return the MTU of the "next hop", multiple iterations are not necessary - it simply can set the UDP length to the appropriate size for the next hop. 
 
## 
##  Datagram Size Considerations 
## 
 
Theoretically there is a maximum size of 65535 for an IP datagram, but in actuality this is not implemented.  There are limitations that come from the application and operating system structure, and also within the TCP/IP kernel itself.  Most UDP applications will by default keep the datagram size to less than 512 bytes. 
 
### 
###  Bootstrap Protocol (BOOTP) 
### 
 
In the case of RARP - a diskless workstation could determine its own IP address through a RARP request and reply.  The significant limitation to this however, was the fact that the RARP was broadcast using the network link-layer, and therefore needs to have a RARP sever on the local network.  The RARP requests could not traverse their way through  routers. 
 
BOOTP provides a method for diskless systems to determine their IP address through the use of a UDP datagram.  The BOOTP protocol also can transfer a lot of information about the systems involved, where RARP really only transfers the IP address that was requested. 
 

#  BOOTP Structure 

 
If you take a look at the following table, you get an idea of how much information is actually transferred as part of a BOOTP request/reply. 
 
- Opcode (1 = request, 2=reply) 
- Hardware type (1 = ethernet) 
- Hardware Address Length 
- Hop Count 
- Transaction ID 
- Number of seconds 
- Client IP address 
- your IP address 
- Server IP Address 
- gateway IP address 
- Client Hardware Address 
- Server hostname 
- Boot filename 
- Vendor-specific information 
 
Notice the first few fields indicate that BOOTP is available on various network types, with varying hardware addressing schemes.  The transaction ID is used to allow a single system to pick out the reply if multiple BOOTP replies were being transmitted at any one time. 
 
Notice also that the IP addresses that are collected help a system know a lot more about it's network than RARP does. 
 
All of this information is part of the UDP datagram - this means that the many higher level applications can be written to gather this information and use it, whereas RARP does not pass this information along to the upper layers. 
 
DHCP is an extension of the BOOTP protocol, providing a much richer set of options and is now the most commonly used method for administering addresses for systems within IP networks. More than likely, your home network has a DHCP server for your internal machines if you have a cable or DSL router - the DHCP server running on those devices is the one responsible for providing your local network systems with addresses like 192.168.1.x and 10.0.0.x. 
 
## 
##  Port Numbers 
## 
 
To ensure that the BOOTP protocol is efficient, and does not add more traffic than necessary to accomplish its goal of identifying a system, there are seperate request and reply port numbers that are defined for use. Port number 67 is for the server, and 68 is for the diskless (client) system. This allows the broadcast from the client only to be listened to by servers running the BOOTP application, and vice versa. This limits the number of systems that need to use overhead to respond to network activity not destined for them. 
 
Because the DHCP protocol uses the same port as BOOTP, most packet decoding software will identify the DHCP packets as BOOTP - you can see this on tools like Wireshark when looking at DHCP traffic on a local network. 
 
NOTE: why does DHCP (and BOOTP) use UDP instead of TCP?    # a typical quiz question 
 
in short, because DHCP starts by sending a broadcast message called 'discover', it's a connetionless service model. (client hosts dont know DHCP server's IP addr), hence UDP. because TCP is a connection oriented protocol where you need to explicitly know the dest addr. 
 
(ref) https://www.quora.com/Why-does-DHCP-use-UDP 
 
 
## 
##  BOOTP Across Routers 
## 
 
one advantage of BOOTP is the ability to traverse across networks. This is accomplished by allowing the routers to listen for BOOTP datagrams, and appropriately updating the gateway IP address in the datagram, and forwarding the packet along.  This allows the BOOTP server on another network to direct the datagram right back through the routers that it used to get there, and direct it to the client more efficiently.  This way, the path to the client is acheived through the same IP routing that we have seen in the past. 
 
This is something that needs to be enabled, however, on the routing devices in the network for this to work. Many offices that have a single DHCP server will enable this on all the internal routers, to allow the one server to handle all of their systems. Typically this is an option in the settings of routers that is called either "DHCP forwarding" or "BOOTP forwarding". 
 
 
 
################################################# 
###    TCP  (transmission control protocol)   ### 
################################################# 
 
TCP: a connection-oriented, reliable transport (L4) protocol. 
 
 
### 
###  services  -  UDP vs TCP 
### 
 
recall UDP that provides a connectionless, unguaranteed datagram delivery service, with the pitfalls discussed in previous lectures. 
TCP on the other hand, provides a connection-oriented, reliable, byte-stream delivery service. 
 
we need to define how we consider TCP "reliable" compared to other protocols like UDP. 
with UDP, the datagrams are sent out, but there is no guarantee that the destination is reachable or even exists. 
with TCP, the concept of a "connection" makes a big step forward to ensure reliable data transmission. "connection" means that both the sender and the receiver (which becomes arbitrary as we will see) must establish a link between them, and that they both respond to each other before data is transmitted. 
 
keep in mind with these protocols the associated overhead with each. As the checks and balances increase, and error checking is more thorough, this inevitably leads to higher complexity (overhead), and decreased performance (with all other things being equal). In the case of the comparisons between UDP and TCP, looking at simply the additional time used to establish the connection will decrease the overall throughput, but the balance needs to be struck between performance and reliability.  let us study the advantages of TCP, and why it is a good protocol for use with the internet. 
 
[ASIDE]: what are the similarity/difference btwn telephone network and IP/TCP ? 
- telephone is circuit switched network, where two end points reserve the bandwidth (circuit) 
- internet/TCP is packet switched network, where bandwidth is "shared" 
-- they are similar because they are both connection oriented. (assume TCP) 
 
(ref) https://www.quora.com/What-are-the-similarities-between-telephony-network-and-internet 
 
### 
###  TCP Header 
### 
 
TCP header and datagram are encapsulated within an IP datagram: 
 
               size 
----------------------- 
   IP Header:  20 Bytes 
  TCP Header:  20 Bytes 
TCP Datagram:  Variable 
 
 
TCP header is defined as follows: 
 
 size   description 
------------------------ 
16-Bit  Source Port Number 
16-Bit  Destination Port Number 
32-Bit  Sequence Number 
32-Bit  Acknowledgment Number 
 4-Bit  Header Length 
 6-Bit  Reserved Field 
 6-Bit  Flag Field (URG, ACK, PSH, RST, SYN, FIN) 
16-Bit  Window Size 
16-Bit  TCP Checksum 
16-Bit  Urgent Pointer 
        Options (if any) 
        Data (if any) 
 
 
the important parts are the two port numbers: "sequence" and "acknowledgment" numbers, and the flags. These are the indicators of the "connection-oriented" nature of the TCP protocol. 
For a connection to be made, the two ends must be defined by both the IP address and the port number for the application. The IP Header has the IP Addresses, and the TCP Header has the ports. The combination of the flags and the sequence and acknowledgment numbers help TCP to monitor and control the flow of data. 
 
 
### 
###  TCP Connection Establishment and Termination 
### 
 
recall TCP is a "connection-oriented" protocol. To accomplish this, the protocol provides the necessary support to establish a connection (through multiple steps) between two systems, and methods of terminating the connection when finished. This is one of the primary differences between TCP and UDP, where UDP does no checking before sending out data to a destination. 
 
## 
##  Connections 
## 
 
The connection between two computers is defined by the two endpoints on the network. the endpoints may be from multiple applications running on two systems, or could be individual applications running on many systems.  regardless, we can boil a TCP connection endpoint down to the IP address of the system itself, and the port number associated with the application. i.e. for a given pair of systems, multiple connections can be made, (and often are) between one or more applications.  TCP provides a good set of tools to create, remove, and maintain multiple connections on a given network.  In addition, note the "connection" is not a permanent and continuous flow of traffic between two points. The connections can be established, and maintained with a minimum of "background" traffic - meaning it is relatively efficient in transmitting the data with low overhead, yet maintaining a good level of reliability. 
 
 
## 
##  Connection Establishment Protocol 
## 
 
first, we look at some of the flags we showed in the TCP header - specifically SYN and ACK. These flags are used by the originating and destination system to establish the connection. note that the "connection" is much different than the transmission of UDP data, as the TCP connection does not make one system the source and the other the destination. Instead, the connection creates a link that allows data to be sent in both directions, simultaneously. This is referred to as "full-duplex." When a system wants to connect to another system, a series of messages are passed to establish the connection. 
 
The following is the sequence of "three-way handshake": 
 
1. The originating system sends a TCP segment with the SYN (for SYNchronize sequence numbers) flag set. The TCP header includes the port on the destination computer associated with the desired application, the port number of the originating application, and an initial sequence number (ISN). 
 
2. The receiving system reponds with another SYN segment, also setting the ACK ( for ACKnowledge) flag, and incrementing the sequence number by 1. 
 
3. When the originating system receives the ACK from the destination, it responds with a segment with the ACK flag set, but not the SYN flag, and increments the sequence number again by 1.  This completes the establishment of the connection. 
 
==>  the originating system tries to contact the destination system, and then each in turn acknowledge the connection on both ends. The sequence number is critical, as TCP not only is reliable with the connection it provides, but also will re-order packets based on this sequence number before passing the data on to the application. This is another significant difference between TCP and UDP, where there is no guarantee of the order of the datagrams sent by UDP. 
 
a typical quiz is "how many packets need exchanged for a TCP conn to be established" - 3 
 
## 
##  Timeouts 
## 
 
When a system cannot reach another to establish a connection, timeouts occur and TCP will attempt to retransmit. This is an important feature of TCP, because it will continue to retransmit packets in the event of loss of data, corrupted segments, or in the case of unreliable network connections. The TCP protocol provides reliable data transmission in each of these cases (within limits) which is one of the reasons it is a good choice for internet communication. The network can have glitches, but the TCP layer takes care of correcting for it, and provides the application above with seamless data. 
 
Most implementations of TCP provide an upper limit of 75 seconds for a new connection to be established. This means that the ACK from the server needs to be received within 75 seconds of the start of the TCP requests. 
 
### 
###  Opens and Closes 
### 
 
one system requests something, the next responds, and so on, until the connection is fully open, or fully closed. Because the TCP connections are full-duplex, we can have the case where one side closes, but not the other. (Is the connection half-open or half-closed? (semantically the same thing, as in half-full or half-empty) TCP provides an option called a half-close. This means one system sends the FIN segment, but the other continues to transmit until completed, and then sends the appropriate FIN to close the other direction. This is used in the case where the server application needs to see an EOF marker before it can transmit its data back to the client. The EOF marker is generated in response to the FIN segment from the client. If a TCP connection is half-closed, it means that the segment now becomes a half-open connection. 
 
TCP also supports the event where simultaneous opens or closes are transmitted on a given connection. An ACK can be sent to both the SYN and FIN for both open and close. This means that in either the simultaneous open or simultaneous close, it requires 4 segments to establish or terminate the connection.  (The only real difference here is with the open - under normal circumstances, it requires only 3 to establish a connection.) This feature was developed because, although unlikely, simultaneous opens and closes can occur, and the protocol needs to gracefully handle it. 
 
a typical quiz then is "how many exchanges to close a TCP conn?" - 4   (because as above, since a TCP conn is full-duplex, each side has to do FIN-ACK exchange) 
 
### 
###  TCP Timeout and Retransmission 
### 
 
we have so far looked at the TCP/IP protocols in sunny-day scenarios for the most part, but TCP/IP is designed to adapt to changes in the network, even catastrophic changes like crashes and equipment failure. 
 
In its simplest form, TCP waits for a timeout if it is expecting an acknowledgement, and if it doesn't within a predefined time, it simply retransmits the information. If you remember from the transmission discussions, the sequence number allows the TCP protocol to reassemble the data even if it becomes mis-ordered. This feature of TCP is instrumental in its ability to adapt quickly to changing network conditions, and provide virtually transparent operation for the user. 
 
TCP manages 4 types of timers for its operation, as follows: 
 
(1) Retransmission Timer - Tells TCP to resend data that an acknowledgement has not been received for. 
(2) Persist Timer - Keeps advertising window sizes even if the other end is not accepting any more data. 
(3) Keepalive Timer - Used to detect a crash or reboot on the other end of a connection. 
(4) 2MSL Timer - Keeps track of the amount of time that a connection is in a wait_state. This is used to ensure that a connection will be closed after twice the Maximum Segment Lifetime. 
 
### 
###  Round Trip Time (RTT) 
### 
 
recall the retransmission timer is the driver for when packets are resent, with the assumption that the original was discarded somewhere along the way, or the ACK was discarded. The amount of time that TCP waits before retransmitting varies with the network conditions. 
 
In the simple example shown in figure 21.1 of the book (TCP/IP illustrated), take a look at the times that the various packets are sent. The first 5 lines show a normal TCP interaction of data and ACKs, but after the network cable was removed from the destination system we see a unique behavior that illustrates the changing value of the retransmission timer. The amount of time starts out at 1.5 seconds, then doubles each time until it reaches 64 seconds. The doubling effect is the exponential backoff that reduces the traffic for a broken connection, and also helps alleviate the traffic level in cases of high congestion. Routers on a network are designed to handle a certain amount of traffic, and are designed to discard packets when overloaded. The pattern to the discards are often random (although newer ones are more careful, applying the discards to the non-paying customers :) and common with the bursty nature of internet traffic. Given this, discards can easily happen If all of the systems tried to continue to send at the same rate, the traffic would compound the problem. The timer that is used for a base guide is RTT which dynamically changes with network conditions. The RTT value is a smoothed estimator, which bases the current value on a combination of the previous value, the last measured RTT, and the variability of the RTT measurements. The formula was developed to optimize the performance, although it has evolved through time to address unexpected behaviors. 
 
### 
###  Congestion and Congestion Avoidance 
### 
 
When network congestion appears, the result is usually lost or discarded packets. (this is a fact of life with the current routing technology. The bandwidth is limited, and when it is busy routing as many as it can, new packets can be discarded.) A nice illustration of this is in figure 21.6 in the text. This is only only one TCP connection - imagine hundreds (maybe thousands) of connections between systems, and this becomes even more illustrative. Notice that at three different points, the sequence number drops way down, and then recovers back to the normal sequence (over time). The average path is a constant slope of transmitted packets over time. The dips correlate with retransmission of data. If you imagine all of the other connections superimposed on this one, the dips of the others would be scattered about , and the average would be that the "dips" would be fairly evenly spread out. The TCP algorithms try to smooth out the retransmissions, and minimize them. Effectively, the dips occur when one end gets packets that are out of sequence. In this case, it continues to wait for the missing packet, all the while storing the new data as it comes in. 
 
To avoid the congestion problem as much as possible, two algorithms are employed - slow start and congestion avoidance. Slow start is an exponential increase of segments to be sent without ACKs. As the data flows smoothly, (ACKs are received appropriately), the number of segments is increaded exponentially until it reaches the cwnd (congestion window size). This is a slowly increasing number, starting at half of the advertised window size. This increases until it reaches the advertised window size. The intent of the two algorithms is to adjust the transmission to be the appropriate size based on the network conditions, rather than by sending out the data by brute force. This helps to smooth the overall injection of traffic into the network, in a controlled manner. 
 
### 
###  Fast Retransmit and Fast Recovery 
### 
 
Effectively, the Fast retransmit algorithm takes into account that a lost packet should be sent as soon as possible, otherwise the receiving system can be overwhelmed with new data before filling in the blank with the missing one. Since the destination system sends a duplicate ACK immediately, the fast retransmit algorithm will wait for enough duplicates to indicate the packet was lost rather than simply delayed, and then retransmits the apparently missing segment, rather than waiting for the retransmit timer to kick in. This is a little more intelligent planning than simply waiting for time to pass, because it used the duplicate acks as an indicator that a specific packet was lost. 
 
Fast recovery tries to limit the backoff of the transmission speed when only small amounts of data appear to be lost/delayed. The algorithm waits for 3 duplicate acks, and then reduces the window by a big factor, but not to the point where the slow-start algorithm is operational. This means that the speed is reduced each time, but no so significiantly that there is an abrupt change in the data flow between two systems. This is intended to allow the retransmission of the missing packets to be taken care of, but not allowing the receivers window to become full. From that point on, the congestion avoidance algorithm is in place, and slowly brings the speed back up to the fill advertised window size. 
 
### 
###  Repacketization 
### 
 
Repacketization allow TCP to combine packets together, and reduce overhead. this is used when it observes congestion. 
 
### 
###  TCP Persist Timer 
### 
 
recall the advertised window size could go to zero if the receivers buffer was full. This causes the sender to wait until it receives a window advertisement that says it can now transmit more data. A problem can occur it this new window size doesn't make it to the sender - the sender continues to wait for the ok to send more data, and the receiver sits there with an empty buffer waiting for more to be sent. This is avoided through the use of the Persist Timer. 
 
Effectively, this timer causes the sender to periodically query the receiver for its window size. These requests are called window-probes. The window probes are sent out with increasing delays between, until it reaches 60 seconds. The increases are exponential like the slow start, but in reverse. These window probes are necessary, because the receiver will only send ACKs to packets that come in. The persist timer ensures that packets are sent, avoiding the problem where the new window size ACK was lost. 
 
[TCP delayed acknowledgement] - delays ACK by combining multiple ACKs into one pkt, to reduce overhead, thus increasing throughput (but obviously if the sender waits for ACK then delayed ack method may actually end up degrading performance) 
(ref)  https://en.wikipedia.org/wiki/TCP_delayed_acknowledgment 
 
 
### 
###  Silly Window Syndrome 
### 
 
Silly window syndrome is caused by either the sender sending only small packets, or by the receiver only advertising small window sizes. In effect, the data transmitted across a connection will have a very large overhead, resulting in unnecessary use of network resources. TCP takes care of this possibility on both ends. 
 
For the receiver, the changes in window size is well defined. The window size must be increased by either one full sized segment, or by one half of the buffer. This makes sure the size is not an unnecessarily inefficient window size. 
 
For the sender, a simliar requirement is imposed. Packets either smaller than a segment, or half of the receivers window cannot be sent. In addition, TCP allows the sender to repacketize to increase the size of packets as congestion occurs. 
 
These requirements for the systems reduce the inefficiencies in the transmission. 
 
 
### 
###  TCP : interactive data flow VS batch/bulk transfer 
### 
 
bulk data transfer: e.g. FTP where an entire file is transmitted, and can span many TCP packets. 
interactive dataflow: e.g. telnet, where the interaction is usually keystrokes from a user, and often requires fast response, TCP packets are sent with very little data (i.e. smaller/more packets) 
 
### 
###  Interactive Input and Delayed Acknowledgement 
### 
 
interactive data is usually small packets of information.  If we think about the rlogin command, it transmits a packet for virtually every character typed. recall IP & TCP headers add up to 40 bytes - if we transmit only 1 character, the packet is 41 bytes! Even more so, the TCP protocol sends an ACK to the data that is sent (another 40 bytes!).  For a lot of the interactive programs, such as rlogin, the server also echos back what the user types as a TCP packet (41 bytes) and then expects an ACK from the client (40 bytes).  If we add that up, we get 41+40+41+40 = a whopping 162 bytes, just to send one keystroke of the interactive program! For small networks, this really isn't a big deal, since the level of traffic is usually not high enough to even show a performance drop as a result, but put a whole lot of these on an already congested network, and the performance sould go down considerably.  To address this issue, especially in the case of larger networks, TCP implements Delayed Acknowledgment. 
 
[Delayed Acknowledgment]:  a technique where the receiver of data "waits" for some other data to send along with the acknowledgment.  This way, even if there is only one byte to be sent back, instead of using 40+41=81 bytes to transmit the acknowledgment and the next byte of data, they can be combined into one packet, and sent over, using only 41 bytes.   This "wait" period is usually 200ms, after which it simply sends the acknowledgment with no data.  In the case where data is ready (which is very often the case), the savings in bandwidth is dramatic.  (reduced overhead) 
 
### 
###  Nagle Algorithm 
### 
 
Nigle algorithm aims for more efficient bandwidth management. the algorithm works as follow:  after data has been sent, it will not send another packet until it receives the ACK from the server.  In the meantime, however, it is collecting the data to send, creating a larger, more efficient packet.  When the ACK is received, the next (bigger) packet is sent, and again TCP will not send the next one until it receives the ACK from the last one, and so on.  The nice part of the algorithm is the fact that the longer the delays, the larger the packets, and the more efficient the transmission is.  As the delays get smaller, the packets also get smaller, but where the delays get smaller, the bandwidth is less costly. 
 
There are cases where Nagle algorithm does not work - in the case of interactive applications where virtually instantaneous response is needed, i.e. the XWindows environment passes all mouse movements, etc.  If the Nagle algorithm was in place, the data may "pile up" waiting for an ACK, and the user would notice that the pointer did not respond correctly to the mouse movement. (it would be delayed up to 200 ms). 
 
### 
###  TCP Bulk data transfer 
### 
 
interactive data flow can have a lot of transmission overhead (as expected). It is preferred that the user get fast response to their actions, especially in the case of GUIs that use TCP to communicate user inputs remotely.  In the case of bulk data, however, we are primarily concerned with efficiency in the data transfer. in the case of the interactive data flow, the data in each packet was often only one or two bytes.  For bulk data transfer, (such as FTP), we want the data to be an efficient size. (Note that this is not necessarily the largest size.)  In order to adequately judge the proper size for packets, we need to examine a number of factors, such as the reliability of the connection, the maximum packet size available to the protocol, the maximum packet size available without fragmentation, NIC limit, etc.  Some of these variables change from network to network, and from local to wide-area networks. 
 
 
### 
###   TCP transmission window size control 
### 
 
TCP incorporates a couple of checks and balances to ensure that data gets to the destination properly, and that one system doesn't send information faster than the destination can handle it. Knowing that the internet and various networks where TCP is implemented do not always work the way we want, and data still will not make it.  In this case, TCP does things to correct the transmission.  For the purpose of this discussion, we will focus on the flow of data between two systems, but without worrying about data loss just yet. 
 
The basic premise of bulk data flow is as follows: 
 
1. The two systems establish a connection (recall three-way handshake). This synchronizes the two systems, and also establishes a maximum segment size that can be sent across the network without fragmentation.  In addition, the "window size" is also advertised, so the two systems know how much each can handle at any one given time.  This information is then used to control how the data is transferred between the two systems. 
 
2. The sender, knowing the maximum segment size, and the window size, generates the first packets of data, where each is the maximum segment size, and the total bytes in all of the packets does not exceed the window size. (recall this is only for the first packets to be sent. we will see as we go along that TCP adjusts for changing conditions on the fly, eventually transmitting all of the data.) For instance, if the total number of bytes that were to be sent (maybe a file that is going to be ftp'd) were 8192.  If the maximum segment size was 1024 bytes, and the window size was 4096, that would mean that the TCP protocol would take the first 4096 bytes (the window size) from the total 8192 bytes, and then would split them up into 4 packets, each being the maximum segment size of 1024. 
 
3. The sender sends the packets on the network, and then sits back and waits.  (depending on the relative speeds of the sender and the receiver, some of the responses will come back before it gets done sending all of them out.  This is okay - we will see how TCP takes care of dealing with all of this.)  recall TCP provides a level of guarantee that all of the data arrived at the destination. The way it accomplishes this is through ACKnowledgments of the data.  The nice thing about TCP is that it doesn't require an ACK for every packet.  In fact, the ACK only needs to say that it had received all of the data up to a certain point, and can skip providing ACKs for none or many of the packets in between.  This allows the protocol to adapt well to varying system speeds and network speeds on the fly. No additional configuration is necessary - the protocol is self-policing. 
 
4. As the destination receives the packets, it does a couple of things.  First, the packets are placed in an incoming buffer, and then processed and supplied to the receiving application as it goes along.  In the meantime, depending on a number of factors, it sends out ACKs saying that it has received all of the packets up to a particular point.  This may not include the last packets that arrived on the wire, but the last that it has been able to process.  In addition, it also sends back with the ACK the current window size.  This indicates to the sender how much of the data that has been sent has been processed.  In the last step, the sender had sent 4096 bytes, the window size.  If the ACK that comes back to the sender says that the window size was now 0, it would mean that the buffer on the destination was still full.  This would tell the sender to hold off sending any more data until it hears from the destination that it has room to process more.  If on the other hand, the ACK had a window size of 3072, it would mean that the destination had processed 3072 bytes, and still had 1024 bytes in queue to be processed.  This would let the sender know that it was okay to send 3072 bytes (or 3 segments) more data.  After it sent that, it would wait until it received an ACK indicating that there was room in the buffer to send more.  It should be noted, however, that the TCP protocol could receive an ACK from the first couple of packets before it finished sending the first full window of data.  If this happens, the system react on the fly, and the net result is the data is continuously sent, with minimal delays, with the data and the ACKs interleaving each other.  This is a fairly constant data flow, but will react as network conditions change. 
 
### 
###  Fast Sender and Slow Receiver 
### 
 
we discussed some of the variation that can be seen in the situation where the two systems are running at about the same speed, and eluded to the fact that in some cases, one system will be running faster than the other.  In the case where the sender is the slow one, (ignoring the variation in network delays) we really don't have much waiting going on.  In that case, the sender is sending out packet after packet, but always getting the ACK before the window size is exhausted.  A more interesting case is where we have a fast sender and a slow receiver.  In this case, it is possible to send a full window of data before the first ACK even gets sent.  e.g. after the connection is established, the sender shoots off the full window size of data (4096 bytes) one after the other.  Then the receiver sends back an ACK, but advertises a window size of 0.  This means that the 4096 bytes were received, filling the buffer, but the slow system had not processed it.  This also illustrates how the system can provide ACKs for only some of the packets.  This is done usually when a timer elapses (as we will see) or after every other packet (this provides a better level of efficiency, even if the two systems are working at roughly the same rates.)  Notice that shortly after the ACK with the window size of 0, another ACK is sent with the window size of 4096.  The sender will wait to send the information until it knows the receiver is ready for more data, so after the receiver's buffer is processed, the receiver sends out a "window update" that is simply to release more data from the sender. 
 
### 
###  Sliding Windows and Window Size 
### 
 
once a window size is advertised, and then the size that is advertised as the data was passing from system to system changes as the buffers are filled and processed.  This is the basic concept of a sliding window.  You can imagine the window being like a opening that is looking at a particular section of a long line of numbers that represent the data that is to be sent.  The window starts out viewing the first part of the long stream.  The data inside the window is the data that is currently in transit between the TCP applications.  The window size will not change on the receiver, but the available window size will vary depending on the factors discussed earlier, such as network delays, varying speeds of systems, and segment sizes. 
 
The left edge of the window is a measure of how much data has been fully transmitted between the systems.  As the ACKS are passed back from the receiver, the left edge of the window slides to the right.  This refers to the window "closing". 
 
As the receiver processes the data in the buffer, it "opens" the window by sending a new window advertisment along with an ACK.  This causes the right edge of the window to move to the right, making the window larger. 
 
There is also the case where the window can "shrink", where the window actually shrinks, indicating that data that has already been sent is not part of the window anymore.  This actually can cause a problem, and is not seen typically in TCP implementations. 
 
additive-increase multiplicative-decrease 
 
### 
###  Bulk Data Throughput 
### 
 
different situations that can occur with the differing configurations, the question arises about the overall throughput provided by the protocol under different conditions, and how the throughput is optimized (since this is the goal of bulk data transfer) 
 
Much like analyzing the speed that material would go through a manufacturing line, the overall average rate will never exceed the slowest process in the line.  (Given one path that material can go through.)  The same fundamental theory applies to networks - the overall average rate is dependent on the "bottleneck" or the slowest process in the path.  The bottleneck on LANs is usually the slower computer, as the network delays are usually insignificant.  In the cases of either slow connections, like SLIP, or through WANs where the RTT and the types and performances of routers will vary, the bottleneck often is a particular link within the path.  This is actually the determinant of the overall performance of the connection. (Given averaged performance across the link, averaged delays, etc.)  There is no exact measurement of the throughput, given the nature of the networking hardware, protocols, and random timing events.  The real problems can occur, however, when the data is sent at a rate that is greater than the intermediate routers can buffer.  This is a definite possibility, especially in cases of very high traffic.  The most common response for the overflowing routers is an algorithm to discard a number of the packets.  This is not a good thing for throughput, as the TCP protocol then needs to retransmit the missing packets, and reconstruct the sequence. The advantage of TCP is it will continue to adapt to ensure complete delivery of the data. 
 
### 
###  Urgent Mode 
### 
 
TCP's urgent mode is a method that allows data to be sent with a higher priority than standard data.  The real issues is the implementation of the urgent mode versus the RFCs, and also the fact that the most common implementations do not follow the specifications.  This means that while some applications use the urgent mode, it does not offer a clear implementation and therefore can result in inconsistent results and the lack of communication. 
 
The telnet and rlogin applications use the urgent mode to alert the destination that the data needs to be sent when the destination has set the window size to 0.  This is the method used to try to force the interactive data to be processed if the buffers get filled up. 
 
 
### 
###  TCP keep alive timer 
### 
 
In most packet networking scenarios, there are link layer protocols that manage connection status - sending "heartbeats" or other messages that let the two ends know that the connection is still there. Other systems fill the bandwidth in the physical connection with "idle" traffic patterns, where even if the connection was broken or one of the systems crashed, the two end stations would know immediately. 
 
In the case of TCP, however, although it is a "connection-oriented" protocol, a TCP connection (as defined by two ip addresses and port numbers, one for each end of the connection) only has dataflow between the endpoints when data needs to be transferred. In the case of a telnet session for instance - you could telnet to a system, and perform a variety of actions, and then let the telnet session sit idle. If you shut off the power to the other computer, you would notice that the Telnet session would not have an error message, or anything to indicate that the other end had crashed. As soon as you attempted to type a command, the Telnet session would then report that "the connection was closed", or something equivalent. (As a disclaimer - not all Telnets are alike, and for the sake of the example I am saying watch the telnet for around 5-10 seconds as other things may detect that the connection was down and close the telnet for you, so you might see some variation from one implementation to another with regards to its behavior. The key here to see is that the connection is not a physical connection at the TCP layer, and does not indicate a continuous stream of data.) 
 
There is a good reason not to have a continuous stream of data - if each connection for TCP did that, the bandwidth of the network would get chewed up very quickly. It is important to note that TCP/IP is a strong protocol for managing many connections to multiple systems, and managing reliable TCP connections versus connectionless UDP data streams, etc. The fact that no data flows on a connection unless there is application data to be sent is important to understanding the inner workings of the protocol. This brings us to the need for some kind of keepalive timer - something that will periodically poll each side to make sure the the connection is still there. There are some disagreements about how this should be done- in most cases, the keepalive is managed by the application itself, to the level needed for that application. For instance- for a connection that was to an electonic mail handler, you might only need to have that checked every ten minutes. For a connection to a stock market alert indicator, you might want to verify that connection every second to make sure nothing was missed. The argument here is that it should be the responsibility of the application to manage that connection, and to verify it as often as necessary based on its own needs. 
 
The keepalive timer is not a standard option for TCP/IP, but is implemented by many of the TCP/IP stacks. The issue with the TCP keepalive timer is that the timers are set so long that it is impractical for most of today's applications, and therefore the application usually keeps track of the connections itself, and consequently reacts much sooner.  For TCP, the timer works as follows: 
 
(1) Typically, by default, after 2 hours of inactivity on a connection, the server sends out a probe to the end system to verify that it is still responding. If it responds, the server waits another two hours before sending another probe. 
(2) If the end system doesn't respond, the server will then retry every 75 seconds for up to 10 times. This is to avoid the case where the endstation is busy, or the network is experiencing a higher than normal burst and doesn't let the probe or the reply make it all the way. If at any time during this process the end station responds to the probe, the timer is reset to two hours. 
(3) If it still doesn't respond, it lets the application know that the connection was lost. 
 
Most implementations allow the keepalive time of 2 hours to be changed, but it is a system-wide change that would effect all of the connections from that system. As above, the timer really depends on the application, so typically the applicaitons will detect a connection loss long before the TCP timer does. 
 
## 
##  TCP Futures 
## 
 
Ethernet has been the most popular medium for TCP/IP, now extending into the WAN arena as well with the introduction of Gigabit Ethernet over fiber optics. This offers new opportunities to increase the MTU of packets sent out across WANs. Traditionally MTUs on the WANs have been significantly less than the LAN, especially considering Ethernet with a MTU of 1500 bytes. 
 
With the dramatic increase in bandwith in the core WAN network for the Internet, TCP now has new issues to deal with to address these changes. 
 
### 
###  TCP Performance  -  optimal packet size (given "store & fwd" nature of IP routers) 
### 
 
With the advances in the networking infrastructure, TCP has to address some limitations that have appeared since the original implementations. 
 
One of the most compelling aspects of the changes is the issues of performance surrounding larger and larger bandwidth networks. One of the main issues evolving from these changes is the optimum size for packets on the network. Traditionally, larger packets were always considered more efficient for the network. The reasoning is the following: the larger the packet means the less as a percentage the header and associated overhead is. If you reduce the overhead, so less data is overall being sent, the throughput should be higher, right? Surprisingly, the answer is not necessarily - because of the fundamental nature of the TCP/IP network, and the behavior of IP routers. The general notion here is that routers are "store and forward" devices - meaning that the full packet must be completely captured by the router before it sends it to the next hop. As the packet gets larger, the time that the router "waits" before moving the data along gets longer. In this case, it becomes very possible to create a string of networking equipment that performs better (read faster throughput) using smaller packets than larger ones. Note: using the smaller packets means more overall data, which in turn means more of the bandwidth being used that could be more efficiently be used by other data. 
 
What does this all mean for optimizing the packet sizes for today's networks? It means that there is no absolute answer - but as the devices become smarter, networking equipment will automatically adjust packet sizes based on network usage and path MTU to obtain the most efficient use of the network. This type of intelligence is hard, but we see progress in this direction everyday, especially with the segregation of traffic by QoS mechanisms. 
 
### 
###  Problems with High Bandwidth 
### 
 
High bandwidth creates some side effects for the sequence numbers. As the bandwidth increases, the sequence number of a retransmitted packet (because of a packet loss and subsequent request) possibly "wraps" around the precision of the sequence number field to be in the same number sequence of currently transmitting data. This means that given the traditional settings for the way TCP handles incoming packets the TCP stack could mistake a retransmitted packet as one that was in the current stream. This would lead to corrupt data being undetected, and sent up to the application layer. 
 
we leverage other features of the TCP format to gain the necessary precision to ensure this doesn't happen. Specifically, using a "timestamp" in conjunction with the sequence number, each packet can be clearly identified to be in the correct sequence. 
 
#### 
####  Simple Network Management Protocol (SNMP) 
#### 
 
SNMP is a protocol for a networking device to be updated, monitored, setup, changed, and configured all through the network using UDP packets sent to the device through TCP/IP links. 
 
The benefit of standardizing the device/equipment mgmt method is primarily for the service providers/admins. These companies (e.g. MCI, Williams) install many different vendor equipment in their networks. They might use a Cisco router, a Jupiter router, and a Lucent switch all in the same network. There are applications called Network Management Systems (NMS) or Element Management Systems (EMS) that allow many different vendors equipment to be managed from one application. (e.g. OpenView by HP). A service provider can control & monitor all the different pieces of their equipment through this one application. 
 
Each vendor equipment may have different features and functionality, so each eendor provides information as part of MIB that can be used by NMS to allow device specific configuration, all the way from setting IP addresses of interfaces to the monitoring of the status of the devices. 
 
SNMP uses port 161, and 162 (for trap) 
 
## 
##  SNMP Packets 
## 
 
SNMP is transmitted using UDP. because, imagine SNMP uses TCP and the traffic is congested, then it will timeout/retransmit, further congest the traffic interfering with customer/user traffic. according to (http://smutz.us/techtips/NetworkLatency.html), 2% pkt loss rate can decrease TCP performance by a factor of 30, and 10% loss rate practically makes TCP timeout all the time, rendering it useless. UDP on the other hand, you just send it anyway, which is what you want. suppose 2 out of 10 pkts get dropped due to congestion, then as long as you keep sending UDP pkts, you get 80% the first time, 96% the second time, 99.2% the third time, so on. 
 
 
The SNMP packet has the following parts: 
 
- Common SNMP Header 
  - SNMP Version  (1=v1, 2=v2, so on) 
  - Community 
  - PDU Type (one of the following:) 
     - GET 
     - GET-NEXT 
     - GET response 
     - SET 
     - TRAP 
- Get/Set Header 
  - Request ID 
  - Error Status (one of the following:) 
     - noError 
     - tooBig 
     - noSuchName 
     - badValue 
     - readOnly 
     - genErr 
  - Error Index 
- Variable Pairs 
  - Name/Value...Name/Value.... 
 
==> All of above info is stored within a UDP packet. 
 
The Common Header contains a version. This example is based on the SNMPv1 format - the version field allows future SNMP versions to have more or less information following the common header. 
 
The community string is to provide a low level security feature - the equipment can be configured to only allow packets with the proper community string (set by the equipment administrator) to avoid unauthorized NMS systems from changing settings on public equipment. 
 
The PDU Type falls into either a Request, a Response, or a Trap. A Request can be a GET - indicating that the NMS wants the value of a parameter in the box, such as its IP address. The equipment would then send a GET response with the value. A GET-NEXT is used to allow an NMS to traverse through a list of information - such as a routing table that may have an unknown number of entries. The equipment responds to each GET-NEXT request with a GET response. 
 
A SET request tells the equipment to change the setting of a parameter. 
 
TRAP refers to a mechanism to capture errors/alarms and other events. A TRAP is sent out from equipment (i.e. router, aka NMS/SNMP agent, as opposed to manager) and can be used by an NMS to update alarm indications, configuration information, etc. If a connection to a router was suddenly removed, the router could send out a TRAP that indicated this to an NMS - this would in turn alert the operator that something had happened in the network. 
 
note: GET/SET commands are sent from NMS/snmp manager entity, but TRAP is sent from device/equipment/router/snmp agent 
 
### 
###  Object Identifiers (OID) 
### 
 
The central focus of SNMP is around objects - these refer to the parameters that are modified or monitored in the equipment. These are placed in the SNMP Packets usually in the form of NAME/VALUE pairs. The NAME is an object identifier. 
 
OID is a dotted number that maps to the Management Information Base information tree. 
 
e.g.   1.3.6.1.2.1.4 
 
===> this is equivalent to   iso.ord.dod.internet.mgmt.mib.ip 
 
This notation is used to refer to any object, and you simply go deeper into the tree to refer to more and more specific object definitions. The names are used to make it easier for humans to refer to the specific objects. 
 
### 
###  Management Information Bases (MIB) 
### 
 
MIB is used to define the human readable names that correspond to the object identifiers, and also the type and other properties of the particular objects. Each object has a type associated with it that defines what type of information is stored in the object, much like a variable definition. 
google for the complete list of the object types such as INTEGER and OCTET STRING. 
 
a standard MIB contains many commonly used features that are in most of the networking equipment. This is done to provide a standard method for NMS systems to get some basic information from a device. This standard mib contains things like management IP addresses, and counters for TCP, UDP, etc. 
 
In addition to the standard MIB, there is what is called an Enterprise MIB - this is what is provided by the manufacturer of the device, and contains all of the device specific settings and statistics, counters, etc. 
 
The prefix of the Enterprise MIB is 1.3.6.1.4.1, which is equivalent to iso.org.dod.internet.private.enterprise. This information is stored in a file, that can be loaded by the NMS system to gain the information about what specific objects that it can control, what information is stored in the objects, and which ones are read only, and which ones are read/write. The objects are set appropriately depending on the information - for instance, the IP address can be read/write so the operator can update the setting when they change the network around, but the MAC address of an ethernet interface would be read only because that is something set at the manufacturer. 
 
## 
##  SNMP traps 
## 
 
traps are the mechanism that SNMP uses to indicate events that happen to the equipment to the NMS. 
(i.e. originates from equipment/snmp agent entity, then gets sent to NMS/snmp manager entity) 
 
e.g. 
if the network device lost its power, the NMS system might receive a "coldStart" trap from the device indicating this. If an ethernet cable was unplugged, the equipment might send a "linkDown" trap to the NMS. Typically, there are many enterprise specific Traps that are defined in the enterprise MIB for the equipment, and these are also sent to the NMS. The NMS uses the MIB file to look up what a particular Trap object refers to, and uses that information to let an operator know what kind of event happened to the equipment. This allows one application to report specific error messages and other events about equipment that is new by using the MIB file. 
 
## 
##  SNMP v2 
## 
 
SNMP Version 2 is now being used in industry - it has a couple of extensions that add some new functionality to the SNMP system. Some of these are as follows: 
 - GET BULK : allows a large number of objects to be retrieved all at once. 
 - INFORM   : similar to Traps, but is more flexible in where they are sent- they can go from one NMS to another to allow interaction between NMSs to better manage network wide equipment provisioning. 
 - SECURITY : The community string was visible to anyone that wanted to "sniff" the network - this was a security issue for equipment being managed through the public network. SNMPv2 provides several mechanisms to allow for password/username type of functionality, and authorization without this open security hole. 
 
SNMPv1 and SNMPv2 are usually supported by new equipment, for compatibility with older equipment and NMS systems. 
 
 
 
################## 
###    misc    ### 
################## 
 
SMTP (simple mail transfer protocol) is for emails

  1. 2018-10-13 22:32:16 |
  2. Category : uml
  3. Page View:

Google Ads