Network Protocols

Communication between devices on a network is governed by a set of rules called

protocols. There are two types of network protocols, TCP/IP and OSI.

TCP/IP Protocol
TCP/IP is responsible for a wide range of activity: it interfaces with hardware, route
data to appropriate nodes, provides error control, and much more.
The developers of TCP/IP designed a modular protocol stack- meaning that the

TCP/IP system was divided into separate components or layers. But why use a modular
design? Not only does it aid in the education process, but it also lets manufacturers easily
adapt to specific hardware and operating system needs.
For example- if we had a token ring network and an extended star network, we surely
wouldn‘t want to create entirely different network software builds for each one.
Instead, we can just edit the network layer, called the Network Access Layer, to allow
compatibility. Not only does this benefit manufacturers, but it greatly aids networking
students in education. The TCP/IP suite is divided into four layers. Network Access Layer –
The Network Access Layer is fairly self explanatory- it interfaces with the physical
network. It formats data and addresses data for subnets, based on physical hardware
addresses. More importantly, it provides error control for data delivered on the physical
network.
Internet Layer – The Internet Layer provides logical addressing. More specifically,

the internet layer relates physical addresses from the network access layer to logical
addresses. This can be an IP address, for instance. This is vital for passing along information
to subnets that aren‘t on the same network as other parts of the network. This layer
also provides routing that may reduce traffic, and supports delivery across an internetwork.
(An internetwork is simply a greater network of LANs, perhaps a large company or
organization.)

Transport Layer – The Transport Layer provides flow control, error control, and serves as
an interface for network applications. An example of the transport layer
would be Transmission Control Protocol (TCP) - a protocol suite that is connection-
oriented. We may also use UDP- a connectionless means of transporting data.

Application Layer – Lastly, we have the Application Layer. We use this layer for
troubleshooting, file transfer, internet activities, and a slew of other activities. This layer
interacts with many types of applications, such as a database manager, email program, or
Telnet.

1.4.2 Open System Interconnection(OSI) Protocol

The International Organization of Standardization (ISO) defined procedures for computer
communications which was called Open System Interconnection (OSI) Reference Model
or OSI Model for short. The OSI Model describes how data flows
from one computer to another computer in a network.

The OSI Model

The Open System Interconnection Model, more commonly known as simply OSI, is another
model that can help break the TCP/IP suite into modules. Technically speaking, it is exactly
the same as the TCP/IP model, except that it has more layers. This is currently being
pushed by Cisco since it aids in learning the TCP/IP stack in an easier manner.
Physical Layer – They Physical Layer converts data into streams of electric or analog
pulses- commonly referred to as ―1‘s and 0‘s.‖ Data is broke down into simple
electric pulses, and rebuilt at the receiving end.

Data Link Layer – The Data Link layer provides an interface with the network adapter,
and can also perform basic error checking. It also maintains logical links for subnets, so
that subnets can communicate with other parts of the network without problem.

Network Layer – Much like the Transport Layer of the TCP/IP model, the Network Layer
simply supports logical addressing and routing. The IP protocol operates on the Network
Layer.

Transport Layer – Since we left out the error and flow control in the Network Layer, we
introduce it into the Transport Layer. The Transport Layer is responsible for keeping a
reliable end-to-end connection for the network.

Session Layer – The Session Layer establishes sessions between applications on a

network. This may be useful for network monitoring, using a login system, and reporting.
The Session Layer is actually not used a great deal over networks, although it does still
serve good use in streaming video and audio, or web conferencing.

Presentation Layer – The Presentation Layer translates data into a standard format,
while also being able to provide encryption and data compression. Encryption or data
compression does not have to be done at the Presentation Layer, although it is
commonly performed in this layer.

Application Layer – The Application Layer provides a network interface for applications
and supports network applications. This is where many protocols such as FTP, SMTP,
POP3, and many others operate. Telnet can be used at this layer to send a ping request- if it
is successful, it means that each layer of the OSI model should be functioning properly.
NETWORK PLANNING

1. Gathering Requirements
 Every organization has unique needs for which they would require a network.
 There are several factors to consider when gathering requirements:
 Identify the nature and volume of data and how it is used within and
outside the organization.

 Determine how the network will be used and by whom which often
dictates the topology you use.
Location of data with respect to users is also critical here.
 Decide the types of devices for interconnecting computers and sites

 The type and usage level of network resources dictates how many servers you
need and where to place servers.
Selecting a topology
Most new network designs come down to only one choice: How fast should the network be?
This will be guided by the needs identified earlier, in particular the location of sites,
volume of data and nature of existing equipment and consideration for future
expansion.
In most cases the physical topology will almost certainly be a star, and the logical topology
is almost always switching.
Ethernet switches are typically used on a LAN, but you might consider other logical
topologies for reasons such as:
 Use of legacy equipment – such as token ring

 Network size – using hub-based bus topology

 Cost restrictions – using hub instead of switch

 Difficulty to run cables – consider wireless ?

2. Conducting site Survey

 The purpose of a site survey is to understand the nature of the business premises
in terms of how the building, office space and electrical wiring are set up
 It helps answer whether or not the type of network requested can be supported
by the organization of the building.
 It also helps estimate how much material will be required to layout the network.

3. Capacity Planning
 Capacity planning involves trying to determine the amount of network
bandwidth necessary to support an application or a set of applications.
 A number of techniques exist for performing capacity planning, including
linear projection, computer simulation, benchmarking, and analytical
modeling.

i. Linear projection involves predicting one or more network capacities

based on the current network parameters and multiplying by some
constant.
ii. A computer simulation involves modeling an existing system or
proposed system using a computer-based simulation tool.
iii. Benchmarking involves generating system statistics under a controlled
environment and then comparing those statistics against known measurements.

iv. Analytical modeling involves the creation of mathematical equations to

calculate various network values.

4. Creating a Baseline
 Involves the measurement and recording of a network‘s state of
operation over a given period of time.
  A baseline can be used to determine current network performance and to
help determine future network needs.
 Baseline studies should be ongoing projects, and not something started and stopped
every so many years.
To perform a baseline study, you should:

 Collect information on number and type of system nodes, including

workstations, routers, bridges, switches, hubs, and servers.
 Create an up-to-date roadmap of all nodes along with model numbers, serial
numbers and any address information such as IP or Ethernet addresses.
 Collect information on operational protocols used throughout the system.

 List all network applications, including the number, type and utilization level.
 Create a fairly extensive list of statistics to help meet your goals. These
statistics can include average network utilization, peak network utilization,
average frame size, peak frame size, average frames per second, peak frames per
second, total network collisions, network collisions per second, total runts, total
jabbers, total CRC errors, and nodes with highest percentage of utilization.

5. Designing the Network

 A network design must be documented, and network diagram must be kept up
to date.
 Some useful questions to be answered before drawing the diagram:
 How many client computers will be attached?

 How many servers will be attached?

 Will there be a connection to the Internet?

 How will the building‘s physical architecture influence decisions,

such as whether to use a wired or wireless topology, or both?

 Which topology or topologies will you use?

 Network Development Life Cycle(NDLC)
 The NDLC is a model that summarizes the network design process, from initial
problem/needs assessment to implementation.

Analysis

Management Design

Simulation/
Prototyping
Monitoring

Implementation

1. Analyze requirements
 A network cannot very well provide effective solutions to problems that have not been
clearly defined in objective terms.
 To attempt to implement networks before everyone agrees to (buy-in) the exact nature
of the problem to be solved is somewhat akin to hitting a moving target.
 The network will never satisfy all constituencies‘ needs because no one agreed
what those needs were in the first place.
 All network development efforts start with a problem as perceived by someone, be
they management or end-users.
 At some point, management agrees that a problem exists that is worth expending
resources to at least investigate.
 The responsibility for conducting the investigation may be given to in-house
personnel or to an outside consultant or facilitator.
 Interviews with users and technical personnel

 Understand business and technical goals for a new or enhanced system

  Characterize the existing network: logical and physical topology, and
network performance
 Analyze current and future network traffic, including traffic flow and
load, protocol behavior, and QoS requirements

2. Develop the logical design

 An IP network has two very important resources, its IP addresses and the
corresponding naming structure within the network.
 To provide effective communication between hosts or stations in a network, each
station must maintain a unique identity.
 In an IP network this is achieved by the IP address.
 The distribution and management of these addresses is an important consideration in
an IP network design.
 IP addresses are inherently not easy to remember. People find it much easier to
remember names and have these names related to individual machines connected to a
network.
 Even applications rarely refer to hosts by their binary identifiers, in general they use
ASCII strings such as [email protected]. These names must be translated to IP addresses
because the network does not utilize identifiers based on ASCII strings.
 The management of these names and the translation mechanism used must also
be considered by the IP network designer.

3. Develop the physical design

 Specific technologies and products to realize the logical design are selected.
 The investigation into service providers must be completed during this phase.
 Network Layout Diagram

Factors That Affect a Network Design

 Designing a network is more than merely planning to use the latest gadget in the
market.
 A good network design takes into consideration many factors:
1. Size Matters

 At the end of the day, size does matter.

 Designing a LAN for a small office with a few users is different from building one
for a large company with two thousand users.
 In building a small LAN, a flat design is usually used, where all connecting
devices may be connected to each other.
 For a large company, a hierachical approach should be used.
2. Geographies

 The geographical locations of the sites that need to be connected are

important in a network design.
 The decision making process for selecting the right technology and equipment
for remote connections, especially those of cross-country nature, is different
from that for a LAN. The tariffs, local expertise, quality of service from service
providers, are some of the important criteria.
3. Politics

 Politics in the office ultimately decides how a network should be partitioned.

  Department A may not want to share data with department B, while
department C allows only department D to access its data.
 At the network level, requirements such as these are usually done through filtering
at the router so as to direct traffic flow in the correct manner.
 Business and security needs determine how information flows in a network and
the right tool has to be chosen to carry this out.

4. Types of Application

 The types of application deployed determines the bandwidth required.

 While a text-based transaction may require a few kbps of bandwidth, a
multimedia help

IP Addresses and Address Classes

 An IP address is defined in RFC 1166 - Internet Numbers as a 32-bit
number having two parts:
IP address = <network number><host number>

 The first part of the address, the network number,

 is assigned by a regional authority and will vary in its length depending on the
class of addresses to which it belongs.
 The network number part of the IP address is used by the IP protocol to route IP
datagrams throughout TCP/IP networks.
 These networks may be within your enterprise and under your control,
 to some extent, you are free to allocate this part of the address yourself without
prior reference to the Internet authority, but if you do so, you are encouraged to
use the private IP addresses that have been reserved by the Internet Assigned
Number Authority (IANA) for that purpose.
 However if your routing may take you into networks outside of your control, using
for example, the worldwide services, it is imperative that you obtain a unique IP
address from your regional Internet address authority.

 The second part of the IP address, the host number

 Is used to identify the individual host within a network.
 This portion of the address is assigned locally within a network by the
authority that controls that network.
 The length of this number is, as mentioned before, dependent on the class of
the IP address being used and also on whether subnetting is in use.
 The 32 bits that make up the IP address are usually written as four 8-bit decimal
values concatenated with dots (periods).
 This representation is commonly referred to as a dotted decimal notation.

12
  An example of this is the IP address 172.16.3.14. In this example the 172.16 is the
network number and the 3.14 is the host number.
 The split into network number and host number is determined by the class of
the IP address.
 Class A addresses
 Have the first bit set to 0.
 The next 7 bits are used for the network number. This gives a possibility
7
of 128 networks (2 ).
 However, it should be noted that there are two cases, the all bits 0 number
and the all bits 1 number, which have special significance in classes A, B
and C.
 The remaining 24 bits of a Class A address are used for the host number.
 Once again, the two special cases apply to the host number part of an IP
address.
 Each Class A network can therefore have a total of 16,777,214 hosts (224 -
2).
 Class A addresses are assigned only to networks with very large numbers
of hosts (historically, large corporations).
 An example is the 9.0.0.0 network, which is assigned to IBM.
 The Class B address
 is more suited to medium-sized networks.
 The first two bits of the address are predefined as 10.
 The next 14 bits are used for the network number and the remaining 16 bits
identify the host number.
 This gives a possibility of 16,382 networks each containing up to 65,534 hosts.
 The Class C address
 It offers a maximum of 254 hosts per network and is therefore suited to smaller
networks.
 However, with the first three bits of the address predefined to 110, the next 21 bits
provide for a maximum of 2,097,150 such networks.
 The remaining classes of address, D and E, are reserved classes and have a
special meaning.
 Class E addresses are reserved for future use
 Class D addresses are used to address groups of hosts in a limited area.
This function is known as multicasting.

Network Operating Systems

 Any modern Operating System contains built-in software designed to simplify
networking of a computer.
 Typical O/S software includes an implementation of TCP/IP protocol stack and
related utility programs like ping and traceroute.
13
 This includes the necessary device drivers and other software to
automatically enable a device's Ethernet interface.
 Mobile devices also normally provide the programs needed to enable Wi-Fi,
Bluetooth, or other wireless connectivity.

 Network operating systems (NOSs) distribute their functions over a number of

networked computers they add functions that allow access to shared resources by
a number of users concurrently.

 Client systems contain specialized software that allows them to request shared
resources that are controlled by server systems responding to a client request.

 The NOS enhances the reach of the client PC by making remote services
available as extensions of the local native operating system.

 NOSs also support multiple user accounts at the same time and enables
concurrent access to shared resources by multiple clients. A NOS server is a
multitasking system.

14
 Choosing a NOS
The main features to consider when selecting a NOS include:

 Performance

 Management and monitoring tools

 Security

 Scalability

 Robustness/fault tolerance

1. Network Management

 Network management refers to the activities, methods, procedures, and tools that
pertain to the operation, administration, maintenance, and provisioning of
networked systems.
 There exists a wide variety of software and hardware products that help
network system administrators manage a network.
 Network management covers a wide area, including:

Security: Ensuring that the network is protected from unauthorized users.

Performance: Eliminating bottlenecks in the network.

Reliability: Making sure the network is available to users and responding to

hardware and software malfunctions.
 Network management involves keeping an eye on the following:

 Network Operations: keeping the network (and the services that the
network provides) up and running smoothly. It includes monitoring the
network to spot problems as soon as possible, ideally before users are
affected.
 Administration: deals with keeping track of resources in the network and how
they are assigned.
15
  Maintenance: concerned with performing repairs and upgrades.
Maintenance also involves corrective and preventive measures to make the
managed network run.
 Provisioning: is concerned with configuring resources in the network to
support a given service.
We Monitor

 System & Services

o Available, reachable

 Resources

o Expansion planning, maintain availability

 Performance

o Round-trip-time, throughput

 Changes and configurations

o Documentation, revision control, logging

We Keep Track of

 Statistics

o For purposes of accounting and metering

 Faults (Intrusion Detection)

o Detection of issues,

o Troubleshooting issues and tracking their history

16
  Ticketing systems are good at this

 Help Desks are a useful to critical component

Expectations
A network in operation needs to be monitored in order to:

 Deliver projected SLAs (Service Level

Agreements)

 SLAs depend on policy

 What does your management expect?

 What do your users expect?

 What do your customers expect?

 What does the rest of the Internet expect?

Functional Areas of Network Management

The International Organization for Standardization (ISO) Network Management forum
divided network management into five functional areas:
– Fault Management

– Configuration Management

– Security Management

– Performance Management

– Accounting Management

Fault Management
Is the process of locating problems, or faults, on the network

It involves the following steps:

17
 – Discover the problem

– Isolate the problem

– Fix the problem (if possible)

Configuration Management
 The configuration of certain network devices controls the behavior of the
network.
 Configuration management is the process of finding and setting up
(configuring) these critical devices

18
Security Management

 Is the process of controlling access to information on the data network

 Provides a way to monitor access points and records information on a periodic
basis.
 Provides audit trails and sounds alarms for security breaches

Performance Management

Involves measuring the performance of the network hardware, software, and media.
Examples of measured activities are:

– Overall throughput

– Percentage utilization

– Error rates

– Response time

Accounting Management
 Involves tracking individual‘s utilization and grouping of network
resources to ensure that users have sufficient resources

 Involves granting or removing permission for access to the network

19
 Network design models

Hierarchical Models

 Each layer provides necessary functionality to the enterprise campus network.

 You do not need to implement the layers as distinct physical entities.
 You can implement each layer in one or more devices or as cooperating interface
components sharing a common chassis.
 Smaller networks can “collapse” multiple layers to a single device with only an implied
hierarchy. Maintaining an explicit awareness of hierarchy is useful as the network
grows.

1. Core Layer
 The core layer is the network’s high-speed switching backbone that is crucial to corporate
communications.
 It is also referred as the backbone.
 The core layer should have the following characteristics:

20
  Fast transport
 High reliability
 Redundancy
 Fault tolerance
 Low latency and good manageability
 Avoidance of CPU-intensive packet manipulation caused by security, inspection,
quality of service (QoS) classification, or other processes
 Limited and consistent diameter
 Quality of service (QoS

 When a network uses routers, the number of router hops from edge to edge is called
the diameter.
 it is considered good practice to design for a consistent diameter within a hierarchical
network.
 The trip from any end station to another end station across the backbone should have
the same number of hops.
 The distance from any end station to a server on the backbone should also be
consistent.
 Limiting the internetwork’s diameter provides predictable performance and ease of
troubleshooting.
 You can add distribution layer routers and client LANs to the hierarchical
modelwithout increasing the core layer’s diameter. Use of a block implementation
isolates existing end stations from most effects of network growth.

2. Distribution Layer

 The network’s distribution layer is the isolation point between the network’s access
and core layers.
 The distribution layer can have many roles, including implementing the following
functions:

 Policy-based connectivity (for example, ensuring that traffic sent from a

particular network is forwarded out one interface while all other traffic is
forwarded out another interface)
 Redundancy and load balancing
 Aggregation of LAN wiring closets
 Aggregation of WAN connections
 Quality of service (QoS
 Security filtering
 Address or area aggregation or summarization
 Departmental or workgroup access

21
  Broadcast or multicast domain definition
 Routing between virtual LANs (VLANs)
 Media translations (for example, between Ethernet and Token Ring)
 Redistribution between routing domains (for example, between two different
routing protocols)
 Demarcation between static and dynamic routing protocols

 You can use several Cisco IOS Software features to implement policy at the distribution
layer:

 Filtering by source or destination address

 Filtering on input or output ports
 Hiding internal network numbers by route filtering
 Static routing
 QoS mechanisms, such as priority-based queuing

 The distribution layer provides aggregation of routes providing route summarization

to the core.

 In the campus LANs, the distribution layer provides routing between VLANs
that also apply security and Quality of service policies.

3. Access Layer

 The access layer provides user access to local segments on the network.
 The access layer is characterized by switched LAN segments in a campus
environment.
 Micro segmentation using LAN switches provides high bandwidth to workgroups by
reducing the number of devices on Ethernet segments.
 Functions of the access layer include the following:

 Layer 2 switching
 High availability
 Port security
 Broadcast suppression
 QoS classification and marking and trust boundaries
 Rate limiting/policing
 Address Resolution Protocol (ARP) inspection
 Virtual access control lists (VACLs)
 Spanning tree
 Trust classification

22
  Power over Ethernet (PoE) and auxiliary VLANs for VoIP
 Network Access Control (NAC)
 Auxiliary VLANs

 You implement high availability models at the access layer.

 High Availability Network Services” covers availability models.
 The LAN switch in the access layer can control access to the port and limit the rate at
which traffic is sent to and from the port.
 You can implement access by identifying the MAC address using Address Resolution
Protocol (ARP), trusting the host, and using access lists.

Redundancy Model

 Network redundancy is a process through which additional or alternate instances of

network devices, equipment and communication mediums are installed within
network infrastructure.
 It is a method for ensuring network availability in case of a network device or path
failure and unavailability

 Redundant network designs - meet requirements for network availability by

duplicating elements in a network.
 Redundancy attempts to eliminate any single point of failure on the network.
 The goal is to duplicate any required component whose failure could disable critical
applications
 The component could be a core router, a switch, a link between two switches, a
channel service unit (CSU), a power supply, a WAN trunk, Internet connectivity,
and so on.
 To enable business survivability after a disaster and offer performance benefits from
load sharing, some organizations have completely redundant data centers.
 Other organizations try to constrain network operational expenses by using a less-
comprehensive level of redundancy.
 Redundancy can be implemented inside individual campus networks and between
layers of the hierarchical model.
 Implementing redundancy on campus networks can help you meet availability goals for
users accessing local services.
 Redundancy can also be implemented on the edge of the enterprise network to ensure
high availability for Internet, extranet, and virtual private network (VPN) access.

NOTE

23
 Because redundancy is expensive to deploy and maintain, you should implement
redundant topologies with care. Be sure to select a level of redundancy that matches
your customer's requirements for availability and affordability.
 Before you select redundant design solutions, you should first analyze the business
and technical goals of your customer.
 Make sure you can identify critical applications, systems, internetworking devices,
and links.
 Analyze your customer's tolerance for risk and the consequences of not
implementing redundancy.
 Make sure to discuss with your customer the tradeoffs of redundancy versus low
cost, and simplicity versus complexity.
 Redundancy adds complexity to the network topology and to network addressing
and routing.

Secure Models

 When we send our data from source side to destination side we have to use some transfer
method like the internet or any other communication channel by which we are able to
send our message.
 The two parties, who are the principals in this transaction, must cooperate for the
exchange to take place.
 When the transfer of data happened from one source to another source some logical
information channel is established between them by defining a route through the
internet from source to destination and by the cooperative use of communication
protocols (e.g., TCP/IP) by the two principals.
 When we use the protocol for this logical information channel the main aspect
security has come.
 All the technique for providing security have to components:

1. A security-related transformation on the information to be sent.

2. Some secret information shared by the two principals and, it is hoped, unknown to the
opponent.

 A trusted third party may be needed to achieve secure transmission.

 The third party may be responsible for distributing the secret information to the two
principals while keeping it from any opponent.
 A third party may be needed to arbitrate disputes between the two principals
concerning the authenticity of a message transmission.

 This model shows that there are four basic tasks in designing a particular security
service:

24
  Design an algorithm for performing the security-related transformation.
 Generate the secret information to be used with the algorithm.
 Develop methods for the distribution and sharing of secret information.
 Specify a protocol to be used by the two principals that make use of the security
algorithm and the secret information to achieve a particular security service.

 Creation of well thought-out network security model will effectively help you in
realization your network's security.
 The network security model (NSM) is a scheme that reflects the general plan and the
policy of ensuring the network security, and usually includes all or some of the following
seven layers in different modifications according to the specific company's needs:

 Physical layer — involves organization of physical security against the access to the
data on computer devices, this can be access control devices, cameras, alarm.
 VLAN layer — involves creation of Virtual Local Area Networks (VLANs) which
join together common hosts for security purposes.
 ACL layer — supposes creation and maintenance of Access Control Lists (ACLs)
which allow or deny the access between hosts on different networks.
 Software layer — helps to protect the user layer and ensures the software's actuality.
 User layer — involves the user’s training of security on the network.
 Administrative layer — supposes the training of administrative users.
 IT department layer — this layer is the most important for network security, it contains
all network security professionals and support specialists, network technicians and
architects, which organize and maintain the work of the network and hosts.

LAN technologies

Ethernet
 Ethernet is a widely deployed LAN technology.
 Ethernet shares media.
25
 Network which uses shared media has high probability of data collision.
 Ethernet uses Carrier Sense Multi Access/Collision Detection (CSMA/CD)
technology to detect collisions.
 On the occurrence of collision in Ethernet, all its hosts roll back, wait for some
random amount of time, and then re-transmit the data.
 Ethernet connector is network interface card equipped with 48-bits MAC address.
 This helps other Ethernet devices to identify and communicate with remote devices in
Ethernet.
 Traditional Ethernet uses 10BASE-T specifications. The number 10 depicts 10MBPS
speed, BASE stands for baseband, and T stands for Thick Ethernet.
 10BASE-T Ethernet provides transmission speed up to 10MBPS and uses coaxial
cable or Cat-5 twisted pair cable with RJ-5 connector.
 Ethernet follows Star topology with segment length up to 100 meters.
 All devices are connected to a hub/switch in a star fashion.

Fast-Ethernet
 To encompass need of fast emerging software and hardware technologies, Ethernet
extends itself as Fast-Ethernet.
 It can run on UTP, Optical Fiber, and wirelessly too.
 It can provide speed up to 100MBPS.
 This standard is named as 100BASE-T in IEEE 803.2 using Cat-5 twisted pair cable.
 It uses CSMA/CD technique for wired media sharing among the Ethernet hosts and
CSMA/CA (CA stands for Collision Avoidance) technique for wireless Ethernet LAN.

 Fast Ethernet on fiber is defined under 100BASE-FX standard which provides speed up
to 100MBPS on fiber.

 Ethernet over fiber can be extended up to 100 meters in half-duplex mode and can
reach maximum of 2000 meters in full-duplex over multimode fibers.

26
 6. Giga-Ethernet
 Fast-Ethernet retained its high speed status only for three years till Giga-Ethernet
introduced.
 Giga-Ethernet provides speed up to 1000 mega bits/seconds.
 IEEE802.3ab standardizes Giga-Ethernet over UTP using Cat-5, Cat-5e and Cat-6
cables.
 IEEE802.3ah defines Giga-Ethernet over Fiber

7. Virtual LAN

 LAN uses Ethernet which in turn works on shared media.

 Shared media in Ethernet create one single Broadcast domain and one single Collision
domain.
 Introduction of switches to Ethernet has removed single collision domain issue and each
device connected to switch works in its separate collision domain.
 But even Switches cannot divide a network into separate Broadcast domains.

 Virtual LAN is a solution to divide a single Broadcast domain into multiple Broadcast
domains.

 Host in one VLAN cannot speak to a host in another. By default, all hosts are placed into
the same VLAN.

27
  In this diagram, different VLANs are depicted in different color codes.
 Hosts in one VLAN, even if connected on the same Switch cannot see or speak to other
hosts in different VLANs. VLAN is Layer-2 technology, which works closely on
Ethernet.
 To route packets between two different VLANs, a Layer-3 device such as Router is
required.

Carrier Sense Multiple Access (CSMA)

 is a network protocol that listens to or senses network signals on the carrier/medium

before transmitting any data.
 CSMA is implemented in Ethernet networks with more than one computer or network
device attached to it.
 CSMA is part of the Media Access Control (MAC) protocol.
 This method was developed to decrease the chances of collisions when two or more
stations start sending their signals over the datalink layer.
 Carrier Sense multiple access requires that each station first check the state of the
medium before sending.

Vulnerable time = Propagation time (Tp)

 CSMA is a network access method used on shared network topologies such as
Ethernet to control access to the network.
 Devices attached to the network cable listen (carrier sense) before transmitting.
 If the channel is in use, devices wait before transmitting.
 MA (Multiple Access) indicates that many devices can connect to and share the same
network.
 All devices have equal access to use the network when it is clear.
 The persistence methods can be applied to help the station take action when the channel
is busy/idle.

28
 Types of CSMA Protocols:

1. Persistent CSMA

 In this method, station that wants to transmit data continuously senses the
channel to check whether the channel is idle or busy.

 If the channel is busy, the station waits until it becomes idle.

 When the station detects an idle-channel, it immediately transmits the frame with
probability 1. Hence it is called I-persistent CSMA.

 This method has the highest chance of collision because two or more stations may
find channel to be idle at the same time and transmit their frames.

 When the collision occurs, the stations wait a random amount of time and start all
over again.

Advantages:

 Due to carrier sense property 1-persistent CSMA gives better performance than the
ALOHA systems.

Disadvantages:

 Propagation Delay

2. Non-Persistent CSMA

 In this scheme, if a station wants to transmit a frame and it finds that the channel is
busy (some other station is transmitting) then it will wait for fixed interval of time.
 After this time, it again checks the status of the channel and if the channel is free it
will transmit.
 A station that has a frame to send senses the channel.

 If the channel is idle, it sends immediately.

29
  If the channel is busy, it waits a random amount of time and then senses the
channel again.

 In non-persistent CSMA the station does not continuously sense the channel for the
purpose of capturing it when it detects the end of previous transmission.

Advantages:

 It reduces the chance of collision and leads to better channel utilization,

Disadvantages:

 It reduces the efficiency of network because the channel remains idle and it
leads to longer delays than 1-persistent CSMA.

3. P-Persistent CSMA

 Used for slotted channels.

 When a station becomes ready to send, it senses the channel.
 In this method after the station finds the line idle, it may or may not send.
 If a station senses an idle channel it transmits with a probability p and refrains from
sending by probability (1-p).

4. CSMA/CD

 Ethernet sends data using CSMA/CD (CSMA with Collision Detection).

 CSMA was an improvement over ALOHA as the channel was sensed before
transmission begins.
 Now a further improvised CSMA, in the form of CSMA/CD has been brought about.
 In this stations abort their transmission as soon as they detect a collision.

Working:

 If two stations sense the channel to be idle they begin transmitting simultaneously
and cause a collision.
 A collision is indicated by a high voltage.

 Both the stations monitor the channel for a collision and stop transmitting as soon
as a collision is detected.
30
  Now the stations wait for a random amount of time and check if channel is free.

 The process continues.

5. Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)

–
 The basic idea behind CSMA/CA is that the station should be able to receive while
transmitting to detect a collision from different stations.
 In wired networks, if a collision has occurred then the energy of received signal
almost doubles and the station can sense the possibility of collision.
 In case of wireless networks, most of the energy is used for transmission and the
energy of received signal increases by only 5-10% if collision occurs.
 It can’t be used by station to sense collision.
 CSMA/CA has been specially designed for wireless networks.
 These are three type of strategies:
1. InterFrame Space (IFS) – When a station finds the channel busy, it waits for a period
of time called IFS time. IFS can also be used to define the priority of a station or a
frame. Higher the IFS lower is the priority.
2. Contention Window – It is the amount of time divided into slots.A station which is
ready to send frames chooses random number of slots as wait time.
3. Acknowledgements – The positive acknowledgements and time-out timer can help
guarantee a successful transmission of the frame.

How CSMA/CA works

 On a network that uses the CSMA/CA access method, when a computer has data to
transmit, its NIC first checks the cable to determine if there is already data on the
wire.
 So far, the process is identical to CSMA/CD. However, if the NIC senses that the
cable is not in use, it still does not send its data packet. Instead, it sends a signal of
intent--indicating that it is about to transmit data out onto the cable.
 CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance) is the channel access
mechanism used by most wireless LANs in the ISM bands.
 A channel access mechanism is the part of the protocol which specifies how the node
uses the medium .
 Wireless LAN cannot implement CSMA/CD for three reasons
 Station must be able to send and receive data at the same time.
 Collision may not be detected because of the hidden terminal problem.
 Distance between stations in wireless LANs can be great. Signal fading could
prevent a station at one end from hearing a collision at other end.
31
 Note
 CSMA/CA) access method as the name indicates has several characteristics in common
with CSMA/CD. The difference is in the last of the three components: Instead of
detecting data collisions, the CSMA/CA method attempts to avoid them altogether.

Designing and managing Network Security

Network security

Focuses on protecting the underlying network infrastructure.

It is typically a combination of both hardware and software measures that protects against
the following:

 Unauthorized Access: this measure ensures that only those with authorization gain access
to the network. An example is the credentials you must enter when logging into your
computer network.

32
  Malicious Use: this measure manifests itself in a number of ways. The most common is
that high value network resources are locked away from public access. An example is
your company's computer room.
 Faults: this measure is concerned with detecting and preventing potential issues when and
before they occur. An example is the temperature sensors in the computers and devices
that supply information on the operational state.
 Tampering: this measure monitors when devices are accessed, or when cases are opened
to determine when something might have happened that shouldn't. An example is when
credentials are used for access to the resource.
 Destruction: this measure is similar to malicious use, and works primarily in a
preventative capacity. An example is the company's computer room, as mentioned above.
 Disclosure: this measure focuses on keeping the particulars of the network secret, so that
exploits cannot be easily developed. An example is keeping the specifications under lock
and key so that only those that need to know the particulars have access to them.

Network Security Design

Is the process of designing a network so that it includes measures that prevent the problems
mentioned in the previous sections.

Developing Network Security Strategies

 Developing security strategies that can protect all parts of a complicated network
while having a limited effect on ease of use and performance is one of the most
important and difficult tasks related to network design.
 Security design is challenged by the complexity and absorbent nature of modern
networks that include public servers for electronic commerce, extranet connections for
business partners, and remote-access services for users reaching the network from home,
customer sites, hotel rooms, Internet cafes, and so on.
 To help you handle the difficulties inherent in designing network security for complex
networks, one needs to focus on planning and policy development before the selection of
security products.
 Security should be considered during many steps of network design process.
 The following steps will help you effectively plan and execute a security strategy

1. Identifying Network Assets

 Identifying network assets and the risk that those assets could be sabotaged or
inappropriately accessed.
 It also involves analyzing the consequences of risks.

33
  Network assets can include network hosts (hosts' operating systems, applications, and
data), internetworking devices (such as routers and switches), and network data that
traverses the network.
 Network assets may also include intellectual property, trade secrets, and a company's
reputation.

2. Analyzing Security Risks

 Risks can range from hostile intruders to untrained users who download Internet
applications that have viruses.
 Hostile intruders can steal data, change data, and cause service to be denied to
legitimate users.
 Denial-of-service (DoS) attacks have become increasingly common to day.

3. Analyzing Security Requirements and Tradeoffs

 Although many customers have more specific goals, in general, security requirements
boil down to the need to protect the following assets:

 The confidentiality of data, so that only authorized users can view sensitive information
 The integrity of data, so that only authorized users can change sensitive information
 System and data availability, so that users have uninterrupted access to important
computing resources

 As is the case with most technical design requirements, achieving security goals
means making tradeoffs.
 Tradeoffs must be made between security goals and goals for affordability,
usability, performance, and availability.
 Also, security adds to the amount of management work because user login IDs,
passwords, and audit logs must be maintained.
 Security also affects network performance. Security features such as packet filters
and data encryption consume CPU power and memory on hosts, routers, and
servers.
Example : Encryption can use upward of 15 percent of available CPU power on a router
or server. Encryption can be implemented on dedicated appliances instead of on shared
routers or servers, but there is still an effect on network performance because of the
delay that packets experience while they are being encrypted or decrypted.
 Another tradeoff is that security can reduce network redundancy. If all traffic must go
through an encryption device, for example, the device becomes a single point of
failure. This makes it hard to meet availability goals.

34
  Security can also make it harder to offer load balancing. Some security mechanisms
require traffic to always take the same path so that security mechanisms can be
applied uniformly. For example, a mechanism that randomizes TCP sequence numbers
(so that hackers can't guess the numbers) won't work if some TCP segments for a session
take a path that bypasses the randomizing function due to load balancing.

4. Developing a Security Plan

 One of the first steps in security design is developing a security plan.

 A security plan is a high-level document that proposes what an organization is going
to do to meet security requirements.
 The plan specifies the time, people, and other resources that will be required to
develop a security policy and achieve technical implementation of the policy.
 As the network designer, you can help your customer develop a plan that is practical
and pertinent.
 The plan should be based on the customer's goals and the analysis of network assets
and risks.
 A security plan should reference the network topology and include a list of network
services that will be provided (for example, FTP, web, email, and so on). This list
should specify who provides the services, who has access to the services, how access is
provided, and who administers the services.
 As the network designer, you can help the customer evaluate which services are
definitely needed, based on the customer's business and technical goals.
 Sometimes new services are added unnecessarily, simply because they are the latest
trend.
 Adding services might require new packet filters on routers and firewalls to protect
the services, or additional user-authentication processes to limit access to the
services, adding complexity to the security strategy.
 Overly complex security strategies should be avoided because they can be self-
defeating. Complicated security strategies are hard to implement correctly without
introducing unexpected security holes.
 One of the most important aspects of the security plan is a specification of the people
who must be involved in implementing network security:

 Will specialized security administrators be hired?

 How will end users and their managers get involved?
 How will end users, managers, and technical staff be trained on security policies and
procedures?

 For a security plan to be useful, it needs to have the support of all levels of employees
within the organization. It is especially important that corporate management fully

35
 support the security plan. Technical staff at headquarters and remote sites should buy into
the plan, as should end users.

5. Developing a Security Policy

 A security policy is a formal statement of the rules by which people who are given
access to an organization's technology and information assets must abide.
 A security policy informs users, managers, and technical staff of their obligations for
protecting technology and information assets.
 The policy should specify the mechanisms by which these obligations can be met.
 As was the case with the security plan, the security policy should have buy-in from
employees, managers, executives, and technical personnel.
 Developing a security policy is the job of senior management, with help from
security and network administrators. The administrators get input from managers,
users, network designers and engineers, and possibly legal counsel. As a network
designer, you should work closely with the security administrators to understand how
policies might affect the network design.
 After a security policy has been developed, with the engagement of users, staff, and
management, it should be explained to all by top management. Many enterprises
require personnel to sign a statement indicating that they have read, understood, and
agreed to abide by a policy.
 A security policy is a living document. Because organizations constantly change,
security policies should be regularly updated to reflect new business directions and
technological shifts. Risks change over time also and affect the security policy.

Components of a Security Policy

In general, a policy should include at least the following items:

 An access policy that defines access rights and privileges. The access policy should
provide guidelines for connecting external networks, connecting devices to a network,
and adding new software to systems. An access policy might also address how data is
categorized (for example, confidential, internal, and top secret).
 An accountability policy that defines the responsibilities of users, operations staff,
and management. The accountability policy should specify an audit capability and
provide incident-handling guidelines that specify what to do and whom to contact if a
possible intrusion is detected.
 An authentication policy that establishes trust through an effective password policy and
sets up guidelines for remote-location authentication.
 A privacy policy that defines reasonable expectations of privacy regarding the monitoring
of electronic mail, logging of keystrokes, and access to users' files.

36
  Computer-technology purchasing guidelines that specify the requirements for acquiring,
configuring, and auditing computer systems and networks for compliance with the policy.

6. Developing Security Procedures

 Security procedures implement security policies.

 Procedures define configuration, login, audit, and maintenance processes.
 Security procedures should be written for end users, network administrators, and
security administrators.
 Security procedures should specify how to handle incidents (that is, what to do and who
to contact if an intrusion is detected).
 Security procedures can be communicated to users and administrators in instructor-
led and self-paced training classes.

7. Maintaining Security

 Security must be maintained by scheduling periodic independent audits, reading

audit logs, responding to incidents, reading current literature and agency alerts,
performing security testing, training security administrators, and updating the
security plan and policy.
 Network security should be a perpetual process.
 Risks change over time, and so should security.
 Cisco security experts use the term security wheel to illustrate that implementing,
monitoring, testing, and improving security is a never-ending process.
 Many overworked security engineers might relate to the wheel concept.
 Continually updating security mechanisms to keep up with the latest attacks can
Asometimes make an administrator feel a bit like a hamster on a training wheel.

Network management system (NMS)

 is an application or set of applications that lets network engineers manage a
network's independent components inside a bigger network management
framework and performs several key functions.

37
  An NMS identifies, configures, monitors, updates and troubleshoots network devices
both wired and wireless in an enterprise network.
 A system management control application then displays the performance data
collected from each network component, allowing network engineers to make
changes as needed.
 Network engineers use a network management system to handle a variety of
operations, among them:

 Monitor performance: By collecting operating metrics through a series of physical taps,

software agents or Simple Network Management Protocol interfaces, an NMS can
provide the visibility necessary to determine if network elements are operating correctly.
 Detect devices: A network management system is used to detect devices on the network
and to ensure the devices are recognized and configured correctly.
 Analyze performance: An NMS is used to track performance data indicators, including
bandwidth utilization, packet loss, latency, availability and uptime of routers, switches
and other network components.
 Enable notifications: In the event of a system disruption, an NMS will proactively alert
administrators about any performance issues.

Network Management tools, systems and

applications
New software, tools and utilities are being launched almost every year to compete in an ever changing marketplace
of IT monitoring and server monitoring.Network Monitoring Tools and Software

 Latest Tools & Software to ensure your network is continuously tracked and monitored at all times of
the day to ensure the highest up-times possible.
 Most of them have free Downloads or Trials to get you started for 15 to 30 days to ensure it meets your
requirements.
1. SolarWinds Network Performance Monitor
 is easy to setup and can be ready in no time.
 The tool automatically discovers network devices and deploys within an hour.
 Its simple approach to oversee an entire network makes it one of the easiest to use and most
intuitive user interfaces.
 The product is highly customizable and the interface is easy to manage and change very quickly.

 You can customize the web-based performance dashboards, charts, and views. You
can design a tailored topology for your entire network infrastructure.
 You can also create customized dependency-aware intelligent alerts and much more.

2. PRTG Network Monitor software

 is commonly known for its advanced infrastructure management capabilities.
 All devices, systems, traffic, and applications in your network can be easily
displayed in a hierarchical view that summarizes performance and alerts.
 PRTG monitors IT infrastructure using technology such as SNMP, Flows/Packet
Sniffing, HTTP requests, REST APIs, Pings, SQL and a lot more.

38
  It is one of the best choices for organizations with low experience in network
monitoring.
 The user interface is really powerful and very easy to use.
 A very particular feature of PRTG is its ability to monitor devices in the
datacenter with a mobile app.
 A QR code that corresponds to the sensor is printed out and attached to the physical
hardware. The mobile app is used to scan the code and a summary of the device is
displayed on the mobile screen.
 PRTG has a very flexible pricing plan

3. ManageEngine OpManager

 is an infrastructure management, network monitoring and Application

Performance Management “APM” (with APM plug-in) software.
 The product is well balanced when it comes to monitoring and analysis features.
 The solution can manage your network, servers, network configuration and fault
& performance;
 It can also analyze your network traffic.
 To run Manage Engine OpManager, it must be installed on-premises.
 A highlight of this product is that it comes with pre-configured network monitor
device templates. These contain pre-defined monitoring parameters and intervals
for specific device types.

4. WhatsUp Gold (WUG)

 is a network monitoring software from Ipswitch.

 It is one of the easiest to use and highly configurable tools in the market.
 The dashboards are user-friendly and visually attractive.
 For daily IT management, WhatsUp Gold is a price/feature balanced network
monitoring tool.
 It is also completely customizable.
 Dashboards can be customized to display your IT infrastructure and alerts to
fit your requirements.

5. Zabbix

 is an open source monitoring tool.

 It is popular for its easy-to-use and pleasing Web GUI that is fully
configurable.
 Zabbix focuses on monitoring and trending functionality.
 This software is frequently used for monitoring servers and network
hardware.
 One of the highlights of Zabbix is that it can predict trends in your traffic.
 Zabbix can forecast future behavior based on historical data.

39
 Network management application (NMA)
 is the software that sits on the network management station (NMS) and retrieves data from
management agents (MAs) for the purpose of monitoring and controlling various devices on the
network.
 It is defined by the ISO/OSI network management model and its subset of protocols, namely Simple
Network Management Protocol (SNMP) and Common Management Information Protocol (CMIP)

 NMS software can be installed either on premises on a dedicated server and

managed on site, or accessed as a service, where the vendor supplies the tools the
enterprise uses to administer and monitor its network.
 NMS software is enabling interoperability as enterprises use network management
systems tools to control and add features across a wider variety of devices.

40