Interview Notes – Data Communications & Network

How LAN Switches Work

Networking Basics
Here are some of the fundamental parts of a network:

• Network - A network is a group of computers connected together in a way that allows

information to be exchanged between the computers.
• Node - A node is anything that is connected to the network.
• Segment - A segment is any portion of a network that is separated, by a switch, bridge or
router, from other parts of the network.
• Backbone - The backbone is the main cabling of a network that all of the segments connect
to.
• Topology - Topology is the way that each node is physically connected to the network.
• Local Area Network (LAN) - A LAN is a network of computers that are in the same general
physical location, usually within a building or a campus. If the computers are far apart (such
as across town or in different cities), then a Wide Area Network (WAN) is typically used.
• Network Interface Card (NIC) - Every computer (and most other devices) is connected to a
network through an NIC.
• Media Access Control (MAC) address - This is the physical address of any device -- such
as the NIC in a computer -- on the network. The MAC address, which is made up of two
equal parts, is 6 bytes long. The first 3 bytes identify the company that made the NIC. The
second 3 bytes are the serial number of the NIC itself.
• Unicast - A unicast is a transmission from one node addressed specifically to another node.
• Multicast - In a multicast, a node sends a packet addressed to a special group address.
Devices that are interested in this group register to receive packets addressed to the group.
An example might be a Cisco router sending out an update to all of the other Cisco routers.
• Broadcast - In a broadcast, a node sends out a packet that is intended for transmission to all
other nodes on the network.
 • Switches - Another fundamental part of many networks that speed things up. Switches allow
different nodes of a network to communicate directly with one another in a smooth and
efficient manner.

Network Topologies
Some of the most common topologies in use today include:
• Bus - Each node is connected one right after the other along the same backbone.
Information sent from a node travels along the backbone until it reaches its destination node.
Each end of a bus network must be terminated with a resistor to keep the signal that is sent
by a node across the network from bouncing back when it reaches the end of the cable.

Bus network topology

• Ring - Like a bus network, rings have the nodes connected one right after the other along the
same backbone. The difference is that the end of the network comes back around to the first
node, creating a complete circuit. In a ring network, each node takes a turn sending and
receiving information through the use of a token. The token, along with any data, is sent from
the first node to the second node, which extracts the data addressed to it and adds any data
it wishes to send. Then, the second node passes the token and data to the third node, and so
on until it comes back around to the first node again. Only the node with the token is allowed
to send data. All other nodes must wait for the token to come to them.

Ring network topology

• Star - In a star network, each node is connected to a central device called a hub. The hub
takes a signal that comes from any node and passes it along to all the other nodes in the
network. A hub does not perform any type of filtering or routing of the data. It is simply a
junction that joins all the different nodes together.
Star network topology
• Star bus - Probably the most common network topology in use today, star bus combines
elements of the star and bus topologies to create a versatile network environment. Nodes in
particular areas are connected to hubs (creating stars), and the hubs are connected together
along the network backbone (like a bus network). Quite often, stars are nested within stars,
as seen in the example below:

A typical star bus network

The Problem: Traffic

In the most basic type of network found today, nodes are simply connected together using hubs. As a
network grows, there are some potential problems with this configuration:
• Scalability - In a hub network, limited shared bandwidth makes it difficult to accommodate
significant growth without sacrificing performance.
• Latency - This is the amount of time that it takes a packet to get to its destination. Since
each node in a hub-based network has to wait for an opportunity to transmit in order to avoid
collisions, the latency can increase significantly as you add more nodes. Or, if someone is
transmitting a large file across the network, then all of the other nodes have to wait for an
opportunity to send their own packets.
• Network failure - In a typical network, one device on a hub can cause problems for other
devices attached to the hub due to incorrect speed settings (100 Mbps on a 10-Mbps hub) or
excessive broadcasts.
• Collisions - Ethernet uses a process called CSMA/CD (Carrier Sense Multiple Access with
Collision Detection) to communicate across the network. Under CSMA/CD, a node will not
send out a packet unless the network is clear of traffic. If two nodes send out packets at the
 same time, a collision occurs and the packets are lost. Then both nodes wait a random
amount of time and retransmit the packets. Any part of the network where there is a
possibility that packets from two or more nodes will interfere with each other is considered to
be part of the same collision domain. A network with a large number of nodes on the same
segment will often have a lot of collisions and therefore a large collision domain.
• A vital difference between a hub and a switch is that all the nodes connected to a hub share
the bandwidth among themselves, while a device connected to a switch port has the full
bandwidth all to itself. For example, if 10 nodes are communicating using a hub on a
10-Mbps network, then each node may only get a portion of the 10 Mbps if other nodes on
the hub want to communicate as well. But with a switch, each node could possibly
communicate at the full 10 Mbps.
Solution is by adding switches to the network.

Fully Switched Networks

In a fully switched network, switches replace all the hubs of an Ethernet network with a dedicated
segment for every node. These segments connect to a switch, which supports multiple dedicated
segments (sometimes in the hundreds). Since the only devices on each segment are the switch and the
node, the switch picks up every transmission before it reaches another node. The switch then forwards
the frame over the appropriate segment. Since any segment contains only a single node, the frame only
reaches the intended recipient. This allows many conversations to occur simultaneously on a switched
network.

An example of a network using a switch

Switching allows a network to maintain full-duplex Ethernet. Before switching, Ethernet was half-duplex,
which means that data could be transmitted in only one direction at a time. In a fully switched network,
each node communicates only with the switch, not directly with other nodes. Information can travel from
node to switch and from switch to node simultaneously.

Routers and Switches

Switch has the potential to radically change the way nodes communicate with each other. Switches
usually work at Layer 2 (Datalink Layer) of the OSI Reference Model, using MAC addresses, while routers
work at Layer 3 (Network Layer) with Layer 3 addresses, depending on which Layer 3 protocols are being
used. Whenever a device needs to send out information but doesn't know who it should send it to, it
sends out a broadcast. The other nodes can add the computer to their browser list (kind of like an
address directory) and communicate directly with that computer from that point on. Broadcasts are used
any time a device needs to make an announcement to the rest of the network or is unsure of who the
recipient of the information should be.
The OSI Reference Model consists of seven layers that build from
the wire (Physical) to the software (Application).

A hub or a switch will pass along any broadcast packets they receive to all the other segments in the
broadcast domain, but a router will not. A router works like this. Without the specific address of another
device, it will not let the data packet through. This is a good thing for keeping networks separate from
each other, but not so good when you want to talk between different parts of the same network. This is
where switches come in.

Packet-switching
LAN switches rely on packet-switching. The switch establishes a connection between two segments just
long enough to send the current packet. Incoming packets are saved to a temporary memory area
(buffer); the MAC address contained in the frame's header is read and then compared to a list of
addresses maintained in the switch's lookup table. In an Ethernet-based LAN, an Ethernet frame
contains a normal packet as the payload of the frame, with a special header that includes the MAC
address information for the source and destination of the packet.
Packet-based switches use one of three methods for routing traffic:
• Cut-through
• Store-and-forward
• Fragment-free
Cut-through switches read the MAC address as soon as a packet is detected by the switch. After storing
the 6 bytes that make up the address information, they immediately begin sending the packet to the
destination node, even as the rest of the packet is coming into the switch.
A switch using store-and-forward will save the entire packet to the buffer and check it for CRC errors or
other problems before sending. If the packet has an error, it is discarded. Otherwise, the switch looks up
the MAC address and sends the packet on to the destination node. Many switches combine the two
methods, using cut-through until a certain error level is reached and then changing over to store-and-
forward. Very few switches are strictly cut-through, since this provides no error correction.

A less common method is fragment-free. It works like cut-through except that it stores the first 64 bytes
of the packet before sending it on. The reason for this is that most errors, and all collisions, occur during
the initial 64 bytes of a packet.
Switch Configurations
LAN switches vary in their physical design. Currently, there are three popular configurations in use:
• Shared memory - This type of switch stores all incoming packets in a common memory
buffer shared by all the switch ports (input/output connections), then sends them out via the
correct port for the destination node.
• Matrix - This type of switch has an internal grid with the input ports and the output ports
crossing each other. When a packet is detected on an input port, the MAC address is
compared to the lookup table to find the appropriate output port. The switch then makes a
connection on the grid where these two ports intersect.
• Bus architecture - Instead of a grid, an internal transmission path (common bus) is shared
by all of the ports using TDMA. A switch based on this configuration has a dedicated memory
buffer for each port, as well as an ASIC to control the internal bus access.

Transparent Bridging
Most Ethernet LAN switches use transparent bridging to create their address lookup tables.
Transparent bridging is a technology that allows a switch to learn everything it needs to know about the
location of nodes on the network without the network administrator having to do anything. Transparent
bridging has five parts:
• Learning
• Flooding
• Filtering
• Forwarding
• Aging
Here's a step-by-step description of transparent bridging:
• The switch is added to the network, and the various segments are plugged into the switch's
ports.
• A computer (Node A) on the first segment (Segment A) sends data to a computer (Node B)
on another segment (Segment C).
• The switch gets the first packet of data from Node A. It reads the MAC address and saves it
to the lookup table for Segment A. The switch now knows where to find Node A anytime a
packet is addressed to it. This process is called learning.
• Since the switch does not know where Node B is, it sends the packet to all of the segments
except the one that it arrived on (Segment A). When a switch sends a packet out to all
segments to find a specific node, it is called flooding.
• Node B gets the packet and sends a packet back to Node A in acknowledgement.
• The packet from Node B arrives at the switch. Now the switch can add the MAC address of
Node B to the lookup table for Segment C. Since the switch already knows the address of
Node A, it sends the packet directly to it. Because Node A is on a different segment than
Node B, the switch must connect the two segments to send the packet. This is known as
forwarding.
• The next packet from Node A to Node B arrives at the switch. The switch now has the
address of Node B, too, so it forwards the packet directly to Node B.
• Node C sends information to the switch for Node A. The switch looks at the MAC address for
Node C and adds it to the lookup table for Segment A. The switch already has the address
 for Node A and determines that both nodes are on the same segment, so it does not need to
connect Segment A to another segment for the data to travel from Node C to Node A.
Therefore, the switch will ignore packets traveling between nodes on the same segment. This
is filtering.
• Learning and flooding continue as the switch adds nodes to the lookup tables. Most switches
have plenty of memory in a switch for maintaining the lookup tables; but to optimize the use
of this memory, they still remove older information so that the switch doesn't waste time
searching through stale addresses. To do this, switches use a technique called aging.
Basically, when an entry is added to the lookup table for a node, it is given a timestamp.
Each time a packet is received from a node, the timestamp is updated. The switch has a
user-configurable timer that erases the entry after a certain amount of time with no activity
from that node.

Redundancy
When we talked about bus and ring networks earlier, one issue was the possibility of a single point of
failure. In a star or star-bus network, the point with the most potential for bringing all or part of the network
down is the switch or hub. Look at the example below:

In this example, if either switch A or C fails, then the nodes connected to that particular switch are
affected, but nodes at the other two switches can still communicate. However, if switch B fails, then the
entire network is brought down. What if we add another segment to our network connecting switches A
and C?

In this case, even if one of the switches fails, the network will continue. This provides redundancy,
effectively eliminating the single point of failure. Now we have a new problem.

Broadcast Storms
In the last section, you discovered how switches learn where the nodes are located. With all of the
switches now connected in a loop, a packet from a node could quite possibly come to a switch from two
different segments. For example, imagine that Node B is connected to Switch A, and needs to
communicate with Node A on Segment B. Switch A does not know who Node A is, so it floods the packet.
The packet travels via Segment A or Segment C to the other two switches (B and C). Switch B will add
Node B to the lookup table it maintains for Segment A, while Switch C will add it to the lookup table for
Segment C. If neither switch has learned the address for Node A yet, they will flood Segment B looking
for Node A. Each switch will take the packet sent by the other switch and flood it back out again
immediately, since they still don't know who Node A is. Switch A will receive the packet from each
segment and flood it back out on the other segment. This causes a broadcast storm as the packets are
broadcast, received and rebroadcast by each switch, resulting in potentially severe network congestion.
This brings us to spanning trees.

Spanning Trees
To prevent broadcast storms and other unwanted side effects of looping, Digital Equipment Corporation
created the spanning-tree protocol (STP), which has been standardized as the 802.1d specification by
the IEEE. Essentially, a spanning tree uses the spanning-tree algorithm (STA), which senses that the
switch has more than one way to communicate with a node, determines which way is best and blocks out
the other path(s). It keeps track of the other path(s), just in case the primary path is unavailable.
Here's how STP works:

• Each switch is assigned a group of IDs, one for the switch itself and one for each port on the
switch. The switch's identifier, called the bridge ID (BID), is 8 bytes long and contains a
bridge priority (2 bytes) along with one of the switch's MAC addresses (6 bytes). Each port
ID is 16 bits long with two parts: a 6-bit priority setting and a 10-bit port number.
• A path cost value is given to each port. The cost is typically based on a guideline
established as part of 802.1d. According to the original specification, cost is 1,000 Mbps (1
gigabit per second) divided by the bandwidth of the segment connected to the port.
Therefore, a 10 Mbps connection would have a cost of (1,000/10) 100.
To compensate for the speed of networks increasing beyond the gigabit range, the standard
cost has been slightly modified. The new cost values are:

Bandwidth STP Cost Value

4 Mbps 250

10 Mbps 100

16 Mbps 62
45 Mbps 39

100 Mbps 19

155 Mbps 14

622 Mbps 6

1 Gbps 4

10 Gbps 2

You should also note that the path cost can be an arbitrary value assigned by the network
administrator, instead of one of the standard cost values.

• Each switch begins a discovery process to choose which network paths it should use for
each segment. This information is shared between all the switches by way of special network
frames called bridge protocol data units (BPDU). The parts of a BPDU are:
◦ Root BID - This is the BID of the current root bridge.
◦ Path cost to root bridge - This determines how far away the root bridge is. For
example, if the data has to travel over three 100-Mbps segments to reach the
root bridge, then the cost is (19 + 19 + 0) 38. The segment attached to the root
bridge will normally have a path cost of zero.
◦ Sender BID - This is the BID of the switch that sends the BPDU.
◦ Port ID - This is the actual port on the switch that the BPDU was sent from.
All of the switches are constantly sending BPDUs to each other, trying to determine the best
path between various segments. When a switch receives a BPDU (from another switch) that
is better than the one it is broadcasting for the same segment, it will stop broadcasting its
BPDU out that segment. Instead, it will store the other switch's BPDU for reference and for
broadcasting out to inferior segments, such as those that are farther away from the root
bridge.

• A root bridge is chosen based on the results of the BPDU process between the switches.
Initially, every switch considers itself the root bridge. When a switch first powers up on the
network, it sends out a BPDU with its own BID as the root BID. When the other switches
receive the BPDU, they compare the BID to the one they already have stored as the root
BID. If the new root BID has a lower value, they replace the saved one. But if the saved root
BID is lower, a BPDU is sent to the new switch with this BID as the root BID. When the new
switch receives the BPDU, it realizes that it is not the root bridge and replaces the root BID in
its table with the one it just received. The result is that the switch that has the lowest BID is
elected by the other switches as the root bridge.
• Based on the location of the root bridge, the other switches determine which of their ports
has the lowest path cost to the root bridge. These ports are called root ports, and each
switch (other than the current root bridge) must have one.
• The switches determine who will have designated ports. A designated port is the
connection used to send and receive packets on a specific segment. By having only one
designated port per segment, all looping issues are resolved!
 Designated ports are selected based on the lowest path cost to the root bridge for a
segment. Since the root bridge will have a path cost of "0," any ports on it that are
connected to segments will become designated ports. For the other switches, the path cost
is compared for a given segment. If one port is determined to have a lower path cost, it
becomes the designated port for that segment. If two or more ports have the same path
cost, then the switch with the lowest BID is chosen.

• Once the designated port for a network segment has been chosen, any other ports that
connect to that segment become non-designated ports. They block network traffic from
taking that path so it can only access that segment through the designated port.
Each switch has a table of BPDUs that it continually updates. The network is now configured as a single
spanning tree, with the root bridge as the trunk and all the other switches as branches. Each switch
communicates with the root bridge through the root ports, and with each segment through the designated
ports, thereby maintaining a loop-free network. In the event that the root bridge begins to fail or have
network problems, STP allows the other switches to immediately reconfigure the network with another
switch acting as Root Bridge.

Routers and Layer 3 Switching

When a router receives a packet, it looks at the Layer 3 source and destination addresses to determine
the path the packet should take. A standard switch relies on the MAC addresses to determine the source
and destination of a packet, which is Layer 2 (Data) networking. The fundamental difference between a
router and a Layer 3 switch is that Layer 3 switches have optimized hardware to pass data as fast as
Layer 2 switches, yet they make decisions on how to transmit traffic at Layer 3, just like a router. Within
the LAN environment, a Layer 3 switch is usually faster than a router because it is built on switching
hardware. The pattern matching and caching on Layer 3 switches is similar to the pattern matching and
caching on a router. Both use a routing protocol and routing table to determine the best path. However, a
Layer 3 switch has the ability to reprogram the hardware dynamically with the current Layer 3 routing
information. This is what allows for faster packet processing. On current Layer 3 switches, the information
received from the routing protocols is used to update the hardware caching tables.

VLANs
As networks have grown in size and complexity, many companies have turned to virtual local area
networks (VLANs) to provide some way of structuring this growth logically. VLAN is a collection of nodes
that are grouped together in a single broadcast domain that is based on something other than physical
location.
A broadcast domain is a network (or portion of a network) that will receive a broadcast packet from any
node located within that network. In a typical network, everything on the same side of the router is all part
of the same broadcast domain. A switch that you have implemented VLANs on has multiple broadcast
domains, similar to a router. But you still need a router to route from one VLAN to another -- the switch
can't do this by itself.

Here are some common reasons why a company might have VLANs:

• Security - Separating systems that have sensitive data from the rest of the network
decreases the chances that people will gain access to information they are not authorized to
see.
 • Projects/Special applications - Managing a project or working with a specialized
application can be simplified by the use of a VLAN that brings all of the required nodes
together.
• Performance/Bandwidth - Careful monitoring of network use allows the network
administrator to create VLANs that reduce the number of router hops and increase the
apparent bandwidth for network users.
• Broadcasts/Traffic flow - Since a principle element of a VLAN is the fact that it does not
pass broadcast traffic to nodes that are not part of the VLAN, it automatically reduces
broadcasts. Access lists provide the network administrator with a way to control who sees
what network traffic. An access list is a table the network administrator creates that lists
which addresses have access to that network.
• Departments/Specific job types - Companies may want VLANs set up for departments that
are heavy network users
While you can have more than one VLAN on a switch, they cannot communicate directly with one another
on that switch. Communication between VLANs requires the use of a router.

VLANs can span multiple switches, and we can have more than one VLAN on each switch. For multiple
VLANs on multiple switches to be able to communicate via a single link between the switches, one must
use a process called trunking -- trunking is the technology that allows information from multiple VLANs to
be carried over a single link between switches.

VLAN Trunking Protocol

The VLAN trunking protocol (VTP) is the protocol that switches use to communicate among themselves
about VLAN configuration.

In the image above, each switch has two VLANs. On the first switch, VLAN A and VLAN B are sent
through a single port (trunked) to the router and through another port to the second switch. VLAN C and
VLAN D are trunked from the second switch to the first switch, and through the first switch to the router.
This trunk can carry traffic from all four VLANs. The trunk link from the first switch to the router can also
carry all four VLANs. In fact, this one connection to the router allows the router to appear on all four
VLANs, as if it had four different physical ports connected to the switch. The VLANs can communicate
with each other via the trunking connection between the two switches using the router. For example, data
from a computer on VLAN A that needs to get to a computer on VLAN B (or VLAN C or VLAN D) must
travel from the switch to the router and back again to the switch. Because of the transparent bridging
algorithm and trunking, both PCs and the router think that they are on the same physical segment.
How Routers Work
Routers are specialized computers that send your messages and those of every other Internet user
speeding to their destinations along thousands of pathways. Much of the work to get a message from one
computer to another is done by routers, because they're the crucial devices that let messages flow
between networks, rather than within networks. A router links the two networks and connects both
networks to the Internet.

Directing Traffic
The router is the only device that sees every message sent by any computer on either of the company's
networks. One of the tools a router uses to decide where a packet should go is a configuration table. A
configuration table is a collection of information, including:

• Information on which connections lead to particular groups of addresses

• Priorities for connections to be used
• Rules for handling both routine and special cases of traffic.

A configuration table can be as simple as a half-dozen lines in the smallest routers, but can grow to
massive size and complexity in the very large routers that handle the bulk of Internet messages.
A router, then, has two separate but related jobs:

• The router ensures that information doesn't go where it's not needed.
• The router makes sure that information does make it to the intended destination.
A router is extremely useful in dealing with two separate computer networks. It joins the two networks,
passing information from one to the other and, in some cases, performing translations of various
protocols between the two networks. It also protects the networks from one another, preventing the
traffic on one from unnecessarily spilling over to the other. As the number of networks attached to one
another grows, the configuration table for handling traffic among them grows, and the processing power
of the router is increased. Regardless of how many networks are attached, though, the basic operation
and function of the router remains the same.

Transmitting Packets
Internet data travels over a system known as a packet-switching network. In this system, the data in a
message or file is broken up into packages about 1,500 bytes long. Each of these packages gets a
wrapper that includes information on the sender's address, the receiver's address, the package's place in
the entire message, and how the receiving computer can be sure that the package arrived intact. Each
data package, called a packet, is then sent off to its destination via the best available route -- a route that
might be taken by all the other packets in the message or by none of the other packets in the message. In
a network designed for data there are two huge advantages to the packet-switching plan.

• The network can balance the load across various pieces of equipment on a millisecond-by-
millisecond basis.
• If there is a problem with one piece of equipment in the network while a message is being
transferred, packets can be routed around the problem, ensuring the delivery of the entire
message.
The Path of a Packet
The routers that make up the main part of the Internet can reconfigure the paths that packets take
because they look at the information surrounding the data packet, and they tell each other about line
conditions, such as delays in receiving and sending data and traffic on various pieces of the network. Not
all routers do so many jobs, however. Routers come in different sizes. For example:
• If you have enabled Internet connection sharing between two Windows 98-based computers,
you're using one of the computers (the computer with the Internet connection) as a simple
router. In this instance, the router does so little -- simply looking at data to see whether it's
intended for one computer or the other -- which it can operate in the background of the
system without significantly affecting the other programs you might be running.
• Slightly larger routers, the sort used to connect a small office network to the Internet, will do a
bit more. These routers frequently enforce rules concerning security for the office network
(trying to secure the network from certain attacks). They handle enough traffic that they're
generally stand-alone devices rather than software running on a server.
• The largest routers, those used to handle data at the major traffic points on the Internet,
handle millions of data packets every second and work to configure the network most
efficiently.
One of the crucial tasks for any router knows when a packet of information stays on its local network.
For this, it uses a mechanism called a subnet mask. The subnet mask looks like an IP address and
usually reads "255.255.255.0." This tells the router that all messages with the sender and receiver having an
address sharing the first three groups of numbers are on the same network, and shouldn't be sent out to another
network.

Knowing Where to Send Data

Hubs, switches and routers all take signals from computers or networks and pass them along to other
computers and networks, but a router is the only one of these devices that examines each bundle of data
as it passes and makes a decision about exactly where it should go. To make these decisions, routers
must first know about two kinds of information: addresses and network structure. This address can be
said as logical address because it describes a way someone can get a message to you. This logical
address is connected to a physical address that you generally only see when you're buying or selling a
piece of property.

Logical Addresses
Every piece of equipment that connects to a network, whether an office network or the Internet, has a
physical address. This is an address that's unique to the piece of equipment that's actually attached to the
network cable. For example, if your desktop computer has a network interface card (NIC) in it, the NIC
has a physical address permanently stored in a special memory location. This physical address, which is
also called the MAC address (for Media Access Control) has two parts, each 3 bytes long. The first 3
bytes identify the company that made the NIC. The second 3 bytes are the serial number of the NIC itself.
A computer can have several logical addresses at the same time. You may be using the addressing
schemes, or protocols, from several different types of networks simultaneously. If you're connected to the
Internet (and if you're reading this, you probably are), then you have an address that's part of the TCP/IP
network protocol.

Routing protocol
A routing protocol is a protocol that specifies how routers communicate with each other to disseminate
information that allows them to select routes between any two nodes on a network. Typically, each router
has a prior knowledge only of its immediate neighbors. A routing protocol shares this information so that
routers have knowledge of the network topology at large.

The OSI Model

7. Application Layer

NNTP · SIP · SSI · DNS · FTP · Gopher · HTTP · NFS · NTP · SMPP · SMTP · SNMP · Telnet

6. Presentation Layer

MIME · XDR · SSL · TLS

5. Session Layer

Named Pipes · NetBIOS · SAP · SDP · Sockets Session establishment in TCP · SIP.

4. Transport Layer

TCP · UDP · IPsec · PPTP · L2TP

3. Network Layer

IP · ARP · ICMP · DHCP · RIP · OSPF· BGP · IGMP · IS-IS · IGRP · EIGRP

2. Data Link Layer

PPP · SLIP

1. Physical Layer

RS-232 · V.35· V.34· I.430· I.431· T1· E1· 802.3 Ethernet · 10BASE-T· 100BASE-TX· POTS·
SONET· DSL· 802.11a/b/g/n PHY.

The TCP/IP model

Application Layer
DHCP · DNS · FTP · Gopher · HTTP · IMAP4 · IRC · NNTP · XMPP · POP3 · RTP · SIP · SMTP · SNMP ·
SSH · TELNET · RPC · RTCP · RTSP · TLS (and SSL) · SDP · SOAP · GTP · STUN · NTP · BGP · RIP ·
(more)
Transport Layer
TCP · UDP · DCCP · SCTP · RSVP · ECN · (more)
Internet Layer
IP (IPv4 · IPv6) · ICMP · ICMPv6 · IGMP · IPsec · (more)
Link Layer
ARP · RARP · NDP · OSPF · IS-IS · Device Drivers · Media Access Control ·

A distance-vector routing protocol is one of the two major classes of routing protocols used in packet-
switched networks for computer communications, the other major class being the link-state protocol.

Intermediate system to intermediate system (IS-IS), is a protocol used by network devices (routers) to
determine the best way to forward datagram’s or packets through a packet-based network, a process
called routing. IS-IS is a link-state routing protocol, meaning that it operates by reliably flooding topology
information throughout a network of routers. Each router then independently builds a picture of the
network's topology. Packets or datagram’s are forwarded based on the best topological path through the
network to the destination. IS-IS uses Dijkstra's algorithm (Shortest Path) for identifying the best path
through the network. IS-IS was developed at roughly the same time that the Internet Engineering Task
Force IETF was developing a similar protocol called OSPF. IS-IS was later extended to support routing of
datagram’s (network-layer packets) using IP Protocol. This version of the IS-IS routing protocol was then
called Integrated IS-IS OSPF had achieved predominance as an IGP (Interior Gateway Protocol) routing
protocol, particularly in medium-to-large-sized enterprise networks. Detailed analysis tends to show that
OSPF has traffic tuning features that are especially suitable to enterprise networks while ISIS has stability
features especially suitable to ISP infrastructure.

Open Shortest Path First (OSPF) is a dynamic routing protocol for use in Internet Protocol (IP)
networks. OSPF is perhaps the most widely-used interior gateway protocol (IGP) in large enterprise
networks. OSPF routes packets based solely on the destination IP address found in IP packets. It was
designed to support variable-length subnet masking (VLSM, CIDR). OSPF detects changes in the
topology, such as link failures, very quickly and converges on a new loop-free routing structure within
seconds. For this, each OSPF router collects link-state information to construct the entire network
topology of so-called "areas" from which it computes the shortest path tree for each route using a method
based on Dijkstra's algorithm. The link-state information is maintained on each router as a link-state
database (LSDB) which is a tree-image of the network topology. Identical copies of the LSDB are
periodically updated through flooding on all routers in each OSPF-aware area. By convention, area 0
represents the core or "backbone" region of an OSPF-enabled network, and other OSPF area numbers
may be designated to serve other regions of an enterprise (large, business) network - however every
additional OSPF area must have a direct or virtual connection to the backbone OSPF area. The
backbone area has the identifier 0.0.0.0. Inter-area routing goes via the backbone.
Routers in the same broadcast domain or at each end of a point-to-point telecommunications link form
adjacencies when they have detected each other. This detection occurs when a router "sees" itself in a
hello packet. This is called a two way state and is the most basic relationship. The router in Ethernet or
frame relay select a designated router (DR) and a backup designated router (BDR) which act as a hub to
reduce traffic between routers. OSPF uses both unicast and multicast to send "hello packets" and link
state updates. Multicast addresses 224.0.0.5 (all SPF/link state routers) and 224.0.0.6 (all Designated
Routers) are reserved for OSPF. In contrast to the Routing Information Protocol (RIP) or the Border
Gateway Protocol (BGP), OSPF does not use TCP or UDP but uses IP directly, via IP protocol 89. OSPF
handles its own error detection and correction, therefore negating the need for TCP or UDP functions.
The OSPF Protocol can operate securely between routers, optionally using a clear-text password or using
MD5 to authenticate peers before forming adjacencies and before accepting link-state advertisements
(LSA). A natural successor to the Routing Information Protocol (RIP), it was classless, or able to use
Classless Inter-Domain Routing, from its inception. Multicast extensions to OSPF, the Multicast Open
Shortest Path First (MOSPF) protocols, have been defined but these are not widely used at present.

Comparison with OSPF of IS-IS

Both IS-IS and OSPF are link state protocols, and both use the same Dijkstra algorithm for computing the
best path through the network. As a result, they are conceptually similar. Both support variable length
subnet masks, can use multicast to discover neighboring routers using hello packets, and can support
authentication of routing updates. While OSPF is natively built to route IP and is itself a layer 3 protocol
that runs on top of IP, IS-IS is natively an ISO network layer protocol (it is at the same layer as CLNS), a
fact that may have allowed OSPF to be more widely used. IS-IS does not use IP to carry routing
information messages. IS-IS routers build a topological representation of the network. This map indicates
the IP subnets which each IS-IS router can reach, and the lowest cost (shortest) path to an IP subnet is
used to forward IP traffic. IS-IS also differs from OSPF in the methods by which it reliably floods topology
and topology change information through the network. However, the basic concepts are similar.Since
OSPF is more popular, this protocol has a richer set of extensions and added features. However IS-IS
has less support to larger networks. Given the same set of resources, IS-IS can support more routers in
an area than OSPF. This makes IS-IS favored in ISP environments. Additionally, IS-IS is neutral
regarding the type of network addresses for which it can route. OSPF, on the other hand, was designed
for IPv4. Thus IS-IS was easily adapted to support IPv6, while the OSPF protocol needed a major
overhaul (OSPF v3).

IS-IS differs from OSPF in the way that "areas" are defined and routed between. IS-IS routers are
designated as being: Level 1 (intra-area); Level 2 (inter area); or Level 1-2 (both). Level 2 routers are
Inter area routers that can only form relationships with other Level 2 routers. Routing information is
exchanged between Level 1 routers and other Level 1 routers, and Level 2 routers only exchange
information with other Level 2 routers. Level 1-2 routers exchange information with both levels and are
used to connect the inter area routers with the intra area routers. In OSPF, areas are delineated on the
interface such that an Area border router (ABR) is actually in two or more areas at once, effectively
creating the borders between areas inside the ABR, whereas in IS-IS area borders are in between
routers, designated as Level 2 or Level 1-2. The result is that an IS-IS router is only ever a part of a single
area. IS-IS also does not require Area 0 (Area Zero) to be the backbone area through which all inter-area
traffic must pass. The logical view is that OSPF creates something of a spider web or star topology of
many areas all attached directly to Area Zero and IS-IS by contrast creates a logical topology of a
backbone of Level 2 routers with branches of Level 1-2 and Level 1 routers forming the individual areas.

Interior Gateway Routing Protocol (IGRP)

Is a kind of IGP which is a distance-vector routing protocol invented by Cisco, used by routers to
exchange routing data within an autonomous system. IGRP was created in part to overcome the
limitations of RIP (maximum hop count of only 15, and a single routing metric) when used within large
networks. IGRP supports multiple metrics for each route, including bandwidth, delay, load, MTU
(Maximum Transmission Unit), and reliability; to compare two routes these metrics are combined together
into a single metric, using a formula which can be adjusted through the use of pre-set constants. The
maximum hop count of IGRP-routed packets is 255 (default 100). IGRP is considered a classful routing
protocol. As the protocol has no field for a subnet mask the router assumes that all interface addresses
have the same subnet mask as the router itself. This contrasts with classless routing protocols that can
use variable length subnet masks. Classful protocols have become less popular as they are wasteful of IP
address space.

The Bellman–Ford algorithm, sometimes referred to as the Label Correcting Algorithm, computes
single-source shortest paths in a weighted digraph (where some of the edge weights may be
negative). Dijkstra's algorithm solves the same problem with a lower running time, but requires
edge weights to be non-negative. Thus, Bellman–Ford is usually used only when there are
negative edge weights.

Border Gateway Protocol (BGP)

Is the core routing protocol of the Internet. It works by maintaining a table of IP networks or 'prefixes'
which designate network reachability among autonomous systems (AS). It is described as a path vector
protocol. BGP does not use traditional IGP metrics, but makes routing decisions based on path, network
policies and/or rule sets. BGP was created to replace the EGP routing protocol to allow fully decentralized
routing in order to allow the removal of the NSFNet Internet backbone network. This allowed the Internet
to become a truly decentralized system. Since 1994, version four of the protocol has been in use on the
Internet. All previous versions are now obsolete. The major enhancement in version 4 was support of
Classless Inter-Domain Routing and use of route aggregation to decrease the size of routing tables.
However, since most Internet service providers must use BGP to establish routing between one another
(especially if they are multihomed), it is one of the most important protocols of the Internet. Compare this
with Signalling System 7 (SS7), which is the inter-provider core call setup protocol on the PSTN. Very
large private IP networks can make use of BGP, however. An example would be the joining of a number
of large Open Shortest Path First (OSPF) networks where OSPF by itself would not scale to size. Another
reason to use BGP would be multihoming a network for better redundancy either to a multiple access
points of a single ISP or to multiple ISPs.

Idle State:

• Initializes resources for the BGP process.

• Tries to establish a TCP connection with its configured BGP peer.
• Listen for a TCP connection from its peer. If an error occurs at any state of the FSM process, the
BGP session is terminated immediately, and returned to the Idle State. Some of the reasons why
a router does not progress from the Idle state are:
◦ TCP port 179 is not open.
◦ A random TCP port over 1023 is not open.
◦ Peer address configured incorrectly on either router.
◦ AS number configured incorrectly on either router Connect State.

Connect State

• Wait for successful TCP negotiation with peer.

• BGP does not spend much time in this state if the TCP session has been successfully
established.
• Sends OPEN message to peer.
• If an error occurs, BGP moves to the ACTIVE state. Some reasons for the error are:
◦ TCP port 179 is not open.
◦ A random TCP port over 1023 is not open.
◦ Peer address configured incorrectly on either router.
◦ AS number configured incorrectly on either router.

Active State

• If the router was unable to establish a successful TCP session, then it ends up in the ACTIVE
state.
• The router will try to restart another TCP session with the peer and if successful, then it will send
an OPEN message to the peer.
• If it is unsuccessful again, the FSM is reset to the IDLE state.
 • If you see a router cycling between the IDLE and the ACTIVE state, here are some of the
reasons:
◦ TCP port 179 is not open.
◦ A random TCP port over 1023 is not open.
◦ BGP configuration error.
◦ Network congestion.
◦ Flapping network interface.

OpenSent State

• The router listens for an OPEN message from its peer.

• Once the message has been received, the router checks the validity of the OPEN message.
• If there is an error it is because one of the fields in the OPEN message don’t match between the
peers, e.g. BGP version mismatch, MD5 password mismatch, the peering router expects a
different My AS. The router will then send a NOTIFICATION message to the peer indicating why
the error occurred.
• If there is no error, a KEEPALIVE message is sent.

OpenConfirm State

• The peer is listening for a KEEPALIVE message from its peer.

• If a message is received, then BGP transitions to the next state.
• If no KEEPALIVE message is received, the router transitions back to the IDLE state.

Established State

• In this state, the peers send UPDATE messages to exchange information about each route
being advertised to the BGP peer.
• If there is any error in the UPDATE message then a NOTIFICATION message is sent to the
peer, and BGP transitions back to the IDLE state

Multi Protocol Label Switching (MPLS)

Is a data-carrying mechanism that belongs to the family of packet-switched networks. MPLS operates at
an OSI Model layer that is generally considered to lie between traditional definitions of Layer 2 (Data Link
Layer) and Layer 3 (Network Layer), and thus is often referred to as a "Layer 2.5" protocol. It was
designed to provide a unified data-carrying service for both circuit-based clients and packet-switching
clients which provide a datagram service model. It can be used to carry many different kinds of traffic,
including IP packets, as well as native ATM, SONET, and Ethernet frames. A number of different
technologies were previously deployed with essentially identical goals, such as frame relay and ATM.
MPLS is now replacing these technologies in the marketplace, mostly because it is better aligned with
current and future technology needs.

One original motivation was to allow the creation of simple high-speed switches, since for a significant
length of time it was impossible to forward IP packets entirely in hardware. Therefore the advantages of
MPLS primarily revolve around the ability to support multiple service models and perform traffic
management. MPLS also offers a robust recovery frame work that goes beyond the simple protection
rings of synchronous optical networking (SONET/SDH). While the traffic management benefits of
migrating to MPLS are quite valuable (better reliability, increased performance) .

How MPLS works

MPLS works by prefixing packets with an MPLS header, containing one or more 'labels'. This is called a
label stack.

Each label stack entry contains four fields:

• A 20-bit label value.

• A 3-bit field for QoS (Quality of Service) priority (experimental).
• A 1-bit bottom of stack flag. If this is set, it signifies that the current label is the last in the stack.
• An 8-bit TTL (time to live) field.

These MPLS-labeled packets are switched after a Label Lookup/Switch instead of a lookup into the IP
table. As mentioned above, when MPLS was conceived, Label Lookup and Label Switching were faster
than a Routing Table lookup because they could take place directly within the switched fabric and not the
CPU. The entry and exit points of an MPLS network are called Label Edge Routers (LER), which,
respectively, push an MPLS label onto the incoming packet and pop it off the outgoing packet. Routers
that perform routing based only on the label are called Label Switch Routers (LSR). In some applications,
the packet presented to the LER already may have a label, so that the new LSR pushes a second label
onto the packet. For more information see Penultimate Hop Popping.

Labels are distributed between LERs and LSRs using the “Label Distribution Protocol” (LDP). Label
Switch Routers in an MPLS network regularly exchange label and reachability information with each other
using standardized procedures in order to build a complete picture of the network they can then use to
forward packets. Label Switch Paths (LSPs) are established by the network operator for a variety of
purposes, such as to create network-based IP Virtual Private Networks or to route traffic along specified
paths through the network. In many respects, LSPs are no different than PVCs in ATM or Frame Relay
networks, except that they are not dependent on a particular Layer 2 technology.

In the specific context of an MPLS-based Virtual Private Network (VPN), LSRs that function as ingress
and/or egress routers to the VPN are often called PE (Provider Edge) routers. Devices that function only
as transit routers are similarly called P (Provider) routers. The job of a P router is significantly easier than
that of a PE router, so they can be less complex and may be more dependable because of this.

When an unlabeled packet enters the ingress router and needs to be passed on to an MPLS tunnel, the
router first determines the forwarding equivalence class (FEC) the packet should be in, and then inserts
one or more labels in the packet's newly-created MPLS header. The packet is then passed on to the next
hop router for this tunnel.
When a labeled packet is received by an MPLS router, the topmost label is examined. Based on the
contents of the label a swap, push (impose) or pop (dispose) operation can be performed on the packet's
label stack. Routers can have prebuilt lookup tables that tell them which kind of operation to do based on
the topmost label of the incoming packet so they can process the packet very quickly. In a swap operation
the label is swapped with a new label, and the packet is forwarded along the path associated with the
new label.

In a push operation a new label is pushed on top of the existing label, effectively "encapsulating" the
packet in another layer of MPLS. This allows hierarchical routing of MPLS packets. Notably, this is used
by MPLS VPNs.

In a pop operation the label is removed from the packet, which may reveal an inner label below. This
process is called "decapsulation". If the popped label was the last on the label stack, the packet "leaves"
the MPLS tunnel. During these operations, the contents of the packet below the MPLS Label stack are
not examined. Indeed transit routers typically need only to examine the topmost label on the stack. The
forwarding of the packet is done based on the contents of the labels, which allows "protocol-independent
packet forwarding" that does not need to look at a protocol-dependent routing table and avoids the
expensive IP longest prefix match at each hop.

At the egress router, when the last label has been popped, only the payload remains. This can be an IP
packet, or any of a number of other kinds of payload packet. The egress router must therefore have
routing information for the packet's payload, since it must forward it without the help of label lookup
tables. An MPLS transit router has no such requirement.

Juniper Routers
The Juniper Networks next generation routing architecture provides the solid, reliable, high performance
foundation upon which today’s real-time, critical networking applications can be delivered. Juniper
Networks offers a comprehensive enterprise routing portfolio consisting of the J-series services routers
and the M-series multiservice routers. The J-series routers are typically deployed at remote offices or
branch locations and include the J2300 for smaller offices, the J4300 for medium sized branches, and the
J6300 for large branches or regional offices. The M-series enterprise routers, including the M7i and M10i,
are typically deployed in head office locations where high performance packet processing is required
such as Internet access gateways, WAN aggregation devices, data center routers or backbone routers.
Both the J-series and M-series routers run the same proven JUNOS modular operating system, designed
to run multiple functions in parallel on assigned processing resources and delivering high stability with the
flexibility to enable advanced, next-generation routing services.
Product highlights:
• High levels of security with a modular system architecture to defend against infrastructure attacks by
fully protecting the processing resources and ensuring complete router control
• Modular software design to ensure that minor problems cannot turn into full system crashes, maintaining
uptime and continuity of operations
• Predictable performance of mission critical applications and higher QOS control to classify, prioritize and
schedule traffic ensuring resource availability
• One common JUNOS code base to streamline deployment, patches and software upgrades with
multiple tools for platform implementation and management.
Legacy routing systems were never designed with today’s dynamic IP traffic in mind
The fundamental design limitation of today’s legacy routers is the monolithic software architecture of older
operating systems. In attempting to keep up with new feature demands, the code base of the legacy OS
has grown unwieldy, making it costly for enterprises to track and manage multiple code versions in a
production network. The resulting challenges of the older systems include security issues during
distributed denial of service attacks, software stability concerns, performance degradation with services
activated, and operations complexity to manage and maintain the systems.
The typical design of the legacy OS has a single, monolithic code base with all forwarding, control and
services functions competing for the same CPU and memory resources. This architecture creates
inherent processing conflicts that impact the security, stability and performance of the router. For
example, the shared architecture allows the packet forwarding function of the router to consume all of the
processing resources, leaving control and service functions starved for cycles.
Juniper Networks modular architecture enables enterprises to meet the diverse demands of next
generation IP infrastructures
The performance and integrity of Juniper routers have been proven in the largest IP networks in the
world. As enterprise networks must increasingly meet many of the same service levels as carrier
infrastructures, Juniper Networks extends its capabilities to the J- and M- series enterprise routing
systems, with the performance, reliability and flexibility required.
Juniper’s enterprise routing platforms are built on four key principles:
• Protected Processing Resources: always available resources to ensure router stability and control
• Modular Software Architecture: clean separation of independent software functions
• Next Generation CLI: advanced configuration and diagnostic tools
• One Code Base: common code base developed through a rigorous release process
These principles represent a set of fundamental changes in the design and development of next
generation routing platforms.

Protected Processing Resources

Juniper Networks routing platforms ensure resource availability through a system architecture that cleanly
separates the three independent components – the Routing Engine, Forwarding Engine, and Services
Engine. Each has its own protected processing and memory resources so that processing conflicts are
never an issue.
The robust protected resource architecture of Juniper Networks routers allocates a unique address space
to each operating process. Since each task has its own dedicated ASIC or protected processing
resources, Juniper routers provide intelligence and performance at scale in a way that no other legacy
router can approach.
Modular Software Architecture
Complementing the protected processing resources is the modular architecture of the JUNOS operating
system. The JUNOS operating system is a completely modular software platform enabling a functional
division of labor for seamless development and operation of many advanced features and capabilities. By
partitioning the software system, tasks are broken into manageable subsets that interact infrequently.
Loading of one does not affect the other, eliminating a common failure mode of legacy routers.
Next generation CLI
JUNOS extends its modern design beyond system architecture with advanced administrative features.
The intelligent, hierarchical organization of the JUNOS CLI is well suited to operations tasks, with a
number of innovative features built-in to ease overall network deployment, configuration and restoration.
One code base
Juniper Networks follows a rigorous, well-defined development release process with a single code base
across its routing platforms. Under strict development standards, features are added, supported, tested
and reliably carried forward, with major releases four times a year and minor updates available monthly,
quickly introducing new capabilities required by customers. As a modular software platform, many
developers can create new features for JUNOS simultaneously without impacting each others’ work.
Connecting and securing remote offices
The J-series services routers, the J2300, J4300 and J6300, are ideal for enterprise remote, branch, and
regional offices, where reliability and ease of management are paramount considerations. The J-series
routers provide enterprises, government organizations, and research and education groups with a
forward-looking platform to build converged IP and IP/MPLS infrastructures. By running multiple functions
in parallel on assigned processing resources, JUNOS software delivers high stability with the flexibility to
enable advanced routing, QOS, security, and management policies with predictable performance.
Connecting and securing the central office, data center and enterprise backbone
The M7i and M10i platforms are ideal enterprise routing solutions for head offices, campuses and
corporate backbones needing reliable, secure and high performance IP WAN connectivity, Internet
access and services. The hardware based architecture and the JUNOS operating system ensure rich
packet processing with uncompromising forwarding performance to support latency sensitive applications
such as voice, video, and mission critical applications. The M7i and M10i routers are the choice for
consolidating multiple services onto a single IP/MPLS network and delivering performance, reliability, and
security to the enterprise environment.The benefits of deploying Juniper Networks enterprise routers
Modern IP applications require a smart network that can meet the diverse set of requirements enterprises
need without compromise. Deploying Juniper Networks routers adds new levels of security, uptime,
performance and operations flexibility with many systems and tools to assist network administrators.

Juniper Advantages Key Differentiators

• Modular system architecture defends against attacks by protecting

processing resources
• Access to the router is always available – even while under attack
Strong Security
• Additional integrated security services include Network Address
Translation (NAT), Access Control Lists (ACLs), stateful inspection
firewall, and IPSec Encryption

• Network outages minimized by separating software functions into

modular components
High Uptime • Minor problems cannot proliferate to full system crashes
• Next generation CLI designed to help prevent operational errors,
maintaining uptime

• Comprehensive, real-time granular control over network traffic,

especially important during periods of high congestion
Predictable Performance
• QOS mechanisms to classify, prioritize and schedule traffic to deliver
predictable performance

• One software code base across all routing platforms eases

Operations Flexibility operations with straightforward software updates and upgrades
• Fast certification of releases and full interoperability between products
 • Features for small and regional remote offices help lower the
operations costs for installing, managing, monitoring and maintaining
equipment

• Juniper Networks JUNOScope provides automated control of a large

number of enterprise routers, eliminating the need to manage individual
routers
Centralized Management • Multiple functions such as configuration management, inventory
management and system administration
• Reduce time and costs by leveraging an automated and integrated
set of management applications

Compiled By: Khalid Mahmood - 1 -