OSI Model (PDFDrive)

Revised Edition: 2016
ISBN 978-1-283-50437-9
© All rights reserved.
Published by:
White Word Publications
48 West 48 Street, Suite 1116,
New York, NY 10036, United States
Email: [email protected]
Table of Contents
Chapter 1 - Computer Network
Chapter 2 - Computer Networking
Chapter 3 - OSI Model
Chapter 4 - Physical Layer
Chapter 5 - Data Link Layer
WT
Chapter 6 - Transport Layer
Chapter 7 - Session Layer, Application Layer & Presentation Layer
Chapter 8 - Spanning Tree Protocol
Chapter 9 - Ethernet
Chapter 10 - Link Aggregation
Chapter 11 - IP Address
Chapter 12 - Simple Network Management Protocol
Chapter 13 - Network Address Translation
_______________________WORLD TECHNOLOGIES_____________________
Chapter 1
Computer Network
A computer network, often simply referred to as a network, is a collection of
WT
computers and devices interconnected by communications channels that facilitate
communications among users and allows users to share resources. Networks may be
classified according to a wide variety of characteristics. A computer network allows
sharing of resources and information among interconnected devices.
History
Early networks of communicating computers included the military radar system
Semi-Automatic Ground Environment (SAGE) and its relative the commercial airline
reservation system Semi-Automatic Business Research Environment (SABRE),
started in the late 1950s. In the 1960s, the Advanced Research Projects Agency
(ARPA) started funding the design of the Advanced Research Projects Agency
Network (ARPANET) for the United States Department of Defense. Development of
the network began in 1969, based on designs developed during the 1960s. The
ARPANET evolved into the modern Internet.
Purpose
Computer networks can be used for a variety of purposes:
• Facilitating communications. Using a network, people can communicate

efficiently and easily via email, instant messaging, chat rooms, telephone,
video telephone calls, and video conferencing.
• Sharing hardware. In a networked environment, each computer on a network
may access and use hardware resources on the network, such as printing a
document on a shared network printer.
• Sharing files, data, and information. In a network environment, authorized
user may access data and information stored on other computers on the
network. The capability of providing access to data and information on shared
storage devices is an important feature of many networks.
• Sharing software. Users connected to a network may run application programs
on remote computers.
• Information preservation.
• Security.
• Easy communication
Network classification
The following list presents categories used for classifying networks.
Connection method
Computer networks can be classified according to the hardware and software

technology that is used to interconnect the individual devices in the network, such as
optical fiber, Ethernet, wireless LAN, HomePNA, power line communication or
G.hn.
WT
Ethernet as it is defined by IEEE 802 utilizes various standards and mediums that
enable communication between devices. Frequently deployed devices include hubs,
switches, bridges, or routers. Wireless LAN technology is designed to connect
devices without wiring. These devices use radio waves or infrared signals as a
transmission medium. ITU-T G.hn technology uses existing home wiring (coaxial
cable, phone lines and power lines) to create a high-speed (up to 1 Gigabit/s) local
area network
Wired technologies
• Twisted pair wire is the most widely used medium for telecommunication.
Twisted-pair cabling consist of copper wires that are twisted into pairs.
Ordinary telephone wires consist of two insulated copper wires twisted into
pairs. Computer networking cabling consist of 4 pairs of copper cabling that
can be utilized for both voice and data transmission. The use of two wires
twisted together helps to reduce crosstalk and electromagnetic induction. The
transmission speed ranges from 2 million bits per second to 100 million bits
per second. Twisted pair cabling comes in two forms which are Unshielded
Twisted Pair (UTP) and Shielded twisted-pair (STP) which are rated in
categories which are manufactured in different increments for various
scenarios.
• Coaxial cable is widely used for cable television systems, office buildings,
and other work-sites for local area networks. The cables consist of copper or
aluminum wire wrapped with insulating layer typically of a flexible material
with a high dielectric constant, all of which are surrounded by a conductive
layer. The layers of insulation help minimize interference and distortion.
Transmission speed range from 200 million to more than 500 million bits per
second.
• Optical fiber cable consists of one or more filaments of glass fiber wrapped in
protective layers that carries a data by means of pulses of light. It transmits
light which can travel over extended distances. Fiber-optic cables are not
affected by electromagnetic radiation. Transmission speed may reach trillions
of bits per second. The transmission speed of fiber optics is hundreds of times
faster than for coaxial cables and thousands of times faster than a twisted-pair
wire.A recent innovation in fiber-optic cable is the use of colored light.Instead
of carrying one message in a stream of white light impulses, this technology
can carry multiple signals in a single strand.
Wireless technologies
• Terrestrial microwave – Terrestrial microwaves use Earth-based transmitter

and receiver. The equipment looks similar to satellite dishes. Terrestrial
WT
microwaves use low-gigahertz range, which limits all communications to line-
of-sight. Path between relay stations spaced approx, 30 miles apart.
Microwave antennas are usually placed on top of buildings, towers, hills, and
mountain peaks.
• Communications satellites – The satellites use microwave radio as their

telecommunications medium which are not deflected by the Earth's
atmosphere. The satellites are stationed in space, typically 22,000 miles (for
geosynchronous satellites) above the equator. These Earth-orbiting systems
are capable of receiving and relaying voice, data, and TV signals.
• Cellular and PCS systems – Use several radio communications technologies.

The systems are divided to different geographic areas. Each area has a low-
power transmitter or radio relay antenna device to relay calls from one area to
the next area.
• Wireless LANs – Wireless local area network use a high-frequency radio

technology similar to digital cellular and a low-frequency radio technology.
Wireless LANs use spread spectrum technology to enable communication
between multiple devices in a limited area. An example of open-standards
wireless radio-wave technology is IEEE.
• Infrared communication , which can transmit signals between devices within

small distances not more than 10 meters peer to peer or ( face to face ) without
any body in the line of transmitting.
Scale
Networks are often classified as local area network (LAN), wide area network
(WAN), metropolitan area network (MAN), personal area network (PAN), virtual
private network (VPN), campus area network (CAN), storage area network (SAN),
and others, depending on their scale, scope and purpose, e.g., controller area network
(CAN) usage, trust level, and access right often differ between these types of
networks. LANs tend to be designed for internal use by an organization's internal
systems and employees in individual physical locations, such as a building, while
WANs may connect physically separate parts of an organization and may include
connections to third parties.
Functional relationship (network architecture)
Computer networks may be classified according to the functional relationships which

exist among the elements of the network, e.g., active networking, client–server,
Wireless ad hoc network and peer-to-peer (workgroup) architecture.
Network topology
WT
Computer networks may be classified according to the network topology upon which
the network is based, such as bus network, star network, ring network, mesh network.
Network topology is the coordination by which devices in the network are arranged in
their logical relations to one another, independent of physical arrangement. Even if
networked computers are physically placed in a linear arrangement and are connected
to a hub, the network has a star topology, rather than a bus topology. In this regard the
visual and operational characteristics of a network are distinct. Networks may be
classified based on the method of data used to convey the data, these include digital
and analog networks.
Types of networks based on physical scope

Common types of computer networks may be identified by their scale.
Local area network
A local area network (LAN) is a network that connects computers and devices in a
limited geographical area such as home, school, computer laboratory, office building,
or closely positioned group of buildings. Each computer or device on the network is a
node. Current wired LANs are most likely to be based on Ethernet technology,
although new standards like ITU-T G.hn also provide a way to create a wired LAN
using existing home wires (coaxial cables, phone lines and power lines).
resources
WT
Typical library network, in a branching tree topology and controlled access to
All interconnected devices must understand the network layer (layer 3), because they
are handling multiple subnets (the different colors). Those inside the library, which
have only 10/100 Mbit/s Ethernet connections to the user device and a Gigabit
Ethernet connection to the central router, could be called "layer 3 switches" because
they only have Ethernet interfaces and must understand IP. It would be more correct
to call them access routers, where the router at the top is a distribution router that
connects to the Internet and academic networks' customer access routers.
The defining characteristics of LANs, in contrast to WANs (Wide Area Networks),

include their higher data transfer rates, smaller geographic range, and no need for
leased telecommunication lines. Current Ethernet or other IEEE 802.3 LAN
technologies operate at speeds up to 10 Gbit/s. This is the data transfer rate. IEEE has
projects investigating the standardization of 40 and 100 Gbit/s.
Personal area network

A personal area network (PAN) is a computer network used for communication
among computer and different information technological devices close to one person.
Some examples of devices that are used in a PAN are personal computers, printers,
fax machines, telephones, PDAs, scanners, and even video game consoles. A PAN
may include wired and wireless devices. The reach of a PAN typically extends to 10
meters. A wired PAN is usually constructed with USB and Firewire connections
while technologies such as Bluetooth and infrared communication typically form a
wireless PAN.
Home area network

A home area network (HAN) is a residential LAN which is used for communication
between digital devices typically deployed in the home, usually a small number of
personal computers and accessories, such as printers and mobile computing devices.
An important function is the sharing of Internet access, often a broadband service
through a CATV or Digital Subscriber Line (DSL) provider. It can also be referred to
as an office area network (OAN).
WT
Wide area network
A wide area network (WAN) is a computer network that covers a large geographic
area such as a city, country, or spans even intercontinental distances, using a
communications channel that combines many types of media such as telephone lines,
cables, and air waves. A WAN often uses transmission facilities provided by common
carriers, such as telephone companies. WAN technologies generally function at the
lower three layers of the OSI reference model: the physical layer, the data link layer,
and the network layer.
Campus network
A campus network is a computer network made up of an interconnection of local area
networks (LAN's) within a limited geographical area. The networking equipments
(switches, routers) and transmission media (optical fiber, copper plant, Cat5 cabling
etc.) are almost entirely owned (by the campus tenant / owner: an enterprise,
university, government etc.).
In the case of a university campus-based campus network, the network is likely to

link a variety of campus buildings including; academic departments, the university
library and student residence halls.
Metropolitan area network
A Metropolitan area network is a large computer network that usually spans a city or
a large campus.
WT
Sample EPN made of Frame relay WAN connections and dialup remote access.
Sample VPN used to interconnect 3 offices and remote users
Enterprise private network
An enterprise private network is a network build by an enterprise to interconnect
various company sites, e.g., production sites, head offices, remote offices, shops, in
order to share computer resources.
Virtual private network
A virtual private network (VPN) is a computer network in which some of the links
between nodes are carried by open connections or virtual circuits in some larger
network (e.g., the Internet) instead of by physical wires. The data link layer protocols
of the virtual network are said to be tunneled through the larger network when this is
the case. One common application is secure communications through the public
Internet, but a VPN need not have explicit security features, such as authentication or
WT
content encryption. VPNs, for example, can be used to separate the traffic of different
user communities over an underlying network with strong security features.
VPN may have best-effort performance, or may have a defined service level
agreement (SLA) between the VPN customer and the VPN service provider.
Generally, a VPN has a topology more complex than point-to-point.
Internetwork
An internetwork is the connection of two or more private computer networks via a
common routing technology (OSI Layer 3) using routers. The Internet is an
aggregation of many internetworks, hence its name was shortened to Internet.
Backbone network
A Backbone network (BBN) A backbone network or network backbone is part of a

computer network infrastructure that interconnects various pieces of network,
providing a path for the exchange of information between different LANs or
subnetworks. A backbone can tie together diverse networks in the same building, in
different buildings in a campus environment, or over wide areas. Normally, the
backbone's capacity is greater than the networks connected to it.
A large corporation that has many locations may have a backbone network that ties
all of the locations together, for example, if a server cluster needs to be accessed by
different departments of a company that are located at different geographical
locations. The pieces of the network connections (for example: ethernet, wireless)
that bring these departments together is often mentioned as network backbone.
Network congestion is often taken into consideration while designing backbones.
Backbone networks should not be confused with the Internet backbone.
Global area network
A global area network (GAN) is a network used for supporting mobile
communications across an arbitrary number of wireless LANs, satellite coverage
areas, etc. The key challenge in mobile communications is handing off the user
communications from one local coverage area to the next. In IEEE Project 802, this
involves a succession of terrestrial wireless LANs.
Internet
The Internet is a global system of interconnected governmental, academic, corporate,

public, and private computer networks. It is based on the networking technologies of
the Internet Protocol Suite. It is the successor of the Advanced Research Projects
Agency Network (ARPANET) developed by DARPA of the United States
WT
Department of Defense. The Internet is also the communications backbone
underlying the World Wide Web (WWW).
Participants in the Internet use a diverse array of methods of several hundred

documented, and often standardized, protocols compatible with the Internet Protocol
Suite and an addressing system (IP addresses) administered by the Internet Assigned
Numbers Authority and address registries. Service providers and large enterprises
exchange information about the reachability of their address spaces through the
Border Gateway Protocol (BGP), forming a redundant worldwide mesh of
transmission paths.
Intranets and extranets
Intranets and extranets are parts or extensions of a computer network, usually a local
area network.
An intranet is a set of networks, using the Internet Protocol and IP-based tools such as
web browsers and file transfer applications, that is under the control of a single
administrative entity. That administrative entity closes the intranet to all but specific,
authorized users. Most commonly, an intranet is the internal network of an
organization. A large intranet will typically have at least one web server to provide
users with organizational information.
An extranet is a network that is limited in scope to a single organization or entity and

also has limited connections to the networks of one or more other usually, but not
necessarily, trusted organizations or entities—a company's customers may be given
access to some part of its intranet—while at the same time the customers may not be
considered trusted from a security standpoint. Technically, an extranet may also be
categorized as a CAN, MAN, WAN, or other type of network, although an extranet
cannot consist of a single LAN; it must have at least one connection with an external
network.
Overlay network
An overlay network is a virtual computer network that is built on top of another
network. Nodes in the overlay are connected by virtual or logical links, each of which
corresponds to a path, perhaps through many physical links, in the underlying
network.
WTA sample overlay network: IP over SONET over Optical
For example, many peer-to-peer networks are overlay networks because they are
organized as nodes of a virtual system of links run on top of the Internet. The Internet
was initially built as an overlay on the telephone network .
Overlay networks have been around since the invention of networking when
computer systems were connected over telephone lines using modem, before any data
network existed.
Nowadays the Internet is the basis for many overlaid networks that can be constructed
to permit routing of messages to destinations specified by an IP address. For example,
distributed hash tables can be used to route messages to a node having a specific
logical address, whose IP address is known in advance.
Overlay networks have also been proposed as a way to improve Internet routing, such
as through quality of service guarantees to achieve higher-quality streaming media.
Previous proposals such as IntServ, DiffServ, and IP Multicast have not seen wide
acceptance largely because they require modification of all routers in the network. On
the other hand, an overlay network can be incrementally deployed on end-hosts
running the overlay protocol software, without cooperation from Internet service
providers. The overlay has no control over how packets are routed in the underlying
network between two overlay nodes, but it can control, for example, the sequence of
overlay nodes a message traverses before reaching its destination.
For example, Akamai Technologies manages an overlay network that provides

reliable, efficient content delivery (a kind of multicast). Academic research includes
End System Multicast and Overcast for multicast; RON (Resilient Overlay Network)
for resilient routing; and OverQoS for quality of service guarantees, among others. A
backbone network or network backbone is a part of computer network infrastructure
that interconnects various pieces of network, providing a path for the exchange of
information between different LANs or subnetworks. A backbone can tie together
WT
diverse networks in the same building, in different buildings in a campus
environment, or over wide areas. Normally, the backbone's capacity is greater than
the networks connected to it.
Basic hardware components

All networks are made up of basic hardware building blocks to interconnect network
nodes, such as Network Interface Cards (NICs), Bridges, Hubs, Switches, and
Routers. In addition, some method of connecting these building blocks is required,
usually in the form of galvanic cable (most commonly Category 5 cable). Less
common are microwave links (as in IEEE 802.12) or optical cable ("optical fiber").
Network interface cards
A network card, network adapter, or NIC (network interface card) is a piece of

computer hardware designed to allow computers to communicate over a computer
network. It provides physical access to a networking medium and often provides a
low-level addressing system through the use of MAC addresses.
Each network interface card has its unique id. This is written on a chip which is
mounted on the card.
Repeaters
A repeater is an electronic device that receives a signal, cleans it of unnecessary

noise, regenerates it, and retransmits it at a higher power level, or to the other side of
an obstruction, so that the signal can cover longer distances without degradation. In
most twisted pair Ethernet configurations, repeaters are required for cable that runs
longer than 100 meters. A repeater with multiple ports is known as a hub. Repeaters
work on the Physical Layer of the OSI model. Repeaters require a small amount of
time to regenerate the signal. This can cause a propagation delay which can affect
network communication when there are several repeaters in a row. Many network
architectures limit the number of repeaters that can be used in a row (e.g. Ethernet's 5-
4-3 rule).
Bridges
A network bridge connects multiple network segments at the data link layer (layer 2)
of the OSI model. Bridges broadcast to all ports except the port on which the
broadcast was received. However, bridges do not promiscuously copy traffic to all
ports, as hubs do, but learn which MAC addresses are reachable through specific
ports. Once the bridge associates a port and an address, it will send traffic for that
address to that port only.
Bridges learn the association of ports and addresses by examining the source address
WT
of frames that it sees on various ports. Once a frame arrives through a port, its source
address is stored and the bridge assumes that MAC address is associated with that
port. The first time that a previously unknown destination address is seen, the bridge
will forward the frame to all ports other than the one on which the frame arrived.
Bridges come in three basic types:
• Local bridges: Directly connect local area networks (LANs)

• Remote bridges: Can be used to create a wide area network (WAN) link
between LANs. Remote bridges, where the connecting link is slower than the
end networks, largely have been replaced with routers.
• Wireless bridges: Can be used to join LANs or connect remote stations to
LANs.
Switches
A network switch is a device that forwards and filters OSI layer 2 datagrams (chunks
of data communication) between ports (connected cables) based on the MAC
addresses in the packets. A switch is distinct from a hub in that it only forwards the
frames to the ports involved in the communication rather than all ports connected. A
switch breaks the collision domain but represents itself as a broadcast domain.
Switches make forwarding decisions of frames on the basis of MAC addresses. A
switch normally has numerous ports, facilitating a star topology for devices, and
cascading additional switches. Some switches are capable of routing based on Layer 3
addressing or additional logical levels; these are called multi-layer switches. The term
switch is used loosely in marketing to encompass devices including routers and
bridges, as well as devices that may distribute traffic on load or by application content
(e.g., a Web URL identifier).
Routers
A router is an internetworking device that forwards packets between networks by

processing information found in the datagram or packet (Internet protocol information
from Layer 3 of the OSI Model). In many situations, this information is processed in
conjunction with the routing table (also known as forwarding table). Routers use
routing tables to determine what interface to forward packets (this can include the
"null" also known as the "black hole" interface because data can go into it, however,
no further processing is done for said data).
Firewalls
Firewalls are the most important aspect of a network with respect to security. A
firewalled system does not need every interaction or data transfer monitored by a
WT
human, as automated processes can be set up to assist in rejecting access requests
from unsafe sources, and allowing actions from recognized ones. The vital role
firewalls play in network security grows in parallel with the constant increase in
'cyber' attacks for the purpose of stealing/corrupting data, planting viruses, etc.
Chapter 2
Computer Networking
WT
Network cards such as this one can transmit and receive data at high rates over
various types of network cables. This card is a 'Combo' card which supports three
cabling standards.
Computer networking or Data communications (Datacom) is the engineering

discipline concerned with the communication between computer systems or devices.
A computer network is any set of computers or devices connected to each other with
the ability to exchange data. Computer networking is sometimes considered a sub-
discipline of telecommunications, computer science, information technology and/or
computer engineering since it relies heavily upon the theoretical and practical
application of these scientific and engineering disciplines. The three types of
networks are: the Internet, the intranet, and the extranet. Examples of different
network methods are:
• Local area network (LAN), which is usually a small network constrained to a

small geographic area. An example of a LAN would be a computer network
within a building.
• Metropolitan area network (MAN), which is used for medium size area.
examples for a city or a state.
• Wide area network (WAN) that is usually a larger network that covers a large
geographic area.
• Wireless LANs and WANs (WLAN & WWAN) are the wireless equivalent of
the LAN and WAN.
All networks are interconnected to allow communication with a variety of different

kinds of media, including twisted-pair copper wire cable, coaxial cable, optical fiber,
WT
power lines and various wireless technologies. The devices can be separated by a few
meters (e.g. via Bluetooth) or nearly unlimited distances (e.g. via the interconnections
of the Internet). Networking, routers, routing protocols, and networking over the
public Internet have their specifications defined in documents called RFCs.
Views of networks
Users and network administrators typically have different views of their networks.
Users can share printers and some servers from a workgroup, which usually means
they are in the same geographic location and are on the same LAN, whereas a
Network Administrator is responsible to keep that network up and running. A
community of interest has less of a connection of being in a local area, and should be
thought of as a set of arbitrarily located users who share a set of servers , and possibly
also communicate via peer-to-peer technologies.
Network administrators can see networks from both physical and logical perspectives.
The physical perspective involves geographic locations, physical cabling, and the
network elements (e.g., routers, bridges and application layer gateways that
interconnect the physical media. Logical networks, called, in the TCP/IP architecture,
subnets, map onto one or more physical media. For example, a common practice in a
campus of buildings is to make a set of LAN cables in each building appear to be a
common subnet, using virtual LAN (VLAN) technology.
Both users and administrators will be aware, to varying extents, of the trust and scope
characteristics of a network. Again using TCP/IP architectural terminology, an
intranet is a community of interest under private administration usually by an
enterprise, and is only accessible by authorized users (e.g. employees). Intranets do
not have to be connected to the Internet, but generally have a limited connection. An
extranet is an extension of an intranet that allows secure communications to users
outside of the intranet (e.g. business partners, customers).
Unofficially, the Internet is the set of users, enterprises, and content providers that are
interconnected by Internet Service Providers (ISP). From an engineering viewpoint,
the Internet is the set of subnets, and aggregates of subnets, which share the registered
IP address space and exchange information about the reachability of those IP
addresses using the Border Gateway Protocol. Typically, the human-readable names
of servers are translated to IP addresses, transparently to users, via the directory
function of the Domain Name System (DNS).
Over the Internet, there can be business-to-business (B2B), business-to-consumer

(B2C) and consumer-to-consumer (C2C) communications. Especially when money or
sensitive information is exchanged, the communications are apt to be secured by
some form of communications security mechanism. Intranets and extranets can be
securely superimposed onto the Internet, without any access by general Internet users,
using secure Virtual Private Network (VPN) technology.
WT
History of computer networks
Before the advent of computer networks that were based upon some type of
telecommunications system, communication between calculation machines and early
computers was performed by human users by carrying instructions between them.
Many of the social behaviors seen in today's Internet were demonstrably present in
the nineteenth century and arguably in even earlier networks using visual signals.
• In September 1940 George Stibitz used a teletype machine to send

instructions for a problem set from his Model at Dartmouth College to his
Complex Number Calculator in New York and received results back by the
same means. Linking output systems like teletypes to computers was an
interest at the Advanced Research Projects Agency (ARPA) when, in 1962,
J.C.R. Licklider was hired and developed a working group he called the
"Intergalactic Network", a precursor to the ARPANET.
• In 1964, researchers at Dartmouth developed the Dartmouth Time Sharing
System for distributed users of large computer systems. The same year, at
Massachusetts Institute of Technology, a research group supported by General
Electric and Bell Labs used a computer to route and manage telephone
connections.
• Throughout the 1960s Leonard Kleinrock, Paul Baran and Donald Davies
independently conceptualized and developed network systems which used
packets that could be used in a network between computer systems.
• 1965 Thomas Merrill and Lawrence G. Roberts created the first wide area
network (WAN).
• The first widely used telephone switch that used true computer control was
introduced by Western Electric in 1965.
• In 1969 the University of California at Los Angeles, the Stanford Research
Institute, University of California at Santa Barbara, and the University of Utah
were connected as the beginning of the ARPANET network using 50 kbit/s
circuits.
• Commercial services using X.25 were deployed in 1972, and later used as an
underlying infrastructure for expanding TCP/IP networks.
Today, computer networks are the core of modern communication. All modern
aspects of the Public Switched Telephone Network (PSTN) are computer-controlled,
and telephony increasingly runs over the Internet Protocol, although not necessarily
the public Internet. The scope of communication has increased significantly in the
past decade, and this boom in communications would not have been possible without
the progressively advancing computer network. Computer networks, and the
technologies needed to connect and communicate through and between them,
continue to drive computer hardware, software, and peripherals industries. This
expansion is mirrored by growth in the numbers and types of users of networks from
the researcher to the home user.
Networking methods
WT
One way to categorize computer networks is by their geographic scope, although
many real-world networks interconnect Local Area Networks (LAN) via Wide Area
Networks (WAN) and wireless wide area networks (WWAN). These three (broad)
types are:
Local area network (LAN)
A local area network is a network that spans a relatively small space and provides
services to a small number of people.
A peer-to-peer or client-server method of networking may be used. A peer-to-peer

network is where each client shares their resources with other workstations in the
network. Examples of peer-to-peer networks are: Small office networks where
resource use is minimal and a home network. A client-server network is where every
client is connected to the server and each other. Client-server networks use servers in
different capacities. These can be classified into two types:
1. Single-service servers
2. Print servers
The server performs one task such as file server, while other servers can not only
perform in the capacity of file servers and print servers, but also can conduct
calculations and use them to provide information to clients (Web/Intranet Server).
Computers may be connected in many different ways, including Ethernet cables,
Wireless networks, or other types of wires such as power lines or phone lines.
The ITU-T G.hn standard is an example of a technology that provides high-speed (up
to 1 Gbit/s) local area networking over existing home wiring (power lines, phone
lines and coaxial cables).
Wide area network (WAN)
A wide area network is a network where a wide variety of resources are deployed
across a large domestic area or internationally. An example of this is a multinational
business that uses a WAN to interconnect their offices in different countries. The
largest and best example of a WAN is the Internet, which is a network composed of
many smaller networks. The Internet is considered the largest network in the world.
The PSTN (Public Switched Telephone Network) also is an extremely large network
that is converging to use Internet technologies, although not necessarily through the
public Internet.
A Wide Area Network involves communication through the use of a wide range of
different technologies. These technologies include Point-to-Point WANs such as
Point-to-Point Protocol (PPP) and High-Level Data Link Control (HDLC), Frame
WT
Relay, ATM (Asynchronous Transfer Mode) and Sonet (Synchronous Optical
Network). The difference between the WAN technologies is based on the switching
capabilities they perform and the speed at which sending and receiving bits of
information (data) occur.
Wireless networks (WLAN, WWAN)
A wireless network is basically the same as a LAN or a WAN but there are no wires
between hosts and servers. The data is transferred over sets of radio transceivers.
These types of networks are beneficial when it is too costly or inconvenient to run the
necessary cables.
The most common IEEE 802.11 WLANs cover, depending on antennas, ranges from
hundreds of meters to a few kilometers. For larger areas, either communications
satellites of various types, cellular radio, or wireless local loop (IEEE 802.16) all have
advantages and disadvantages. Depending on the type of mobility needed, the
relevant standards may come from the IETF or the ITU.
Network topology
The network topology defines the way in which computers, printers, and other
devices are connected, physically and logically. A network topology describes the
layout of the wire and devices as well as the paths used by data transmissions.
Network topology has two types:
• Physical
• Logical
Commonly used topologies include:
• Bus
• Star
• Tree (hierarchical)
• Linear
• Ring
• Mesh
o partially connected
o fully connected (sometimes known as fully redundant)
The network topologies mentioned above are only a general representation of the
kinds of topologies used in computer network and are considered basic topologies
WT
Chapter 3
OSI Model
WT
The Open Systems Interconnection model (OSI model) is a product of the Open
Systems Interconnection effort at the International Organization for Standardization.
It is a way of sub-dividing a communications system into smaller parts called layers.
A layer is a collection of similar functions that provide services to the layer above it
and receives services from the layer below it. On each layer, an instance provides
services to the instances at the layer above and requests service from the layer below.
For example, a layer that provides error-free communications across a network

provides the path needed by applications above it, while it calls the next lower layer
to send and receive packets that make up the contents of the path. Two instances at
one layer are connected by a horizontal connection on that layer.
Most network protocols used in the market today are based on TCP/IP stacks.
Communication in the OSI-Model (Example with layers 3 to 5)
History
Work on a layered model of network architecture was started and the International
Organization for Standardization (ISO) began to develop its OSI framework
architecture. OSI has two major components: an abstract model of networking, called
the Basic Reference Model or seven-layer model, and a set of specific protocols.
Note: The standard documents that describe the OSI model can be freely downloaded
from the ITU-T as the X.200-series of recommendations. A number of the protocol
specifications are also available as part of the ITU-T X series. The equivalent ISO
and ISO/IEC standards for the OSI model are available from ISO, but only some of
them at no charge.
The concept of a 7 layer model was provided by the work of Charles Bachman,
WT
Honeywell Information Services. Various aspects of OSI design evolved from
experiences with the ARPANET, the fledgling Internet, NPLNET, EIN, CYCLADES
network and the work in IFIP WG6.1. The new design was documented in ISO 7498
and its various addenda. In this model, a networking system is divided into layers.
Within each layer, one or more entities implement its functionality. Each entity
interacts directly only with the layer immediately beneath it, and provides facilities
for use by the layer above it.
Protocols enable an entity in one host to interact with a corresponding entity at the
same layer in another host. Service definitions abstractly describe the functionality
provided to an (N)-layer by an (N-1) layer, where N is one of the seven layers of
protocols operating in the local host.
Description of OSI layers

According to recommendation X.200, there are seven layers, each generically known
as an N layer. An N+1 entity requests services from the N entity.
At each level, two entities (N-entity peers) interact by means of the N protocol by
transmitting protocol data units (PDU).
A Service Data Unit (SDU) is a specific unit of data that has been passed down from
an OSI layer to a lower layer, and which the lower layer has not yet encapsulated into
a protocol data unit (PDU). An SDU is a set of data that is sent by a user of the
services of a given layer, and is transmitted semantically unchanged to a peer service
user.
The PDU at any given layer, layer N, is the SDU of the layer below, layer N-1. In
effect the SDU is the 'payload' of a given PDU. That is, the process of changing a
SDU to a PDU, consists of an encapsulation process, performed by the lower layer.
All the data contained in the SDU becomes encapsulated within the PDU. The layer
N-1 adds headers or footers, or both, to the SDU, transforming it into a PDU of layer
N-1. The added headers or footers are part of the process used to make it possible to
get data from a source to a destination.
OSI Model
Data unit Layer Function
7.
Network process to application
Application
Data representation, encryption and decryption,

Data 6.
Host convert machine dependent data to machine
Presentation independent data
layers
5. Session
WT
Interhost communication
Segments 4. Transport End-to-end connections and reliability, flow control
Packet/Datagram 3. Network Path determination and logical addressing
Media 2. Data
Frame Physical addressing
layers Link
Bit 1. Physical Media, signal and binary transmission
Some orthogonal aspects, such as management and security, involve every layer.
Security services are not related to a specific layer: they can be related by a number of
layers, as defined by ITU-T X.800 Recommendation.
These services are aimed to improve the CIA triad of transmitted data. Actually the
availability of communication service is determined by network design and/or
network management protocols. Appropriate choices for these are needed to protect
against denial of service.
Layer 1: Physical Layer
The Physical Layer defines the electrical and physical specifications for devices. In
particular, it defines the relationship between a device and a transmission medium,
such as a copper or optical cable. This includes the layout of pins, voltages, cable
specifications, hubs, repeaters, network adapters, host bus adapters (HBA used in
storage area networks) and more.
To understand the function of the Physical Layer, contrast it with the functions of the
Data Link Layer. Think of the Physical Layer as concerned primarily with the
interaction of a single device with a medium, whereas the Data Link Layer is
concerned more with the interactions of multiple devices (i.e., at least two) with a
shared medium. Standards such as RS-232 do use physical wires to control access to
the medium.
The major functions and services performed by the Physical Layer are:
• Establishment and termination of a connection to a communications medium.

• Participation in the process whereby the communication resources are
effectively shared among multiple users. For example, contention resolution
and flow control.
• Modulation, or conversion between the representation of digital data in user
equipment and the corresponding signals transmitted over a communications
channel. These are signals operating over the physical cabling (such as copper
and optical fiber) or over a radio link.
WT
Parallel SCSI buses operate in this layer, although it must be remembered that the
logical SCSI protocol is a Transport Layer protocol that runs over this bus. Various
Physical Layer Ethernet standards are also in this layer; Ethernet incorporates both
this layer and the Data Link Layer. The same applies to other local-area networks,
such as token ring, FDDI, ITU-T G.hn and IEEE 802.11, as well as personal area
networks such as Bluetooth and IEEE 802.15.4.
Layer 2: Data Link Layer
The Data Link Layer provides the functional and procedural means to transfer data
between network entities and to detect and possibly correct errors that may occur in
the Physical Layer. Originally, this layer was intended for point-to-point and point-to-
multipoint media, characteristic of wide area media in the telephone system. Local
area network architecture, which included broadcast-capable multiaccess media, was
developed independently of the ISO work in IEEE Project 802. IEEE work assumed
sublayering and management functions not required for WAN use. In modern
practice, only error detection, not flow control using sliding window, is present in
data link protocols such as Point-to-Point Protocol (PPP), and, on local area networks,
the IEEE 802.2 LLC layer is not used for most protocols on the Ethernet, and on other
local area networks, its flow control and acknowledgment mechanisms are rarely
used. Sliding window flow control and acknowledgment is used at the Transport
Layer by protocols such as TCP, but is still used in niches where X.25 offers
performance advantages.
The ITU-T G.hn standard, which provides high-speed local area networking over
existing wires (power lines, phone lines and coaxial cables), includes a complete Data
Link Layer which provides both error correction and flow control by means of a
selective repeat Sliding Window Protocol.
Both WAN and LAN service arrange bits, from the Physical Layer, into logical
sequences called frames. Not all Physical Layer bits necessarily go into frames, as
some of these bits are purely intended for Physical Layer functions. For example,
every fifth bit of the FDDI bit stream is not used by the Layer.
WAN Protocol architecture

Connection-oriented WAN data link protocols, in addition to framing, detect and may
correct errors. They are also capable of controlling the rate of transmission. A WAN
Data Link Layer might implement a sliding window flow control and
acknowledgment mechanism to provide reliable delivery of frames; that is the case
for SDLC and HDLC, and derivatives of HDLC such as LAPB and LAPD.
IEEE 802 LAN architecture
WT
Practical, connectionless LANs began with the pre-IEEE Ethernet specification,
which is the ancestor of IEEE 802.3. This layer manages the interaction of devices
with a shared medium, which is the function of a Media Access Control (MAC)
sublayer. Above this MAC sublayer is the media-independent IEEE 802.2 Logical
Link Control (LLC) sublayer, which deals with addressing and multiplexing on
multiaccess media.
While IEEE 802.3 is the dominant wired LAN protocol and IEEE 802.11 the wireless
LAN protocol, obsolescent MAC layers include Token Ring and FDDI. The MAC
sublayer detects but does not correct errors.
Layer 3: Network Layer
The Network Layer provides the functional and procedural means of transferring
variable length data sequences from a source host on one network to a destination
host on a different network, while maintaining the quality of service requested by the
Transport Layer (in contrast to the data link layer which connects hosts within the
same network). The Network Layer performs network routing functions, and might
also perform fragmentation and reassembly, and report delivery errors. Routers
operate at this layer—sending data throughout the extended network and making the
Internet possible. This is a logical addressing scheme – values are chosen by the
network engineer. The addressing scheme is not hierarchical.
Careful analysis of the Network Layer indicated that the Network Layer could have at
least three sublayers:
1. Subnetwork Access - that considers protocols that deal with the interface to
networks, such as X.25;
2. Subnetwork Dependent Convergence - when it is necessary to bring the level
of a transit network up to the level of networks on either side;
3. Subnetwork Independent Convergence which handles transfer across multiple
networks.
The best example of this latter case is CLNP, or IPv7 ISO 8473. It manages the
connectionless transfer of data one hop at a time, from end system to ingress router,
router to router, and from egress router to destination end system. It is not responsible
for reliable delivery to a next hop, but only for the detection of erroneous packets so
they may be discarded. In this scheme, IPv4 and IPv6 would have to be classed with
X.25 as subnet access protocols because they carry interface addresses rather than
node addresses.
A number of layer management protocols, a function defined in the Management

Annex, ISO 7498/4, belong to the Network Layer. These include routing protocols,
multicast group management, Network Layer information and error, and Network
Layer address assignment. It is the function of the payload that makes these belong to
WT
the Network Layer, not the protocol that carries them.
Layer 4: Transport Layer
The Transport Layer provides transparent transfer of data between end users,
providing reliable data transfer services to the upper layers. The Transport Layer
controls the reliability of a given link through flow control, segmentation/
desegmentation, and error control. Some protocols are state and connection oriented.
This means that the Transport Layer can keep track of the segments and retransmit
those that fail. The Transport layer also provides the acknowledgement of the
successful data transmission and sends the next data if no errors occurred.
Although not developed under the OSI Reference Model and not strictly conforming
to the OSI definition of the Transport Layer, typical examples of Layer 4 are the
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).
Of the actual OSI protocols, there are five classes of connection-mode transport
protocols ranging from class 0 (which is also known as TP0 and provides the least
features) to class 4 (TP4, designed for less reliable networks, similar to the Internet).
Class 0 contains no error recovery, and was designed for use on network layers that
provide error-free connections. Class 4 is closest to TCP, although TCP contains
functions, such as the graceful close, which OSI assigns to the Session Layer. Also,
all OSI TP connection-mode protocol classes provide expedited data and preservation
of record boundaries, of both of which TCP is incapable. Detailed characteristics of
TP0-4 classes are shown in the following table:
Feature Name TP0 TP1 TP2 TP3 TP4

Connection oriented network Yes Yes Yes Yes Yes
Connectionless network No No No No Yes
Concatenation and separation No Yes Yes Yes Yes
Segmentation and reassembly Yes Yes Yes Yes Yes
Error Recovery No Yes Yes Yes Yes
Reinitiate connection (if an excessive number of PDUs are
No Yes No Yes No
unacknowledged)
Multiplexing and demultiplexing over a single virtual circuit No No Yes Yes Yes
Explicit flow control No No Yes Yes Yes
Retransmission on timeout No No No No Yes
Reliable Transport Service No Yes No Yes Yes
Perhaps an easy way to visualize the Transport Layer is to compare it with a Post
Office, which deals with the dispatch and classification of mail and parcels sent. Do
remember, however, that a post office manages the outer envelope of mail. Higher
layers may have the equivalent of double envelopes, such as cryptographic
WT
presentation services that can be read by the addressee only. Roughly speaking,
tunneling protocols operate at the Transport Layer, such as carrying non-IP protocols
such as IBM's SNA or Novell's IPX over an IP network, or end-to-end encryption
with IPsec. While Generic Routing Encapsulation (GRE) might seem to be a Network
Layer protocol, if the encapsulation of the payload takes place only at endpoint, GRE
becomes closer to a transport protocol that uses IP headers but contains complete
frames or packets to deliver to an endpoint. L2TP carries PPP frames inside transport
packet.
Layer 5: Session Layer
The Session Layer controls the dialogues (connections) between computers. It

establishes, manages and terminates the connections between the local and remote
application. It provides for full-duplex, half-duplex, or simplex operation, and
establishes checkpointing, adjournment, termination, and restart procedures. The OSI
model made this layer responsible for graceful close of sessions, which is a property
of the Transmission Control Protocol, and also for session checkpointing and
recovery, which is not usually used in the Internet Protocol Suite. The Session Layer
is commonly implemented explicitly in application environments that use remote
procedure calls.
Layer 6: Presentation Layer
The Presentation Layer establishes context between Application Layer entities, in

which the higher-layer entities may use different syntax and semantics if the
presentation service provides a mapping between them. If a mapping is available,
presentation service data units are encapsulated into session protocol data units, and
passed down the stack.
This layer provides independence from data representation (e.g., encryption) by

translating between application and network formats. The presentation layer
transforms data into the form that the application accepts. This layer formats and
encrypts data to be sent across a network. It is sometimes called the syntax layer.
The original presentation structure used the basic encoding rules of Abstract Syntax
Notation One (ASN.1), with capabilities such as converting an EBCDIC-coded text
file to an ASCII-coded file, or serialization of objects and other data structures from
and to XML.
Layer 7: Application Layer
The Application Layer is the OSI layer closest to the end user, which means that both
the OSI application layer and the user interact directly with the software application.
This layer interacts with software applications that implement a communicating
component. Such application programs fall outside the scope of the OSI model.
WT
Application layer functions typically include identifying communication partners,
determining resource availability, and synchronizing communication. When
identifying communication partners, the application layer determines the identity and
availability of communication partners for an application with data to transmit. When
determining resource availability, the application layer must decide whether sufficient
network or the requested communication exist. In synchronizing communication, all
communication between applications requires cooperation that is managed by the
application layer. Some examples of application layer implementations also include:
• On OSI stack:
o FTAM File Transfer and Access Management Protocol
o X.400 Mail
o Common management information protocol (CMIP)
• On TCP/IP stack:
o Hypertext Transfer Protocol (HTTP),
o File Transfer Protocol (FTP),
o Simple Mail Transfer Protocol (SMTP)
o Simple Network Management Protocol (SNMP).
Cross-layer functions
There are some functions or services that are not tied to a given layer, but they can
affect more than one layer. Examples are
• security service (telecommunication) as defined by ITU-T X.800

Recommendation.
• management functions, i.e functions that permit to configure, instantiate,
monitor, terminate the communications of two or more entities: there is a
specific application layer protocol Common management information
protocol (CMIP) and its corresponding service common management
information service (CMIS), they need to interact with every layer in order to
deal with their instances.
• MPLS operates at an OSI Model layer that is generally considered to lie
between traditional definitions of Layer 2 (Data Link Layer) and Layer 3
(Network Layer), and thus is often referred to as a "Layer 2.5" protocol. It was
designed to provide a unified data-carrying service for both circuit-based
clients and packet-switching clients which provide a datagram service model.
It can be used to carry many different kinds of traffic, including IP packets, as
well as native ATM, SONET, and Ethernet frames.
• ARP is used to translate IPv4 addresses (OSI Layer 3) into Ethernet MAC
addresses (OSI Layer 2)
Interfaces
Neither the OSI Reference Model nor OSI protocols specify any programming
interfaces, other than as deliberately abstract service specifications. Protocol
WT
specifications precisely define the interfaces between different computers, but the
software interfaces inside computers are implementation-specific.
For example Microsoft Windows' Winsock, and Unix's Berkeley sockets and System
V Transport Layer Interface, are interfaces between applications (Layer 5 and above)
and the transport (Layer 4). NDIS and ODI are interfaces between the media (Layer
2) and the network protocol (Layer 3).
Interface standards, except for the Physical Layer to media, are approximate
implementations of OSI Service Specifications.
Examples
Layer Signalin
OSI TCP/IP g AppleTal Misc.
IPX SNA UMTS
# Name protocols protocols System k examples
7
NNTP, SIP,
SSI, DNS,
FTP,
Gopher,
FTAM, INAP,
HTTP, NFS,
X.400, X.500, MAP, AFP, ZIP,
Applicatio NTP, RIP, HL7,
7 DAP, ROSE, TCAP, RTMP, APPC
n DHCP, SAP Modbus
RTSE, ACSE ISUP, NBP
SMPP,
CMIP TUP
SMTP,
SNMP,
Telnet, RIP,
BGP
ISO/IEC 882 TDI, ASCII,
MIME,
Presentatio 3, X.226, EBCDIC,
6 SSL, TLS, AFP
n ISO/IEC 957 MIDI,
XDR
6-1, X.236 MPEG
Sockets. Named
ISO/IEC 832
Session ASP, pipes,
7, X.225, NWLin
5 Session establishme ADSP, DLC? NetBIOS,
ISO/IEC 954 k
nt in TCP, PAP SAP, half
8-1, X.235
RTP duplex, full
duplex,
simplex,
RPC
ISO/IEC 807
3, TP0, TP1,
TCP, UDP,
TP2, TP3, DDP,
4 Transport SCTP, NBF
TP4 (X.224), SPX
DCCP
ISO/IEC 860
2, X.234
RRC (Radio
Resource
ISO/IEC 820 NBF, Q.931,
Control)
8, X.25 IS-IS
Packet Data
(PLP), IP, IPsec, ATP
Convergence
ISO/IEC 887 ICMP, SCCP, (TokenTal
3 Network IPX Protocol
8, X.223, IGMP, MTP k or
(PDCP) and Leaky
ISO/IEC 847 OSPF EtherTalk)
BMC bucket,
3-1, CLNP
WT
(Broadcast/ token bucket
X.233.
Multicast
Control)
802.3
(Ethernet),
802.11a/b/g/
n
MAC/LLC,
802.1Q
(VLAN),
ATM, HDP,
FDDI, Fibre
Channel,
Frame
ISO/IEC 766
IEEE LLC Relay,
6, X.25
LocalTalk, 802.3 (Logical HDLC, ISL,
(LAPB),
AppleTalk framing Link PPP, Q.921,
Token Bus, PPP, SLIP, MTP,
2 Data Link Remote , SDLC Control), Token Ring,
X.222, PPTP, L2TP Q.710
Access, Etherne MAC (Media CDP, ARP
ISO/IEC 880
PPP t II Access (maps layer
2-2 LLC
framing Control) 3 to layer 2
Type 1 and 2
address),
ITU-T G.hn
DLL
CRC, Bit
stuffing,
ARQ, Data
Over Cable
Service
Interface
Specificatio
n (DOCSIS)
RS-232, Full
duplex,
RJ45, V.35,
V.34, I.430,
I.431, T1,
E1,
10BASE-T,
100BASE-
TX, POTS,
X.25 SONET,
(X.21bis, RS-232, SDH, DSL,
UMTS
EIA/TIA-232, MTP, RS-422, Twina 802.11a/b/g/
1 Physical Physical
EIA/TIA-449, Q.710 STP, x n PHY,
Layer or L1
EIA-530, PhoneNet ITU-T G.hn
G.703) PHY,
Controller
Area
Network,
Data Over
WT
Cable
Service
Interface
Specificatio
n (DOCSIS)
Comparison with TCP/IP

In the TCP/IP model of the Internet, protocols are deliberately not as rigidly designed
into strict layers as the OSI model. RFC 3439 contains a section entitled "Layering
considered harmful." However, TCP/IP does recognize four broad layers of
functionality which are derived from the operating scope of their contained protocols,
namely the scope of the software application, the end-to-end transport connection, the
internetworking range, and lastly the scope of the direct links to other nodes on the
local network.
Even though the concept is different from the OSI model, these layers are
nevertheless often compared with the OSI layering scheme in the following way: The
Internet Application Layer includes the OSI Application Layer, Presentation Layer,
and most of the Session Layer. Its end-to-end Transport Layer includes the graceful
close function of the OSI Session Layer as well as the OSI Transport Layer. The
internetworking layer (Internet Layer) is a subset of the OSI Network Layer, while
the Link Layer includes the OSI Data Link and Physical Layers, as well as parts of
OSI's Network Layer. These comparisons are based on the original seven-layer
protocol model as defined in ISO 7498, rather than refinements in such things as the
internal organization of the Network Layer document.
The presumably strict peer layering of the OSI model as it is usually described does
not present contradictions in TCP/IP, as it is permissible that protocol usage does not
follow the hierarchy implied in a layered model. Such examples exist in some routing
protocols (e.g., OSPF), or in the description of tunneling protocols, which provide a
Link Layer for an application, although the tunnel host protocol may well be a
Transport or even an Application Layer protocol in its own right.
Chapter 4
Physical Layer
WT
The Physical Layer is the first and lowest layer in the seven-layer OSI model of
computer networking. The implementation of this layer is often termed PHY.
The Physical Layer consists of the basic hardware transmission technologies of a

network. It is a fundamental layer underlying the logical data structures of the higher
level functions in a network. Due to the plethora of available hardware technologies
with widely varying characteristics, this is perhaps the most complex layer in the OSI
architecture.
The Physical Layer defines the means of transmitting raw bits rather than logical data
packets over a physical link connecting network nodes. The bit stream may be
grouped into code words or symbols and converted to a physical signal that is
transmitted over a hardware transmission medium. The Physical Layer provides an
electrical, mechanical, and procedural interface to the transmission medium. The
shapes and properties of the electrical connectors, the frequencies to broadcast on, the
modulation scheme to use and similar low-level parameters, are specified here.
Within the semantics of the OSI network architecture, the Physical Layer translates
logical communications requests from the Data Link Layer into hardware-specific
operations to affect transmission or reception of electronic signals.
Physical signaling sublayer

In a local area network (LAN) or a metropolitan area network (MAN) using open
systems interconnection (OSI) architecture, the physical signaling sublayer is the
portion of the Physical Layer that:
• interfaces with the Data Link Layer's medium access control (MAC) sublayer.
• performs character encoding, transmission, reception and decoding.
• performs mandatory isolation functions.
List of services
The major functions and services performed by the Physical Layer are:
• Bit-by-bit or symbol-by-symbol delivery

• Providing a standardized interface to physical transmission media, including
o Mechanical specification of electrical connectors and cables, for
example maximum cable length
o Electrical specification of transmission line signal level and impedance
o Radio interface, including electromagnetic spectrum frequency
allocation and specification of signal strength, analog bandwidth, etc.
o Specifications for IR over optical fiber or a wireless IR communication
link
• Modulation
WT
• Line coding
• Bit synchronization in synchronous serial communication
• Start-stop signalling and flow control in asynchronous serial communication
• Circuit switching
• Multiplexing
o Establishment and termination of circuit switched connections
• Carrier sense and collision detection utilized by some level 2 multiple access
protocols
• Equalization filtering, training sequences, pulse shaping and other signal
processing of physical signals
• Forward error correction for example bitwise convolutional coding
• Bit-interleaving and other channel coding
The Physical Layer is also concerned with
• Bit rate
• Point-to-point, multipoint or point-to-multipoint line configuration
• Physical network topology, for example bus, ring, mesh or star network
• Serial or parallel communication
• Simplex, half duplex or full duplex transmission mode
• Autonegotiation
List of protocols
• Telephone network modems- V.92
• IRDA Physical Layer
• USB Physical Layer
• EIA RS-232, EIA-422, EIA-423, RS-449, RS-485
• Ethernet physical layer Including 10BASE-T, 10BASE2, 10BASE5,
100BASE-TX, 100BASE-FX, 100BASE-T, 1000BASE-T, 1000BASE-SX
and other varieties
• Varieties of 802.11 Wi-Fi Physical Layers
• DSL
• ISDN
• T1 and other T-carrier links, and E1 and other E-carrier links
• SONET/SDH
• Optical Transport Network (OTN)
• GSM Um radio interface physical layer
• Bluetooth Physical Layer
• ITU Recommendations
• Firewire
• TransferJet Physical Layer
• Etherloop
• ARINC 818 Avionics Digital Video Bus
• G.hn/G.9960 Physical Layer
• Controller Area Network (CAN) Physical Layer
WT
Hardware equipment (network node) examples
• Network adapter
• Repeater
• Network hub
• Modem
• Fiber Media Converter
Relation to TCP/IP model

The TCP/IP model, defined in RFC 1122 and RFC 1123, is a high-level networking
description used for the Internet and similar networks. It does not define an equivalent
layer that deals exclusively with hardware-level specifications and interfaces, as this
model does not concern itself directly with physical interfaces. Several RFCs mention
a physical layer and data link layer, but that is in context of IEEE protocols. RFC
1122 and 1123 do not mention any physical layer functionality or physical layer
standards.
Chapter 5
Data Link Layer
WT
The Data Link Layer is Layer 2 of the seven-layer OSI model of computer
networking. It corresponds to, or is part of the link layer of the TCP/IP reference
model.
The Data Link Layer is the protocol layer which transfers data between adjacent
network nodes in a wide area network or between nodes on the same local area
network segment. The Data Link Layer provides the functional and procedural means
to transfer data between network entities and might provide the means to detect and
possibly correct errors that may occur in the Physical Layer. Examples of data link
protocols are Ethernet for local area networks (multi-node), the Point-to-Point
Protocol (PPP), HDLC and ADCCP for point-to-point (dual-node) connections.
The Data Link Layer is concerned with local delivery of frames between devices on
the same LAN. Data Link frames, as these protocol data units are called, do not cross
the boundaries of a local network. Inter-network routing and global addressing are
higher layer functions, allowing Data Link protocols to focus on local delivery,
addressing, and media arbitration. In this way, the Data Link layer is analogous to a
neighborhood traffic cop; it endeavors to arbitrate between parties contending for
access to a medium.
When devices attempt to use a medium simultaneously, frame collisions occur. Data
Link protocols specify how devices detect and recover from such collisions, and may
provide mechanisms to reduce or prevent them.
Delivery of frames by layer 2 devices is affected through the use of unambiguous

hardware addresses. A frame's header contains source and destination addresses that
indicate which device originated the frame and which device is expected to receive
and process it. In contrast to the hierarchical and routable addresses of the network
layer, layer 2 addresses are flat, meaning that no part of the address can be used to
identify the logical or physical group to which the address belongs.
The data link thus provides data transfer across the physical link. That transfer can be
reliable or unreliable; many data link protocols do not have acknowledgments of
successful frame reception and acceptance, and some data link protocols might not
even have any form of checksum to check for transmission errors. In those cases,
higher-level protocols must provide flow control, error checking, and
acknowledgments and retransmission.
In some networks, such as IEEE 802 local area networks, the Data Link Layer is
described in more detail with Media Access Control (MAC) and Logical Link Control
(LLC) sublayers; this means that the IEEE 802.2 LLC protocol can be used with all of
the IEEE 802 MAC layers, such as Ethernet, token ring, IEEE 802.11, etc., as well as
with some non-802 MAC layers such as FDDI. Other Data Link Layer protocols,
such as HDLC, are specified to include both sublayers, although some other
protocols, such as Cisco HDLC, use HDLC's low-level framing as a MAC layer in
combination with a different LLC layer. In the ITU-T G.hn standard, which provides
WT
a way to create a high-speed (up to 1 Gigabit/s) Local area network using existing
home wiring (power lines, phone lines and coaxial cables), the Data Link Layer is
divided into three sub-layers (Application Protocol Convergence, Logical Link
Control and Medium Access Control).
Within the semantics of the OSI network architecture, the Data Link Layer protocols
respond to service requests from the Network Layer and they perform their function
by issuing service requests to the Physical Layer.
Sublayers of the Data Link Layer

Logical Link Control sublayer
The uppermost sublayer is Logical Link Control (LLC). This sublayer multiplexes
protocols running atop the Data Link Layer, and optionally provides flow control,
acknowledgment, and error notification. The LLC provides addressing and control of
the data link. It specifies which mechanisms are to be used for addressing stations
over the transmission medium and for controlling the data exchanged between the
originator and recipient machines.
Media Access Control sublayer
The sublayer below it is Media Access Control (MAC). Sometimes this refers to the
sublayer that determines who is allowed to access the media at any one time (usually
CSMA/CD). Other times it refers to a frame structure with MAC addresses inside.
There are generally two forms of media access control: distributed and centralized.
Both of these may be compared to communication between people. In a network
made up of people speaking, i.e. a conversation, we look for clues from our fellow
talkers to see if any of them appear to be about to speak. If two people speak at the
same time, they will back off and begin a long and elaborate game of saying "no, you
first".
The Media Access Control sublayer also determines where one frame of data ends
and the next one starts -- frame synchronization. There are four means of frame
synchronization: time based, character counting, byte stuffing and bit stuffing.
• The time based approach simply puts a specified amount of time between
frames. The major drawback of this is that new gaps can be introduced or old
gaps can be lost due to external influences.
• Character counting simply notes the count of remaining characters in the
frame's header. This method, however, is easily disturbed if this field gets
faulty in some way, thus making it hard to keep up synchronization.
• Byte stuffing precedes the frame with a special byte sequence such as DLE
STX and succeeds it with DLE ETX. Appearances of DLE (byte value 0x10)
WT
has to be escaped with another DLE. The start and stop marks are detected at
the receiver and removed as well as the inserted DLE characters.
• Similarly, bit stuffing replaces these start and end marks with flag consisting
of a special bit pattern (e.g. a 0, six 1 bits and a 0). Occurrences of this bit
pattern in the data to be transmitted is avoided by inserting a bit. To use the
example where the flag is 01111110, a 0 is inserted after 5 consecutive 1's in
the data stream. The flags and the inserted 0's are removed at the receiving
end. This makes for arbitrary long frames and easy synchronization for the
recipient. Note that this stuffed bit is added even if the following data bit is 0,
which could not be mistaken for a sync sequence, so that the receiver can
unambiguously distinguish stuffed bits from normal bits.
List of Data Link Layer services

• Encapsulation of network layer data packets into frames
• Frame synchronization
• Logical link control (LLC) sublayer:
o Error control (automatic repeat request,ARQ), in addition to ARQ
provided by some Transport layer protocols, to forward error
correction (FEC) techniques provided on the Physical Layer, and to
error-detection and packet canceling provided at all layers, including
the network layer. Data link layer error control (i.e. retransmission of
erroneous packets) is provided in wireless networks and V.42
telephone network modems, but not in LAN protocols such as
Ethernet, since bit errors are so uncommon in short wires. In that case,
only error detection and canceling of erroneous packets are provided.
o Flow control, in addition to the one provided on the Transport layer.
Data link layer error control is not used in LAN protocols such as
Ethernet, but in modems and wireless networks.
• Media access control (MAC) sublayer:
o Multiple access protocols for channel-access control, for example
CSMA/CD protocols for collision detection and retransmission in
Ethernet bus networks and hub networks, or the CSMA/CA protocol
for collision avoidance in wireless networks.
o Physical addressing (MAC addressing)
o LAN switching (packet switching) including MAC filtering and
spanning tree protocol
o Data packet queueing or scheduling
o Store-and-forward switching or cut-through switching
o Quality of Service (QoS) control
o Virtual LANs (VLAN)
Protocol examples
WT
• Address Resolution Protocol (ARP)
• ARCnet
• ATM
• Cisco Discovery Protocol (CDP)
• Controller Area Network (CAN)
• Econet
• Ethernet
• Ethernet Automatic Protection Switching (EAPS)
• Fiber Distributed Data Interface (FDDI)
• Frame Relay
• High-Level Data Link Control (HDLC)
• IEEE 802.2 (provides LLC functions to IEEE 802 MAC layers)
• IEEE 802.11 wireless LAN
• Link Access Procedures, D channel (LAPD)
• LocalTalk
• Multiprotocol Label Switching (MPLS)
• Point-to-Point Protocol (PPP)
• Serial Line Internet Protocol (SLIP) (obsolete)
• Spanning tree protocol
• StarLan
• Token ring
• Unidirectional Link Detection (UDLD)
• and most forms of serial communication.
Interfaces
The Data Link Layer is often implemented in software as a "network card driver".
The operating system will have a defined software interface between the data link and
the network transport stack above. This interface is not a layer itself, but rather a
definition for interfacing between layers.
Relation to TCP/IP model
In the frame work of the TCP/IP (Internet Protocol Suite) model, OSI's Data Link
Layer, in addition to other components, is contained in TCP/IP's lowest layer, the
Link Layer. The Internet Protocol's Link Layer only concerns itself with hardware
issues to the point of obtaining hardware addresses for locating hosts on a physical
network link and transmitting data frames onto the link. Thus, the Link Layer is
broader in scope and encompasses all methods that affect the local link, which is the
group of connections that are limited in scope to other nodes on the local access
network.
The TCP/IP model is not a top/down comprehensive design reference for networks. It
was formulated for the purpose of illustrating the logical groups and scopes of
functions needed in the design of the suite of internetworking protocols of TCP/IP, as
WT
needed for the operation of the Internet. In general, direct or strict comparisons of the
OSI and TCP/IP models should be avoided, because the layering in TCP/IP is not a
principal design criterion and in general considered to be "harmful" (RFC 3439). In
particular, TCP/IP does not dictate a strict hierarchical sequence of encapsulation
requirements, as is attributed to OSI protocols.
Chapter 6
Transport Layer
WT
In computer networking, the Transport Layer provides end-to-end communication
services for applications within a layered architecture of network components and
protocols. The transport layer provides convenient services such as connection-
oriented data stream support, reliability, flow control, and multiplexing.
Transport layers are contained in both the TCP/IP model (RFC 1122), which is the
foundation of the Internet, and the Open Systems Interconnection (OSI) model of
general networking. The definitions of the Transport Layer are slightly different in
these two models.
The most well-known transport protocol is the Transmission Control Protocol (TCP).
It lent its name to the title of the entire Internet Protocol Suite, TCP/IP. It is used for
connection-oriented transmissions, whereas the connectionless User Datagram
Protocol (UDP) is used for simpler messaging transmissions. TCP is the more
complex protocol, due to its stateful design incorporating reliable transmission and
data stream services. Other prominent protocols in this group are the Datagram
Congestion Control Protocol (DCCP) and the Stream Control Transmission Protocol
(SCTP).
Services
There are many services that can be optionally provided by a Transport Layer
protocol, and different protocols may or may not implement them.
• Connection-oriented communication: Interpreting the connection as a data

stream can provide many benefits to applications. It is normally easier to deal
with than the underlying connection-less models, such as the Transmission
Control Protocol's underlying Internet Protocol model of datagrams.
• Byte orientation: Rather than processing the messages in the underlying
communication system format, it is often easier for an application to process
the data stream as a sequence of bytes. This simplification helps applications
work with various underlying message formats.
• Same order delivery: The Network layer doesn't generally guarantee that
packets of data will arrive in the same order that they were sent, but often this
is a desirable feature. This is usually done through the use of segment
numbering, with the receiver passing them to the application in order. This
can cause head-of-line blocking.
• Reliability: Packets may be lost during transport due to network congestion
and errors. By means of an error detection code, such as a checksum, the
transport protocol may check that the data is not corrupted, and verify correct
receipt by sending an ACK or NACK message to the sender. Automatic repeat
request schemes may be used to retransmit lost or corrupted data.
• Flow control: The rate of data transmission between two nodes must
sometimes be managed to prevent a fast sender from transmitting more data
than can be supported by the receiving data buffer, causing a buffer overrun.
This can also be used to improve efficiency by reducing buffer underrun.
Congestion avoidance: Congestion control can control traffic entry into a
WT
•
telecommunications network, so as to avoid congestive collapse by attempting
to avoid oversubscription of any of the processing or link capabilities of the
intermediate nodes and networks and taking resource reducing steps, such as
reducing the rate of sending packets. For example, automatic repeat requests
may keep the network in a congested state; this situation can be avoided by
adding congestion avoidance to the flow control, including slow-start. This
keeps the bandwidth consumption at a low level in the beginning of the
transmission, or after packet retransmission.
• Multiplexing: Ports can provide multiple endpoints on a single node. For
example, the name on a postal address is a kind of multiplexing, and
distinguishes between different recipients of the same location. Computer
applications will each listen for information on their own ports, which enables
the use of more than one network service at the same time. It is part of the
Transport Layer in the TCP/IP model, but of the Session Layer in the OSI
model.
Analysis
The Transport Layer is responsible for delivering data to the appropriate application
process on the host computers. This involves statistical multiplexing of data from
different application processes, i.e. forming data packets, and adding source and
destination port numbers in the header of each Transport Layer data packet. Together
with the source and destination IP address, the port numbers constitutes a network
socket, i.e. an identification address of the process-to-process communication. In the
OSI model, this function is supported by the Session Layer.
Some Transport Layer protocols, for example TCP, but not UDP, support virtual
circuits, i.e. provide connection oriented communication over an underlying packet
oriented datagram network. A byte-stream is delivered while hiding the packet mode
communication for the application processes. This involves connection establishment,
dividing of the data stream into packets called segments, segment numbering and
reordering of out-of order data.
Finally, some Transport Layer protocols, for example TCP, but not UDP, provide
end-to-end reliable communication, i.e. error recovery by means of error detecting
code and automatic repeat request (ARQ) protocol. The ARQ protocol also provides
flow control, which may be combined with congestion avoidance.
UDP is a very simple protocol, and does not provide virtual circuits, nor reliable
communication, delegating these functions to the application program. UDP packets
are called datagrams, rather than segments.
TCP is used for many protocols, including HTTP web browsing and email transfer.
UDP may be used for multicasting and broadcasting, since retransmissions are not
possible to a large amount of hosts. UDP typically gives higher throughput and
WT
shorter latency, and is therefore often used for real-time multimedia communication
where packet loss occasionally can be accepted, for example IP-TV and IP-telephony,
and for online computer games.
In many non-IP-based networks, for example X.25, Frame Relay and ATM, the
connection oriented communication is implemented at network layer or data link
layer rather than the Transport Layer. In X.25, in telephone network modems and in
wireless communication systems, reliable node-to-node communication is
implemented at lower protocol layers.
The OSI model defines five classes of transport protocols: TP0, providing the least
error recovery, to TP4, which is designed for less reliable networks.
Protocols
The exact definition of what qualifies as a transport layer protocol is not firm. The
following is a short list:
• ATP, AppleTalk Transaction Protocol

• CUDP, Cyclic UDP
• DCCP, Datagram Congestion Control Protocol
• FCP, Fiber Channel Protocol
• IL, IL Protocol
• NBF, NetBIOS Frames protocol
• RDP, Reliable Datagram Protocol
• SCTP, Stream Control Transmission Protocol
• SPX, Sequenced Packet Exchange
• SST, Structured Stream Transport
• TCP, Transmission Control Protocol
• UDP, User Datagram Protocol
• UDP Lite
• µTP, Micro Transport Protocol
Comparison of Transport Layer protocols

Feature UDP
UDP TCP SCTP DCCP RUDP
Name Lite
12 Bytes +
Packet header 20-60 Variable 12 or 16
8 Bytes 8 Bytes
size Bytes Chunk bytes
Header
Transport
Layer packet Datagram Datagram Segment Datagram Datagram Datagram
entity
Connection
No No Yes Yes Yes No
WT
oriented
Reliable
No No Yes Yes No Yes
transport
Unreliable
Yes Yes No Yes Yes Yes
transport
Preserve
message Yes Yes No Yes Yes Unsure
boundary
Ordered
No No Yes Yes No No
delivery
Unordered
Yes Yes No Yes Yes Yes
delivery
Data
Optional Yes Yes Yes Yes Unsure
checksum
Checksum
16 16 16 32 16 Unsure
size (bits)
Partial
No Yes No No Yes No
checksum
Path MTU No No Yes Yes Yes Unsure
Flow control No No Yes Yes No
Congestion
No No Yes Yes Yes Unsure
control
ECN support No No Yes Yes Yes
Multiple
No No No Yes No No
streams
Multi-homing
No No No Yes No No
support
Bundling /
No No Yes Yes No Unsure
Nagle
NAT friendly Yes Yes No Yes
Comparison of OSI transport protocols

The OSI model defines five classes of connection-mode transport protocols
designated class 0 (TP0) to class 4 (TP4). Class 0 contains no error recovery, and was
designed for use on network layers that provide error-free connections. Class 4 is
WT
closest to TCP, although TCP contains functions, such as the graceful close, which
OSI assigns to the Session Layer. All OSI connection-mode protocol classes provide
expedited data and preservation of record boundaries. Detailed characteristics of the
classes are shown in the following table:
Service TP0 TP1 TP2 TP3 TP4

Connection oriented network Yes Yes Yes Yes Yes
Connectionless network No No No No Yes
Concatenation and separation No Yes Yes Yes Yes
Segmentation and reassembly Yes Yes Yes Yes Yes
Error Recovery No Yes No Yes Yes
Reinitiate connection (if an excessive number of PDUs
No Yes No Yes No
are unacknowledged)
multiplexing and demultiplexing over a single virtual
No No Yes Yes Yes
circuit
Explicit flow control No No Yes Yes Yes
Retransmission on timeout No No No No Yes
Reliable Transport Service No Yes No Yes Yes
Chapter 7
Session Layer, Application Layer &

Presentation Layer
WT
Session Layer
The Session Layer is Layer 5 of the seven-layer OSI model of computer networking.
The Session Layer provides the mechanism for opening, closing and managing a
session between end-user application processes, i.e. a semi-permanent dialogue.
Communication sessions consist of requests and responses that occur between
applications. Session Layer services are commonly used in application environments
that make use of remote procedure calls (RPCs).
An example of a Session Layer protocol is the OSI protocol suite Session Layer
Protocol, also known as X.225 or ISO 8327. In case of a connection loss this protocol
may try to recover the connection. If a connection is not used for a long period, the
Session Layer Protocol may close it and re-open it. It provides for either full duplex
or half-duplex operation and provides synchronization points in the stream of
exchanged messages.
Other examples of Session Layer implementations include Zone Information Protocol

(ZIP) – the AppleTalk protocol that coordinates the name binding process, and
Session Control Protocol (SCP) – the DECnet Phase IV Session Layer protocol.
Within the service layering semantics of the OSI network architecture, the Session
Layer responds to service requests from the Presentation Layer and issues service
requests to the Transport Layer.
Services
• Authentication
• Permissions
• Session restoration (checkpointing and recovery)
The Session Layer of the OSI model is responsible for session checkpointing and
recovery. It allows information of different streams, perhaps originating from
different sources, to be properly combined or synchronized.
An example application is web conferencing, in which the streams of audio and video
must be synchronous to avoid so-called lip synch problems. Floor control ensures that
the person displayed on screen is the current speaker.
Another application is in live TV programs, where streams of audio and video need to
be seamlessly merged and transitioned from one to the other to avoid silent airtime or
excessive overlap.
Protocols
WT
• ADSP, AppleTalk Data Stream Protocol
• ASP, AppleTalk Session Protocol
• H.245, Call Control Protocol for Multimedia Communication
• ISO-SP, OSI Session Layer Protocol (X.225, ISO 8327)
• iSNS, Internet Storage Name Service
• L2F, Layer 2 Forwarding Protocol
• L2TP, Layer 2 Tunneling Protocol
• NetBIOS, Network Basic Input Output System
• PAP, Password Authentication Protocol
• PPTP, Point-to-Point Tunneling Protocol
• RPC, Remote Procedure Call Protocol
• RTCP, Real-time Transport Control Protocol
• SMPP, Short Message Peer-to-Peer
• SCP, Session Control Protocol
• ZIP, Zone Information Protocol
• SDP, Sockets Direct Protocol
Comparison with TCP/IP model

The TCP/IP reference model does not concern itself with the OSI model's details of
application or transport protocol semantics and therefore does not consider a Session
Layer. OSI's session management in connection with the typical transport protocols
(TCP, SCTP), is contained in the Transport Layer protocols, or otherwise considered
the realm of the Application Layer protocols. TCP/IP's layers are descriptions of
operating scopes (application, host-to-host, network, link) and not detailed
prescriptions of operating procedures or data semantics.
Application Layer
The Internet Protocol Suite (TCP/IP) and the Open Systems Interconnection model
(OSI model) of computer networking each specify a group of protocols and methods
identified by the name Application Layer.
In TCP/IP, the Application Layer contains all protocols and methods that fall into the
realm of process-to-process communications across an Internet Protocol (IP) network.
Application Layer methods use the underlying Transport Layer protocols to establish
host-to-host connections.
In the OSI model, the definition of its Application Layer is narrower in scope,
explicitly distinguishing additional functionality above the Transport Layer at two
additional levels, the Session Layer and the Presentation Layer. OSI specifies strict
WT
modular separation of functionality at these layers and provides protocol
implementations for each layer.
TCP/IP protocols
The following protocols are explicitly mentioned in RFC 1123 (1989), describing the
Application Layer of the Internet Protocol Suite.
• Remote Login category

o Telnet
• File Transfer category
o FTP
o TFTP
• Electronic Mail category
o SMTP
• Support Services category
o DNS
o RARP
o BOOTP
o SNMP
o CMOT
Other protocol examples

• 9P, Plan 9 from Bell Labs distributed file system protocol
• AFP,
• APPC, Advanced Program-to-Program Communication
• AMQP, Advanced Message Queuing Protocol
• BitTorrent
• Atom Publishing Protocol
• BOOTP, Bootstrap Protocol
• CFDP, Coherent File Distribution Protocol
• DDS, Data Distribution Service
• DHCP, Dynamic Host Configuration Protocol
• DeviceNet
• DNS, Domain Name System (Service) Protocol
• eDonkey
• ENRP, Endpoint Handlespace Redundancy Protocol
• FastTrack (KaZaa, Grokster, iMesh)
• Finger, User Information Protocol
• Freenet
• FTAM, File Transfer Access and Management
• FTP, File Transfer Protocol
• Gopher, Gopher protocol
• HL7, Health Level Seven
HTTP, HyperText Transfer Protocol
WT
•
• H.323, Packet-Based Multimedia Communications System
• IMAP, IMAP4, Internet Message Access Protocol (version 4)
• IRCP, Internet Relay Chat Protocol

• Kademlia
• LDAP, Lightweight Directory Access Protocol
• LPD, Line Printer Daemon Protocol
• MIME (S-MIME), Multipurpose Internet Mail Extensions and Secure MIME
• Modbus
• Netconf
• NFS, Network File System
• NIS, Network Information Service
• NNTP, Network News Transfer Protocol
• NTCIP, National Transportation Communications for Intelligent
Transportation System Protocol
• NTP, Network Time Protocol
• OSCAR, AOL Instant Messenger Protocol
• PNRP, Peer Name Resolution Protocol
• POP, POP3, Post Office Protocol (version 3)
• RDP, Remote Desktop Protocol
• Rlogin, Remote Login in UNIX Systems
• RPC, Remote Procedure Call
• RTMP Real Time Messaging Protocol
• RTP, Real-time Transport Protocol
• RTPS, Real Time Publish Subscribe
• RTSP, Real Time Streaming Protocol
• SAP, Session Announcement Protocol
• SDP, Session Description Protocol
• SIP, Session Initiation Protocol
• SLP, Service Location Protocol
• SMB, Server Message Block
• SMTP, Simple Mail Transfer Protocol
• SNMP, Simple Network Management Protocol
• SNTP, Simple Network Time Protocol
• SPTP, Secure Parallel Transfer Protocol
• SSH, Secure Shell
• SSMS, Secure SMS Messaging Protocol
• TCAP, Transaction Capabilities Application Part
• TDS, Tabular Data Stream
• TELNET, Terminal Emulation Protocol of TCP/IP
• TFTP, Trivial File Transfer Protocol
• TSP, Time Stamp Protocol
• VTP, Virtual Terminal Protocol
• Waka, an HTTP replacement protocol
• Whois (and RWhois), Remote Directory Access Protocol
WebDAV
WT
•
• X.400, Message Handling Service Protocol
• X.500, Directory Access Protocol (DAP)
• XMPP, Extensible Messaging and Presence Protocol
Presentation Layer
The Presentation Layer is Layer 6 of the seven-layer OSI model of computer
networking.
The Presentation Layer is responsible for the delivery and formatting of information
to the application layer for further processing or display. It relieves the application
layer of concern regarding syntactical differences in data representation within the
end-user systems. Note: An example of a presentation service would be the
conversion of an EBCDIC-coded text file to an ASCII-coded file.
The Presentation Layer is the lowest layer at which application programmers consider
data structure and presentation, instead of simply sending data in form of datagrams
or packets between hosts. This layer deals with issues of string representation -
whether they use the Pascal method (an integer length field followed by the specified
amount of bytes) or the C/C++ method (null-terminated strings, i.e.
"thisisastring\0"). The idea is that the application layer should be able to point at
the data to be moved, and the Presentation Layer will deal with the rest.
Serialization of complex data structures into flat byte-strings (using mechanisms such
as TLV or XML) can be thought of as the key functionality of the Presentation Layer.
Encryption is typically done at this level too, although it can be done on the
Application, Session, Transport, or Network Layers; each having its own advantages
and disadvantages. Another example is representing structure, which is normally
standardized at this level, often by using XML. As well as simple pieces of data, like
strings, more complicated things are standardized in this layer. Two common
examples are 'objects' in object-oriented programming, and the exact way that
streaming video is transmitted.
In many widely used applications and protocols, no distinction is made between the
presentation and application layers. For example, HTTP, generally regarded as an
application layer protocol, has Presentation Layer aspects such as the ability to
identify character encoding for proper conversion, which is then done in the
Application Layer.
Within the service layering semantics of the OSI network architecture, the
Presentation Layer responds to service requests from the Application Layer and
issues service requests to the Session Layer.
WT
Services
• Encryption
• Compression
Sublayers
The Presentation Layer is composed of two sublayers:
• CASE (Common Application Service Element)

• SASE (Specific Application Service Element)
CASE
The CASE sublayer provides services for the Application Layer and request services
from the Session Layer. It provides support for common application services, such as:
• ACSE (Association Control Service Element)

• ROSE (Remote Operation Service Element)
• CCR (Commitment Concurrency and Recovery)
• RTSE (Reliable Transfer Service Element)
SASE
The SASE sublayer provides application specific services (protocols), such as
• FTAM (File Transfer, Access and Manager)

• VT (Virtual Terminal)
• MOTIS (Message Oriented Text Interchange Standard)
• CMIP (Common Management Information Protocol)
• JTM (Job Transfer and Manipulation) a former OSI standard
• MMS (Manufacturing Messaging Service)
• RDA (Remote Database Access)
• DTP (Distributed Transaction Processing)
• Tel Net(a remote terminal access protocol)
Protocols
• AFP, Apple Filing Protocol
• ASCII, American Standard Code for Information Interchange
• EBCDIC, Extended Binary Coded Decimal Interchange Code
• ICA, Independent Computing Architecture, the Citrix system core protocol
• LPP, Lightweight Presentation Protocol
• NCP, NetWare Core Protocol
• NDR, Network Data Representation
WT
• XDR, eXternal Data Representation
• X.25 PAD, Packet Assembler/Disassembler Protocol
Chapter 8
Spanning Tree Protocol
WT
The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free
topology for any bridged Ethernet local area network. The basic function of STP is to
prevent bridge loops and ensuing broadcast radiation. Spanning tree also allows a
network design to include spare (redundant) links to provide automatic backup paths
if an active link fails, without the danger of bridge loops, or the need for manual
enabling/disabling of these backup links.
STP is a Data Link Layer protocol. It is standardized as IEEE 802.1D. As the name
suggests, it creates a spanning tree within a mesh network of connected layer-2
bridges (typically Ethernet switches), and disables those links that are not part of the
spanning tree, leaving a single active path between any two network nodes.
STP is based on an algorithm invented by Radia Perlman while working for Digital
Equipment Corporation.
Protocol operation
The collection of bridges in a local area network (LAN) can be considered a graph
whose nodes are bridges and LAN segments (or cables), and whose edges are the
interfaces connecting the bridges to the segments. To break loops in the LAN while
maintaining access to all LAN segments, the bridges collectively compute a spanning
tree. The spanning tree is not necessarily a minimum cost spanning tree. A network
administrator can reduce the cost of a spanning tree, if necessary, by altering some of
the configuration parameters in such a way as to affect the choice of the root of the
spanning tree. The spanning tree that the bridges compute using the Spanning Tree
Protocol can be determined using the following rules. The example network at the
right, below, will be used to illustrate the rules.
WT
1. An example network. The numbered boxes represent bridges (the number
represents the bridge ID). The lettered clouds represent network segments.
WT
2. The smallest bridge ID is 3. Therefore, bridge 3 is the root bridge.
WT
3. Assuming that the cost of traversing any network segment is 1, the least cost path
from bridge 4 to the root bridge goes through network segment c. Therefore, the root
port for bridge 4 is the one on network segment c.
WT
4. The least cost path to the root from network segment e goes through bridge 92.
Therefore the designated port for network segment e is the port that connects bridge
92 to network segment e.
WT
5. This diagram illustrates all port states as computed by the spanning tree algorithm.
Any active port that is not a root port or a designated port is a blocked port.
tree.
WT
6. After link failure the spanning tree algorithm computes and spans new least-cost
Select a root bridge. The root bridge of the spanning tree is the bridge with the
smallest (lowest) bridge ID. Each bridge has a unique identifier (ID) and a
configurable priority number; the bridge ID contains both numbers. To compare two
bridge IDs, the priority is compared first. If two bridges have equal priority, then the
MAC addresses are compared. For example, if switches A (MAC=0200.0000.1111)
and B (MAC=0200.0000.2222) both have a priority of 10, then switch A will be
selected as the root bridge. If the network administrators would like switch B to
become the root bridge, they must set its priority to be less than 10.
Determine the least cost paths to the root bridge. The computed spanning tree has
the property that messages from any connected device to the root bridge traverse a
least cost path, i.e., a path from the device to the root that has minimum cost among
all paths from the device to the root. The cost of traversing a path is the sum of the
costs of the segments on the path. Different technologies have different default costs
for network segments. An administrator can configure the cost of traversing a
particular network segment. The property that messages always traverse least-cost
paths to the root is guaranteed by the following two rules.
Least cost path from each bridge. After the root bridge has been chosen, each bridge
determines the cost of each possible path from itself to the root. From these, it picks
one with the smallest cost (a least-cost path). The port connecting to that path
becomes the root port (RP) of the bridge.
Least cost path from each network segment. The bridges on a network segment
collectively determine which bridge has the least-cost path from the network segment
to the root. The port connecting this bridge to the network segment is then the
designated port (DP) for the segment.
WT
Disable all other root paths. Any active port that is not a root port or a designated
port is a blocked port (BP).
Modifications in case of ties. The above rules over-simplify the situation slightly,
because it is possible that there are ties, for example, two or more ports on a single
bridge are attached to least-cost paths to the root or two or more bridges on the same
network segment have equal least-cost paths to the root. To break such ties:
Breaking ties for root ports. When multiple paths from a bridge are least-cost paths,
the chosen path uses the neighbor bridge with the lower bridge ID. The root port is
thus the one connecting to the bridge with the lowest bridge ID. For example, in
figure 3, if switch 4 were connected to network segment d, there would be two paths
of length 2 to the root, one path going through bridge 24 and the other through bridge
92. Because there are two least cost paths, the lower bridge ID (24) would be used as
the tie-breaker in choosing which path to use.
Breaking ties for designated ports. When more than one bridge on a segment leads to
a least-cost path to the root, the bridge with the lower bridge ID is used to forward
messages to the root. The port attaching that bridge to the network segment is the
designated port for the segment. In figure 4, there are two least cost paths from
network segment d to the root, one going through bridge 24 and the other through
bridge 92. The lower bridge ID is 24, so the tie breaker dictates that the designated
port is the port through which network segment d is connected to bridge 24. If bridge
IDs were equal, then the bridge with the lowest MAC address would have the
designated port. In either case, the loser sets the port as being blocked.
The final tie-breaker. In some cases, there may still be a tie, as when two bridges are
connected by multiple cables. In this case, multiple ports on a single bridge are
candidates for root port. In this case, the path which passes through the port on the
neighbor bridge that has the lowest port priority is used.
Data rate and STP path cost
The table below shows the default cost of an interface for a given data rate.
Data rate STP Cost (802.1D-1998) STP Cost (802.1t-2001)

4 Mbit/s 250 5,000,000
10 Mbit/s 100 2,000,000
16 Mbit/s 62 1,250,000
100 Mbit/s 19 200,000
1 Gbit/s 4 20,000
2 Gbit/s 3 10,000
10 Gbit/s 2 2,000
WT
Bridge Protocol Data Units (BPDUs)
The above rules describe one way of determining what spanning tree will be
computed by the algorithm, but the rules as written require knowledge of the entire
network. The bridges have to determine the root bridge and compute the port roles
(root, designated, or blocked) with only the information that they have. To ensure that
each bridge has enough information, the bridges use special data frames called
Bridge Protocol Data Units (BPDUs) to exchange information about bridge IDs and
root path costs.
A bridge sends a BPDU frame using the unique MAC address of the port itself as a
source address, and a destination address of the STP multicast address
01:80:C2:00:00:00.
There are three types of BPDUs:
• Configuration BPDU (CBPDU), used for Spanning Tree computation

• Topology Change Notification (TCN) BPDU, used to announce changes in
the network topology
• Topology Change Notification Acknowledgment (TCA)
BPDUs are exchanged regularly (every 2 seconds by default) and enable switches to
keep track of network changes and to start and stop forwarding at ports as required.
When a device is first attached to a switch port, it will not immediately start to
forward data. It will instead go through a number of states while it processes BPDUs
and determines the topology of the network. When a host is attached such as a
computer, printer or server the port will always go into the forwarding state, albeit
after a delay of about 30 seconds while it goes through the listening and learning
states. The time spent in the listening and learning states is determined by a value
known as the forward delay (default 15 seconds and set by the root bridge). However,
if instead another switch is connected, the port may remain in blocking mode if it is
determined that it would cause a loop in the network. Topology Change Notification
(TCN) BPDUs are used to inform other switches of port changes. TCNs are injected
into the network by a non-root switch and propagated to the root. Upon receipt of the
TCN, the root switch will set a Topology Change flag in its normal BPDUs. This flag
is propagated to all other switches to instruct them to rapidly age out their forwarding
table entries....
STP switch port states:
• Blocking - A port that would cause a switching loop, no user data is sent or
received but it may go into forwarding mode if the other links in use were to
fail and the spanning tree algorithm determines the port may transition to the
forwarding state. BPDU data is still received in blocking state.
Listening - The switch processes BPDUs and awaits possible new
WT
•
information that would cause it to return to the blocking state.
• Learning - While the port does not yet forward frames (packets) it does learn
source addresses from frames received and adds them to the filtering database
(switching database)
• Forwarding - A port receiving and sending data, normal operation. STP still
monitors incoming BPDUs that would indicate it should return to the blocking
state to prevent a loop.
• Disabled - Not strictly part of STP, a network administrator can manually
disable a port
To prevent the delay when connecting hosts to a switch and during some topology
changes, Rapid STP was developed and standardized by IEEE 802.1w, which allows
a switch port to rapidly transition into the forwarding state during these situations.
BPDU fields
The bridge ID, or BID, is a field inside a BPDU packet. It is eight bytes in length. The
first two bytes are the Bridge Priority, an unsigned integer of 0-65,535. The last six
bytes are a MAC address supplied by the switch. In the event that MAC Address
Reduction is used, the first two bytes are used differently. The first four bits are a
configurable priority, and the last twelve bits carry either the VLAN ID or MSTP
instance number.
Evolutions and extensions

The first spanning tree protocol was invented in 1985 at the Digital Equipment
Corporation by Radia Perlman. In 1990, the IEEE published the first standard for the
protocol as 802.1D, based on the algorithm designed by Perlman. Subsequent
versions were published in 1998 and 2004, incorporating various extensions.
Although the purpose of a standard is to promote interworking of equipment from
different vendors, different implementations of a standard are not guaranteed to work,
due for example to differences in default timer settings. The IEEE encourages
vendors to provide a "Protocol Implementation Conformance Statement", declaring
which capabilities and options have been implemented, to help users determine
whether different implementations will interwork correctly.
Also, the original Perlman-inspired Spanning Tree Protocol, called DEC STP, is not a
standard and differs from the IEEE version in message format as well as timer
settings. Some bridges implement both the IEEE and the DEC versions of the
Spanning Tree Protocol, but their interworking can create issues for the network
administrator, as illustrated by the problem discussed in an on-line Cisco document.
Rapid Spanning Tree Protocol (RSTP)
WT
In 2001, the IEEE with document 802.1w introduced an evolution of the Spanning
Tree Protocol: Rapid Spanning Tree Protocol (RSTP), which provides for faster
spanning tree convergence after a topology change. Standard IEEE 802.1D-2004 now
incorporates RSTP and obsoletes STP. While STP can take 30 to 50 seconds to
respond to a topology change, RSTP is typically able to respond to changes within
3*Hello times (default: 6 seconds) or within a few milliseconds of a physical link
failure. The so-called Hello time is an important and configurable time interval that is
used by RSTP for several purposes; its default value is 2 seconds.
RSTP bridge port roles:
• Root - A forwarding port that is the best port from Nonroot-bridge to

Rootbridge
• Designated - A forwarding port for every LAN segment
• Alternate - An alternate path to the root bridge. This path is different than
using the root port.
• Backup - A backup/redundant path to a segment where another bridge port
already connects.
• Disabled - Not strictly part of STP, a network administrator can manually
disable a port
RSTP is a refinement of STP and therefore shares most of its basic operation
characteristics. However there are some notable differences as summarized below:
• Detection of root switch failure is done in 3 hello times, which is 6 seconds if

default hello times have not been changed.
• Ports may be configured as edge ports if they are attached to a LAN that has
no other bridges attached. These edge ports transition directly to the
forwarding state. RSTP still continues to monitor the port for BPDUs in case a
bridge is connected. RSTP can also be configured to automatically detect edge
ports. As soon as the bridge detects a BPDU coming to an edge port, the port
becomes a non-edge port.
• Unlike in STP, RSTP will respond to BPDUs sent from the direction of the
root bridge. An RSTP bridge will "propose" its spanning tree information to
its designated ports. If another RSTP bridge receives this information and
determines this is the superior root information, it sets all its other ports to
discarding. The bridge may send an "agreement" to the first bridge confirming
its superior spanning tree information. The first bridge, upon receiving this
agreement, knows it can rapidly transition that port to the forwarding state
bypassing the traditional listening/learning state transition. This essentially
creates a cascading effect away from the root bridge where each designated
bridge proposes to its neighbors to determine if it can make a rapid transition.
This is one of the major elements that allows RSTP to achieve faster
convergence times than STP.
As discussed in the port role details above, RSTP maintains backup details
WT
•
regarding the discarding status of ports. This avoids timeouts if the current
forwarding ports were to fail or BPDUs were not received on the root port in a
certain interval.
Per-VLAN Spanning Tree (PVST)
In Ethernet switched environments where multiple Virtual LANs exist, spanning tree
can be deployed per Virtual LAN. Cisco's name for this is per VLAN spanning tree
(PVST and PVST+, which is the default protocol used by Cisco switches). Both
PVST and PVST+ protocols are Cisco proprietary protocols and they cannot be used
on 3rd party switches, although Force10 Networks, Extreme Networks and Blade
Network Technologies support PVST+, Extreme Networks does so with two
limitations (lack of support on ports where the VLAN is untagged/native and also on
the VLAN with ID 1). PVST works only with ISL (Cisco's proprietary protocol for
VLAN encapsulation) due to its embedded Spanning tree ID. Due to high penetration
of the IEEE 802.1Q VLAN trunking standard and PVST's dependence on ISL, Cisco
defined a different PVST+ standard for 802.1Q encapsulation. PVST+ can tunnel
across an MSTP Region.
Multiple Spanning Tree Protocol (MSTP)
The Multiple Spanning Tree Protocol (MSTP), originally defined in IEEE 802.1s and
later merged into IEEE 802.1Q-2005, defines an extension to RSTP to further
develop the usefulness of virtual LANs (VLANs). This "Per-VLAN" Multiple
Spanning Tree Protocol configures a separate Spanning Tree for each VLAN group
and blocks all but one of the possible alternate paths within each Spanning Tree.
If there is only one Virtual LAN (VLAN) in the network, single (traditional) STP
works appropriately. If the network contains more than one VLAN, the logical
network configured by single STP would work, but it is possible to make better use of
the alternate paths available by using an alternate spanning tree for different VLANs
or groups of VLANs.
MSTP allows formation of MST regions that can run multiple MST instances
(MSTI). Multiple regions and other STP bridges are interconnected using one single
common spanning tree (CST).
MSTP is similar to Cisco Systems' Multiple Instances Spanning Tree Protocol

(MISTP), and is an evolution of the Spanning Tree Protocol and the Rapid Spanning
Tree Protocol. It was introduced in IEEE 802.1s as an amendment to 802.1Q, 1998
edition. Standard IEEE 802.1Q-2005 now includes MSTP.
Unlike some proprietary per-VLAN spanning tree implementations, MSTP includes

all of its spanning tree information in a single BPDU format. Not only does this
reduce the number of BPDUs required on a LAN to communicate spanning tree
WT
information for each VLAN, but it also ensures backward compatibility with RSTP
(and in effect, classic STP too). MSTP does this by encoding additional region
information after the standard RSTP BPDU as well as a number of MSTI messages
(from 0 to 64 instances, although in practice many bridges support less). Each of
these MSTI configuration messages conveys the spanning tree information for each
instance. Each instance can be assigned a number of configured VLANs and frames
(packets) assigned to these VLANs operate in this spanning tree instance whenever
they are inside the MST region. In order to avoid conveying their entire VLAN to
spanning tree mapping in each BPDU, bridges encode an MD5 digest of their VLAN
to instance table in the MSTP BPDU. This digest is then used by other MSTP
bridges, along with other administratively configured values, to determine if the
neighboring bridge is in the same MST region as itself.
MSTP is fully compatible with RSTP bridges, in that an MSTP BPDU can be
interpreted by an RSTP bridge as an RSTP BPDU. This not only allows compatibility
with RSTP bridges without configuration changes, but also causes any RSTP bridges
outside of an MSTP region to see the region as a single RSTP bridge, regardless of
the number of MSTP bridges inside the region itself. In order to further facilitate this
view of an MST region as a single RSTP bridge, the MSTP protocol uses a variable
known as remaining hops as a time to live counter instead of the message age timer
used by RSTP. The message age time is only incremented once when spanning tree
information enters an MST region, and therefore RSTP bridges will see a region as
only one "hop" in the spanning tree. Ports at the edge of an MST region connected to
either an RSTP or STP bridge or an endpoint are known as boundary ports. As in
RSTP, these ports can be configured as edge ports to facilitate rapid changes to the
forwarding state when connected to endpoints.
Rapid Per-VLAN Spanning Tree (R-PVST)
Cisco's proprietary protocol that combines the functionalities of RSTP and PVST. It
is based on a per VLAN instance that creates a tree for each VLAN.
Chapter 9
Ethernet
WT
A standard 8P8C (often called RJ45) connector used most commonly on cat5 cable, a
type of cabling used primarily in Ethernet networks
Ethernet is a family of frame-based computer networking technologies for local area

networks (LAN). It defines a number of wiring and signaling standards for the
Physical Layer of the OSI networking model as well as a common addressing format
and a variety of Medium Access Control procedures at the lower part of the Data
Link Layer.
Ethernet is standardized as IEEE 802.3. The combination of the twisted pair versions
of Ethernet for connecting end systems to the network, along with the fiber optic
versions for site backbones, is the most widespread wired LAN technology. It has
been used since around 1980 to the present, largely replacing competing LAN
standards such as token ring, FDDI, and ARCNET.
History
Ethernet was developed at Xerox PARC between 1973 and 1975. It was inspired by
ALOHAnet, which Robert Metcalfe had studied as part of his Ph.D. dissertation. In
1975, Xerox filed a patent application listing Metcalfe, David Boggs, Chuck Thacker
and Butler Lampson as inventors. In 1976, after the system was deployed at PARC,
Metcalfe and Boggs published a seminal paper.
Metcalfe left Xerox in 1979 to promote the use of personal computers and local area
networks (LANs), forming 3Com. He convinced Digital Equipment Corporation
WT
(DEC), Intel, and Xerox to work together to promote Ethernet as a standard, the so-
called "DIX" standard, for "Digital/Intel/Xerox"; it specified the 10 Mbit/s Ethernet,
with 48-bit destination and source addresses and a global 16-bit Ethertype-type field
and was first published on September 30, 1980 as "The Ethernet, A Local Area
Network. Data Link Layer and Physical Layer Specifications". Version 2 of this
document was published in November, 1982 and defines what has become known as
Ethernet II. The Institute of Electrical and Electronics Engineers (IEEE) first
published the 802.3 standard as a draft in 1983 and as a standard in 1985. Support of
Ethernet's carrier sense multiple access with collision detection (CSMA/CD) in other
standardization bodies (i.e., ECMA, IEC, and ISO) was instrumental in getting past
delays of the finalization of the Ethernet standard due to the difficult decision
processes in the IEEE, and due to the competitive Token Ring proposal strongly
supported by IBM. Ethernet initially competed with two largely proprietary systems,
Token Ring and Token Bus. These proprietary systems soon found themselves
competing in a market inundated by Ethernet products. In the process, 3Com became
a major company. 3Com shipped its first 10 Mbit/s Ethernet 3C100 transceiver in
March 1981, and that year started selling adapters for DEC/PDP11 and VAXes, as
well as Intel Multibus and Sun Microsystems machines. This was followed quickly
by DEC's Unibus to Ethernet adapter, which DEC sold and used internally to build its
own corporate network, which reached over 10,000 nodes by 1986; far and away the
largest extant computer network in the world at that time.
Through the first half of the 1980s, DEC's Ethernet implementation, 10BASE5, used
a coaxial cable 0.375 inches (9.5 mm) in diameter, later called "thick ethernet" or
"thicknet" in contrast to its successor, 10BASE2, called "thin ethernet" or "thinnet".
Thinnet uses a cable similar to cable television cable of the era. The emphasis was on
making installation of the cable easier and less costly.
Shared cable Ethernet was always hard to install in offices because its bus topology
was in conflict with the star topology cable plans designed into buildings for
telephony. Modifying Ethernet to conform to twisted pair telephone wiring already
installed in commercial buildings provided another opportunity to lower costs,
expand the installed base, and leverage building design, and, thus, twisted-pair
Ethernet was the next logical development in the mid-1980s, beginning with
StarLAN. UTP-based Ethernet became widely deployed with the 10BASE-T
standard. This system replaced the coaxial cable systems with a system of full duplex
switches linked via UTP.
With the advent of the 10BASE-T standard in 1990, Ethernet switches supplemented
the half duplex CSMA/CD scheme with a full duplex system offering higher
performance at a lower cost than routers. With the arrival of 100BASE-T, Ethernet
switches capable of mixed speed and mixed duplex operation were built.
Standardization
Notwithstanding its technical merits, timely standardization was instrumental to the
WT
success of Ethernet. It required well-coordinated and partly competitive activities in
several standardization bodies such as the IEEE, ECMA, IEC, and finally ISO.
In February 1980, IEEE started a project, IEEE 802, for the standardization of local
area networks (LAN).
The "DIX-group" with Gary Robinson (DEC), Phil Arst (Intel), and Bob Printis
(Xerox) submitted the so-called "Blue Book" CSMA/CD specification as a candidate
for the LAN specification. Since IEEE membership is open to all professionals,
including students, the group received countless comments on this brand-new
technology.
In addition to CSMA/CD, Token Ring (supported by IBM) and Token Bus (selected
and henceforward supported by General Motors) were also considered as candidates
for a LAN standard. Due to the goal of IEEE 802 to forward only one standard and
due to the strong company support for all three designs, the necessary agreement on a
LAN standard was significantly delayed.
In the Ethernet camp, it put at risk the market introduction of the Xerox Star
workstation and 3Com's Ethernet LAN products. With such business implications in
mind, David Liddle (General Manager, Xerox Office Systems) and Metcalfe (3Com)
strongly supported a proposal of Fritz Röscheisen (Siemens Private Networks) for an
alliance in the emerging office communication market, including Siemens' support for
the international standardization of Ethernet (April 10, 1981). Ingrid Fromm, Siemens
representative to IEEE 802 quickly achieved broader support for Ethernet beyond
IEEE by the establishment of a competing Task Group "Local Networks" within the
European standards body ECMA TC24. As early as March 1982 ECMA TC24 with
its corporate members reached agreement on a standard for CSMA/CD based on the
IEEE 802 draft. The speedy action taken by ECMA decisively contributed to the
conciliation of opinions within IEEE and approval of IEEE 802.3 CSMA/CD by the
end of 1982.
Approval of Ethernet on the international level was achieved by a similar, cross-
partisan action with Fromm as liaison officer working to integrate IEC TC83 and ISO
TC97SC6, and the ISO/IEEE 802/3 standard was approved in 1984.
Evolution
Ethernet is an evolving technology. Evolutions have included higher bandwidth,
improved media access control methods, and changes to the physical medium.
Ethernet evolved into the complex networking technology that today underlies most
LANs. The coaxial cable was replaced with point-to-point links connected by
Ethernet repeaters or switches to reduce installation costs, increase reliability, and
enable point-to-point management and troubleshooting. There are many variants of
Ethernet in common use.
WT
Ethernet stations communicate by sending each other data packets, blocks of data that
are individually sent and delivered. As with other IEEE 802 LANs, each Ethernet
station is given a 48-bit MAC address. The MAC addresses are used to specify both
the destination and the source of each data packet. Network interface cards (NICs) or
chips normally do not accept packets addressed to other Ethernet stations. Adapters
come programmed with a globally unique address. Despite the significant changes in
Ethernet from a thick coaxial cable bus running at 10 Mbit/s to point-to-point links
running at 1 Gbit/s and beyond, all generations of Ethernet (excluding early
experimental versions) use the same frame formats (and hence the same interface for
higher layers), and can be readily interconnected through bridging.
Due to the ubiquity of Ethernet, the ever-decreasing cost of the hardware needed to
support it, and the reduced panel space needed by twisted pair Ethernet, most
manufacturers now build the functionality of an Ethernet card directly into PC
motherboards, eliminating the need for installation of a separate network card.
Shared media
WT
A 1990s network interface card supporting both coaxial cable-based 10BASE2 (BNC
connector, left) and twisted pair-based 10BASE-T (8P8C connector, right).
Ethernet was originally based on the idea of computers communicating over a shared
coaxial cable acting as a broadcast transmission medium. The methods used were
similar to those used in radio systems, with the common cable providing the
communication channel likened to the Luminiferous Aether in 19th century physics,
and it was from this reference that the name "Ethernet" was derived.
Original Ethernet's shared coaxial cable (the shared medium) traversed a building or
campus to every attached machine. A scheme known as carrier sense multiple access
with collision detection (CSMA/CD) governed the way the computers shared the
channel. This scheme was simpler than the competing token ring or token bus
technologies. Computers were connected to an Attachment Unit Interface (AUI)
transceiver, which was in turn connected to the cable (later with thin Ethernet the
transceiver was integrated into the network adapter). While a simple passive wire was
highly reliable for small networks, it was not reliable for large extended networks,
where damage to the wire in a single place, or a single bad connector, could make the
whole Ethernet segment unusable.
Since all communications happen on the same wire, any information sent by one
computer is received by all, even if that information is intended for just one
destination. The network interface card interrupts the CPU only when applicable
packets are received: The card ignores information not addressed to it. Use of a single
cable also means that the bandwidth is shared, so that network traffic can be very
slow when many stations are simultaneously active.
Collisions reduce throughput by their very nature. In the worst case, when there are
lots of hosts with long cables that attempt to transmit many short frames, excessive
collisions can reduce throughput dramatically. However, a Xerox report in 1980
summarized the results of having 20 fast nodes attempting to transmit packets of
various sizes as quickly as possible on the same Ethernet segment. The results
showed that, even for the smallest Ethernet frames (64 Bytes), 90% throughput on the
LAN was the norm. This is in comparison with token passing LANs (token ring,
token bus), all of which suffer throughput degradation as each new node comes into
WT
the LAN, due to token waits. This report was controversial, as modeling showed that
collision-based networks became unstable under loads as low as 40% of nominal
capacity. Many early researchers failed to understand the subtleties of the CSMA/CD
protocol and how important it was to get the details right, and were really modeling
somewhat different networks (usually not as good as real Ethernet).
Repeaters and hubs
For signal degradation and timing reasons, coaxial Ethernet segments had a restricted
size. Somewhat larger networks could be built by using an Ethernet repeater. Initial
repeaters had only 2 ports, but they gave way to 4, 6, 8, and more ports. People
recognized the advantages of cabling in a star topology, primarily that a fault in one
of the legs affects operation of only the stations attached to that leg.
A twisted pair Cat-3 or Cat-5 cable is used to connect 10BASE-T Ethernet
Ethernet on unshielded twisted-pair cables (UTP), beginning with StarLAN and

continuing with 10BASE-T, was designed for point-to-point links only, and all
termination was built into the device. This changed repeaters from a specialist device
used at the center of large networks to a device that every twisted pair-based network
with more than two machines had to use. The tree structure that resulted from this
made Ethernet networks more reliable by preventing faults with one peer or its
associated cable from affecting other devices on the network.
Despite the physical star topology, repeater based Ethernet networks still use half-
duplex and CSMA/CD, with only minimal activity by the repeater, primarily the
Collision Enforcement signal, in dealing with packet collisions. Every packet is sent
to every port on the repeater, so bandwidth and security problems are not addressed.
The total throughput of the repeater is limited to that of a single link, and all links
must operate at the same speed.
Bridging and switching
While repeaters could isolate some aspects of Ethernet segments, such as cable
WT
breakages, they still forwarded all traffic to all Ethernet devices. This created
practical limits on how many machines could communicate on an Ethernet network.
The entire network was one collision domain, and all hosts had to be able to detect
collisions anywhere on the network. This limited the number of repeaters between the
farthest nodes. Segments joined by repeaters had to all operate at the same speed,
making phased-in upgrades impossible.
To alleviate these problems, bridging was created to communicate at the data link
layer while isolating the physical layer. With bridging, only well-formed Ethernet
packets are forwarded from one Ethernet segment to another; collisions and packet
errors are isolated. Prior to discovery of network devices on the different segments,
Ethernet bridges (and switches) work somewhat like Ethernet repeaters, passing all
traffic between segments. However, as the bridge discovers the addresses associated
with each port, it forwards network traffic only to the necessary segments, improving
overall performance. Broadcast traffic is still forwarded to all network segments.
Bridges also overcame the limits on total segments between two hosts and allowed
the mixing of speeds, both of which became very important with the introduction of
Fast Ethernet.
Early bridges examined each packet one by one using software on a CPU, and some
of them were significantly slower than repeaters at forwarding traffic, especially
when handling many ports at the same time. This was in part because the entire
Ethernet packet would be read into a buffer, the destination address compared with an
internal table of known MAC addresses, and a decision made as to whether to drop
the packet or forward it to another or all segments.
In 1989, the networking company Kalpana introduced their EtherSwitch, the first
Ethernet switch. This worked somewhat differently from an Ethernet bridge, in that
only the header of the incoming packet would be examined before it was either
dropped or forwarded to another segment. This greatly reduced the forwarding
latency and the processing load on the network device. One drawback of this cut-
through switching method was that packets that had been corrupted would still be
propagated through the network, so a jabbering station could continue to disrupt the
entire network. The eventual remedy for this was a return to the original store and
forward approach of bridging, where the packet would be read into a buffer on the
switch in its entirety, verified against its checksum and then forwarded, but using
more powerful application-specific integrated circuits. Hence, the bridging is then
done in hardware, allowing packets to be forwarded at full wire speed.
When a twisted pair or fiber link segment is used and neither end is connected to a
repeater, full-duplex Ethernet becomes possible over that segment. In full-duplex
mode, both devices can transmit and receive to and from each other at the same time,
and there is no collision domain. This doubles the aggregate bandwidth of the link
and is sometimes advertised as double the link speed (e.g., 200 Mbit/s). The
elimination of the collision domain for these connections also means that all the link's
bandwidth can be used by the two devices on that segment and that segment length is
not limited by the need for correct collision detection.
WT
Since packets are typically delivered only to the port they are intended for, traffic on a
switched Ethernet is less public than on shared-medium Ethernet. Despite this,
switched Ethernet should still be regarded as an insecure network technology,
because it is easy to subvert switched Ethernet systems by means such as ARP
spoofing and MAC flooding.
The bandwidth advantages, the slightly better isolation of devices from each other,
the ability to easily mix different speeds of devices and the elimination of the
chaining limits inherent in non-switched Ethernet have made switched Ethernet the
dominant network technology.
Advanced networking
Simple switched Ethernet networks, while a great improvement over repeater-based

Ethernet, suffer from single points of failure, attacks that trick switches or hosts into
sending data to a machine even if it is not intended for it, scalability and security
issues with regard to broadcast radiation and multicast traffic, and bandwidth choke
points where a lot of traffic is forced down a single link.
Advanced networking features in switches and routers combat these issues through a
number of means including spanning-tree protocol to maintain the active links of the
network as a tree while allowing physical loops for redundancy, port security and
protection features such as MAC lock down and broadcast radiation filtering, virtual
LANs to keep different classes of users separate while using the same physical
infrastructure, multilayer switching to route between different classes and link
aggregation to add bandwidth to overloaded links and to provide some measure of
redundancy.
Recent networking advances IEEE 802.1aq (SPB) include the use of the link-state
routing protocol IS-IS to allow larger networks with shortest path routes between
devices.
Varieties of Ethernet
The Ethernet physical layer evolved over a considerable time span and encompasses
quite a few physical media interfaces and several magnitudes of speed. The most
common forms used are 10BASE-T, 100BASE-TX, and 1000BASE-T. All three
utilize twisted pair cables and 8P8C modular connectors. They run at 10 Mbit/s, 100
Mbit/s, and 1 Gbit/s, respectively. Fiber optic variants of Ethernet offer high
performance, electrical isolation and distance (up to tens of kilometers with some
versions). In general, network protocol stack software will work similarly on all
varieties.
WT
Ethernet frames
A data packet on the wire is called a frame. A frame begins with Preamble and Start
Frame Delimiter, following which each Ethernet frame features an Ethernet header
featuring source and destination MAC addresses. The middle section of the frame
consists of payload data including any headers for other protocols (e.g., Internet
Protocol) carried in the frame. The frame ends with a 32-bit cyclic redundancy check,
which is used to detect any corruption of data in transit.
Autonegotiation
Autonegotiation is the procedure by which two connected devices choose common
transmission parameters, such as speed and duplex mode. Autonegotiation was first
introduced as an optional feature for Fast Ethernet, but it is also backward compatible
with 10BASE-T. Autonegotiation is mandatory for Gigabit Ethernet.
Chapter 10
Link Aggregation
Link aggregation or IEEE 802.1AX-2008 is a computer networking term which
WT
describes using multiple network cables/ports in parallel to increase the link speed
beyond the limits of any one single cable or port, and to increase the redundancy for
higher availability.
Most implementations now conform to what used to be clause 43 of IEEE 802.3-2005

Ethernet standard, usually still referred to by its working group name of "IEEE
802.3ad". The definition of link aggregation has since moved to a standalone IEEE
802.1AX standard.
Link aggregation is often abbreviated LAG. Other terms include trunking, link
bundling, Ethernet/network/NIC bonding, NIC teaming, port channel,
EtherChannel, Multi-link trunking (MLT), Network Fault Tolerance (NFT),
Smartgroup (from ZTE), and EtherTrunk (from Huawei).
Link Aggregation between a switch and a server
Description
Link aggregation addresses two problems with Ethernet connections: bandwidth
limitations and lack of resilience.
With regard to the first issue: bandwidth requirements do not scale linearly. Ethernet
bandwidths historically have increased by an order of magnitude each generation: 10
Megabit/s, 100 Mbit/s, 1000 Mbit/s, 10,000 Mbit/s. If one started to bump into
bandwidth ceilings, then the only option was to move to the next generation which
could be cost prohibitive. An alternative solution, introduced by many of the network
manufacturers in the early 1990s, is to combine two physical Ethernet links into one
logical link via channel bonding. Most of these solutions required manual
configuration and identical equipment on both sides of the aggregation.
The second problem involves the three single points of failure in a typical port-cable-
port connection. In either the usual computer-to-switch or in a switch-to-switch
configuration, the cable itself or either of the ports the cable is plugged into can fail.
Multiple physical connections can be made, but many of the higher level protocols
were not designed to failover completely seamlessly.
IEEE Link Aggregation

Standardization process
WT
By the mid 1990s, most network switch manufacturers had included aggregation
capability as a proprietary extension to increase bandwidth between their switches.
But each manufacturer developed its own method, which led to compatibility
problems. The IEEE 802.3 group took up a study group to create an inter-operable
link layer standard in a November 1997 meeting. The group quickly agreed to include
an automatic configuration feature which would add in redundancy as well. This
became known as "Link Aggregation Control Protocol".
Initial release 802.3ad in 2000

As of 2000 most gigabit channel-bonding uses the IEEE standard of Link
Aggregation which was formerly clause 43 of the IEEE 802.3 standard added in
March 2000 by the IEEE 802.3ad task force. Nearly every network equipment
manufacturer quickly adopted this joint standard over their proprietary standards.
Move to 802.1 layer in 2008

David Law noted in 2006 that certain 802.1 layers (such as 802.1X security) were
positioned in the protocol stack above Link Aggregation which was defined as an
802.3 sublayer. This discrepancy was resolved with formal transfer of the protocol to
the 802.1 group with the publication of IEEE 802.1AX-2008 on 3 November 2008.
Link Aggregation Control Protocol
Within the IEEE specification the Link Aggregation Control Protocol (LACP)
provides a method to control the bundling of several physical ports together to form a
single logical channel. LACP allows a network device to negotiate an automatic
bundling of links by sending LACP packets to the peer (directly connected device
that also implements LACP).
Advantages over static configuration
• Failover when a link fails and there is (for example) a Media Converter
between the devices which means that the peer will not see the link down.
With static link aggregation the peer would continue sending traffic down the
link causing it to be lost.
• The device can confirm that the configuration at the other end can handle link
aggregation. With Static link aggregation a cabling or configuration mistake
could go undetected and cause undesirable network behavior.
Practical notes
LACP works by sending frames (LACPDUs) down all links that have the protocol
enabled. If it finds a device on the other end of the link that also has LACP enabled, it
WT
will also independently send frames along the same links enabling the two units to
detect multiple links between themselves and then combine them into a single logical
link. LACP can be configured in one of two modes: active or passive. In active mode
it will always send frames along the configured links. In passive mode however, it
acts as "speak when spoken to", and therefore can be used as a way of controlling
accidental loops (as long as the other device is in active mode).
Aggregation Modes in Linux (Bonding Modes)

Round-robin policy
Transmit packets in sequential order from the first available slave through the
last. This mode provides load balancing and fault tolerance.
Active-backup policy
Only one slave in the bond is active. A different slave becomes active if, and
only if, the active slave fails. The bond's MAC address is externally visible on
only one port (network adapter) to avoid confusing the switch. This mode
provides fault tolerance. The primary option affects the behavior of this mode.
XOR policy
Transmit based on [(source MAC address XOR'd with destination MAC
address) modulo slave count]. This selects the same slave for each destination
MAC address. This mode provides load balancing and fault tolerance.
Broadcast policy
transmits everything on all slave interfaces. This mode provides fault
tolerance.
IEEE 802.3ad Dynamic link aggregation
Creates aggregation groups that share the same speed and duplex settings.
Utilizes all slaves in the active aggregator according to the 802.3ad
specification.
Adaptive transmit load balancing
channel bonding that does not require any special switch support. The
outgoing traffic is distributed according to the current load (computed relative
to the speed) on each slave. Incoming traffic is received by the current slave.
If the receiving slave fails, another slave takes over the MAC address of the
failed receiving slave.
Adaptive load balancing
includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and
does not require any special switch support. The receive load balancing is
achieved by ARP negotiation. The bonding driver intercepts the ARP Replies
sent by the local system on their way out and overwrites the source hardware
address with the unique hardware address of one of the slaves in the bond
such that different peers use different hardware addresses for the server.
Usage
Network backbone
Link aggregation offers an inexpensive way to set up a high-speed backbone network
WT
that transfers much more data than any one single port or device can deliver.
Although, in the past, various vendors used proprietary techniques, the preference
today is to use the IEEE standard, which can either be set up statically or by using the
Link Aggregation Control Protocol (LACP). This allows several devices to
communicate simultaneously at their full single-port speed while not allowing any
one single device to monopolize all available backbone capacity.
The actual benefits vary based on the load-balancing method used on each device
(administrators can configure different balancing algorithms at each end and this is
actually encouraged to avoid path polarization). Link aggregation also allows the
network's backbone speed to grow incrementally as demand on the network increases,
without having to replace everything and buy new hardware.
Most backbone installations install more cabling or fiber optic pairs than is initially
necessary, even if they have no immediate need for the additional cabling. This is
done because labor costs are higher than the cost of the cable, and running extra cable
reduces future labor costs if networking needs change. Link aggregation can allow the
use of these extra cables to increase backbone speeds for little or no extra cost if ports
are available.
Order of frames
When balancing traffic, network administrators often wish to avoid reordering

Ethernet frames. For example, TCP suffers additional overheads when dealing with
out-of-order packets. This goal is approximated by sending all frames associated with
a particular session across the same link. The most common implementations use L3
hashes (i.e. based on the IP address), ensuring that the same flow is always sent via
the same physical link.
However, depending on the traffic, this may not provide even distribution across the
links in the trunk. It effectively limits the client bandwidth in an aggregate to its
single member's maximum bandwidth per session. Principally for this reason 50/50
load balancing is almost never reached in real-life implementations; around 70/30 is
more usual. Advanced switches can employ an L4 hash (i.e. using TCP/UDP port
numbers), which will bring the balance closer to 50/50 as different L4 flows between
two hosts can make use of different physical links.
Efficiency of equipment
Aggregation becomes inefficient beyond a certain bandwidth — depending on the

total number of ports on the switch equipment. A 24-port gigabit switch with two 8-
gigabit trunks is using sixteen of its available ports just for the two interswitch
connections, and leaves only eight of its 1-gigabit ports for other devices. This same
configuration on a 48-port gigabit switch leaves 32 1-gigabit ports available, and so it
is much more efficient (assuming of course that those ports are actually needed at the
WT
switch location).
When a switch utilizes 40-50% of its ports for backbone trunking, upgrading to a
switch with either more ports or a higher base-operating speed may be a better option
than simply adding more switches, especially if the old switch can be re-used
elsewhere on a less performance-critical part of the network.
Use on network interface cards
Network interface cards (NICs) trunked together can also provide network links
beyond the throughput of any one single NIC. For example, this allows a central file
server to establish an aggregate 2-gigabit connection using two 1-gigabit NICs
trunked together. Note the data signaling rate will still be 1Gb/s, which can be
misleading depending on methodologies used to test throughput after link aggregation
is employed.
Note that Microsoft Windows does not natively support link aggregation (at least up
to Windows Server 2008). However, some manufacturers provide software for
aggregation on their multiport NICs at the device-driver layer. Intel, for example, has
released a package for Windows called Advanced Networking Services (ANS) to
bind Intel Fast Ethernet and Gigabit cards. Nvidia also supports "teaming" with their
Nvidia Network Access Manager/Firewall Tool. HP also has a very robust teaming
tool for HP branded NICs which will allow for non-etherchanneled NIC teaming or
which will also support several modes of etherchannel (port aggregation) including
802.3ad with LACP.
Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, OpenSolaris, Citrix XenServer,

VMware ESX, and commercial Unix distributions such as AIX implement Ethernet
bonding (trunking) at a higher level, and can hence deal with NICs from different
manufacturers or drivers, as long as the NIC is supported by the kernel.
Limitations
Single switch
With modes balance-rr, balance-xor, broadcast and 802.3ad all physical ports in the
link aggregation group must reside on the same logical switch, which in most
scenarios will leave a single point of failure when the physical switch to which both
links are connected goes offline. Modes active-backup, balance-tlb, and balance-alb
can also be set up with two or more switches. But after failover (like all other modes),
in some cases, active sessions may fail (due to arp problems) and have to be restarted.
However, almost all vendors have proprietary extensions that resolve some of this
issue: they aggregate multiple physical switches into one logical switch. As of 2009,
the IEEE has not yet committed resources to standardize this feature. The SMLT
WT
protocol allows multiple Ethernet links to be split across two devices, preventing any
single point of failure, and additionally allowing the load to be balanced across the 2
aggregation switches from the single access system. These devices synchronize state
across an Inter-Switch Trunk (IST) such that they appear to the connecting (access)
device to be a single device (switch block) and prevent any packet duplication.
SMLT's provide enhanced resiliency with sub-second failover and sub-second
recovery for all speed trunks (10Mbps, 100Mbps, 1000Mbps, and 10Gbps) while
operating transparently to end-devices.
Same link speed
In most implementations, all the ports used in an aggregation consist of the same
physical type, such as all copper ports (CAT-5E/CAT-6), all multi-mode fiber ports
(SX), or all single-mode fiber ports (LX). However, all the IEEE standard requires is
that each link be full duplex and all of them have an identical speed (10, 100, 1000 or
10000 Mbps).
Many switches are PHY independent, meaning that a switch could have a mixture of
copper, SX, LX, LX10 or other GBICs. While maintaining the same PHY is the usual
approach, it is possible to aggregate a 1000BASE-SX fiber for one link and a
1000BASE-LX (longer, diverse path) for the second link, but the important thing is
that the speed will be 1 Gbit/s full duplex for both links. One path may have a slightly
longer transit time but the standard has been engineered so this will not cause an
issue.
Ethernet aggregation mismatch
Aggregation mismatch refers to not matching the aggregation type on both ends of
the link. Some switches do not implement the 802.1AX standard but support static
configuration of link aggregation. Therefore link aggregation between similarly
statically configured switches will work, but will fail between a statically configured
switch and a device that is configured for LACP.
Chapter 11
IP Address
WT
An Internet Protocol address (IP address) is usually a numerical label assigned to
each device (e.g., computer, printer) participating in a computer network that uses the
Internet Protocol for communication. An IP address serves two principal functions:
host or network interface identification and location addressing. Its role has been
characterized as follows: "A name indicates what we seek. An address indicates
where it is. A route indicates how to get there."
The designers of the Internet Protocol defined an IP address as a 32-bit number and
this system, known as Internet Protocol Version 4 (IPv4), is still in use today.
However, due to the enormous growth of the Internet and the predicted depletion of
available addresses, a new addressing system (IPv6), using 128 bits for the address,
was developed in 1995, standardized as RFC 2460 in 1998, and is being deployed
worldwide since the mid-2000s.
IP addresses are binary numbers, but they are usually stored in text files and
displayed in human-readable notations, such as 172.16.254.1 (for IPv4), and
2001:db8:0:1234:0:567:8:1 (for IPv6).
The Internet Assigned Numbers Authority (IANA) manages the IP address space
allocations globally and delegates five regional Internet registries (RIRs) to allocate
IP address blocks to local Internet registries (Internet service providers) and other
entities.
IP versions
Two versions of the Internet Protocol (IP) are in use: IP Version 4 and IP Version 6.
Each version defines an IP address differently. Because of its prevalence, the generic
term IP address typically still refers to the addresses defined by IPv4.
IP version 4 addresses
WT
Decomposition of an IPv4 address from dot-decimal notation to its binary value.
In IPv4 an address consists of 32 bits which limits the address space to 4294967296
(232) possible unique addresses. IPv4 reserves some addresses for special purposes
such as private networks (~18 million addresses) or multicast addresses (~270 million
addresses).
IPv4 addresses are canonically represented in dot-decimal notation, which consists of

four decimal numbers, each ranging from 0 to 255, separated by dots, e.g.,
172.16.254.1. Each part represents a group of 8 bits (octet) of the address. In some
cases of technical writing, IPv4 addresses may be presented in various hexadecimal,
octal, or binary representations.
IPv4 subnetting
In the early stages of development of the Internet Protocol, network administrators
interpreted an IP address in two parts: network number portion and host number
portion. The highest order octet (most significant eight bits) in an address was
designated as the network number and the remaining bits were called the rest field or
host identifier and were used for host numbering within a network.
This early method soon proved inadequate as additional networks developed that
were independent of the existing networks already designated by a network number.
In 1981, the Internet addressing specification was revised with the introduction of
classful network architecture.
Classful network design allowed for a larger number of individual network
assignments and fine-grained subnetwork design. The first three bits of the most
significant octet of an IP address were defined as the class of the address. Three
classes (A, B, and C) were defined for universal unicast addressing. Depending on the
class derived, the network identification was based on octet boundary segments of the
entire address. Each class used successively additional octets in the network
identifier, thus reducing the possible number of hosts in the higher order classes (B
and C). The following table gives an overview of this now obsolete system.
Historical classful network architecture

Range
Leading Network Host
of Number of Number of
Class address ID ID
first networks addresses
bits format format
octet
WT
A 0 0 - 127 a b.c.d 27 = 128 224 = 16777216
128 -
B 10 a.b c.d 214 = 16384 216 = 65536
191
192 -
C 110 a.b.c d 221 = 2097152 28 = 256
223
Classful network design served its purpose in the startup stage of the Internet, but it
lacked scalability in the face of the rapid expansion of the network in the 1990s. The
class system of the address space was replaced with Classless Inter-Domain Routing
(CIDR) in 1993. CIDR is based on variable-length subnet masking (VLSM) to allow
allocation and routing based on arbitrary-length prefixes.
Today, remnants of classful network concepts function only in a limited scope as the
default configuration parameters of some network software and hardware components
(e.g. netmask), and in the technical jargon used in network administrators'
discussions.
IPv4 private addresses

Early network design, when global end-to-end connectivity was envisioned for
communications with all Internet hosts, intended that IP addresses be uniquely
assigned to a particular computer or device. However, it was found that this was not
always necessary as private networks developed and public address space needed to
be conserved.
Computers not connected to the Internet, such as factory machines that communicate
only with each other via TCP/IP, need not have globally-unique IP addresses. Three
ranges of IPv4 addresses for private networks were reserved in RFC 1918. These
addresses are not routed on the Internet and thus their use need not be coordinated
with an IP address registry.
Today, when needed, such private networks typically connect to the Internet through
network address translation (NAT).
IANA-reserved private IPv4 network ranges

Start End No. of addresses
24-bit Block (/8 prefix, 1 × A) 10.0.0.0 10.255.255.255 16777216
20-bit Block (/12 prefix, 16 × B) 172.16.0.0 172.31.255.255 1048576
16-bit Block (/16 prefix, 256 × C) 192.168.0.0 192.168.255.255 65536
Any user may use any of the reserved blocks. Typically, a network administrator will
divide a block into subnets; for example, many home routers automatically use a
default address range of 192.168.0.0 - 192.168.0.255 (192.168.0.0/24).
WT
IPv4 address exhaustion
IPv4 address exhaustion is the ultimate result of the decreasing supply of

unallocated Internet Protocol Version 4 (IPv4) addresses available at the Internet
Assigned Numbers Authority (IANA) and the regional Internet registries (RIRs) for
assignment to end users and local Internet registries, such as Internet service
providers. IPv4 provides for approximately 4.3 billion (232) addresses, divided into
256 /8 primary allocation blocks. IANA's primary address pool was exhausted on
February 3, 2011 when the last 5 blocks were allocated to the 5 RIRs. The first RIR to
run out, APNIC, is expected to run out in April 2011.
IP version 6 addresses
Decomposition of an IPv6 address from hexadecimal representation to its binary
value.
The rapid exhaustion of IPv4 address space, despite conservation techniques,

prompted the Internet Engineering Task Force (IETF) to explore new technologies to
expand the Internet's addressing capability. The permanent solution was deemed to be
a redesign of the Internet Protocol itself. This next generation of the Internet Protocol,
intended to replace IPv4 on the Internet, was eventually named Internet Protocol
Version 6 (IPv6) in 1995 The address size was increased from 32 to 128 bits or 16
octets. This, even with a generous assignment of network blocks, is deemed sufficient
for the foreseeable future. Mathematically, the new address space provides the
potential for a maximum of 2128, or about 3.403×1038 unique addresses.
The new design is not intended to provide a sufficient quantity of addresses on its
own, but rather to allow efficient aggregation of subnet routing prefixes to occur at
WT
routing nodes. As a result, routing table sizes are smaller, and the smallest possible
individual allocation is a subnet for 264 hosts, which is the square of the size of the
entire IPv4 Internet. At these levels, actual address utilization rates will be small on
any IPv6 network segment. The new design also provides the opportunity to separate
the addressing infrastructure of a network segment — that is the local administration
of the segment's available space — from the addressing prefix used to route external
traffic for a network. IPv6 has facilities that automatically change the routing prefix
of entire networks, should the global connectivity or the routing policy change,
without requiring internal redesign or renumbering.
The large number of IPv6 addresses allows large blocks to be assigned for specific
purposes and, where appropriate, to be aggregated for efficient routing. With a large
address space, there is not the need to have complex address conservation methods as
used in Classless Inter-Domain Routing (CIDR).
Many modern desktop and enterprise server operating systems include native support
for the IPv6 protocol, but it is not yet widely deployed in other devices, such as home
networking routers, voice over IP (VoIP) and multimedia equipment, and network
peripherals.
IPv6 private addresses

Just as IPv4 reserves addresses for private or internal networks, blocks of addresses
are set aside in IPv6 for private addresses. In IPv6, these are referred to as unique
local addresses (ULA). RFC 4193 sets aside the routing prefix fc00::/7 for this block
which is divided into two /8 blocks with different implied policies (cf. IPv6) The
addresses include a 40-bit pseudorandom number that minimizes the risk of address
collisions if sites merge or packets are misrouted.
Early designs (RFC 3513) used a different block for this purpose (fec0::), dubbed
site-local addresses. However, the definition of what constituted sites remained
unclear and the poorly defined addressing policy created ambiguities for routing. The
address range specification was abandoned and must not be used in new systems.
Addresses starting with fe80:, called link-local addresses, are assigned to interfaces
for communication on the link only. The addresses are usually automatically
generated by the operating system for each network interface. This provides instant
automatic network connectivity for any IPv6 host and means that if several hosts
connect to a common hub or switch, they have an instant communication path via
their link-local IPv6 address. This feature is used extensively, and invisibly to most
users, in the lower layers of IPv6 network administration (cf. Neighbor Discovery
Protocol).
None of the private address prefixes may be routed in the public Internet.
IP subnetworks
WT
IP networks may be divided into subnetworks in both IPv4 and IPv6. For this
purpose, an IP address is logically recognized as consisting of two parts: the network
prefix and the host identifier, or interface identifier (IPv6). The subnet mask or the
CIDR prefix determines how the IP address is divided into network and host parts.
The term subnet mask is only used within IPv4. Both IP versions however use the
Classless Inter-Domain Routing (CIDR) concept and notation. In this, the IP address
is followed by a slash and the number (in decimal) of bits used for the network part,
also called the routing prefix. For example, an IPv4 address and its subnet mask may
be 192.0.2.1 and 255.255.255.0, respectively. The CIDR notation for the same IP
address and subnet is 192.0.2.1/24, because the first 24 bits of the IP address indicate
the network and subnet.
IP address assignment
Internet Protocol addresses are assigned to a host either anew at the time of booting,
or permanently by fixed configuration of its hardware or software. Persistent
configuration is also known as using a static IP address. In contrast, in situations
when the computer's IP address is assigned newly each time, this is known as using a
dynamic IP address.
Methods
Static IP addresses are manually assigned to a computer by an administrator. The

exact procedure varies according to platform. This contrasts with dynamic IP
addresses, which are assigned either by the computer interface or host software itself,
as in Zeroconf, or assigned by a server using Dynamic Host Configuration Protocol
(DHCP). Even though IP addresses assigned using DHCP may stay the same for long
periods of time, they can generally change. In some cases, a network administrator
may implement dynamically assigned static IP addresses. In this case, a DHCP server
is used, but it is specifically configured to always assign the same IP address to a
particular computer. This allows static IP addresses to be configured centrally,
without having to specifically configure each computer on the network in a manual
procedure.
In the absence or failure of static or stateful (DHCP) address configurations, an

operating system may assign an IP address to a network interface using state-less
auto-configuration methods, such as Zeroconf.
Uses of dynamic addressing
Dynamic IP addresses are most frequently assigned on LANs and broadband

networks by Dynamic Host Configuration Protocol (DHCP) servers. They are used
because it avoids the administrative burden of assigning specific static addresses to
WT
each device on a network. It also allows many devices to share limited address space
on a network if only some of them will be online at a particular time. In most current
desktop operating systems, dynamic IP configuration is enabled by default so that a
user does not need to manually enter any settings to connect to a network with a
DHCP server. DHCP is not the only technology used to assign dynamic IP addresses.
Dialup and some broadband networks use dynamic address features of the Point-to-
Point Protocol.
Sticky dynamic IP address

A sticky dynamic IP address is an informal term used by cable and DSL Internet
access subscribers to describe a dynamically assigned IP address that seldom changes.
The addresses are usually assigned with the DHCP protocol. Since the modems are
usually powered-on for extended periods of time, the address leases are usually set to
long periods and simply renewed upon expiration. If a modem is turned off and
powered up again before the next expiration of the address lease, it will most likely
receive the same IP address.
Address autoconfiguration
RFC 3330 defines an address block, 169.254.0.0/16, for the special use in link-local
addressing for IPv4 networks. In IPv6, every interface, whether using static or
dynamic address assignments, also receives a local-link address automatically in the
fe80::/10 subnet.
These addresses are only valid on the link, such as a local network segment or point-
to-point connection, that a host is connected to. These addresses are not routable and
like private addresses cannot be the source or destination of packets traversing the
Internet.
When the link-local IPv4 address block was reserved, no standards existed for
mechanisms of address autoconfiguration. Filling the void, Microsoft created an
implementation that is called Automatic Private IP Addressing (APIPA). Due to
Microsoft's market power, APIPA has been deployed on millions of machines and
has, thus, become a de facto standard in the industry. Many years later, the IETF
defined a formal standard for this functionality, RFC 3927, entitled Dynamic
Configuration of IPv4 Link-Local Addresses.
Uses of static addressing
Some infrastructure situations have to use static addressing, such as when finding the
Domain Name System (DNS) host that will translate domain names to IP addresses.
Static addresses are also convenient, but not absolutely necessary, to locate servers
inside an enterprise. An address obtained from a DNS server comes with a time to
live, or caching time, after which it should be looked up to confirm that it has not
changed. Even static IP addresses do change as a result of network administration
WT
(RFC 2072)
Public addresses
A public IP address in common parlance is synonymous with a, globally routable

unicast IP address.
Both IPv4 and IPv6 define address ranges that are reserved for private networks and
link-local addressing. The term public IP address often used exclude these types of
addresses.
Modifications to IP addressing
IP blocking and firewalls
Firewalls perform Internet Protocol blocking to protect networks from unauthorized

access. They are common on today's Internet. They control access to networks based
on the IP address of a client computer. Whether using a blacklist or a whitelist, the IP
address that is blocked is the perceived IP address of the client, meaning that if the
client is using a proxy server or network address translation, blocking one IP address
may block many individual computers.
IP address translation
Multiple client devices can appear to share IP addresses: either because they are part
of a shared hosting web server environment or because an IPv4 network address
translator (NAT) or proxy server acts as an intermediary agent on behalf of its
customers, in which case the real originating IP addresses might be hidden from the
server receiving a request. A common practice is to have a NAT hide a large number
of IP addresses in a private network. Only the "outside" interface(s) of the NAT need
to have Internet-routable addresses.
Most commonly, the NAT device maps TCP or UDP port numbers on the outside to
individual private addresses on the inside. Just as a telephone number may have site-
specific extensions, the port numbers are site-specific extensions to an IP address.
In small home networks, NAT functions usually take place in a residential gateway
device, typically one marketed as a "router". In this scenario, the computers
connected to the router would have 'private' IP addresses and the router would have a
'public' address to communicate with the Internet. This type of router allows several
computers to share one public IP address.
Diagnostic tools
Computer operating systems provide various diagnostic tools to examine their
network interface and address configuration. Windows provides the command-line
WT
interface tools ipconfig and netsh and users of Unix-like systems can use
ifconfig, netstat, route, lanstat, ifstat, or iproute2 utilities to accomplish
the task.
Chapter 12
Simple Network Management Protocol
WT
Simple Network Management Protocol (SNMP) is an "Internet-standard protocol
for managing devices on IP networks. Devices that typically support SNMP include
routers, switches, servers, workstations, printers, modem racks, and more.” It is used
mostly in network management systems to monitor network-attached devices for
conditions that warrant administrative attention. SNMP is a component of the Internet
Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists
of a set of standards for network management, including an application layer
protocol, a database schema, and a set of data objects.
SNMP exposes management data in the form of variables on the managed systems,
which describe the system configuration. These variables can then be queried (and
sometimes set) by managing applications.
Overview and basic concepts

In typical SNMP use, one or more administrative computers called managers have the
task of monitoring or managing a group of hosts or devices on a computer network.
Each managed system executes, at all times, a software component called an agent
which reports information via SNMP to the manager.
Essentially, SNMP agents expose management data on the managed systems as

variables. The protocol also permits active management tasks, such as modifying and
applying a new configuration through remote modification of these variables. The
variables accessible via SNMP are organized in hierarchies. These hierarchies, and
other metadata (such as type and description of the variable), are described by
Management Information Bases (MIBs).
An SNMP-managed network consists of three key components:
• Managed device
• Agent — software which runs on managed devices
• Network management system (NMS) — software which runs on the manager
A managed device is a network node that implements an SNMP interface that allows
unidirectional (read-only) or bidirectional access to node-specific information.
Managed devices exchange node-specific information with the NMSs. Sometimes
called network elements, the managed devices can be any type of device, including,
but not limited to, routers, access servers, switches, bridges, hubs, IP telephones, IP
video cameras, computer hosts, and printers.
An agent is a network-management software module that resides on a managed

device. An agent has local knowledge of management information and translates that
information to or from an SNMP specific form.
A network management system (NMS) executes applications that monitor and control
managed devices. NMSs provide the bulk of the processing and memory resources
required for network management. One or more NMSs may exist on any managed
network.
WT
Management information base (MIB)
SNMP itself does not define which information (which variables) a managed system
should offer. Rather, SNMP uses an extensible design, where the available
information is defined by management information bases (MIBs). MIBs describe the
structure of the management data of a device subsystem; they use a hierarchical
namespace containing object identifiers (OID). Each OID identifies a variable that
can be read or set via SNMP. MIBs use the notation defined by ASN.1.
Protocol details
SNMP operates in the Application Layer of the Internet Protocol Suite (Layer 7 of the
OSI model). The SNMP agent receives requests on UDP port 161. The manager may
send requests from any available source port to port 161 in the agent. The agent
response will be sent back to the source port on the manager. The manager receives
notifications (Traps and InformRequests) on port 162. The agent may generate
notifications from any available port.
SNMPv1 specifies five core protocol data units (PDUs). Two other PDUs,
GetBulkRequest and InformRequest were added in SNMPv2 and carried over to
SNMPv3.
All SNMP PDUs are constructed as follows:
IP UDP PDU- request- error- error- variable

version community
header header type id status index bindings
The seven SNMP protocol data units (PDUs) are as follows:
GetRequest
A manager-to-agent request to retrieve the value of a variable or list of variables.

Desired variables are specified in variable bindings (values are not used). Retrieval of
the specified variable values is to be done as an atomic operation by the agent. A
Response with current values is returned.
SetRequest
A manager-to-agent request to change the value of a variable or list of variables.

Variable bindings are specified in the body of the request. Changes to all specified
variables are to be made as an atomic operation by the agent. A Response with
(current) new values for the variables is returned.
WT
GetNextRequest
A manager-to-agent request to discover available variables and their values. Returns a

Response with variable binding for the lexicographically next variable in the MIB.
The entire MIB of an agent can be walked by iterative application of GetNextRequest
starting at OID 0. Rows of a table can be read by specifying column OIDs in the
variable bindings of the request.
GetBulkRequest
Optimized version of GetNextRequest. A manager-to-agent request for multiple

iterations of GetNextRequest. Returns a Response with multiple variable bindings
walked from the variable binding or bindings in the request. PDU specific non-
repeaters and max-repetitions fields are used to control response behavior.
GetBulkRequest was introduced in SNMPv2.
Response
Returns variable bindings and acknowledgement from agent to manager for

GetRequest, SetRequest, GetNextRequest, GetBulkRequest and InformRequest. Error
reporting is provided by error-status and error-index fields. Although it was used as a
response to both gets and sets, this PDU was called GetResponse in SNMPv1.
Trap
Asynchronous notification from agent to manager. Includes current sysUpTime value,

an OID identifying the type of trap and optional variable bindings. Destination
addressing for traps is determined in an application specific manner typically through
trap configuration variables in the MIB. The format of the trap message was changed
in SNMPv2 and the PDU was renamed SNMPv2-Trap.
InformRequest
Acknowledged asynchronous notification from manager to manager. This PDU uses

the same format as the SNMPv2 version of Trap. Manager-to-manager notifications
were already possible in SNMPv1 (using a Trap), but as SNMP commonly runs over
UDP where delivery is not assured and dropped packets are not reported, delivery of
a Trap was not guaranteed. InformRequest fixes this by sending back an
acknowledgement on receipt. Receiver replies with Response parroting all
information in the InformRequest. This PDU was introduced in SNMPv2.
Development and usage

Version 1
WT
SNMP version 1 (SNMPv1) is the initial implementation of the SNMP protocol.
SNMPv1 operates over protocols such as User Datagram Protocol (UDP), Internet
Protocol (IP), OSI Connectionless Network Service (CLNS), AppleTalk Datagram-
Delivery Protocol (DDP), and Novell Internet Packet Exchange (IPX). SNMPv1 is
widely used and is the de facto network-management protocol in the Internet
community.
The first RFCs for SNMP, now known as SNMPv1, appeared in 1988:
• RFC 1065 — Structure and identification of management information for

TCP/IP-based internets
• RFC 1066 — Management information base for network management of
• RFC 1067 — A simple network management protocol
These protocols were obsoleted by:
• RFC 1155 — Structure and identification of management information for

• RFC 1156 — Management information base for network management of
• RFC 1157 — A simple network management protocol
After a short time, RFC 1156 (MIB-1) was replaced by more often used:
• RFC 1213 — Version 2 of management information base (MIB-2) for

network management of TCP/IP-based internets
Version 1 has been criticized for its poor security. Authentication of clients is
performed only by a "community string", in effect a type of password, which is
transmitted in cleartext. The '80s design of SNMP V1 was done by a group of
collaborators who viewed the officially sponsored OSI/IETF/NSF (National Science
Foundation) effort (HEMS/CMIS/CMIP) as both unimplementable in the computing
platforms of the time as well as potentially unworkable. SNMP was approved based
on a belief that it was an interim protocol needed for taking steps towards large scale
deployment of the Internet and its commercialization. In that time period Internet-
standard authentication/security was both a dream and discouraged by focused
protocol design groups.
Version 2
SNMPv2 (RFC 1441–RFC 1452), revises version 1 and includes improvements

in the areas of performance, security, confidentiality, and manager-to-manager
communications. It introduced GetBulkRequest, an alternative to iterative Get-
NextRequests for retrieving large amounts of management data in a single request.
However, the new party-based security system in SNMPv2, viewed by many as
WT
overly complex, was not widely accepted.
Community-Based Simple Network Management Protocol version 2, or SNMPv2c, is

defined in RFC 1901–RFC 1908. In its initial stages, this was also informally known
as SNMPv1.5. SNMPv2c comprises SNMPv2 without the controversial new SNMP
v2 security model, using instead the simple community-based security scheme of
SNMPv1. While officially only a "Draft Standard", this is widely considered the de
facto SNMPv2 standard.
User-Based Simple Network Management Protocol version 2, or SNMPv2u, is

defined in RFC 1909–RFC 1910. This is a compromise that attempts to offer greater
security than SNMPv1, but without incurring the high complexity of SNMPv2. A
variant of this was commercialized as SNMP v2*, and the mechanism was eventually
adopted as one of two security frameworks in SNMP v3.
SNMPv1 & SNMPv2c interoperability
As presently specified, SNMPv2 is incompatible with SNMPv1 in two key areas:

message formats and protocol operations. SNMPv2c messages use different header
and protocol data unit (PDU) formats from SNMPv1 messages. SNMPv2c also uses
two protocol operations that are not specified in SNMPv1. Furthermore, RFC 2576
defines two possible SNMPv1/v2c coexistence strategies: proxy agents and bilingual
network-management systems.
Proxy agents
A SNMPv2 agent can act as a proxy agent on behalf of SNMPv1 managed devices, as
follows:
• A SNMPv2 NMS issues a command intended for a SNMPv1 agent.

• The NMS sends the SNMP message to the SNMPv2 proxy agent.
• The proxy agent forwards Get, GetNext, and Set messages to the SNMPv1
agent unchanged.
• GetBulk messages are converted by the proxy agent to GetNext messages and
then are forwarded to the SNMPv1 agent.
The proxy agent maps SNMPv1 trap messages to SNMPv2 trap messages and then
forwards them to the NMS.
Bilingual network-management system

Bilingual SNMPv2 network-management systems support both SNMPv1 and
SNMPv2. To support this dual-management environment, a management application
in the bilingual NMS must contact an agent. The NMS then examines information
stored in a local database to determine whether the agent supports SNMPv1 or
WT
SNMPv2. Based on the information in the database, the NMS communicates with the
agent using the appropriate version of SNMP.
Version 3
Although SNMPv3 makes no changes to the protocol aside from the addition of
cryptographic security, its developers have managed to make things look much
different by introducing new textual conventions, concepts, and terminology.
SNMPv3 primarily added security and remote configuration enhancements to SNMP.
Security has been the biggest weakness of SNMP since the beginning. Authentication
in SNMP Versions 1 and 2 amounts to nothing more than a password (community
string) sent in clear text between a manager and agent. Each SNMPv3 message
contains security parameters which are encoded as an octet string. The meaning of
these security parameters depends on the security model being used.
SNMPv3 provides important security features:
• Confidentiality - Encryption of packets to prevent snooping by an

unauthorized source.
• Integrity - Message integrity to ensure that a packet has not been tampered
with in transit including an optional packet replay protection mechanism.
• Authentication - to verify that the message is from a valid source.
As of 2004 the IETF recognizes Simple Network Management Protocol version 3 as

defined by RFC 3411–RFC 3418 (also known as STD0062) as the current standard
version of SNMP. The IETF has designated SNMPv3 a full Internet standard, the
highest maturity level for an RFC. It considers earlier versions to be obsolete
(designating them "Historic").
In practice, SNMP implementations often support multiple versions: typically
SNMPv1, SNMPv2c, and SNMPv3.
Implementation issues
SNMP implementations vary across platform vendors. In some cases, SNMP is an
added feature, and is not taken seriously enough to be an element of the core design.
Some major equipment vendors tend to over-extend their proprietary command line
interface (CLI) centric configuration and control systems.
SNMP's seemingly simple tree structure and linear indexing may not always be
understood well enough within the internal data structures that are elements of a
platform's basic design. As a result, processing SNMP queries on certain data sets
may result in higher CPU utilization than necessary. One example of this would be
WT
large routing tables, such as BGP or IGP.
Resource indexing
Modular devices may dynamically increase or decrease their SNMP indices (aka
instances) whenever slotted hardware is added or removed. Although this is most
common with hardware, virtual interfaces have the same effect. Index values are
typically assigned at boot time and remain fixed until the next reboot. Hardware or
virtual entities added while the device is 'live' may have their indices assigned at the
end of the existing range and possibly reassigned at the next reboot. Network
inventory and monitoring tools need to have the device update capability by properly
reacting to the cold start trap from the device reboot in order to avoid corruption and
mismatch of polled data.
Index assignments for an SNMP device instance may change from poll to poll mostly
as a result of changes initiated by the system admin. If information is needed for a
particular interface, it is imperative to determine the SNMP index before retrieving
the data needed. Generally, a description table like ifDescr will map a user friendly
name like Serial 0/1 (Blade 0, port 1) to a SNMP index.
Security implications
• SNMP versions 1 and 2c are subject to packet sniffing of the clear text
community string from the network traffic, because they do not implement
encryption.
• All versions of SNMP are subject to brute force and dictionary attacks for
guessing the community strings, authentication strings, authentication keys,
encryption strings, or encryption keys, because they do not implement a
challenge-response handshake. Entropy is an important consideration when
selecting keys, passwords and/or algorithms.
• Although SNMP works over TCP and other protocols, it is most commonly
used over UDP that is connectionless and vulnerable to IP spoofing attacks.
Thus, all versions are subject to bypassing device access lists that might have
been implemented to restrict SNMP access, though SNMPv3's other security
mechanisms should prevent a successful attack.
• SNMP's powerful configuration (write) capabilities are not being fully utilized
by many vendors, partly due to lack of security in SNMP versions before
SNMPv3 and partly due to the fact that many devices simply are not capable
of being configured via individual MIB object changes.
• SNMP tops the list of the SANS Institute's Common Default Configuration
Issues with the issue of default SNMP community strings set to ‘public’ and
‘private’ and was number ten on the SANS Top 10 Most Critical Internet
Security Threats for the year 2000.
Autodiscovery
WT
SNMP by itself is simply a protocol for collecting and organizing information. Most
toolsets implementing SNMP offer some form of discovery mechanism, a
standardized collection of data common to most platforms and devices, to get a new
user or implementor started. One of these features is often a form of automatic
discovery, where new devices discovered in the network are polled automatically. For
SNMPv1 and SNMPv2c, this presents a security risk, in that your SNMP read
communities will be broadcast in cleartext to the target device. While security
requirements and risk profiles vary from organization to organization, care should be
taken when using a feature like this, with special regard to common environments
such as mixed-tenant datacenters, server hosting and colocation facilities, and similar
environments.
Chapter 13
Network Address Translation
WT
In computer networking, network address translation (NAT) is the process of
modifying IP address information in IP packet headers while in transit across a traffic
routing device.
The simplest type of NAT provides a one to one translation of IP addresses. RFC
2663 refers to this type of NAT as basic NAT. In this type of NAT only the IP
addresses and checksums need to be changed. The rest of the packet can be left
untouched (at least for basic TCP/UDP functionality, some higher level protocols
may need further translation). Basic NATs can be used when there is a requirement to
interconnect two IP networks with incompatible addressing.
However it is common to hide an entire IP address space, usually consisting of

private IP addresses, behind a single IP address (or in some cases a small group of IP
addresses) in another (usually public) address space. To avoid ambiguity in the
handling of returned packets a one to many NAT must alter higher level information
such as TCP/UDP ports in outgoing communications and must maintain a translation
table so that return packets can be correctly translated back. RFC 2663 uses the term
NAPT (network address and port translation). Other names for this type of NAT
include PAT (port address translation), IP masquerading and NAT Overload.
Since this is the most common type of NAT it is often referred to simply as NAT.
As described, the method enables communication through the router only when the
conversation originates in the masqueraded network, since this establishes the
translation tables. For example, a web browser in the masqueraded network can
browse a website outside, but a web browser outside could not browse a web site in
the masqueraded network. However, most NAT devices today allow the network
administrator to configure translation table entries for permanent use. This feature is
often referred to as "static NAT" or port forwarding and allows traffic originating in
the "outside" network to reach designated hosts in the masqueraded network.
In the mid-1990s NAT became a popular tool for alleviating the consequences of
IPv4 address exhaustion. It has become a standard, indispensable feature in routers
for home and small-office Internet connections. Most systems using NAT do so in
order to enable multiple hosts on a private network to access the Internet using a
single public IP address
Network address translation has serious drawbacks on the quality of Internet

connectivity and requires careful attention to the details of its implementation. In
particular all types of NAT break the originally envisioned model of IP end-to-end
connectivity across the Internet and NAPT makes it difficult for systems behind a
NAT to accept incoming communications. As a result, NAT traversal methods have
been devised to alleviate the issues encountered.
One too many NATs

The majority of NATs map multiple private hosts to one publicly exposed IP address.
WT
In a typical configuration, a local network uses one of the designated "private" IP
address subnets (RFC 1918). A router on that network has a private address in that
address space. The router is also connected to the Internet with a single "public"
address(es) assigned by an Internet service provider. As traffic passes from the local
network to the Internet, the source address in each packet is translated on the fly from
the private address to a public address. The router tracks basic data about each active
connection (particularly the destination address and port). When a reply returns to the
router, it uses the connection tracking data it stored during the outbound phase to
determine where on the internal network to forward the reply on packet return.
All Internet packets have a source IP address and a destination IP address. Typically
packets passing from the private network to the public network will have their source
address modified while packets passing from the public network back to the private
network will have their destination address modified. More complex configurations
are also possible.
To avoid ambiguity in how to translate returned packets further modifications to the

packets are required. The vast bulk of Internet traffic is TCP and UDP packets and for
these protocols the port numbers are changed so that the combination of IP and port
information on the returned packet can be unambiguously mapped to the
corresponding private address and port information. Protocols not based on TCP or
UDP require other translation techniques. ICMP packets typically relate to an existing
connection and need to be mapped using the same IP and port mappings as that
connection.
Methods of Port translation
There are several ways of implementing network address and port translation. In
some application protocols that use IP address information, the application running on
a node in the masqueraded network needs to determine the external address of the
NAT, i.e., the address that its communication peers detect, and, furthermore, often
needs to examine and categorize the type of mapping in use. Usually this is done
because it is desired to set up a direct communications path (either to save the cost of
taking the data via a server or to improve performance) between two clients both of
which are behind separate NATs. For this purpose, the Simple traversal of UDP over
NATs (STUN) protocol was developed (RFC 3489, March 2003). It classified NAT
implementation as full cone NAT, (address) restricted cone NAT, port restricted cone
NAT or symmetric NAT and proposed a methodology for testing a device accordingly.
However, these procedures have since been deprecated from standards status, as the
methods have proven faulty and inadequate to correctly assess many devices. New
methods have been standardized in RFC 5389 (October 2008) and the STUN
acronym now represents the new title of the specification: Session Traversal Utilities
for NAT.
Full-cone NAT, also

known as one-to-one
WT
NAT
• Once an
internal
address
(iAddr:iPort) is
mapped to an
external
address
(eAddr:ePort),
any packets
from
iAddr:iPort
will be sent
through
eAddr:ePort.
• Any external
host can send
packets to
iAddr:iPort by
sending
packets to
eAddr:ePort.
(Address) restricted
cone NAT
• Once an
internal
address
(iAddr:iPort) is
mapped to an
external
address
(eAddr:ePort),
any packets
from
iAddr:iPort
WT
will be sent
through
eAddr:ePort.
• An external
host
(hAddr:any)
can send
packets to
iAddr:iPort by
sending
packets to
eAddr:ePort
only if
iAddr:iPort has
previously sent
a packet to
hAddr:any.
"Any" means
the port
number doesn't
matter.
Port-restricted cone
NAT
Like an address
restricted cone NAT,
but the restriction
includes port numbers.
• Once an
internal
address
(iAddr:iPort) is
mapped to an
external
address
(eAddr:ePort),
any packets
from
iAddr:iPort
will be sent
through
eAddr:ePort.
• An external
host
WT
(hAddr:hPort)
can send
packets to
iAddr:iPort by
sending
packets to
eAddr:ePort
only if
iAddr:iPort has
previously sent
a packet to
hAddr:hPort.
Symmetric NAT
• Requests from
internal IP
address and
port pairs to
different
external IP
address and
port pairs are
mapped to the
external NAT
address on a
unique port.
This also
applies to all
requests from
the same host
to different
destinations.
• Only an
external host
that receives a
packet from an
internal host
can send a
packet back.
This terminology has been the source of much confusion, as it has proven inadequate
at describing real-life NAT behavior. Many NAT implementations combine these
types, and it is therefore better to refer to specific individual NAT behaviors instead
of using the Cone/Symmetric terminology. Especially, most NAT translators combine
WT
symmetric NAT for outgoing connections with static port mapping, where incoming
packets to the external address and port are redirected to a specific internal address
and port. Some products can redirect packets to several internal hosts, e.g. to divide
the load between a few servers. However, this introduces problems with more
sophisticated communications that have many interconnected packets, and thus is
rarely used.
Many NAT implementations follow the port preservation design especially for TCP,
which is to say that they use the same values as internal and external port numbers.
NAT port preservation for outgoing TCP connections is especially important for TCP
NAT traversal, because programs usually bind distinct TCP sockets to ephemeral
ports for distinct TCP connections, rendering NAT port prediction impossible for
TCP. On the other hand, for UDP, NATs do not need to have port preservation
because applications usually reuse the same UDP socket to send packets to distinct
hosts, making port prediction straightforward, as it is the same source port for each
packet. Furthermore, port preservation in NAT for TCP allows P2P protocols to offer
less complexity and less latency because there is no need to use a third party to
discover the NAT port since the application already knows the NAT port. However, if
two internal hosts attempt to communicate with the same external host using the same
port number, the external port number used by the second host will be chosen at
random. Such NAT will be sometimes perceived as (address) restricted cone NAT
and other times as symmetric NAT.
Recent studies have shown that roughly 70% of clients in P2P networks employ some
form of NAT.
Implementation
Establishing Two-Way Communication
Every TCP and UDP packet contains both a source IP address and source port
number as well as a destination IP address and destination port number. The port
address/IP address pair forms a socket, i.e., source port address and source IP address
form the source socket.
For publicly accessible services such as web servers and mail servers the port number
is important. For example, port 80 connects to the web server software and port 25 to
a mail server's SMTP daemon. The IP address of a public server is also important,
similar in global uniqueness to a postal address or telephone number. Both IP address
and port must be correctly known by all hosts wishing to successfully communicate.
Private IP addresses as described in RFC 1918 are significant only on private

networks where they are used, which is also true for host ports. Ports are unique
endpoints of communication on a host, so a connection through the NAT device is
maintained by the combined mapping of port and IP address.
PAT resolves conflicts that would arise through two different hosts using the same
WT
source port number to establish unique connections at the same time.
An Analogy
A NAT device is similar to the receptionist at an office that has one public telephone
number. Outbound phone calls made from the office all appear to come from the
same telephone number. However, incoming calls have to be transferred to the correct
private extension by an operator asking the caller who they'd like to speak with;
private extensions cannot be dialed directly from outside.
Translation of the Endpoint
With NAT, all communication sent to external hosts actually contain the external IP
address and port information of the NAT device instead of internal host IPs or port
numbers.
• When a computer on the private (internal) network sends a packet to the

external network, the NAT device replaces the internal IP address in the
source field of the packet header (sender's address) with the external IP
address of the NAT device. PAT may then assign the connection a port
number from a pool of available ports, inserting this port number in the source
port field (much like the post office box number), and forwards the packet to
the external network. The NAT device then makes an entry in a translation
table containing the internal IP address, original source port, and the translated
source port. Subsequent packets from the same connection are translated to
the same port number.
• The computer receiving a packet that has undergone NAT establishes a

connection to the port and IP address specified in the altered packet, oblivious
to the fact that the supplied address is being translated (analogous to using a
post office box number).
• A packet coming from the external network is mapped to a corresponding
internal IP address and port number from the translation table, replacing the
external IP address and port number in the incoming packet header (similar to
the translation from post office box number to street address). The packet is
then forwarded over the inside network. Otherwise, if the destination port
number of the incoming packet is not found in the translation table, the packet
is dropped or rejected because the PAT device doesn't know where to send it.
NAT will only translate IP addresses and ports of its internal hosts, hiding the true
endpoint of an internal host on a private network.
Visibility of Operation
NAT operation is typically transparent to both the internal and external hosts.
WT
Typically the internal host is aware of the true IP address and TCP or UDP port of the
external host. Typically the NAT device may function as the default gateway for the
internal host. However the external host is only aware of the public IP address for the
NAT device and the particular port being used to communicate on behalf of a specific
internal host.
NAT and TCP/UDP

"Pure NAT", operating on IP alone, may or may not correctly parse protocols that are
totally concerned with IP information, such as ICMP, depending on whether the
payload is interpreted by a host on the "inside" or "outside" of translation. As soon as
the protocol stack is traversed, even with such basic protocols as TCP and UDP, the
protocols will break unless NAT takes action beyond the network layer.
IP packets have a checksum in each packet header, which provides error detection
only for the header. IP datagrams may become fragmented and it is necessary for a
NAT to reassemble these fragments to allow correct recalculation of higher-level
checksums and correct tracking of which packets belong to which connection.
The major transport layer protocols, TCP and UDP, have a checksum that covers all
the data they carry, as well as the TCP/UDP header, plus a "pseudo-header" that
contains the source and destination IP addresses of the packet carrying the TCP/UDP
header. For an originating NAT to pass TCP or UDP successfully, it must recompute
the TCP/UDP header checksum based on the translated IP addresses, not the original
ones, and put that checksum into the TCP/UDP header of the first packet of the
fragmented set of packets. The receiving NAT must recompute the IP checksum on
every packet it passes to the destination host, and also recognize and recompute the
TCP/UDP header using the retranslated addresses and pseudo-header. This is not a
completely solved problem. One solution is for the receiving NAT to reassemble the
entire segment and then recompute a checksum calculated across all packets.
The originating host may perform Maximum transmission unit (MTU) path discovery
to determine the packet size that can be transmitted without fragmentation, and then
set the don't fragment (DF) bit in the appropriate packet header field.
Destination network address translation (DNAT)

DNAT is a technique for transparently changing the destination IP address of an en-
route packet and performing the inverse function for any replies. Any router situated
between two endpoints can perform this transformation of the packet.
DNAT is commonly used to publish a service located in a private network on a

publicly accessible IP address. This use of DNAT is also called port forwarding, or
DMZ when used on an entire server.
WT
SNAT
The meaning of the term SNAT varies by vendor. Many vendors have proprietary
definitions for SNAT. A common expansion is source NAT, the counterpart of
destination NAT (DNAT). Microsoft uses the acronym for Secure NAT, in regard to
the ISA Server. For Cisco Systems, SNAT means stateful NAT.
Secure network address translation
In computer networking, the process of network address translation done in a secure

way involves rewriting the source and/or destination addresses of IP packets as they
pass through a router or firewall.
Dynamic network address translation

Dynamic NAT, just like static NAT, is not common in smaller networks but is found
within larger corporations with complex networks. The way dynamic NAT differs
from static NAT is that where static NAT provides a one-to-one internal to public
static IP address mapping, dynamic NAT doesn't make the mapping to the public IP
address static and usually uses a group of available public IP addresses.
Applications affected by NAT

Some Application Layer protocols (such as FTP and SIP) send explicit network
addresses within their application data. FTP in active mode, for example, uses
separate connections for control traffic (commands) and for data traffic (file
contents). When requesting a file transfer, the host making the request identifies the
corresponding data connection by its network layer and transport layer addresses. If
the host making the request lies behind a simple NAT firewall, the translation of the
IP address and/or TCP port number makes the information received by the server
invalid. The Session Initiation Protocol (SIP) controls many Voice over IP (VoIP)
calls, and suffers the same problem. SIP and SDP may use multiple ports to set up a
connection and transmit voice stream via RTP. IP addresses and port numbers are
encoded in the payload data and must be known prior to the traversal of NATs.
Without special techniques, such as STUN, NAT behavior is unpredictable and
communications may fail.
Application layer gateway (ALG) software or hardware may correct these problems.
An ALG software module running on a NAT firewall device updates any payload
data made invalid by address translation. ALGs obviously need to understand the
higher-layer protocol that they need to fix, and so each protocol with this problem
requires a separate ALG. For example, on many Linux systems, there are kernel
modules called connection trackers which serve to implement ALGs.
Another possible solution to this problem is to use NAT traversal techniques using
protocols such as STUN or ICE, or proprietary approaches in a session border
controller. NAT traversal is possible in both TCP- and UDP-based applications, but
WT
the UDP-based technique is simpler, more widely understood, and more compatible
with legacy NATs. In either case, the high level protocol must be designed with NAT
traversal in mind, and it does not work reliably across symmetric NATs or other
poorly-behaved legacy NATs.
Other possibilities are UPnP (Universal Plug and Play) or NAT-PMP (NAT Port
Mapping Protocol), but these require the cooperation of the NAT device.
Most traditional client-server protocols (FTP being the main exception), however, do
not send layer 3 contact information and therefore do not require any special
treatment by NATs. In fact, avoiding NAT complications is practically a requirement
when designing new higher-layer protocols today.
NATs can also cause problems where IPsec encryption is applied and in cases where
multiple devices such as SIP phones are located behind a NAT. Phones which encrypt
their signaling with IPsec encapsulate the port information within an encrypted
packet, meaning that NA(P)T devices cannot access and translate the port. In these
cases the NA(P)T devices revert to simple NAT operation. This means that all traffic
returning to the NAT will be mapped onto one client causing service to more than one
client "behind" the NAT to fail. There are a couple of solutions to this problem: one is
to use TLS, which operates at level 4 in the OSI Reference Model and therefore does
not mask the port number; another is to encapsulate the IPsec within UDP - the latter
being the solution chosen by TISPAN to achieve secure NAT traversal.
The DNS protocol vulnerability announced by Dan Kaminsky on July 8, 2008 is

indirectly affected by NAT port mapping. To avoid DNS server cache poisoning, it is
highly desirable to not translate UDP source port numbers of outgoing DNS requests
from a DNS server which is behind a firewall which implements NAT. The
recommended work-around for the DNS vulnerability is to make all caching DNS
servers use randomized UDP source ports. If the NAT function de-randomizes the
UDP source ports, the DNS server will be made vulnerable.
Advantages of PAT
In addition to the advantages provided by NAT:
• PAT allows many internal hosts to share a single external IP address.

• Users who do not require support for inbound connections do not consume
public IP addresses.
Drawbacks
The primary purpose of IP-masquerading NAT is that it has been a practical solution
to the impending exhaustion of IPv4 address space. Even large networks can be
connected to the Internet with as little as a single IP address. The more common
arrangement is having machines that require end-to-end connectivity supplied with a
WT
routable IP address, while having machines that do not provide services to outside
users behind NAT with only a few IP addresses used to enable Internet access,
however, this brings some problems, outlined below.
Some have also called this exact feature a major drawback, since it delays the need
for the implementation of IPv6:
"[...] it is possible that its [NAT's] widespread use will significantly delay the need to
deploy IPv6. [...] It is probably safe to say that networks would be better off without
NAT [...]"
Hosts behind NAT-enabled routers do not have end-to-end connectivity and cannot
participate in some Internet protocols. Services that require the initiation of TCP
connections from the outside network, or stateless protocols such as those using UDP,
can be disrupted. Unless the NAT router makes a specific effort to support such
protocols, incoming packets cannot reach their destination. Some protocols can
accommodate one instance of NAT between participating hosts ("passive mode" FTP,
for example), sometimes with the assistance of an application-level gateway, but fail
when both systems are separated from the Internet by NAT. Use of NAT also
complicates tunneling protocols such as IPsec because NAT modifies values in the
headers which interfere with the integrity checks done by IPsec and other tunneling
protocols.
End-to-end connectivity has been a core principle of the Internet, supported for
example by the Internet Architecture Board. Current Internet architectural documents
observe that NAT is a violation of the End-to-End Principle, but that NAT does have
a valid role in careful design. There is considerably more concern with the use of
IPv6 NAT, and many IPv6 architects believe IPv6 was intended to remove the need
for NAT.
Because of the short-lived nature of the stateful translation tables in NAT routers,
devices on the internal network lose IP connectivity typically within a very short
period of time unless they implement NAT keep-alive mechanisms by frequently
accessing outside hosts. This dramatically shortens the power reserves on battery-
operated hand-held devices and has thwarted more widespread deployment of such
IP-native Internet-enabled devices.
Some Internet service providers (ISPs), especially in Russia, Asia and other
"developing" regions provide their customers only with "local" IP addresses, due to a
limited number of external IP addresses allocated to those entities. Thus, these
customers must access services external to the ISP's network through NAT. As a
result, the customers cannot achieve true end-to-end connectivity, in violation of the
core principles of the Internet as laid out by the Internet Architecture Board.
• Scalability - An implementation that only tracks ports can be quickly depleted

by internal applications that use multiple simultaneous connections (such as
an HTTP request for a web page with many embedded objects). This problem
WT
can be mitigated by tracking the destination IP address in addition to the port
(thus sharing a single local port with many remote hosts), at the expense of
implementation complexity and CPU/memory resources of the translation
device.
• Firewall complexity - Because the internal addresses are all disguised behind
one publicly-accessible address, it is impossible for external hosts to initiate a
connection to a particular internal host without special configuration on the
firewall to forward connections to a particular port. Applications such as
VOIP, videoconferencing, and other peer-to-peer applications must use NAT
traversal techniques to function.
Specifications
IEEE Reverse Address and Port Translation (RAPT, or RAT) allows a host whose
real IP address is changing from time to time to remain reachable as a server via a
fixed home IP address. In principle, this should allow setting up servers on DHCP-run
networks. While not a perfect mobility solution, RAPT together with upcoming
protocols like DHCP-DDNS, it may end up becoming another useful tool in the
network admin's arsenal.
IETF RAPT (IP Reachability Using Twice Network Address and Port Translation)
The RAT device maps an IP datagram to its associated CN and 0MN by using three
additional fields: the IP protocol type number and the transport layer source and
destination connection identifiers (e.g. TCP port number or ICMP echo request/reply
ID field).
Cisco RAPT implementation is PAT (Port Address Translation) or overloading , and

maps multiple private IP addresses to a single public IP address. Multiple addresses
can be mapped to a single address because each private address is tracked by a port
number. PAT uses unique source port numbers on the inside global IP address to
distinguish between translations. The port number is encoded in 16 bits. The total
number of internal addresses that can be translated to one external address could
theoretically be as high as 65,536 per IP address. Realistically, the number of ports
that can be assigned a single IP address is around 4000. PAT will attempt to preserve
the original source port. If this source port is already used, PAT will assign the first
available port number starting from the beginning of the appropriate port group 0-
511, 512-1023, or 1024-65535. When there are no more ports available and there is
more than one external IP address configured, PAT moves to the next IP address to
try to allocate the original source port again. This process continues until it runs out
of available ports and external IP addresses.
3COM U.S. Patent 6,055,236 (Method and system for locating network services with
distributed network address translation) Methods and system for locating network
services with distributed network address translation. Digital certificates are created
that allow an external network device on an external network, such as the Internet, to
request a service from an internal network device on an internal distributed network
WT
address translation network, such as a stub local area network. The digital certificates
include information obtained with a Port Allocation Protocol used for distributed
network address translation. The digital certificates are published on the internal
network so they are accessible to external network devices. An external network
device retrieves a digital certificate, extracts appropriate information, and sends a
service request packet to an internal network device on an internal distributed
network address translation network. The external network device is able to locate
and request a service from an internal network device. An external network device
can also request a security service, such as an Internet Protocol security ("IPsec")
service from an internal network device. The external network device and the internal
network device can establish a security service (e.g., Internet Key Exchange protocol
service). The internal network device and external network device can then establish
a Security Association using Security Parameter Indexes ("SPI") obtained using a
distributed network address translation protocol. External network devices can
request services, and security services on internal network devices on an internal
distribute network address translation network that were previously unknown and
unavailable to the external network devices.
Examples of NAT software

• Internet Connection Sharing (ICS): Windows NAT+DHCP since W98SE
• WinGate: like ICS plus lots of control
• iptables: the Linux packet filter and NAT (interface for NetFilter)
• IPFilter: Solaris, NetBSD, FreeBSD, xMach.
• PF (firewall): The OpenBSD Packet Filter.
• Netfilter Linux packet filter framework

OSI Model (PDFDrive)

Uploaded by

Document Informationclick to expand document informationThe document discusses different types of computer networks including local area networks, wide area networks, and wireless networks. It covers topics such as network topologies, scales, connection methods, and purposes of computer networks.

Document Informationclick to expand document information

Copyright:

Available Formats

OSI Model (PDFDrive)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

OSI Model (PDFDrive)

Uploaded by

Copyright:

Available Formats

Revised Edition: 2016

© All rights reserved.

Chapter 2 - Computer Networking

Chapter 3 - OSI Model

Chapter 4 - Physical Layer

Chapter 5 - Data Link Layer

Chapter 7 - Session Layer, Application Layer & Presentation Layer

Chapter 8 - Spanning Tree Protocol

Chapter 10 - Link Aggregation

Chapter 12 - Simple Network Management Protocol

Chapter 13 - Network Address Translation

A computer network, often simply referred to as a network, is a collection of

• Facilitating communications. Using a network, people can communicate

Computer networks can be classified according to the hardware and software

• Terrestrial microwave – Terrestrial microwaves use Earth-based transmitter

• Communications satellites – The satellites use microwave radio as their

• Cellular and PCS systems – Use several radio communications technologies.

• Wireless LANs – Wireless local area network use a high-frequency radio

• Infrared communication , which can transmit signals between devices within

Functional relationship (network architecture)

Computer networks may be classified according to the functional relationships which

Types of networks based on physical scope

Local area network

The defining characteristics of LANs, in contrast to WANs (Wide Area Networks),

Personal area network

Home area network

In the case of a university campus-based campus network, the network is likely to

Metropolitan area network

Sample VPN used to interconnect 3 offices and remote users

Virtual private network

A Backbone network (BBN) A backbone network or network backbone is part of a

Backbone networks should not be confused with the Internet backbone.

The Internet is a global system of interconnected governmental, academic, corporate,

Participants in the Internet use a diverse array of methods of several hundred

Intranets and extranets

An extranet is a network that is limited in scope to a single organization or entity and

WTA sample overlay network: IP over SONET over Optical

For example, Akamai Technologies manages an overlay network that provides

Basic hardware components

Network interface cards

A network card, network adapter, or NIC (network interface card) is a piece of

A repeater is an electronic device that receives a signal, cleans it of unnecessary

Bridges come in three basic types:

• Local bridges: Directly connect local area networks (LANs)

A router is an internetworking device that forwards packets between networks by

Computer networking or Data communications (Datacom) is the engineering

• Local area network (LAN), which is usually a small network constrained to a

All networks are interconnected to allow communication with a variety of different

Over the Internet, there can be business-to-business (B2B), business-to-consumer

• In September 1940 George Stibitz used a teletype machine to send

Local area network (LAN)

A peer-to-peer or client-server method of networking may be used. A peer-to-peer

Wireless networks (WLAN, WWAN)

Network topology has two types:

Commonly used topologies include:

For example, a layer that provides error-free communications across a network

Communication in the OSI-Model (Example with layers 3 to 5)