Page 1 of 38

NETWORKING FUNDAMENTALS

This section provides an introduction to some of the basic concepts and operations involved in networking. The topics discussed include local area networks, network addressing, and a look at some of the equipment involved in networking, such asbridges, switches, and routers. The terms and ideas discussed in this section are fundamental to networking and should provide a foundation for learning more advanced topics.

A local-area network, or LAN, essentially is a collection of computing devices connected together by some means in order to share or pool resources. The physical method, or medium, by which these devices are connected together is commonly referred to as thedata link. The data link may be a fiber-optic cable, twisted-pair wires, coaxial cable, or even radio waves and infrared light. Whatever the medium, all the devices share a common interface for accessing the data link to send communications to each other.

Like communications in the real word, just having the ability to speak and listen is not enough to carry on a conversation. For instance, if two people are speaking to each other and they both try to speak at the same time, one party must decide to stop speaking and start listening. In the real world, we refer to the rules that govern conversation as etiquette, but in data networking, this set of rules is referred to as the Media Access Control protocol, or MAC. Having a set of rules dictating who can speak when is a good start, but it is often not sufficient when complicated conversations are taking place. Take, for example, a crowded room where multiple conversations may be going on at the same time. The people in the room must know what parts of conversations are destined for them, even though they may be

Page 2

heari all the other conversations going on. In the real worl we attempt to handle this sit ation by addressing intended receivers by their name, and they listen only for conversations prefi ed with their name. In data communications, a similar method is used. As stated before, when devices are attached to a LAN they share a common method for accessing the data link. This method is accomplished via the network interface card, or NIC. The NIC encapsulates the data a device wants to send to another device in what is called a frame. The NIC is often referred to as the interface of a device.

A frame is like an electronic envelope. Just as you would place a letter containing your data inside an envelope and address the outside with the recipient's name and your return address, the NIC encapsulates the data of the computing device with a destination and return address. Frame Destination Address Source Address (Return) DATA

In the MAC protocol, the address refers to a uni ue number that is assigned to every NIC by its manufacturer. This number, known variously as the burned-in address (BIA), physical address, or most commonly the MAC address, is actually not an address at all. It gives no reference to where the NIC or machine is located. It is actually just a uni ue name that identifies the NIC from every other NIC in the world. Unfortunately, the term "address" has stuck with this concept and, throughout this module, this number will be referred to as the MAC address of the device. The figure below shows a typical MAC address, which is composed of 48 bits and is often represented in three groups of four hexadecimal digits each: MAC Address: 0000.0c47.93c1 0000 0 0000 0 0000 0 0000 0. 0000 0 1100 c 0100 4 0111 7. 1001 9 0011 3 1100 c 0001 1

The 48 bits (6 bytes) of the MAC address comprise a 24-bit Organizationally Uni ue Identifier (OUI), which is the first 24 bits (3 bytes) of the address, and a uni ue 24-bit serial number that makes up the last 24 bits (3 bytes). The OUI is administered by the Institute of Electrical and Electronics Engineers (IEEE) and is a uni ue code assigned to a manufacturer or vendor. The 24-bit serial number is assigned by the vendor for each uni ue physical device. The figure below shows how the MAC address is subdivided into these two identifiers. Using the address above, 00000c would be the OUI represented in hexadecimal. Similarly, 4793c1 would be the hexadecimal value of the vendor-assigned serial number. Hexadecimal numbers are often preceded by "0x" to denote that they are in hexadecimal format. Thus, the serial number just discussed could be written as 0x4793c1.

38

Page 3

Now that the data is encapsulated in a frame with a destination and source address, the NIC can transmit the frame onto the data link. Just as you would listen for your name in a crowded room to know if someone was trying to speak to you, NICs listen to the data link for frames with a destination address that matches their own MAC address. When a frame is "heard" by a NIC with its own MAC address, the NIC knows to copy the frame and send the data portion on to the computing device for processing. Because the frame was created with a return address, the receiver instantly knows the sender of the frame, and two-way communications can occur. Although somewhat oversimplified, this process describes basic data communications on a LAN. All devices are attached to the same medium, or data link, and when one device wishes to communicate with another, it encapsulates the data in a frame with a destinatio and n source MAC address and transmits it.

Imagine now that you're back in that crowded room trying to have a conversation and the room is becoming more and more crowded. As additional conversations occur, it becomes difficult to talk to someone without being interrupted. At some point it becomes impossible to have a conversation because everyone is trying to talk over everyone else. The same situation occurs on LANs. As more devices than the medium can support are added, communications become inefficient. Additionally, as more devices become available in geographically disperse areas, it becomes impossible to join them together on a single data link. In the overcrowded room, a possible solution is to have some of the people move into another room; a similar approach is used on LANs. When LANs become overcrowded, boundaries must be created between groups of devices. This scenario is accomplished via a piece of equipment known as a bridge. A bridge effectively takes a large LAN and breaks it down into smaller segments. It then learns the MAC address of all the devices on each of its attached segments. After learning the addresses, the bridge prevents frames destined between two devices on the same segment from traversing the data links on other segments. If a device wishes to speak to a device on a different segment, the bridge knows which segment to forward the frame to, and communications can occur. The overall effect of this filtering is a decreased use in bandwidth on each of the individual segments.

38

Page 4

It is important to note when bridging a frame that as the frame moves through the internetwork, its destination and source MAC addresses always stay the same. They do not take on the MAC address of the interfaces on the bridge.

Although effective at reducing the overall traffic on each of the new, smaller segments, bridges don't solve all the problems of overpopulated LANs. Because some frames are not destined to a specific device, but rather to all devices on the network, the bridge must forward these broadcastpackets to all segments. As the number of devices on each segment begins to grow, this broadcast traffic can increase to the point where it starts to become a hindrance, similar to those that the bridge was designed to alleviate. Bridges also don't address the problems of connecting geographically dispersed LANs (called wide-area networks, or WANs) where expensive communication links need to be used in the most efficient manner. A different type of boundary is needed to handle problems such as broadcast traffic and the efficient joining of LANs and WANs; such a boundary allows networks to be grouped into larger networks, or internetworks. The device that makes internetworking possible is the router.

A LAN switch is a device that provides a much higher port density than traditional bridges at a lower cost. The LAN switch is really a multiport bridge with high-speed applicationspecific integrated circuits (ASICs), increased memory, and software intelligence to process

38

Page 5

the frames efficiently. A LAN switch is also called a frame switch because it forwards datalink frames. A switch receives incoming packets on one of its physical ports and, if necessary, sends them back out on another port. Each port is essentially equivalent to one of the rooms separated by a bridge in the last section. Each port provides a new empty room to further break up conversations in a LAN. You can use LAN switches to place fewer users per segment, thereby increasing the average bandwidth available for each user. The segmentation of a network using a LAN switch to place fewer users per segment is known as microsegmentation. Each port in a LAN switch is in its own collision domain. This microsegmentation allows the creation of private or dedicated segments, that is, one user per segment. A LAN switch is capable of supporting multiple simultaneous connections between network devices connected to its ports. Users connected directly to a switch port receive instant access to the full bandwidth of their connected media (for example, 100 megabits [Mb] for Fast Ethernet) and they do not have to contend for available bandwidth with other users on the network. If a user is connected to a shared media device, such as a hub, which is then connected to a port on a switch, then there will still be contention for the available bandwidth between all the devices attached to the hub. The original LAN switches operated strictly at a separate level or "layer" than routers (you will learn about these layers in the next section on the Open System Interconnection [OSI] reference model). They were deployed to solve bandwidth issues created by having too many users on bridged segments or by using routers to connect LANs. In the early days of LAN switching, many people believed that routerswhich operate at a different layer of the OSI modelintroduced unnecessary delay in forwarding packets because they had to examine addressing information that is farther into the packet structure than the MAC addresses used by switches dedicated to solving bandwidth issues. A LAN switch forwards frames based on either the MAC address or, in some cases, the network address (for a multi-layer LAN switch, operating at the same layer as a router) of the frame. Newer LAN switches are evolving to become multi-layer devices capable of handling protocol issues involved in high-bandwidth applications that historically have been solved by routers. Today, LAN switches are being used to replace hubs and routers because user applications are demanding more bandwidth. Networking standards such as Ethernet, Token Ring, ATM, and Fiber Distributed Data Interface (FDDI) can be used for switching. In most cases, deploying LAN switches requires no change to existing hubs, NICs, or cabling.

Unlike the data link that directly connects two or more devices together to form a network, a router connects two or more devices together on separate networks. The primary difference is that, on the data link, a physical path is the connection between the devices. On a router, the

38

Page 6

connection between devices is a logical path that may span many routers and data links. The job of the router is to keep track of which path to use when transferring data from one network to another. The path that data follows between networks is known as the route. As data moves along the route passing through routers, each router it passes through is commonly referred to as a hop. In complex internetworks where multiple routes exist between data links, it is also the job of the router to determine which path is the most optimal. To determine which routes to use and which routes are the most optimal, routers use a set of rules called routing protocols and store the results in routingtables. When data travels between devices across a single data link, MAC addresses are used to identify the sender and receiver. As mentioned previously, a MAC address is simply a unique name given to the NIC card, and it contains no reference to its relative location. Since the purpose of a router is to send data between different data links, or networks, a method is needed to identify which network a device is located on so that it does not have to travel every network in search of the receiver. Think of a piece of mail destined for you. The first thing the sender does when addressing the envelope is to write your name on it. Is this sufficient to get the letter to you? The postman would have to go to everyone in the world, and ask each one if the letter had his or her name on it. A way is needed to narrow down the possible destinations. To do this, an address is added to the envelope describing where you are located. A street, city, state, and zip code aid in pinpointing your position to a precise location. These elements also make it easier for the post office to sort mail into groups of items destined for similar destinations. When the postman finally delivers the envelope to your house, does he care whose name is above the address? Usually not. There may be several people at the address with the same last name, but it is not the job of the postman to determine which person the envelope belongs to. He just leaves the envelope in the mailbox and lets the people living at that address decide whom the letter is for, based on the name on the envelope. Internetworking works on the same principles. Just as a frame is data encapsulated with destination and source MAC addresses, a packet is data encapsulated with a destination and source network address. Routers use packets to move data between networks, and the network address helps the routers determine the general location of the recipient. Packet Destination MAC Address Source MAC Address Destination Network Address Source Network Data Address

When a router receives a packet, it makes a routing decision based on the network destination address portion of the packet. If the destination address is within a known network, the router forwards the packet to the next-hop router for that destination network. After the packet leaves the router, the next-hop router is responsible for forwarding the packet to its final destination. The entire route is not known at the onset of the journey, just the next hop. If the router does not have the destination network in its routing table, it does one of two things: The router either forwards the packet to a predetermined default router, or it drops the packet and informs the sending device that the network is not reachable. It is important to note when routing a packet that as the packet moves through the internetwork, its destination and source network addresses always stay the same. But,

38

Page 7

because the packet is moving across several data links, the destination and source MAC addresses change with each data link. In the diagram below, assume the computer wants to converse with the server. Since communications are being carried out over multiple networks, the computer needs to encapsulate the data with a destination and source network address. Without this information, the routers would not know where to forward the packet. Because the packet also needs to be transmitted to the router over a data link, the computer encapsulates the packet in a frame with a destination and source MAC address. (Note: Because the router maintains an interface on the data link, it follows the same MAC protocol and MAC addressing standard as every other device on the shared medium.) As the packet moves from network to network, the frame information is stripped off the packet and replaced by new frame information with MAC addressing significant to the current data link. When the packet reaches the final router, the router knows that the destination network is directly attached and forwards the packet to the MAC address of the destination.

The previous section mentioned that when the computer has data it wants to send to a device on a different network, it sends its frames to the router and lets the router deliver them. How does the sending device know that the receiving device is on another network? To that extent, how does the sending device know what the address of the router is? The device knows that the recipient is on another network by doing a simple comparison between its network address and the network address of the recipient. If the two do not match, the sender knows the frame is destined for another network. How does it know the address of the router? When using network-level addressing, all devices on the data link need to be configured with what is called a default gateway address. The default gateway address is the address of the router. The communication protocol then states: If the destination network doesn't match your own network, forward the frame to the default gateway for delivery. Remember the fundamental concept of routing: As the data moves through the network, the destination and source network addresses stay the same, while the data-link address changes with each different network. Like the mailman, routers in general are concerned only with the location of networks, and not the individual devices residing on the network. The exception is when the router sees that the destination network is directly connected to it. When the mailman can match the address on the envelope to an address on his route, he needs to know how to leave the mail. Some addresses may have mail boxes, while some have mail slots. The mailman needs to know how every address on his route likes to receive mail. When a router needs to deliver a packet

 

38

Page 8

to its final network destination, the router acts as a station on the data link and transmits the data according to the proper MAC protocol.

Locating computer systems on an internetwork is an essential component of any network system. Various addressing schemes are used for this purpose, depending on the protocol family being used. In other words, AppleTalk addressing is different from TCP/IP addressing, which in turn is different from OSI addressing, and so on. Unlike data-link addresses, which usually exist within a flat address space, network (or logical) addresses are hierarchical. In other words, they are like mail addresses, which describe a person's location by providing a country, a state, a zip code, a city, and a street. Hierarchical addresses make address sorting and recall easier by eliminating large blocks of logically similar addresses through a series of comparison operations. For example, all other countries can be eliminated if an address specifies the country Ireland. Easy sorting and recall is one reason that routers use network (logical) addresses as the basis for routing. Network addresses differ, depending on the protocol family being used, but they typically use similar logical divisions to find computer systems on an internetwork. Some of these logical divisions are based on physical network characteristics (such as the data -link segment a device is located on); others are based on groupings that have no physical basis (for example, the AppleTalk zone). End systems require one network address for each routing protocol they support (assuming that the device has only one physical network connection). Routers and other internetworking devices require one network address per physical network connection for each routing protocol supported. For example, a router with three interfaces, each running AppleTalk, TCP/IP, and OSI, must have three network addresses for each interface. The router, therefore, has nine network addresses. One final concept in network addressing must be understood: the host address. We've learned that the data-link address is significant only to the local segment and that when the frame enters a router, the data-link addressing is stripped off and just the packet passes from router to router. So how does the router know which data-link address to send the packet to when it gets to the proper network? The answer to the question is that all devices on the network need their network address to be broken down into two parts, a network identifier and a host identifier. Conceptually, you may think of this like a street address. Most, if not all, street addresses are broken down into two parts, the actual name of the street and a number representing each house on the street. The mailman must know both of these pieces of information about the street address in order to get the mail to its final destination address. The street name corresponds to the network identifier, and the house number corresponds to the host identifier. On a router, when the final network identifier address is reached, the router looks at the network host identifier section of the address. Because the router is participating on the local data-link segment, it maintains a list of all the data-link addresses and corresponding network addresses on the segment. At this point, delivering the data is a simple matter of matching the incoming host identifier with an entry in the MAC address table of the router and encapsulating the packet with the proper data-link MAC address.

 

38

Page 9

The Open System Interc nnection (OSI) re erence model is a conceptual model composed of seven layers, each specifying particular network functions. The OSI model describes how information from one computer moves through a network medium to another computer. The model was developed by the International Organization for Standardization (ISO) in the late 1970s. The OSI model divides the tasks involved with moving information between networked computers into seven smaller groups of tasks, which are assigned to each of the seven OSI layers. This layered approach offers several benefits. One benefit is that the overall complexity of network operation is made more manageable. With distinct functions at each layer, one layer can be modified without having to change the operation of all layers. By defining a standard interface to allow communication between layers, different products can also be easily adapted to fit the model, and multi-vendor integration is made easier. The figure below shows the seven layers of the OSI model and some of the common protocols found at those layers.

The seven layers of the OSI reference model can be divided into two categories: upper layers, which deal with application issues and generally are implemented only in software, and lower layers, which deal with data-transport issues and are implemented in both hardware and software. Layers 1 through 4 make up the lower layers of the model, while Layers 5, 6, and 7 are the upper layers. Although the OSI model provides a conceptual framework for communication between computers, the model itself is not a method of communication. Actual communication is made possible by using

 

38

Page 10 of 38

communication protocols, which implement the functions of one or more of the OSI layers. Even though the OSI model is only a conceptual model, it has become a very important idea and reference in networking. It is important to be familiar with the model in order to understand how actual networking devices and protocols fit in to the overall process of communication. The most important concepts to focus on when trying to understand the OSI model are the different layers of the model, the general functions of each layer, the protocols and devices that are used at each layer, and how information is represented at each layer. An actual OSI protocol suite was developed by the ISO and the International Telecommunication Union Telecommunication Standardization Sector (ITU-T) as part of an international program to develop data-networking protocols and other standards that facilitate multi-vendor equipment inter operability. The OSI program, which grew out of a need for international networking standards, is designed to facilitate communication between hardware and software systems despite differences in underlying architectures. For a summary of the OSI protocol suite and its mapping to the OSI model, see Open System Interconnection (OSI) Protocols. Although some OSI protocols are implemented around the world, the primary use of the OSI model is as a reference for discussing other protocol specifications. The following sections outline the functions and features of each of the seven layers of the OSI model starting at Layer 1, the physical layer, and proceeding up through Layer 7, the application layer.

The physical layer (Layer 1) defines the physical characteristics of the transmission medium between communicating network systems. This layer is basically concerned with transmitting raw bits across a communications link. Physical layer specifications define such characteristics as electrical currents, voltage levels, timing, encoding, data rates, and the physical cabling and connectors between systems. Examples of the specifications and standards that operate at the physical layer include EIA/TIA-232, RJ-45, Ethernet, 802.3, 802.5, nonreturn to zero inverted (NRZI), and binary 8-zero substitution (B8ZS). Some common physical layer implementations are shown in the figure below. Note that some of these standards may overlap with other layers of the OSI model because some standards and protocols define details on multiple levels.

Page 11 of 38

Information at the physical layer is in bits. This is the lowest layer of communication and is concerned only with transmitting the binary values of "0" and "1" across a medium. The physical layer relies on layers above it to order, structure, and interpret the raw signals. The equipment at this level includes the wiring, cabling, connectors, and pins that interconnect network devices. Repeaters and hubs (which are essentially multiport repeaters) also operate at this level because they simply reamplify and regenerate signals at the physical level.

The data link layer (Layer 2) provides reliable transit of data across a physical network link. Different data link layer specifications define different network and protocol characteristics, including physical addressing, network topology, error notification, sequencing of frames, and flow control. Physical addressing (as opposed to network addressing) defines how devices are addressed at the data link layer. Network topology consists of the data link layer specifications that often define how devices are to be physically connected, such as in a bus or a ring topology. Error notification alerts upper layer protocols that a transmission error has occurred, and the sequencing of data frames reorders frames that are transmitted out of sequence. Finally, flow control moderates the transmission of data so that the receiving device is not overwhelmed with more traffic than it can handle at one time. The data link layer has been subdivided into two sublayers defined by the Institute of Electrical and Electronics Engineers (IEEE). The Logical Link Control (LLC) sublayer of the data link layer manages communications between devices over a single link of a network. LLC is defined in the IEEE 802.2 specification and supports both connectionless and connection-oriented services used by higherlayer protocols. IEEE 802.2 defines numerous fields in data link layer frames that enable multiple higher-layer protocols to share a single physical data link. The Media Access Control (MAC) sublayer of the data link layer manages access to the physical network medium. The IEEE MAC specification defines MAC addresses (physical addresses that differ from the logical addressing performed at the network layer), which enable multiple devices to uniquely identify one another at the data link layer. The figure below gives a visual representation of how the data link layer is subdivided into these two sublayers.

Page 12 of 38

Information at the data link layer is structured into units known as frames. Because frames are defined at this layer, the source and destination of this information are data link layer entities. A frame is composed of the data link layer header, upper-layer data, and possibly a trailer. A visual representation of a frame is shown in the figure below. The header and trailer contain control information intended for the data link layer entity in the destination system. Data from upper-layer entities is encapsulated in the data link layer header and trailer to be "unwrapped" by the data link layer entity in the destination system and passed up to higher layers.

Common protocols and standards that operate at the data link layer include Frame Relay, Asynchronous Transfer Mode (ATM), Fiber Distributed Data Interface (FDDI), Point-to-Point Protocol (PPP), High-Level Data Link Control (HDLC), and IEEE 802.3/802.2. Equipment operating at the data link layer includes both bridges and switches. These devices filter network traffic based on physical hardware addresses (MAC addresses).

The network layer (Layer 3) provides routing and related functions that may encompass multiple data links. Although the data link layer is concerned only with delivery of frames between hosts on the same link, the network layer is concerned with end-to-end delivery of information, regardless of each individual link. The network layer depends on the data link layer to handle reliable transmission across each link individually. This again shows the benefits of breaking up overall delivery of information into a hierarchical, layered approach. End-to-end delivery is accomplished by the logical addressing (as opposed to the physical addressing at the data link layer) of devices. An example of a logical address is an IP address, whereas MAC address is a physical address. Network layer devices are concerned with such issues as the determination of the best path from source to destination. They must store information about destinations at the network level, decide which path the information should take to reach a given destination, and rely on lower layers to reliably transmit the information from source to destination. Information at the network layer associated with a connection-oriented service is stored in units known as packets. Because packets are created and interpreted at the network layer, a packet is an information unit whose source and destination are network layer entities. A packet is composed of the network-layer header, upper-layer data, and possibly a trailer. The header and trailer contain

Page 13 of 38

control information intended for the network layer entity in the destination system. Data from upper layer entities is encapsulated in the network-layer header and trailer. The figure below shows a visual representation of a packet.

The term datagram usually refers to an information unit whose source and destination are network layer entities that use connectionless network service. Connectionless network services do not typically have the reliability associated with connection-oriented services. This is explained further in the section on the transport layer. Most of the protocols found at the network layer are routing protocols. Some common routing protocols include Border Gateway Protocol (BGP), an Internetinterdomain routing protocol; Open Shortest Path First (OSPF), a link-state, interior gateway protocol developed for use in TCP/IP networks; and Routing Information Protocol (RIP), an Internet routing protocol that uses hop count as its metric. Devices operating at the network layer are generally referred to as routers. Some switches also operate at the network layer.

The transport layer (Layer 4) implements reliable internetwork data-transport services that are transparent to upper layers. Transport layer functions typically include flow control, multiplexing, virtual circuit management, and error checking and recovery.
y

Flow control manages data transmission between devices so that the transmitting device does not send more data than the receiving device can process. Multiplexing enables data from several applications to be transmitted onto a single physical link. Virtual circuits are established, maintained, and terminated by the transport layer. Error checking involves creating various mechanisms for detecting transmission errors. Error recovery involves taking an action, such as requesting that data be retransmitted, to resolve any errors that occur.

y y y

Some of these transport layer services are similar to the functions of the data link layer. However, whereas the data link layer is concerned with such issues as error checking and flow control over a physical link, the transport layer focuses on these services from an end-to-end perspective.

Page 14 of 38

Some transport-layer implementations include Transmission Control Protocol (TCP), Sequenced Packet Exchange (SPX), Name Binding Protocol (NBP), and OSI transport protocols. TCP is the protocol in the TCP/IP suite (the protocol suite used in communication over the Internet) that provides reliable transmission of data. Whereas TCP provides transport layer services for the IP protocol, SPX is the protocol responsible for providing transport services for the Internetwork Packet Exchange (IPX) protocol. NBP is the protocol that associates AppleTalk names with addresses. OSI transport protocols are a series of transport protocols in the OSI protocol suite mentioned earlier. The User Datagram Protocol (UDP) is also a transport layer protocol. However, whereas TCP is a reliable, connection-oriented protocol, UDP is a connectionless protocol. Thus, UDP allows datagrams to be transmitted without guaranteed delivery or acknowledgment that the data was received correctly. Information units at the transport layer are usually referred to as segments. Services at the transport layer and the three layers above it (the upper layers) are implemented primarily in software. Information at the upper layers does not have a specific name as it does at the lower layers (segments, packets, frames, and bits). Information at the upper layers of the OSI model is simply referred to as user data.

The session layer (Layer 5) establishes, manages, and terminates communication sessions between presentation layer entities. Communication sessions consist of service requests and service responses that occur between applications located in different network devices. These requests and responses are coordinated by protocols implemented at the session layer. The session layer is responsible for such issues as synchronization between peers and negotiation of the communication mode being used (simplex, half duplex, or full duplex). Examples of session layer implementations include Zone Information Protocol ( IP), the AppleTalk Z protocol that coordinates the name binding process; and Session Control Protocol (SCP), the DECnet Phase IV session layer protocol. It is important to note that Cisco also regards Network File System (NFS), Structured Query Language (SQL), and remote-procedure call (RPC) as session layer services. NetBIOS is also considered a session layer protocol. As mentioned earlier, information at the session layer is simply referred to as user data.

The presentation layer (Layer 6) provides a variety of coding and conversion functions that are applied to application layer data. These functions ensure that information sent from the application layer of one system will be readable by the application layer of another system. Some examples of presentation layer coding and conversion schemes include common data-representation formats, conversion of character-representation formats, common data-compression schemes, and common data-encryption schemes.

Page 15 of 38

Common data-representation formats are important in order to create standards and ensure that information can be exchanged and understood between different types of computer systems. Whereas the concern of most layers below the presentation layer is simply to exchange raw information reliably from one system to another, the presentation layer is concerned with the actual format of the data being transmitted. Conversion schemes are used to exchange information with systems by using different text and data representations, such as extended binary coded decimal interchange code (EBCDIC) and ASCII. Standard data-compression schemes enable data that is compressed at the source device to be properly decompressed at the destination. Compression is a useful technique because it allows the transmission of data using less bandwidth, but does not alter how the information is eventually interpreted by the receiver. Standard data-encryption schemes enable data encrypted at the source device to be prop erly deciphered at the destination. Encryption plays a very important role in carrying out transactions with security. Presentation layer implementations are not typically associated with a particular protocol stack. Some well-known standards for video include QuickTime and Motion Picture Experts Group (MPEG). QuickTime is an Apple Computer specification for video and audio, and MPEG is a standard for video compression and coding. Among the well-known graphic image formats are Graphics Interchange Format (GIF), Joint Photographics Expert Group (JPEG), and Tagged Image File Format (TIFF). GIF is a standard for compressing and coding graphic images. JPEG is another compression and coding standard for graphic images, and TIFF is a standard coding format for graphic images. Again, information at the presentation layer is referred to as user data.

The application layer (Layer 7) is the OSI layer closest to the end user, meaning that both the OSI application layer and the user interact directly with the software application. It is important to note that user applications themselves do not make up the application layer. Furthermore, not all applications need to be concerned with interacting with the application layer of the OSI model. The application layer interacts only with software applications that implement a communicating component. Application layer functions typically include identifying communication partners, determining resource availability, and synchronizing communication. When identifying communication partners, the application layer determines the identity and availability of communication partners for an application with data to transmit. When determining resource availability, the application layer must decide whether sufficient network resources for the requested communication exist. In synchronizing communication, all communication between applications requires cooperation that is managed by the application layer. Two key types of application layer implementations are TCP/IP applications and OSI applications. TCP/IP applications are protocols (such as Telnet, File Transfer Protocol [FTP], and Simple Mail Transfer Protocol [SMTP]), that exist in the Internet Protocol suite. OSI applications are protocols

Page 16 of 38

(such as File Transfer, Access, and Management [FTAM]; Virtual Terminal Protocol; and Common Management Information Protocol [CMIP]), that exist in the OSI suite. As was true with the other upper layers, information at the application layer is simply known as user data.

The seven OSI layers use various forms of control information to communicate with their peer layers in other computer systems. This control information consists of specific requests and instructions that are exchanged between peer OSI layers. Control information typically takes one of two forms: headers and trailers. Headers are prepended to data that has been passed down from upper layers. Trailers are appended to data that has been passed down from upper layers. An OSI layer is not required to attach a header or trailer to data from upper layers. Headers, trailers, and data are relative concepts, depending on the layer that analyzes the information unit. At the network layer, an information unit, for example, consists of a Layer 3 header and data. At the data link layer, however, all the information passed down by the network layer (the Layer 3 header and the data) is treated as data. In other words, the data portion of an information unit at a given OSI layer can actually contain headers, trailers, and data from all the higher layers. This is known as encapsulation. The figure below shows how the header and data from one layer are encapsulated into the header of the next-lowest layer. It should be clear that a large part of the actual information being transmitted over the physical link is overhead, in the form of headers and trailers, to ensure that the data is received and interpreted correctly.

The information-exchange process occurs between peer OSI layers. Each layer in the source system adds control information to data, and each layer in the destination system analyzes and removes the control information from that data. A given layer in the OSI layers generally communicates with three other OSI layers: the layer directly above it, the layer directly below it, and its peer layer in other networked computer systems. The data link layer in System A, for example, communicates with the network layer of System A, the

Page 17 of 38

physical layer of System A, and the data link layer in System B. The figure below illustrates this example.

If System A has data from a software application to send to System B, the data is passed to the application layer. The application layer in System A then communicates any control information required by the application layer in System B, prepending a header to the data. The resulting information unit (a header and the data) is passed to the presentation layer, which prepends its own header containing control information intended for the presentation layer in System B. The information unit grows in size as each layer prepends its own header (and in some cases a trailer) that contains control information to be used by its peer layer in System B. At the physical layer, the entire information unit is placed onto the network medium. The physical layer in System B receives the information unit and passes it to the data link layer. The data link layer in System B then reads the control information contained in the header prepended by the data link layer in System A. The header is then removed, and the remainder of the information unit is passed to the network layer. Each layer performs the same actions: The layer reads the header from its peer layer, strips it off, and passes the remaining information unit to the next highest layer. After the application layer performs these actions, the data is passed to the recipient software application in System B, in exactly the form in which it was transmitted by the application in System A. At each layer of this process, the data being passed to the next layer is modified. In the terms given earlier, information is encapsulated from user data, to segments, to packets or datagrams, to frames, and finally, to bits. These bits are then transmitted over the physical medium and deencapsulated in exactly the reverse order at the receiving end. This process is repeated for each unit of user data that is transmitted from one end system to another. Although this laborious process involves much overhead, it is this very standardization of processing and transmission that makes reliable communication possible.

The Internet Protocol suite was developed by the Defense Advanced Research Projects Agency (DARPA). These protocols can be used to communicate across any set of interconnected networks.

Page 18 of 38

They are well suited for both LAN and WAN communication. Of the protocols in the suite, the best known and most widely used are TCP and IP. Although the history of the development of the Internet Protocol is beyond the scope of this module, if you want to become an expert in IP routing, you should familiarize yourself with this RFC and the subsequent ones mentioned in this module. For more information on RFCs, see Primary and Secondary RFC Repositories. TCP/IP information is transferred in a sequence of information units, called datagrams. One message may be transmitted as a series of datagrams that are reassembled at the receiving location. This section should give you a good idea of the processes that occur with these datagrams at the transport and Internet layers of the TCP/IP model and some of the features associated with TCP.

You may recall from the discussion of the Open System Interconnection (OSI) reference model that TCP (OSI Layer 4) provides transport layer services for IP (OSI Layer 3). The TCP/IP suite includes not only Layer 3 and 4 specifications (such as IP and TCP), but also specification for such common applications as e-mail, remote login, terminal emulation, and file transfer. The TCP/IP protocol stack maps closely to the OSI reference model in the lower layers, as shown in the following figure. All standard physical and data-link protocols are supported. Although the entire TCP/IP model is shown here, this course will be primarily concerned with the transport layer and the Internet layer.

Transport Layer The TCP/IP transport layer performs several functions including:
y y

Flow control provided by sliding windows Reliability provided by sequence numbers and acknowledgments

Two protocols are provided at the transport layer: TCP and User Datagram Protocol (UDP). TCP is a connection-oriented transport protocol that sends data as an unstructured stream of bytes. It is responsible for breaking messages into segments, transmitting the segments, reassembling the

Page 19 of 38

segments into the original data at the receiving end, re-sending anything that is not received, and dropping duplicate messages. If the sending computer is transmitting too fast for the receiving computer, TCP can employ flow-control mechanisms to slow data transfer. TCP can also communicate delivery information to the upper-layer protocols it supports. UDP is connectionless and unacknowledged. Although UDP is responsible for transmitting messages, no software checking for segment delivery is provided at this layer. For the purposes of this Cisco Interactive Mentor (CIM), we will be using TCP, the more popular transport layer protocol. TCP uses port numbers to pass information to the upper layers. Port numbers are used to keep track of different conversations crossing the network at the same time. Port numbers are discussed in detail in the "Ports" section below. Internet Layer Several protocols operate at the TCP/IP Internet layer:
y y y y

IP Internet Control Message Protocol (ICMP) Address Resolution Protocol (ARP) Reverse Address Resolution Protocol (RARP)

IP is the primary Internet layer protocol in the Internet Protocol suite. IP provides error reporting and fragmentation and re-assembly of datagrams for transmission over networks with different maximum datagram sizes. ICMP provides routing-failure reporting, messaging functions, and a way for new nodes to discover the subnet mask currently used in an internetwork. For example, the ping command used by network devices utilizes the Echo message feature of ICMP to carry out its tasks. The trace (or traceroute) command relies on the ICMP Time Exceeded messages to provide its service. ARP uses broadcast messages to determine the hardware Media Access Control (MAC)-layer address corresponding to a particular internetwork address. RARP uses broadcast messages to determine the Internet address associated with a particular hardware address. Notice that one protocol (ARP) finds an unknown data link layer address based on a known network layer address, whereas the other (RARP) finds an unknown network layer address based on a known data link layer address. These protocols essentially provide exactly opposite features of each other, and are, therefore, named accordingly.

The ports referred to here are not physical cable receptacles, such as the console port on a router. In a discussion of TCP segments, a port is a number in the TCP header that is used to identify the ends of logical connections that carry long-term conversations. These port numbers are used as source and destination addresses in the TCP segment. Port numbers are divided into three ranges:

Page 20 of 38

y y y

Numbers from 0 through 1023 are the well-known ports. Numbers from 1024 through 49151 are the registered ports. Numbers from 49152 through 65535 are the dynamic or private ports.

The well-known ports are assigned by the Internet Assigned Numbers Authority (IANA). For example, any conversation bound for the File Transfer Protocol (FTP) application uses the well-known port 21. Conversations that do not involve an application with a well-known port number are assigned port numbers randomly chosen from the dynamic or private ports. Other well-known port numbers to note follow: Telnet (23), Domain Name System (DNS) (53), Trivial File Transfer Protocol (TFTP) (69), Hypertext Transfer Protocol (HTTP) (80), Post Office Protocol 3 (POP3) (110), and NEWS (144) services.

TCP uses a three-way handshake to establish and release connections. The handshake is composed of synchronization (SYN) and acknowledgment (ACK) messages. The flow of these messages is much like initiating a telephone conversation.

The handshake enables the TCP client and server to synchronize initial sequence numbers (ISNs). The synchronization requires each side to send its own ISN and to send an acknowledgment when it receives the ISN from the other side.

The handshake is necessary because ISNs are not derived from a global network clock. TCP clients and servers may also have completely different mechanisms for picking the ISN. In addition, the receiver of the first SYN has no way of knowing whether this segment is an old, delayed one or not. For this reason, acknowledgments are required.

Page 21 of 38

TCP uses a flow-control mechanism called windowing to govern the flow of data between devices. The receiving TCP reports a "window" to the sending TCP. This window specifies the number of octets, starting with the acknowledgment number that the receiving TCP is currently prepared to receive. TCP window sizes are variable during the lifetime of a connection. Each acknowledgment contains a window advertisement that indicates how many bytes the receiver can accept. TCP also maintains a congestion-control window, which is normally the same size as the receiver window, but is cut in half when a segment is lost (that is, there is congestion). This approach permits the window to be expanded or contracted as necessary to manage buffer space and processing.

TCP ensures that a single message transmitted as a series of datagrams is reassembled in the correct sequence by using sequence and acknowledgment numbers. Each datagram is given a sequence number before transmission. At the receiving station, TCP acknowledges each datagram as it is received. Segments that are not acknowledged within a given time period are retransmitted. When all sequence numbers are accounted for, the message is reassembled.

Routing is the process of taking an incoming datagram from one interface and delivering it out through another interface. Routing is often contrasted with switching, which seems to do exactly the same thing. The difference between switching and routing is the type of information inside the datagram that is used to determine the correct output interface. With switching, datagrams are forwarded based on Media Access Control (MAC) address information.

Page 22 of 38

With IP routing, datagrams are routed based on IP information.

As switches have become more sophisticated, they have started utilizing Layer 3 information to make more-intelligent forwarding decisions. In this section, when we refer to switching, we are referring to traditional Layer 2 switching. This section highlights some of the concepts and procedures that are invol ed in making routing v decisions.

The Internet Protocol (IP) is the primary network protocol in the Internet suite. In addition to internetwork routing, IP provides for error reporting and fragmentation and reassembly of information units called datagrams for transmission over networks with different maximum -dataunit sizes. IP was first formally described in Internet Protocol: DARPA Internet Program Protocol Specification, RFC 791, 1981. This section quotes often from this document because it is the defining body on this subject. The RFC describes the purpose of the Internet Protocol as:

Page 23 of 38

The internet protocol provides for transmitting blocks of data called datagram from sources to s destinations, where sources and destinations are hosts identified by fixed length addresses...The internet protocol is specifically limited in scope to provide the functions necessary to deliver a package of bits (an internet datagram) from a source to a destination over an interconnected system of networks. A large part of this section deals with the details of IP addressing, including subnetting and various addressing concepts and considerations.

RFC 791 states: The function or purpose of Internet Protocol is to move datagrams through an interconnected set of networks. This is done by passing the datagrams from one internet module to another unti the l destination is reached. The internet modules reside in hosts and gateways in the internet system. The datagrams are routed from one internet module to another through individual networks based on the interpretation of an internet address. Thus, one important mechanism of the internet protocol is the internet address..... A distinction is made between names, addresses, and routes. A name indicates what we seek. An address indicates where it is. A route indicates how to get there. The internet protocol deals primarily with addresses. IP addresses are globally unique, 32-bit numbers assigned by the Network Information Center (NIC). Globally unique addresses permit IP networks anywhere in the world to communicate with each other. For simplicity and clarity, these bits are normally represented as four sets of octets (8 bits per octet, or 1 byte). Each octet is then represented as a decimal number between 0 and 255 and separated by a period, or dot. This scenario is known as dotted-decimal notation. For example, a 32-bit IP address could be the following:

10101100000100000011001000001010 To represent this address in standard format, we break the address down into 4 octets (8 -bit segments): 10101100 00010000 00110010 00001010

and convert each of the octets into a decimal number: 172 16 50 10

The address is then written as 172.16.50.10 and spoken as "172 dot 16 dot 50 dot 10." Remember that the dotted-decimal notation is just a convention used to make working with 32-bit IP addresses easier. As far as devices on the network are concerned, they are dealing with a single 32-bit binary number.

Page 24 of 38

As mentioned earlier, network addresses are broken down into two parts, a network identifier and a host identifier. In IP, the portion of the overall IP address allocated to the network and host identifiers varies, making IP very flexible in the number of networks and hosts it can accommodate. In IP, the network identifier is commonly referred to as the network prefix, and the host identifier as the host portion. These terms are used for the remainder of this module. For example: Here, more of the bits are allocated to the network prefix:

Network Prefix 101011000001000000110010

Host Portion 00001010

This setup allows for more networks. In the next example, more of the address is allocated to the host portion: Network Prefix 101011000001 Host Portion 00000011001000001010

so more possible host combinations are available.

In general, there are basically three types of networks: large, medium, and small. They can be described as follows:
y

Large networks have a tremendous number of hosts (in the millions) per network. There are very few large networks. Medium networks fall in the range between large and small networks. Small networks have a small number of hosts per network. A large number of networks fall into the small category.

y y

To accommodate different size networks and aid in classifying them, IP addresses are divided into categories called classes. Each of the IP classes is designed to accommodate a different size network. As stated in RFC 791: To provide for flexibility in assigning address to networks and allow for the large number of small- to intermediate-sized networks, the interpretation of the address field is coded to specify a small number of networks with a large number of hosts, a moderate number of networks with a moderate number of hosts, and a large number of networks with a small number of hosts. This scenario is known as classful addressing, and it follows a few basic rules:
y

Each class uses subsequently fewer of the bits in the address as the host portion and subsequently more of the bits as the network prefix.

Page 25 of 38

y y

The boundary between the network and host identification sections is fixed in each class. Each class uses the most significant bits of the address to identify where the boundary is.

The following table describes how classful addressing works:

When

viewed

in

the

context

of

the

dotted-decimal

notation,

this

translates

to:

Class A

Class Identifier

Network Prefix

Host Portion or Remaining three octets N.H.H.H or to xxx.0.0.0 to xxx.255.255.255

First octet in the First octet N.H.H.H range 1 126* 1.xxx.xxx.xxx 126.xxx.xxx.xxx

First octet in the First two octets N.N.H.H or Remaining two octets N.N.H.H or range 128 191 128.0.xxx.xxx to xxx.xxx.0.0 to 191.255.xxx.xxx xxx.xxx.255.255 First octet in the First three octets N.N.N.H Remaining octet range 192 223** or xxx.xxx.xxx.0 192.0.0.xxx to xxx.xxx.xxx.255 223.255.255.xxx N.N.N.H or to

*Note that addresses starting with 0 and 127 are ** Addresses allocated in the range beyond 223 (224 254) will be discussed later:
y

reserved.

Class D addresses are reserved for multicast groups. In Class D addresses, the four highestorder bits are set to 1110 (224 239).

Class E addresses are also defined by IP but are reserved for future use. In Class E addresses, the four highest-order bits are all set to 1 (240 254).

To provide further functionality, some IP addresses are reserved for special purposes. First is the address 0.0.0.0. The all-zeros address is reserved as the default network, which is used in routers as a way to identify where to send a packet when there is no match for it in a routing table. Next is the network 127.0.0.0. This address is known as the internal loopback network. Routers or other devices can use this address to send packets to themselves.

Page 26 of 38

Any address with all the host bits set to zero is used to represent the address of the network itself. This concept can be a bit confusing. A good way to think of it is a street address that contains only the name of the street. Generally, devices should not use host addresses where all the host bits are set to zero, because it can confuse routing protocols (the "Subnet Zero" section below contains more information on this subject). Finally, addresses with all the host bits set to 1 are known as broadcast addresses. Every device on the network will receive packets addressed to the broadcast address. So, typical classful IP addresses look like the following: Class A Class B Class C All networks Default route: 0.0.0.0 host network broadcast broadcast address: address: address: address: 124.32.90.10 172.68.0.0 212.200.50.255 255.255.255.255

Given the above parameters, this system allows for the following combinations of valid Internet network and host addresses:

Class

Possible Networks 126 16,384 2,097,152

Possible Hosts Total Possible Percent of Total Host Addresses Available Address 16,777,214 65,534 254 2,113,928,964 1,073,709,056 532,676,608 50% 25% 12.5%

A B C

(To determine the number of possible networks or hosts, use the formula 2n 2, where n is the number of bits in the network or host space. The subtraction of 2 is for the actual network and broadcast address. Note that the table above is meant to show only the available host addresses in a given network. It is possible that these numbers may be slightly larger with the use of the ip subnet zero command covered later in this section, but these numbers are generally correct. As noted, the numbers above also exclude the broadcast address of each network, because these may not be assigned to a host.) Several networks are reserved for private use and cannot be used on the Internet. They include:

Class A B

Address Range 10.x.x.x 172.16.x.x through 172.31.x.x

Page 27 of 38

192.168.x.x

These addresses are commonly used for corporate intranets and for testing. When the Internet Protocol was first proposed in the early 1980s, classful addressing, in theory, seemed to provide a limitless amount of address space. In practice, it became quickly apparent that there were limitations. The major drawback to the system is that, although easy to understand and implement, the boundaries set by the Class A, B, and C addresses do not foster efficient use of the available addresses.
y

From the table above, you can see that the Class A address space uses a full 50 percent of the available address space, but it allows for only 126 separate networks. Because there are actually very few organizations assigned Class A addresses, a large portion of the total address space goes unused. The Class C address, with only 254 possible hosts, is often too small, causing an organization to move to a Class B address. But the Class B, with ~65,000 hosts, is often too large, causing tens of thousands of addresses to go unused. Remember, each link must be uniquely identified, so if an organization has two separate data-link segments with 300 stations on each, it will need two Class B addresses and will effectively use 130,000 addresses for 300 stations! In response to this problem, organizations use multiple Class C addresses instead of using a single Class B address. But this has the negative impact of increasing the size of the global Internet routing table because more networks need to be tracked. Because every data link needs to be uniquely identified, there just are not enough network addresses to go around. The rapid growth of corporate intranets, when compounded with the explosion of the Internet, has created a demand for network addresses that the original classful addressing scheme could not meet.

In order to address these problems, a modification to the system is needed that allows the addresses to be used more efficiently. In 1985, RFC 950 was written to standardize a procedure for dividing Class A, B, and C networks into smaller, more manageable sections. This procedure is known as subnetting.

The classful address scheme creates a two-level hierarchy in the Internet: a top level representing the Internet as a whole, and a level below representing the individual networks. For the reasons stated above, what is really needed is a three-level hierarchy that allows for networks to be divided into smaller segments, or subnets. To accomplish this, the host portion of the address is broken down into two sections, a subnet number and the remaining host portion:

Page 28 of 38

Two-Level Classful Hierarchy:

Network Prefix

Host Portion

Three-Level Subnet Hierarchy:

Network Prefix

Subnet Number Host Portion

The subnet number now identifies a local segment attached to the router. Because only the network portion of the address is advertised to the Internet, subnetworks are only locally significant. Here's how subnetting works:

Page 29 of 38

Suppose you have been assigned the network address of 128.60.0.0. Converting this from dotted decimal notation into binary, you get:

Network Prefix 128 60

Host Portion 0 0

1 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 If you take the first four bits of the host portion and use them to identify subnets, you get the following possible binary combinations: Network Prefix Subnet Host Portion

1 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 1 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 1 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0

Page 30 of 38

1 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 Converting these addresses back to dotted-decimal notation, you get: Network Prefix 128 128 128 128 128 128 128 128 128 128 128 128 128 128 128 128 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 60 Subnet/Host Portion 0 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

Now in addition to having the major network of 128.60.0.0, you also have up to 16 subnetworks: 128.60.0.0, 128.60.16.0, 128.60.32.0,...128.60.240.0. Each of these subnetwork addresses can be used to define a data-link segment, with the remaining 12 bits of each subnet being used to identify specific hosts on those segments. Note, however, that the subnet 128.60.0.0, which is the same network as the major network, is available as a subnet only if you are using the ip subnet zero command. The zero subnet will be further explained later in this section. Because the network prefix is the only portion of the address that is significant to the Internet, the subnets are not visible outside the private network of the local organization. The route from the

Page 31 of 38

Internet to any subnet of a given IP address is the same, no matter which subnet the destination host is on. It is the job of the local routers to determine which subnet a particular host is on. This setup reduces the complexity of the Internet routing table because only a single network address is needed to reach an organization, and it also prevents the depletion of available network addresses because each data link does not need to take up a full IP network.

If we look at the 128.60.16.x subnet and start assigning hosts, we can create addresses 128.60.16.0 through 128.60.31.255:

Network Prefix 128 128 128 128 128 ...... 128 128 128 128 128 60 60 60 60 60 60 60 60 60 60

Subnet

Host Portion

0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0

0 0 0 1 1 1 1 1 1 1 1 1 1 0 1 1 0 0 0 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 0 1 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1

Anything beyond 128.60.31.255 is on the next subnet. The 128.60.32.0 to 128.60.47.255 subnet follows:

Network Prefix 128 60

Subnet

Host Portion

0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0

Page 32 of 38

128 128 128 128 ...... 128 128 128 128 128

60 60 60 60

0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0

60 60 60 60 60

0 0 1 0 1 1 1 1 1 1 1 1 1 0 1 1 0 0 1 0 1 1 1 1 1 1 1 1 1 1 0 0 0 0 1 0 1 1 1 1 1 1 1 1 1 1 0 1 0 0 1 0 1 1 1 1 1 1 1 1 1 1 1 0 0 0 1 0 1 1 1 1 1 1 1 1 1 1 1 1

The bits that are used for the network number and subnet number are commonly referred to together as the extendednetwork prefix.

A device needs a way to tell what subnet it is located on. As you learned in the addressing section, a device learns the class of its address from the most significant bits of the address (for example, if the first 2 bits are "10," the device knows that the first 16 bits of the address indicate its network and the last 16 bits indicate its host address). With subnetting, a way is needed to tell the device to look beyond its class to determine its subnet. This is done via a subnet mask. A subnet mask is a 32-bit binary number that corresponds bit for bit to the IP address of the device. The bits of the subnet mask are set to 1 if the system examining the address should treat the corresponding bit in the IP address as part of the extended network prefix. The bits in the mask are set to 0 if the system should treat the bit as part of the host number. For example, a subnet mask for the example above would read:

11111111111111111111000000000000 There are sixteen 1s for the network address portion and four 1s for the subnet. The dotted-decimal notation is again used as a way to simplify reading subnet masks. The mask above would be read as

Page 33 of 38

255.255.240.0.

11111111 11111111 11110000 00000000 255 255. 240. 0

Another way to represent the mask above is to annotate the number of bits in the subnet mask. The mask above could also be referred to as 20 bits of masking, or /20 following the address: 128.60.16.40 /20. When present, routing protocols carry the full 32-bit subnet mask and not just a one-byte field in their header that contains the number of bits in the extended-network prefix. When a device is configured with an IP address, it now needs two pieces of information in order to calculate what its host address is and what its subnet and network are: the actual address and the mask. The device calculates what subnet it is on by doing a logical "AND" between its address and the mask. Performing an "AND" operation means that anytime you "AND" a 0 value to another 0 or a 1 value, the result is 0. Only a 1 ANDed with another 1 value will result in a 1 value. Here's how it works: 0 AND 0 IS 0 0 AND 1 IS 0 1 AND 1 IS 1 Some examples follow: Example 1: Class B Let's use a Class B address to illustrate how subnetting works. Let's say you were assigned the Class B address 172.16 from the Network Information Center (NIC). First determine how many subnets you need, and how many nodes per subnet you need to define. A typical (and easy -to-use) Class B subnet mask would be 8 bits. Since the third octet is the first "free" octet for Class B, you will start there. So, an 8-bit subnet mask would be 255.255.255.0. This means you have 254* subnets available and 254 addresses for nodes per subnet. *Why are there only 254 subnets available instead of 256 (0 255)? You should not use subnet 0 or a subnet of all 1s. With an all 1s subnet mask, this is also your broadcast address. You can configure this subnet, but it is neither proper nor recommended to make your subnet the s me as your a broadcast address. Subnet 0 is also not recommended. Cisco allows the use of subnet 0 with the ip subnet zero command.

Example 2: Class B

Page 34 of 38

Let's say you have just assigned an interface the address 172.16.10.50 with a mask of 255.255.255.0. What subnet is it in? First represent the bits in binary (for Class B, you start with the third octet since octets 1 and 2 are fixed). SUBNET HOST 00001010 00110010 (address representation - 10.50) 11111111 00000000 (subnet mask representation- 255.0) ----------------00001010 00000000 (results of logical "AND" - subnet 10)

This address is in subnet 10 (172.16.10.0). Valid addresses for subnet 10 would be 172.16.10.1 through 172.16.10.254. Address 172.16.10.255 is the broadcast addressfor this subnet. According to the standard, any host ID consisting of all 1s is reserved for broadcast. Example 3: Class B Let's say you have a need for more subnets than 254. (Remember, this is the maximum number of subnets in a single octet.) Sticking with our Class B address, let's configure an 11-bit subnet. This means we will use all 8 bits from our third octet and the first three bits from the fourth octet. The subnet mask is now 255.255.255.224 (128 + 64 + 32 = 224). Now you need to find out what subnet the following address is in: 172.16.10.170 255.255.255.224. First, denote the address in binary representation (just octets 3 and 4 for a Class B address) like this: 00001010 10101010 (address representation 10.170) 11111111 11100000 (subnet mask representation 255.224 -first 11 bits subnet) ----------------00001010 10100000 (results of logical "AND") 10 160

So, the address here is in subnet 172.16.10.160. The valid addresses for this subnet are 172.16.10.161 through 172.16.10.190 (.191 is the broadcast address). As soon as you hit 10.192, the bits in the subnet change and you move into subnet 10.192. Example 4: Class B Consider an example where the mask is shorter than one octet. Now we want only a few subnets, but need many hosts per subnet. We'll use a 3-bit subnet mask. Now we have: 172.16.65.170 255.255.224.0 (the mask is now the first 3 bits of the third octet). What subnet is this address in? 01000001 10101010 (address representation 65.170) 11100000 00000000 (subnet mask representation 224.0)

Page 35 of 38

----------------01000000 00000000 (results of logical "AND" - subnet 64) 64

So the subnet here is 172.16.64.0. The range of addresses that would fall into subnet 64 would be 172.16.64.1 172.16.95.254, with 172.16.95.255 as the broadcast address. The next subnet would be 172.16.96.0. Class A and Class C map out exactly as Class B. The only differences are the octet at which subnetting starts and how many octets you can use for subnetting. Example 5: Class C Suppose the NIC assigned the address 192.1.10. You will need to use the fourth octet for your subnetting needs. Let's use a 4-bit subnet mask and map out the following address: 192.1.10.200 255.255.255.240: 11001000 (address representation for 200) 11110000 (subnet mask representation for 240) -------11000000 (results of logical "AND" - 128+64=192)

So, address 192.1.10.200 is in subnet 192. The valid range of addresses in thissubnet would be 192.1.10.192 through 192.1.10.206, with .207 as the broadcast address. The next subnet would be .208. Keeping the same subnet mask, you can choose different addresses to be in different subnets. For instance, address 192.1.10.17 255.255.255.240 is in subnet 16 and, therefore, has another unique subnet address, with valid addresses in the range of 192.1.10.17 through 192.1.10.30. If you want no subnetting, use these default masks (255 Class Class Class C: 255.255.255.0 A: B: strictly follow number, 0 wildcard): 255.0.0.0 255.255.0.0

How does a router using a routing protocol that does not transmit masking information know what mask to use when it learns a new route? If the router has a subnet of the same network number assigned to a local interface, it assumes that the learned subnetwork was defined using the same mask as the locally configured interface. If the router does not have a subnet of the learned network number assigned to a local interface, the router has to assume that the network is not subnetted and applies the natural classful mask of the route.

Page 36 of 38

It may be useful at some point to be able to quickly do subnet calculations and to answer basic addressing questions without having to look at the binary representation of an address. There are several techniques involving decimal numbers that make answering some subnetting questions rather simple. Questions that may be answered with these techniques include the following:
y y y

What subnet is a given address/mask in? What is the broadcast address for the subnet of a given address/mask? What is the valid range of hosts for the subnet of a given address/mask?

Actually, all three of these questions can be answered fairly easily with a little simple math. Let's consider the same address that was previously used in Example 3 above. The address in that example was 172.16.10.170 with a mask of 255.255.255.224. To answer the questions above, simply start by subtracting the decimal value of the last nonzero octet of the subnet mask from 256. In this case, the mask extends into the fourth octet, which has a value of 224. By subtracting 224 from 256, we get 32. This value is the number that dictates the boundary for valid subnets. In this case, each subnet is a multiple of 32. Thus, there is the 172.16.10.0 subnet, the 172.16.10.32 subnet, the 172.l6.10.64 subnet, and so on, up to the 172.16.10.224 subnet. To answer the first question of exactly which subnet an address is part of, you must simply find the lower boundary of the subnets the address falls between. Since the address given in the example was 172.16.10.170, it is between subnets 172.16.10.160 and 172.16.10.192. Thus, the address is in the 172.16.10.160 subnet (the same answer found in Example 3 above). One easy way to arrive at this lower boundary is to start at zero and keep adding the value found from the initial subtraction (32 in this case) until the subnet just below the address is reached. The correct subnet has been reached when adding this value one more time results in a subnet that is higher than the address in question. In this case, 0 + 32 = 32, 32 + 32 = 64, 64 + 32 = 96, 96 + 32 = 128, 128 + 32 = 160. If 32 was added once more, the result would be the 192 subnet, a result that cannot be correct because the address in question has a host number of 170. To answer the second question, simply add the number from the initial subtraction (32 here) to the subnet found in the first question and subtract one. In this example, the next subnet would be 172.16.10.192 (160 + 32= 192). Subtracting one from the last octet yields 172.16.10.191, the broadcast address of the 172.16.10.160 subnet. Again, this is the same answer pointed out in Example 3 above. Finally, the third question can be answered by adding 1 to the subnet address found from the first question and subtracting 1 from the broadcast address found in the second question (essentially the same as subtracting 2 from the next subnet address). In our case, adding 1 to the 172.16.10.160 subnet yields 172.16.10.161 as the first valid host address. Subtracting 1 from the broadcast address of 172.16.10.191 yields 172.16.10.190 as the last valid host address in the subnet. Thus, the range of valid host addresses is 172.16.10.161 172.16.10.190 (the same answer found in Example 3).

Page 37 of 38

Below is a handy chart that can help you determine how much subnetting to use:

Host/Subnet Quantities Table Class B No. bits Mask Effective Effective Subnets Hosts

------- --------------- --------- --------2 3 4 5 6 7 8 9 10 11 12 13 14 255.255.192.0 255.255.224.0 255.255.240.0 255.255.248.0 255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 2 6 14 30 62 126 254 510 1022 2046 4094 8190 16382 16382 8190 4094 2046 1022 510 254 126 62 30 14 6 2

Class C No. bits Mask

Effective Effective Subnets Hosts

------- --------------- --------- --------2 3 255.255.255.192 255.255.255.224 2 6 62 30

Page 38 of 38

4 5 6

255.255.255.240 255.255.255.248 255.255.255.252

14 30 62

14 6 2

*Subnet all zeroes and all ones excluded. *Host all zeroes and all ones excluded

Recall that you should not use a subnet address in which all the subnet bits are set to zero. Because some routing protocols do not transmit the subnet mask being used on a network in t eir routing h updates. The protocols Routing Information Protocol (RIP) Version 1 and Interior Gateway Routing Protocol (IGRP) are two such protocols. RIP Version 2, however, does transmit the subnet mask.When no masking information is available, the routing protocol assumes that the address is configured for traditional classful addressing and sometimes cannot tell the subnet address from the network address. For example:

128.60.0.0/16 10000000.00111100.|00000000.00000000 128.60.0.0/24 10000000.00111100.|00000000.|00000000 In this example, if a data-link segment has been assigned the subnet of 128.60.0, the router may not be able to tell the difference between that subnet and the entire 128.60 network. It is important to remember that the dotted-decimal format is just a representation of the 32-bit address and mask. An address on subnet 0 can sometimes be hard to determine because of this. For example:

192.10.20.50/24 11000000.00001010.00010100.|00110010 192.10.20.50/26 11000000.00001010.00010100. 00|110010 | In the first example, 192.10.20.50 is on the 192.10.20 network, a setup that is fine. But in the second example, 192.10.20.50 is on the 192.10.20.0 subnet, a setup that could be a problem. Configuring addresses in the subnet zero range is generally not re commended because of the confusion inherent in having a network and subnet with indistinguishable addresses, as in Example 1 above. If you truly need to use subnet zero, you can add the ip subnet zero command in the router configuration. This setup allows users to configure addresses in the subnet zero subnet.