Day 31. Networking Models, Devices, and Components

• Compare and contrast OSI and TCP/IP models
• Compare and contrast TCP and UDP protocols
• Describe the impact of infrastructure components in an enterprise network
• Compare and contrast collapsed core and three-tier architectures
• Compare and contrast network topologies
• Select the appropriate cabling type based on implementation requirements

The OSI model principally serves as a tool for explaining networking concepts and troubleshooting. However, the protocols of the TCP/IP suite are the rules by which networks now operate. Because both models are important, you should be well versed in each model’s layers and know how the models map to each other. Figure 31-1 summarizes the two models.

Using two models can be confusing; however, these simple guidelines might help:

• When discussing layers of a model, we are usually referring to the OSI model.
• When discussing protocols, we are usually referring to the TCP/IP model.

The next sections quickly review the OSI layers and the TCP/IP protocols.

The following mnemonic phrase, in which the first letter represents the layer (A stands for Application), can help in memorizing the name and order of the layers from top to bottom:

All People Seem To Need Data Processing

Table 31-2 summarizes the TCP/IP layers, their functions, and the most common protocols.

In the coming days, we review these protocols in more detail. For now, a brief description of the main TCP/IP protocols follows:

• Domain Name System (DNS): Provides the IP address of a website or domain name so that a host can connect to it
• Telnet: Enables administrators to log in to a host from a remote location
• Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP3), and Internet Message Access Protocol (IMAP): Facilitates sending email messages between clients and servers
• Dynamic Host Configuration Protocol (DHCP): Assigns IP addressing to requesting clients
• Hypertext Transfer Protocol (HTTP): Transfers information between web clients and web servers
• File Transfer Protocol (FTP): Facilitates the download and upload of files between an FTP client and FTP server
• Simple Network Management Protocol (SNMP): Enables network management systems to monitor devices attached to the network
• Transmission Control Protocol (TCP): Supports virtual connections between hosts on the network to provide reliable delivery of data
• User Datagram Protocol (UDP): Supports faster, unreliable delivery of lightweight or time-sensitive data
• Internet Protocol (IP): Provides a unique global address to computers for communicating over the network
• Address Resolution Protocol (ARP): Finds a host’s hardware address when only the IP address is known
• Internet Control Message Protocol (ICMP): Sends error and control messages, including reachability to another host and availability of services
• Ethernet: Serves as the most popular LAN standard for framing and preparing data for transmission onto the media

The following steps summarize the communication process from any source to any destination:

1. Data is created at the application layer of the originating source device.

2. As the data passes down the protocol stack in the source device, it is segmented and encapsulated.

3. The data is generated onto the media at the network access layer of the stack.

4. The data is transported through the internetwork, which consists of media and any intermediary devices.

5. The destination device receives the data at the network access layer.

6. As the data passes up the stack in the destination device, it is decapsulated and reassembled.

7. The data is passed to the destination application at the application layer of the destination device.

1. An HTTP request is sent, including an instruction to “get” a file (which is often a website’s home page).

2. An HTTP response is sent from the web server with a code in the header, usually either 200 (request succeeded and information is returned in response) or 404 (page not found).

The HTTP request and the HTTP response are encapsulated in headers. The content of the headers allows the application layers on each end device to communicate. Regardless of the application layer protocol (HTTP, FTP, DNS, and so on), all use the same general process for communicating between application layers on the end devices.

1. The web client sends an HTTP request for a specific web server down to the transport layer.

2. TCP encapsulates the HTTP request with a TCP header and includes the destination port number for HTTP.

3. Lower layers process and send the request to the web server.

4. The web server receives HTTP requests and sends a TCP acknowledgment back to the requesting web client.

5. The web server sends the HTTP response down to the transport layer.

6. TCP encapsulates the HTTP data with a TCP header.

7. Lower layers process and send the response to the requesting web client.

8. The requesting web client sends an acknowledgment back to the web server.

If data is lost at any point during this process, TCP must recover the data. HTTP at the application layer does not get involved in error recovery.

In addition to TCP, the transport layer provides UDP, a connectionless, unreliable protocol for sending data that does not require or need error recovery. Table 31-4 lists the main features that the transport protocols support. Both TCP and UDP support the first function; only TCP supports the rest.

TCP and UDP usually dynamically assign the source ports, starting at 1024 up to a maximum of 65535. Port numbers below 1024 are reserved for well-known applications. Table 31-5 lists several popular applications and their well-known port numbers.

In Figure 31-3, the Acknowledgment field sent by the web client (4000) implies the next byte to be received; this is called positive acknowledgment.

Figure 31-4 depicts the same scenario, except now with some errors. The second TCP segment was lost in transmission. Therefore, the web client replies with an ACK field set to 2000. This is called a positive acknowledgment with retransmission (PAR) because the web client is requesting that some of the data be retransmitted. The web server will now resend data starting at segment 2000. In this way, lost data is recovered.

Although not shown, the web server also sets a retransmission timer and awaits acknowledgment, just in case the acknowledgment is lost or all transmitted segments are lost. If that timer expires, the web server sends all segments again.

In the figure, DPORT and SPORT are the destination and source ports. SEQ is the sequence number. In bold are SYN and ACK, with each representing a 1-bit flag in the TCP header used to signal connection establishment. TCP initializes the Sequence Number and Acknowledgment Number fields to any number that fits into the 4-byte fields. The initial Sequence Number is a random 32-bit number generated with each new transmission. The Acknowledgment Number is received back and increments the sender’s sequence number by 1.

When data transfer is complete, a four-way termination sequence occurs that uses an additional flag, called the FIN bit (see Figure 31-6).

1. The web client sends an HTTP request.

2. TCP encapsulates the HTTP request.

3. IP encapsulates the transport segment into a packet, adding source and destination addresses.

4. Lower layers process and send the request to the web server.

5. The web server receives HTTP requests and sends a TCP acknowledgment back to the requesting web client.

6. The web server sends the HTTP response down to the transport layer.

7. TCP encapsulates the HTTP data.

8. IP encapsulates the transport segment into a packet, adding source and destination addresses.

9. Lower layers process and send the response to the requesting web client.

10. The requesting web client sends an acknowledgment back to the web server.

The operation of IP includes not only addressing, but also the process of routing the data from source to destination. IP is further discussed and reviewed in the upcoming days.

The network access layer includes many protocols to deal with the different types of media that data can cross on its way from source device to destination device. For example, data might need to travel first on an Ethernet link and then cross a Point-to-Point (PPP) link, then a Frame Relay link, then a Multiprotocol Label Switching (MPLS) link, and then finally an Ethernet link to reach the destination. At each transition from one media type to another, the network access layer provides the protocols, cabling standards, headers, and trailers to send data across the physical network.

Many times, a local link address is needed to transfer data from one hop to the next. For example, in an Ethernet LAN, Media Access Control (MAC) addresses are used between the sending device and its local gateway router. At the gateway router (depending on the needs of the outbound interface), the Ethernet header might be replaced with an MPLS label. The label serves the same purpose as MAC addresses in Ethernet: to get the data across the link from one hop to the next so that the data can continue its journey to the destination. Some protocols, such as PPP, do not need a link address because only one other device on the link can receive the data.

With the network access layer, we can now finalize our web page example. The following greatly simplifies and summarizes the process of requesting and sending a web page:

1. The web client sends an HTTP request.

2. TCP encapsulates the HTTP request.

3. IP encapsulates the transport segment into a packet, adding source and destination addresses.

4. The network access layer encapsulates the packet in a frame, addressing it for the local link.

5. The network access layer sends the frame as bits on the media.

6. Intermediary devices process the bits at the network access and Internet layers and then forward the data toward the destination.

7. The web server receives the bits on the physical interface and sends them up through the network access and Internet layers.

8. The web server sends a TCP acknowledgment back to the requesting web client.

9. The web server sends the HTTP response down to the transport layer.

10. TCP encapsulates the HTTP data.

11. IP encapsulates the transport segment into a packet, adding source and destination addresses.

12. The network access layer encapsulates the packet in a frame, addressing it for the local link.

13. The network access layer sends the frame as bits on the media.

14. Lower layers process and send the response to the requesting web client.

15. The response travels back to the source over multiple data links.

16. The requesting web client receives the response on the physical interface and sends the data up through the network access and Internet layers.

17. The requesting web client sends a TCP acknowledgment back to the web server.

18. The web page is displayed in the requesting device’s browser.

Step 1. Create and encapsulate the application data with any required application layer headers. For example, the HTTP OK message can be returned in an HTTP header, followed by part of the contents of a web page.

Step 2. Encapsulate the data supplied by the application layer inside a transport layer header. For end-user applications, a TCP or UDP header is typically used.

Step 3. Encapsulate the data supplied by the transport layer inside an Internet layer (IP) header. IP is the only protocol available in the TCP/IP network model at the Internet layer.

Step 4. Encapsulate the data supplied by the Internet layer inside a network access layer header and trailer. This is the only layer that uses both a header and a trailer.

Step 5. Transmit the bits. The physical layer encodes a signal onto the medium to transmit the frame.

The numbers in Figure 31-8 correspond to the five steps in the list, graphically showing the same encapsulation process.

• Hubs were typically chosen as an intermediary device within a very small LAN, in which bandwidth usage was not an issue or cost limitations were a factor. In today’s networks, switches have replaced hubs.
• Switches replaced hubs as the local-area network (LAN) intermediary device because a switch can segment collision domains and provide enhanced security.

• Cost: The cost is determined by the number and type of ports, network management capabilities, embedded security technologies, and optional advanced switching technologies.
• Interface characteristics: The number of ports must be sufficient both for now and for future expansion. Other characteristics include uplink speeds, a mixture of UTP and fiber, and modularity.
• Hierarchical network layer: Switches at the access layer have different requirements than switches at the distribution or core layers.

• Port security
• VLANs
• Fast Ethernet/Gigabit Ethernet
• Power over Ethernet (PoE)
• Link aggregation
• Quality of service (QoS)

• Layer 3 support
• High forwarding rate
• Gigabit Ethernet/10 Gigabit Ethernet
• Redundant components
• Security policies/access control lists
• Link aggregation
• QoS

• Layer 3 support
• Very high forwarding rate
• Gigabit Ethernet/10 Gigabit Ethernet
• Redundant components
• Link aggregation
• QoS

• Expandability: Provides flexibility to add new modules as needs change.
• Media: Determines the type of interfaces the router needs to support the various network connections.
• Operating system features: Determines the version of IOS loaded on the router. Different IOS versions support different feature sets. Features to consider include security, QoS, VoIP, routing complexity, and other services.

Figure 31-9 shows a Cisco 1941 router, which provides the following connections:

• Console ports: Two console ports for the initial configuration, using a regular RJ-45 port and a new USB Type-B (mini-B USB) connector
• AUX port: An RJ-45 port for remote management access
• LAN interfaces: Two Gigabit Ethernet interfaces for LAN access
• Enhanced high-speed WAN interface card (eHWIC) slots: Two slots that support different types of interface modules, including serial, digital subscriber line (DSL), switch port, and wireless

Figure 31-9 also shows two 4GB compact flash slots to provide increased storage space.

Organizations implement software firewalls through a network operating system (NOS) such as Linux/UNIX, Windows servers, and Mac OS X servers. The firewall is configured on the server to allow or block certain types of network traffic. Hardware firewalls are often dedicated network devices that can be implemented with little configuration.

Figure 31-10 shows a basic stateful firewall.

A stateful firewall allows traffic to originate from an inside, trusted network and go out to an untrusted network, such as the Internet. The firewall allows return traffic that comes back from the untrusted network to the trusted network. However, the firewall blocks traffic that originates from an untrusted network.

An IDS is a passive detection system. It can detect the presence of an attack, log the information, and send an alert.

An IPS has the same functionality as an IDS, but additionally, an IPS is an active device that continually scans the network, looking for inappropriate activity. It can shut down any potential threats. The IPS looks for any known signatures of common attacks and automatically tries to prevent those attacks.

In small networks, APs are typically used when a router is already providing Layer 3 services, as in Figure 31-12.

An AP has an Ethernet port that enables it to be connected to a switch port. In a home or small office network, an AP can simply be another wireless router with all the Layer 3 services turned off. You simply connect one of the AP’s switch ports to the one of the switch ports on the wireless router.

APs are also used when the coverage area of an existing WLAN needs to be extended. In larger networks, a wireless LAN controller (WLC) is typically used to manage multiple APs, as in Figure 31-13.

WLCs can use the older Lightweight Access Point Protocol (LWAPP) or the more current Control and Provisioning of Wireless Access Points (CAPWAP). Using a WLC, VLAN pooling can be used to assign IP addresses to wireless clients from a pool of IP subnets and their associated VLANs.

• Copper cable: The signals are patterns of electrical pulses.
• Fiber-optic cable: The signals are patterns of light.
• Wireless: The signals are patterns of microwave transmissions.

Messages are encoded and then placed onto the media. Encoding is the process of converting data into patterns of electrical, light, or electromagnetic energy so that it can be carried on the media.

Table 31-6 summarizes the three most common networking media in use today.

Each media type has its advantages and disadvantages. When choosing the media, consider each of the following:

• Cable length: Does the cable need to span a room or run from building to building?
• Cost: Does the budget allow for using a more expensive media type?
• Bandwidth: Does the technology used with the media provide adequate bandwidth?
• Ease of installation: Does the implementation team have the capability to install the cable, or is a vendor required?
• Susceptible to EMI/RFI: Will the local environment interfere with the signal?

Table 31-7 summarizes the media standards for LAN cabling.

Connecting devices in a LAN is usually done with unshielded twisted-pair (UTP) cabling. Although many newer devices have an automatic crossover feature that enables you to connect either a straight-through or a crossover cable, you still need to know the following basic rules:

Use straight-through cables for the following connections:

• Switch to router Ethernet port
• Computer to switch
• Computer to hub

Use crossover cables for the following connections:

• Switch to switch
• Switch to hub
• Hub to hub
• Router to router (Ethernet ports)
• Computer to computer
• Computer to router Ethernet port

• Computers
• Interconnections (NICs and the media)
• Networking devices (hubs, switches, and routers)
• Protocols (Ethernet, IP, ARP, DHCP, DNS, and so on)

A wide-area network (WAN) generally connects LANs that are geographically separated. A collection of LANs connected by one or more WANs is called an internetwork—thus, we have the Internet. The term intranet is often used to refer to a privately owned connection of LANs and WANs.

Depending on the type of service, connecting to the WAN normally works in one of four ways:

• RJ-11 connection to a dialup or DSL modem
• Cable coaxial connection to a cable modem
• 60-pin serial connection to a CSU/DSU
• RJ-45 T1 controller connection to a CSU/DSU

With the growing number of teleworkers, enterprises have an increasing need for secure, reliable, and cost-effective ways to connect people working in small offices or home offices (SOHO) or other remote locations to resources on corporate sites. Remote connection technologies to support teleworkers include the following:

• Traditional private WAN technologies, including Frame Relay, ATM, and leased lines
• IPsec virtual private networks (VPN)
• Remote secure VPN access through a broadband connection over the public Internet

Components needed for teleworker connectivity include the following:

• Home office components: Computer, broadband access (cable or DSL), and a VPN router or VPN client software installed on the computer
• Corporate components: VPN-capable routers, VPN concentrators, multifunction security appliances, authentication, and central management devices for resilient aggregation and termination of the VPN connections

Physical topologies refer to the physical layout of devices and how they are cabled. Seven basic physical topologies exist (see Figure 31-16).

Logical topologies refer to the way that a signal travels from one point on the network to another and are largely determined by the access method—deterministic or nondeterministic. Ethernet is a nondeterministic access method. Logically, Ethernet operates as a bus topology. However, Ethernet networks are almost always physically designed as a star or extended star.

Other access methods use a deterministic access method. Token Ring and Fiber Distributed Data Interface (FDDI) both logically operate as a ring, passing data from one station to the next. Although these networks can be designed as a physical ring, like Ethernet, they are often designed as a star or extended star. Logically, however they operate like a ring.

• Access layer: Provides local and remote user access
• Distribution layer: Controls the flow of data between the access and core layers
• Core layer: Acts as the high-speed redundant backbone

Figure 31-17 shows an example of the three-tiered hierarchical campus network design.

For smaller networks, the core is often collapsed into the distribution layer for a two-tiered design, as in Figure 31-18.

A two-tier design solves two major design needs:

• Provides a place to connect end-user devices (the access layer, with access switches)
• Connects the switches with a reasonable number of cables and switch ports by connecting all 40 access switches to two distribution switches

For very small networks and home networks, all three tiers can be seen in one device, such as the wireless broadband router shown earlier in Figure 31-14.