|
Network
Terminology: A network is a transmission system, consisting of at least 2 stations and a communications channel, that allows any application on any station to communicate with any application on any other station. A network in which the stations are located within a small geographic area is called a Local Area Network or LAN. A network made up of LANs that is geographically dispersed over long distances and connected by one or more communications links is called a Wide Area Network or WAN. Server Station -- This machine responds to requests for information from other computers. It also provides access and storage for shared and private files to computers in a network. Client Station -- The computer that makes requests for information from a Server machine. The Client and Server pair make up what is known as the client-server paradigm of data communications. An internet is a collection of networks that are connected by routers such that any application on any station can send messages to any other station. Reasons for Networking Communications: Transmission is physically moving a message from place to place.
Addressing: Internet computers are uniquely identified by their IP Addresses. The IP address consists of 32 bits and is assigned by a DHCP Server of your Internet Provider Service. The 32 bits are formatted in human readable form as 4 sets of octets. Each octet is a decimal number between 0 and 255 (which corresponds to 0 and FF in hexadecimal). Example: 209.168.14.56 IPv4 supports 2**32
or 4 billion unique IP addresses. A dynamic IP (or temporary) address changes with restarting a connection (such as to you ISP). The ISP's Dynamic Host Configuration Protocol (DHCP) server maintains a pool of IP addresses that it manages and leases out to its customers. After the customer machine closes its connection the IP address returns to the pool and awaits re-assignment to another client. A static IP address is held fixed and constant by the Internet Provider Service (at a fee).
A Domain Name is the fully qualified web server name found in a Universal Resource Locator (URL). This name has a correspondence with an IP address. The domain name makes it easier for humans to identify an URL rather than using IP addresses. A Domain Name System (DNS) is a database used by a Domain Server to lookup and convert domain names to IP addresses.
Information: Messages transmitted within the same network are called frames. Each frame will contain the destination MAC address of the computer station to which it is being sent. Messages transmitted across different networks are known as packets. Each packet will contain the destination IP address of the computer to which it is being sent. Why the need for
small packets? 1)
No single transmission monopolizes the bandwidth while smaller packets
wait.
Transmission
Hardware: Routers are devices that forward messages outside of a single network to other networks. They read the IP addresses. Access lines connect stations to a switch. Trunk lines connect switches and routers to each other. Transmission
Rate: The rated speed is the theoretical speed achievable based on a vendor's claims. The throughput is the transmission speed actually measured by the users. The aggregate throughput is the total speed provided to all users of a transmission channel. The individual throughput is the rate that single users receive as their shares of the aggregate throughput. Multiplexing is the sharing or accomodation of many concurrent conversations over the same communications line. Internetworks
TCP/IP -- Transmission Control Protocol / Internet Protocol. This a suite of interrelated protocols used to transmit and receive data across the Internet. TCP/IP is the language of the Internet. ASCII -- American Standard Code for Information Interchange. This is the coding scheme or machine alphabet that all communicating parties agree to use. ASCII specifies a correspondence between digital bit patterns and the symbols of a written language, thus allowing digital devices to communicate with each other and to process, store, and communicate character-oriented information. Intranet --
Networking within a company, home or school that is addressable only by
the computers within this network. The Intranet is not
reachable from outside of the intranet, however the Intranet may be
allowed to access the outside world (Internet). Internet -- World wide network of networks. Subnet -- A single network in an internet. All hosts on a subnet have their IP addresses within a certain range. Network Architecture is the design plan that describes how the stations comprising the network will be interconnected in an secure and efficient manner. A Proxy is a server that performs network requests (SENDS) and accepts responses (RECEIVES) on behalf of other machines in the intranet. A Firewall is a mechanism that examins all incoming and outgoing data packets looking for dangerous or unauthorized content. It can drop, reject, reroute and log any traffic it so chooses. Virtual Private Network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote locations with secure access to a private network. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be useful if intercepted. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the users with the same capabilities, but at a much lower cost.
Tools and Commands: ifconfig, ipconfig, ip, winipconfig are used to determine the IP Address of your local station or computer. ping is used to bounce a signal off of another (ping enabled) computer to measure response time. nslookup, dig, and host are used to perform domain name resolution of either a URL name or an IP Address. traceroute and tracert are used to discover the network path to another IP Address. tc is used to manipulate network traffic. |
|
Standards are rules of operation that allow two hardware or software parties to intelligently converse. Semantics are the meaning of each message in an exchange. Both sides must agree on the interpretation of requests and responses. Syntax describes how messages and their parts are are organized. The rules for construction. Message Timing governs when the hardware or client/server software processes may transmit. Half-duplex vs. Full-duplex. Full-duplex means that both stations can transmit and recieve simultaneously. Half-duplex implies that only one station may transmit at any time. Simplex means that data transmission flows only one way, such as broadcasting. Protocols Protocols are standards that govern the interaction between hardware and software processes at the same layer on different hosts. A negotiated agreement between two communicating parties regarding the language and the constraints or rules for conversation which both sides will respect.
Reliability is an aspect of protocols in which errors in transmission are detected and corrected by retransmitting lost or damaged messages. A reliable protocol performs error detection and correction. If it does not receive an acknowledgement within a certain time then it assumes that the packet did not arrive successfully at the other side. An unreliable protocol does not perform error correction. Reliability is expensive.
Connection Oriented protocols use explicit negotiation during conversation opening and closings. Message sequencing is of paramount importance. Connection-oriented protocols place a heavy load on networks. The overhead of acknowledgements and supervisory messages can consume much network bandwidth, while resequencing packets burden the end station's processor. Connectionless protocols do not establish a connection prior to transmitting. Message sequence is NOT important. Every message arriving at its destination is not important Most protocols in use today are connectionless and unreliable.
Some PROTOCOL Elements: A SYN or SYNCHRONIZE is a message sent to prospective communications partner that means a desire for communication. ACK or Acknowledgement is a message that is sent back to the originator that a message was successfully received. A FIN is a message that the sender wishes to end the conversation. A NAK is a negative acknowledgment message. A WAK is a message sent that says the sender is "waiting for acknowledgment" from the other party. A Network Architecture is a broad plan that specifies everything that must be done, protocols that must be adhered to, for two conversing application programs on different networks on an Internet to be able to work together effectively.
Network Architectural Layers (starting from the lowest layer) The Physical Layer governs transmission between adjacent physical devices connected by a transmission medium. Electricity (electrons), Radio waves (electro-magnetic waves), Light pulses (photons), etc. This energy runs through the Network Interface Card (NIC), cable, fiber and through space. Messages at this layer are physical disturbances in the medium through which the signal propagates. (Connectionless protocols in play at this layer.) Some Protocols that operate at
this layer: The Data Link Layer governs the transmission of frames across a single network. This layer also governs frame organization, timing constraints and reliability. Frames are the messages at the Data Link Layer. Switches and hubs act and are governed at this layer. (Connectionless) Ethernet frames have datalink layer source and destination addresses that consist of unique 48-bit address strings (MAC layer frame addressing). This layer uses a frame check sequence field that is computed by the origin and checked by the destination. Should it fail the check then the frame is discarded with no request for retransmission. Error detection but no error correction. Ethernet is unreliable and connectionless. Timing is simple. Some Protocols that operate at
this layer: The Physical and DataLink layers work together to implement transmission through a single network. The Internet Layer governs the transmission of packets across an internet, (multiple connected networks) via routers. This standards layer also governs packet organization and timing constraints at its level. Packets are messages at the Internet Layer. Routers operate at this layer. As a packet travels through an internet, it is placed in the "envelope" of the data field of a frame within each network that it passes. (Connectionless) The IP Packets have internet layer source and destination addresses that consist of unique 32-bit address strings. As with Ethernet, if the receiver detects an error in the checksum field, it simply discards the packet. IP is unreliable and connectionless. There are no timing constraints. Some Protocols that operate at
this layer: The Transport Layer governs aspects of end-to-end communication between the two end hosts that are not handled by the Internet layer. These standards also allow hosts to work together even if the two stations are from different vendors with different internal designs. (Connection-Oriented and Reliable) Transmission Control
Protocol/Internet Protocol (TCP/IP) is reliable and stateful. The Internet and Transport layers work together to implement internetworking. Some Protocols that operator at
this layer: Transport Control Protocol (TCP) is a connection-oriented protocol, a connection can be made from client to server, and from then on any data can be sent along that connection.
User Datagram Protocol (UDP) is a simpler message-based connectionless protocol. With UDP you send messages(packets) across the network in chunks.
Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet protocol suite. It is chiefly used by networked computer operating systems to send error messages—indicating, for instance, that a requested service is not available or that a host or router could not be reached. ICMP differs in purpose from TCP and UDP in that it is usually not used directly by user network applications. One exception is the ping tool which sends icmp request (and receives echo response messages determine whether a is reachable how long packets take get to and from that host. The Application Layer governs how two applications work with each other, even though they may be from different designers. Data streams and records are the messages at this layer. (Connectionless) HTTP and FTP are application layer protocols. The client browser working with the server website. Some Protocols that
operate at this layer: The Presentation Layer provides the human interface with the Application Layer. Windows Explorer and
Firefox browsers act at this layer. Why a Layered Architecture? (1) Decompose large communication tasks into smaller manageable tasks. Why not make all layers reliable? (1) Reliability is expensive. Other Network Architectures IBM's Systems Network Architecture. This pre-dates TCP/IP. Extremely fast, deterministic, well-defined. Used for communication between mainframes. IPX/SPX
AppleTalk Sample trace of an HTTP protocol exchange: <15:30:39 HTTP 0 Sample trace of a POP3 protocol exchange: 15:55:20 POP3 Thread-13 |
|
Definition: The Physical Layer is responsible for translating the bits that make up ethernet frames into signals. Propagation relative to data communications means to have a disturbance in the communications media travel from one place to another. A physical signal is a disturbance that propagates down the transmission medium from the originator to the receiver. The physical disturbance can be:
Electrons
bumping into one another along a length of copper wire, The receiver "feels" or measures the physical disturbance. Signals are electromagnetic representations of information being transmitted. An electromagnetic signal can be either Analog or Digital. An Analog signal is one in which the signal intensity varies in a smooth continuous fashion over time, with no breaks or discontinuities. (ie. sound waves of human speech, and phonograph recordings). A Digital signal is one in which the signal intensity attempts to maintains a constant discrete level for some period of time and then changes to a second constant level. (0 and 1) (ie. binary information generated by computing equipment).
Signaling Synchronization. First both sides must synchronize their clocks so that the receiver is listening for the same interval start and duration as the sending party is transmitting. Temporal Synchronization is of paramount importance to ensure that the receiving station inserts the transmitted bit into its correct location within a byte. If the clocks of both end stations are out of synch then the data received will not in anyway match the data transmitted. Say, for demonstration purposes, that the transmitting station's (A) clock is running tic-toc and the receiving station's (B) clock is running toc-tic. They are out of synch by exactly 1 clock unit. While from the perspective of each station they observe both of their own clocks as running tic-toc. But from an outside observer the clocks are offset from each other. Ethernet requires that the receiving station get in synch with the sending station's clock before data can be transmitted. To perform this the sending station (A) sends a series of "01" bits which provides the receiving station (B) with a wakeup call and a timing sequence in which to get in synchronization insofar as the length of the clock bit interval and the temporal border of when the first information bit will be sent. On/Off Signaling. Dividing time into brief clock cycles and have each cycle represent one bit of data. The transmitter will hold the signal for the entire clock interval. This is called constancy. The receiver should be listening and collecting a bit in a predictable manner for the same interval. The center of the signal pattern is the ideal sampling point. Binary Signaling. The two possible states of ON and OFF, LOW VOLTAGE and HIGH VOLTAGE, NORTH and SOUTH, represent one and zero. Binary Voltage Signaling. A high voltage range (generally +3 to +15volts) represents a zero, a low voltage range (-3 to -15) represents a one bit. Binary Signaling is resistant to attenuation errors because even though it may suffer a significant loss ( say 70 percent of the signal voltage) the receiver would still interpret the bit that it has received as a 1.
The baud rate is the number of clock cycles the transmission system uses per second. The number of times that the equipment is capable of switching states in a single second.
Signal Impairments Propagation effects such as attenuation (grow weaker) and distortion (change of shape and time of arrival) affect the signal during travel down the wire. The signal arrives at the receiver with less strength and more distorted than when it left the transmitter. If the effect is to great the receiver will not be able to correctly interpret the intended signal.
Attenuation introduces three considerations for physical transmission: (a) The arriving signal must have sufficient strength so that the electronic circuitry in the receiver can detect and correctly interpret the signal. (b) The signal must maintain a level sufficiently higher than the noise to be received without error. (c) Attenuation is greater at higher frequencies, and this causes distortion.
Spacial Distortion is the corruption of the signal shape for the bit being sent. Temporal Distortion is the difference between the time that a signal event occurs and the time that it should occur in relation to the clock bit interval. ie. synchronization. Delay Distortion is the phenomenon that the resultant velocity of a signal through a cable is different for different frequencies.
Error
Detection The theory behind CRCs is for every correct computed number for a packet of data there exist several million wrong numbers. The chance of a corrupted packet resulting in a valid CRC number is remote. CRCs are popular because they are simple to implement in binary hardware, are easy to analyze mathematically, and are particularly good at detecting common errors caused by noise, distortion and attenuation effects during data transmission.
Wiring UTP stands for Unshielded Twisted Pair wiring. Each pair of wires is twisted around each other several times per inch. UTP is inexpensive to manufacture, rugged and easy to connectorize. Attenuation
is the weakening of signal strength as the signal travels down a length
of wire. The signal tends to give up its energy to the
environment as it travels. Noise is the random electromagnetic energy caused by electrons moving within a wire and unwelcome energy introduced by the outside environment. The signal energy must overcome the noise to be successful. The mean or average of the noise energy is called the noise floor. Occasional noise much higher or lower than the noise floor are known as spikes. If the signal energy is far larger than the noise floor, then it is said to have a high signal-to-noise ratio (SNR) and therefore you would expect less errors. But longer propagation distances result in a lower SNR and therefore more noise errors. Thermal noise, also referred to as background noise, white noise, and hiss is the undesired energy found in the transmission line caused by random agitated movements of electrons. Thermal noise is distributed uniformly over the entire electromagnetic spectrum and is proportional to the temperature of the transmission line, but independent of the line length and the signal frequencies. Electromagnetic Interference (EMI) is unwanted electrical energy coming from external devices such as motors, generators, lights and other UTP cords. Like noise, interference adds energy to the signal and can make the received signal unreadable. Crosstalk Interference is the electromagnetic interference introduced by the radiated energy produced by other pairs of wire within the same cord. Terminal Crosstalk Interference is interference at the connectorized ends of a wire where they are not twisted but made parallel prior to insertion into the end connector. Twisted-Pair wiring dramatically reduces interference by canceling out received EMI interference via an addition/subtraction method applied to the signal by the physical twists of the wire. Over the first half of any twist, the external interference may add energy to the signal. Then over the second half of the twist the same interference will subtract energy from the signal thereby cancelling out and resulting in a net interference of zero. Alexander Graham Bell patented twisted pair-wiring.
Noise, Attenuation and Interference will shorten the usable reliable propagation distances for a signal traveling in a wire. Shielding is a metal mesh that is placed around each pair of wires. This reduces interference but it is expensive to manufacture. In serial transmission bits that are transmitted must follow one another in series. Only 1 bit of information may flow per clock cycle. In parallel transmission bits are sent simultaneously in pairs. Speed is the key benefit, more information per clock cycle. In a cable consisting of 4 pairs of wire you can send 4 bits of information at a time. Serial transmission has largely replace parallel transmission. Speed is compensated for by reducing the clock cycle time.
Ethernet Standards using UTP 100 meter
distances operating at 10/100/1000Mbit per second.
Category 5 wiring for up to 100 Mbit. Category 5e wiring for up to 1000Mbit. (1GBit) UTP is dominant for access line because it is less expensive than fiber and because the distances are short. Usually under 100-meter.
Optical Fiber Transmission Optical Fiber consists of a very thin glass tube that acts as a medium for carrying light pulses via light waves. It is used for distances greater than 100 meters. Two strands of fiber are used in each cord. One strand is for transmission of the signal, the other for reception of signals. This allows full-duplex (2-way simultaneous) communications. The wavelength is the physical distance between peaks in successive cycles of a light signal. The wavelengths are on the order of 1 billionth of a meter (nanometer). The light wave's frequency is the number of times that the wave goes through a complete cycle in a single second. Frequency is measured in hertz (Hz). The "speed of light" is constant. Therefore signals propagate at a fixed speed in optical fiber. This means that shorter wavelengths will produce more cycles per second. Wavelength division multiplexing (WDM) is the mixing of multiple simultaneous signals in a transmission line by sending each signal at a different wavelength. This means multiple light beams of a different colors. Fiber optic attenuation decreases as the wavelength increases.
Noise and Electromagnetic Interference (EMI) are NOT problems with optical transmissions because outside enerty from moving electrons cannot interfere with light signals. The interference would have to be another light signal.
Light signal impairments Absorption results form various impurities in the fiber introduced during manufacturing. The more absorption the greater the attenuation Scattering is caused by contaminants and density differences in the core. The scattered light can be reflected back to the source or refracted into the cladding. The power of the transmitted beam is attenuated. Bends occur when the cable is curved around some obstacle. To follow the bend the light beam must reflect off the cladding. If the bend is tight enough, the light will refract into the cladding instead of following the bend, thereby a loss of signal. Coupling refers to the splicing cables and attaching cables to connectors. Any fiber coupling that is even slightly out of alignment or incompletely joined will result in significant signal loss. Modal dispersion is the propagation effect on transmitted light caused by the overlap in arrival times of sequential pulses due to the different angled paths that the light signal takes while travelling down a fiber. This effect also known as "temporal dispersion" can make it impossible for the receive to read the signal. Modal dispersion can be limited by making the fiber as thin as possible (single-mode) and so only attenuation becomes the limiting factor for single-mode fiber.
Optical
Standards using fiber single-mode fiber -- tens of kilometers, expensive to manufacture and deploy. Fiber is used for trunk line that have requirements of greater speed and longer distances in excess of 100-meters.
Network
Topologies Point-to-Point -- Simplest network topology in which two stations are connected directly. Star -- All stations are connected to a single switch. Easy to setup, but the hub represents a single point of failure. Ring -- Stations are connected in a loop. All messages passes serially through all stations in a particular direction. Fastest but any computer in the ring represents a single point of failure. Bus -- Each station broadcasts its messages to all other stations. Fairly secure, minimal amount of cabling, no central failure point, but breaks in cable can separate the network. Mesh -- Each station has multiple paths to every other station. Redundant connections. Most secure, maximal amount of cabling, no central failure point. Tree or Hierarchy-- Used by ISPs, root becomes failure point. Multiple layers of switches.
Connections
between Networks Gateway -- Connects networks, LAN to Internet via single entry point, with checking. Router -- Routes multiple entry points to multiple exit points.
Optical channels: fiber optic Wireless Spectrum: Radio Frequency signal, infrared, microwave.
Asynchronous -- Data is transmitted at irregular intervals without clock synchronization on an as needed basis. Start/Stop bits are used to sandwich a message to signal the receiving computer that transmission has begun or ended. Also known as Start/Stop Transmission. Relatively slow due to the overhead of start/stop bits. Synchronous -- Data is transmitted at regular intervals using clock timed synchronization. Both sender and receiver synchronize their clocks at the beginning of and during the transmission of data. Much faster than asynchronous. Handshaking -- Initiation of protocol converstion by each partner. Half Duplex -- Two way communication, only one partner transmits at a time. Like ham radio. Full Duplex -- Two way communication, both partners can transmit simultaneously. Telephone.
Bandwidth is the measure of the capacity of a data communications channel. The greater a channel's bandwidth, the higher the transmission speed and the more information it can carry. Commonly referred to as the amount of data that can be transferred over a network connection. Bandwidth is normally measured in bits per second. Broadband --
high capacity network link. Narrowband
-- constrained lower capacity network link.
|
|
|
|
Definition: Ethernet vs SNA vs. Token Ring Ethernet is the most widely-installed local area network (LAN) technology. Ethernet was originally developed by Xerox from an earlier specification called Alohanet (for the Palo Alto Research Center Aloha network) and then developed further by Xerox, DEC, and Intel. Since Ethernet is a LAN technology, the Ethernet Standards comprise Layer 1 (Physical) and Layer 2 (DataLink). The Ethernet standard is maintained by the 802 LAN/MAN Standards Committee of the Institute for Electrical and Electronics Engineers (IEEE). The term Ethernet and 802 is used interchangeably. 802.1
General standards Modulation is the addition of signal strength to an electromagnetic or optical signal carrier. Demodulation is the subtraction or weakening of signal strength from a signal. The constant median energy in the signal is called the carrier signal. Data is extracted as offsets (signals slightly stronger and weaker) from the carrier signal. Examples: Modems, smoke signals, Morse code. All signals are comprised of a range of different frequencies added-up together. In telecommunications, in particular, it is often the case that those parts of the signal which are at low frequencies are "copied" up (or modulated) to higher frequencies for transmission purposes, since there are few communications media that will pass low frequencies without distortion. The original, low frequency components, are referred to as the baseband signal. Baseband is the transmission of a digital or analog signal at its original frequencies. The signal is in its original form, not changed by modulation. In baseband transmission, the signal is simply injected into the transmission medium. Copper wire carries electrical signals, fiber carries optical signals. The unmodulated signals are sent on a single channel, and consume the entire channel unless a multiplexor is used. In Broadband transmission the signals are sent over radio frequency channels (RF). The base signal is modulated upward to a higher frequency at the source and then demodulated downward to the original signal frequency at the target. Broadband allows the transmission spectrum to be divided up into multiple subchannels, allowing multiple network devices to communicate simultaneously over separate paths without collisions. RF broadband is more expensive than baseband. Transmission speed
is the data rate at which Network Interface cards and switches operate. 40GBASE-x is the next generation of physical layer Ethernet standards. Autosensing is preformed by ethernet equipment to detect the transmission rate that both ends can tolerate. Combining physical trunk links between adjacent switches so that transmission speed can be increased by factors of 2, 3 or 4 rather than an order of magnitude (10x) is called link aggregation, port teaming, trunking or bonding. You in effect create a logical high-speed trunk link. Increasing speed incrementally is less expensive than upgrading or jumping to the next Ethernet speed level. Each switch along a route regenerates the original signal. Each repeater switch along the way will read a binary signal distorted via propagation effects, then generate a new clean full strength signal to be sent to the next station. There is no practical limits to the distance spanned. In designing a network you want to minimize the cost by choosing the shortest-distance standard that will do the job.
The Ethernet Frame Preamble Field, 7 octets of alternating one-zero, is used to begin clocking synchronization. This alerts the receiving station that some station wishes to send data. It serves to get tune receiver into temporal synchronization with the sending station so that it can reconstruct each data byte by inserting the received bits in their correct relative locations. Start of Frame Delimiter, single octet of 01010111, is also used to signal end of clocking synchronization. Note the final 1 bit signaling the end of synchronization. Both sending and receiving clocks should not be in temporal synch. Hex Notation consists of the hex numbers 0 through 9 and A through F (10-15). It is a number representation of base 16. Ethernet addresses are called Media Access Control (MAC) addresses. Also known as the physical addresses of the Network Interface Cards (NICs). They carry the information of the source and destination addresses. Length Field indicates the length of the data. Note the field is only 2 octets in length. What is the biggest number that you can accomodate? There is no minimum length. The current maximum length is 1500 bytes. Data Field contains the message information. If less than 46 bytes then it is padded with x20 (blanks). Frame Check Sequence Field and Checksums. This is error detection for Ethernet. (There is no error correction). Ethernet will only discard scrambled packets, no ACK or NAK is sent to originator. The originator does not know at this level that its data was discarded.
Collisions When
is a LAN too long? Transmission time
= frame length / bit rate Switches route frames through a single port that is part of the path to the frame's destination. That port may take the frame to its ultimate destination or the next switch on the path. Hubs broadcast the frame through all ports. Only one station may broadcast at a time otherwise frames collide. A signal collision occurs when two stations connected by a hub attempt to transmit a the same time. A collision will occur with the given frame if any other frame is broadcast within 1 frame time of the start of the given frame. The signals will be scrambled and unreadable. Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is a logic mechanism implemented in the hardware/software used to reduce collisions on half-duplex channels. A station may not transmit if some other station is already in the process of transmitting. If a collision is detected then all stations agree to stop transmitting, wait a random amount of time and then re-attempt their transmission. This method give all communicating parties an opportunity to reorganize their timing. Network Interface Cards (NIC) that talk to switches instead of hubs can transmit at any time without danger of collision since the switch operation is full-duplex, and therefore can send and receive simultaneously.
Frame Forwarding and Switch Tables Hierarchical Switch Topology. Tree network topology. Any switch has at most one parent. Ethernet standards require this topology to ensure that loops do not exist that would cause frames to circulate in the network forever (or until their TTL kicked in). Therefore there is only a single possible path between any two end stations. Redundancy means having multiple alternate paths between stations. The failure of a single component that can cause widespread disruption in a network is known as a single point of failure. Single path infers a single point of failure. Loops can occur should alternate paths allow a return trip to an already visited station. Loops among switches are forbidden since they would break the hierarchy and could result in an infinite loop and create much useless network traffic. Spanning Tree Protocol (STP). Automatically detects and prevents loops, but permits multi-pathing. The redundant paths are set disabled until needed, due to a loss of a link. Rapid Spanning Tree Protocol is a fast STP. Its algorithms converge faster to detect loops. Unicasting is the sending of a framed message out of a single port to a single station. Broadcasting is the sending of a framed message out of all available ports to all stations. The destination address are all FFs. The listening NICS will process all received broadcast messages as though it were destined for them. Congestion. Too much network traffic for the available network capacity. Broadcasting does not scale. Virtual LANs vs Real LANs, performed via Tag Control Information fields. Momentary Traffic Peak is traffic that briefly exceeds the network design capacity. Congestion and delays occur during this period and during the time it takes to catch-up with its frame delivery and settle down. Overprovisioning is installing more capacity than is needed for most of the time. Ethernet Priority is implemented via a priority tag in the frame. It establishes a "class of service" for the particular frame class. Needed for voice, video and telemetry or any any realtime applications. Latency-sensitive traffic is sent before latency-intolerant traffic. The Tag Control Information field priority kicks in at times of momentary traffic peaks giving latency-sensitive traffic higher scheduling priority in the queue so that they are transmitted first. Chronic lack of capacity is due to always having insufficient capacity or being over utilized.
Switch Terms The switching matrix is the internal grid that connects input ports to output ports. A switch's aggregate throughput is the sum of each port's processing capacity. Store-and-Forward switching refers to receiving the entire frame buffer before processing the frame to its next station. This allows the switch to check each frame for errors and to discard any faulty frames, and thus reduce network traffic. Store-and-Forward logic will introduce a small time delay (latency) at each switch. The amount of latency is negligible with today's hardware. Cut-Through switches refer the the partial receipt of the frame buffer before sending the frame further on to the next station. The switch must minimally read the destination address to forward data on. Cut-through will outperform Store-and-Forward logic when there are no errors detected in the frame buffer. Cut-Through switches have less latency. Jitter refers to variability in delay from frame to frame. The transmission of data will speed up and slow down over the space of a few frames. This becomes noticeable in real-time applications such as Voice Over IP and video.
|
|
Definition: Wireless LANs (WLAN) use radio frequency signaling for the Physical Layer transmission. The WLAN Standard is called 802.11 is an extension of the Ethernet LAN standard. Users are linked to the wired Ethernet LAN by way of access points that are cable connected into the wired LAN. Bluetooth technology is a wireless LAN technology that is designed for personal area network that server only a few devices carried by a person or in close proximity (10 meters) to a desk workspace. This technology is primarily for replacing the need for cable connections.
Radio
Signal Propagation Electromagnetic radio waves are generated by causing electrons to oscillate in unison within a transmitting antenna. The amplitude is the maximum (peak) or minimum (trough) intensity of the emitted wave. The frequency is the number of cycles (0 to 360 degrees) that the wave oscillates in a second. Frequency is stated in terms of Hertz (Hz). WLANs operate in the high-Mhz to low-Ghz range. The wavelength is the spatial distance between the peaks in consecutive wave cycles. The wave length and the frequency are inversely related. Since the speed of light or electromagnetic propagation is fixed (always the same for any frequency), the longer the wavelength then the lower the frequency. Whereas a higher frequency means a shorter wavelength. Omni-directional antennas transmit signals spherically, in all directions. Dish antennas concentrate signals in a particular direction of the sphere, allowing them to send stronger broadcasts and to receive weaker incoming signals from a given direction.
Propagation Impairment Considerations Broadcast strength weakens (attenuates) by the inverse square law (1/radius**2). If you were to double the distance the signal strength would fall to 1/4. This implies very rapid attenuation as compared to point-to-point transmission along fiber optic and copper cabling. Not only does radio attenuate more rapidly, but there is much less control of the transmission path taken between sender and receiver. Large dense objects, like buildings and walls in the direct line-of-sight path, create what is known as Shadow Zones or Dead Spots due to reflections and refractions. Sender and receiver must have an unobstructed direct line-of-sight path between them for best reception. Atmospheric Absorption by water vapor and oxygen contribute to attenuated signal loss. In areas of significant precipitation, either transmission path lengths have to be kept short and/or lower-frequency bands should be used. Further, radio waves are refracted (bent) when they propagate through the atmosphere, thereby introducing spatial changes in the signal. Radio waves bounce off walls and other objects causing Multipath Interference. A receiver will receive two or more signals due to the reflected paths. Since the different signals take different paths and therefore travel different distances, the radio waves may be out of phase when they arrive at the receiver station. One wave may be at its peak and the other at its trough creating destructive interference in which the signal is canceled out completely. Or both waves may meet at their peaks creating constructive interference in which the signal arrives with twice the expected strength at this point. Electromagnetic interference (EMI) is also a problem created by electrical motors, generators, and any other electrical devices operating at the same frequencies used in data communications. Higher frequency waves attenuate more rapidly than lower frequency waves because they are absorbed more readily airborne obstacles such as water vapor, vegetation and dust particles. Higher frequency waves are more sensitive to shadow zones. As frequency increases the radio waves become less able to flow around objects.
Rule of Thumb 1: The higher the frequency, the shorter the transmission distance. Rule of Thumb 2: As frequency increases, the easier it is to disrupt the data signal.
Carrier Wave Modulation Amplitude Modulation is the changing the magnitude or size of a electromagnetic wave's peak and trough over a timed clock interval. Frequency Modulation is the changing in the number of peaks and troughs of an electromagnetic wave over a timed clock interval while keeping the amplitude constant. Phase Modulation is the shifting in degrees of the wave as compared to a standard carrier wave phase, for a timed clock interval.
The Radio Frequency Spectrum The frequency spectrum consists of all the possible frequencies from zero Hertz to infinity. It is divided into Service Bands that are used for specific services. The wider the bandwidth the "faster" the signal transmission and therefore the greater amount of data that can be transmitted. AM 535kHz to 1705 kHz (each band is 10kHz wide) TV 1800 kHz to 87 MHz (being changed in 2009) FM
88MHz to 108 MHz (each band is 200kHz wide)
Channels are further subdivisions of the Service Bands into narrower frequency ranges. Each channel can accomodate a different signal because they do not interfere with one another (as long as their signals do not cross over the subchannel band). Signal Bandwidth is the range of frequencies used by a signal. The greater the transmission speed in bits per second, the wider the signal's bandwidth. Signal Bandwidth = highest frequency range - lowest frequency range Channel Bandwidth is the measure of the width of the frequencies spanned by the channel. That is the range of frequencies between the lowest frequency and the highest frequency of a signal. Generally FM channel bandwidths are 200kHz wide, while AM channel bandwidth is 10kHz. The maximum possible speed is directly proportional to the bandwidth (Shannon Equation). Double the bandwidth and you can potentially transmit data twice as fast. Signals propagate through the atmosphere better at lower frequencies (greater wavelengths).
Broadband channels are channels with relatively large bandwidths. In contrast channels with relatively small bandwidths are known as narrowband channels. Broadband channels vs Spectrum Scarcity. There is a limited amount of electromagnetic spectrum available in desireable frequencies. Making each channel broader than needed would mean having fewer channels or we would have to widen the service band. There are trade-offs between speed requirements, channel bandwidth and service band size.
The Golden Zone is a range of bandwidth in the high megahertz (800MHz) to low gigahertz (6GHz) range. This band provides a large area that are at frequencies low enough to allow good propagation characteristics. At higher frequencies radio waves attenuate more rapidly with increasing distance and cannot flow through or around obstacles as well as at lower frequencies.
802.11 wireless LANs operating in unlicensed radio bands; whereas regulated licensed bands require each station to have a license and to have its licensed changed every time its is physically moved from location to location. This is a burden for mobile communications. In the unlicensed bands any wireless host or huse can transmit without the need of goverment approval. The problem is that these users must tolerate interference from others. Also normal licensed radio transmissions requires the licensee to use channels just wide enough for the transmission speed requirements. They get only enough channel bandwidth to accommodate their permitted speed.
Spread
Spectrum Transmission
Frequency Hopping Spread Spectrum (FHSS) uses only the bandwidth required by the signal. It changes the frequency with which data is transmitted. FHSS requires the receiving and transmitting stations to re-tune with each frequency hop. Interference will likely affect a particular frequency only. It is useful at relatively low speeds (722kbps) only due to the overhead of frequency re-tuning. Used by BlueTooth devices.
Direct Sequence Spread Spectrum (DSSS) spreads its signal over the entire bandwidth of the channel. Studies show that interference will likely affect only small parts of the signal, thus allowing most of the signal to get through intact. Supports speeds of up to 15Mbps.
Orthogonal Frequency Division Multiplexing (OFDM) divides the channel into many smaller subchannels called subcarriers. Each ethernet frame is then broken up and its parts are transmitted in each subcarrier. OFDM sends data redundantly across the subcarriers, so if there is an error in some of the subcarriers all of the data usually gets through intact. It is easier to send many signals in many small subcarriers than it is to send one signal very rapidly over a very wide bandwidth. However, while reliable, it's complexity makes it expensive to implement. Supports speeds of up to 54 Mbps.
Multiple-Input-Multiple-Output (MIMO) antenna architecture employs multiple antennae. The source data stream is divided into as many substreams are there are antennas. The individual substreams are the input to the transmitting antennae. At the receiving end the antennas receive the transmissions from the source transmitting antennas via a combination of line-of-sight transmission and multipath. The outputs from the receiving antennas are combined, and with come complex math the result is a much better received signal that can be achieved with a single antenna.
802.11 WLAN Standards An access point is a bridge between wireless stations and the wired part of the LAN. During mobile operations access points will hand-off the communicating station when "roaming" to the next available and closest access point. The access point also performs supervisory and control functions, and controls transmission power to the stations in its vicinity. Bridges connect two different types of LANs. An access point is a bridge between a wireless NIC and the wired LAN.
Controlling
802.11 Radio Frequency (RF) Transmission CSMA/CA-ACK stands for Carrier Sense Multiple Access/Collision Avoidance. This mandatory logic functions as follows:
BEGIN: The sending station listens for traffic from others. (The last two steps are for collision avoidance. The random delay is necessary if 2 or more stations are waiting for one to finish to ensure that they do not synchronize on the same timing.) Whenever the receiving station gets a transmission it immediately responds with an acknowledgement (ACK). Should the sending station not receive the ACK within some short set time interval it will assume that the transmission has failed and will resend. Note that CSMA/CA constitutes a reliable protocol. Wireless transmission has a sufficient percentage of errors that a reliable protocol becomes reasonable. Sending and waiting for ACKs is time consuming and in practice impedes the real throughput to less than half of the rated speed.
Request to Send/Clear to Send (RTS/CTS) is optional logic employed by transceiving stations. Begin: a station wishing to
send (and is able to send based upon CSMA/CA) sends a RTS message to
the access point. RTS/CTS is mandatory when 802.11b stations operating at 11 Mbps and 802.11g stations operating at 54Mbps sharing an 802.11g access point. In not for RTS/CTS you would have an "indefinite overtaking" condition of the faster stations locking out access by the slower stations.
Rated speeds are misleading due to the collision avoidance logic. RTS can reduce throughput when used. The actual single and shared throughputs are significantly lower than the stated speeds and fall off rapidly with distance due to RF attenuation. Since access point throughput is shared by all competing stations that wish to transmit simultaneously the actual throughput falls considerably when even only a few stations attempt to transmit.
802.11 Standards Standard 802.11a
Standard 802.11b (ratified
same day as 802.11a)
Standard 802.11g All the above use 20 MHz wide channels.
Standard 802.11n
Security for 802.11 By default the standard provides no security. Drive-by hackers can park nearby an access point and eavesdrop or mount attacks. War-drivers are people that drive around looking for working access points that are unprotected. Rogue access points are access points that are setup up by departments or individuals in corporations without IT support. They generally have little or now security and provide entry points for hackers. Wired Equivalent Privacy (WEP) encrypted all transmissions, but all stations using the access point will use the same encryption key and so can read each other's messages. There was no standard way to change the keys and most shared keys are never changed. The hacker collects enough data traffic, decrypts and learns the shared static key and the access point assumes that his station is legitimate. This standard is weak and automated hacking software for WEP key cracking is readily available.
Security
for 802.11i Extensible Authentication Protocol (EAP) requires the station to strongly authenticate itself and proving its identity to the access point. The station may be required to transmit a userid, password and proof of a digital certificate. This work is usually passed by the access point to an authentication server designed to efficiently manage this function. Bluetooth Personal Area Networks (PANs) provide limited distance and low-speed bandwidth, 10 meters and 722 Kbps. Bluetooth will interfere with the 2.4GHz band used by telephony and 802.11b routing equipment.
Wireless
LAN Management
Remote Management
Radio Frequency IDs (RFIDs) Chips used by packaging instead of UPC barcode scan labels. Ultrawideband (UWB) Several hundred MHz wide vs. several MHz.
Fixed wireless service. The user is stationary and can use a dish antenna for more efficient reception and transmission. Mobile wireless service. The user is on the move and require inefficient omni-directional antennae. Satellite Service. Expensive due to the transmission distances, satellite maintenance and launch costs. WiMAX. The IEEE standard 802.16 is being designed to service 70Mbps service to fixed location customers over a distance of up to 50 km.
|
|
|
|
Definition: The worldwide telephone network is known as the Public Switched Telephone Network (PSTN). Four elements of the PSTN: customer premises equipment, access, transport and signaling. Wide data networks are dependent on the PSTN for data transport. The customer premises equipment includes: handsets, building wiring and the private branch exchange (PBX). Wiring is the most expensive component. This rarely needs change or maintenance. An access line or local loop connects each customer to the PSTN's central transport core. The access line runs from the customer premises to the end office switch. The access system represents an enormous capital investment in equipment, real-estate and labor. It is extremely difficult to re-engineer or change. There are orders of magnitude more local loops then there are trunk lines and internal switches in the transport core. The transport core consists of all the internal trunk lines and switches. Changes, updates, improvements in the transport core occur rapidly becuase it represents a smaller investment than changing the access system.
Who owns the PSTN? All carriers own and operate some portion. Interconnection points in the PSTN are known as points-of-presence.
Circuit switching means that physical network path and capacity for a voice conversation is reserved on every switch (computer) and trunk line that lies on the path end-to-end between two conversing customers. Once a circuit has been established there is no significant latency or delay in transmission. The circuit is maintained and rented by the user until disconnection of the conversation occurs. Voice vs Data Traffic
on a circuit switch. PSTN Circuits Dial-Up. A circuit is set up when you place a call and maintained until you hang up. ONLY then is the capacity is released for other circuits. The dial-up circuit uses approximately 4000Hz of bandwidth. Leased or Private Lines. This circuit is rented by the customer and its capacity is always enabled and always available and ready. These are point to point circuits. Leased circuits are as high speed as the customer chooses and can multiplex calls. The smallest leased circuit uses approximately 64KHz of bandwidth. The Access System The Local Loop The telephone system uses single-pair voice-grade UTP for the customer home and office. Low-end leased line equipment uses 2-pair data-grade UTP. Expensive and costly to pull-through. Optical fiber is used for speeds in excess of 2 Mbps
Time Division Multiplexing (TDM). Time is divided into brief periods called frames. Each frame is divided into even briefer periods called slots. A circuit is given the same slot in each frame. These reservations of slots assures speed but is wasteful in usage of available slots. Voice traffic uses about 30 percent of the available capacity of the full-duplex telephone circuit. Data traffic is shown to come in bursts of capacity requests. There are 8000 frames per second. Within each frame there are 24 time slots. Each slot accomodates 9 bits (8 data plus 1 supervisor) of data. Each discrete channel (1 - 24) owns some numbered slot. This allows 256 discrete information possibilities or sound levels. To a user at the receiver end hearing 8000 tones per second, the sound appears smooth and continuous. Frequency Division Multiplexing (FDM). The available bandwidth is divided into channels. Each signal circuit is assigned to a single channel. A number of signals can be carried simultaneously if each signal is modulated onto a different carrier frequency and the carrier frequencies are sufficiently separated so that the bandwidths of the signals do not overlap. Though the input signals can be either analog or digital, the composite signal transmitted is analog. The composite multiplexed signals are transmitted as a signal signal with a bandwidth as wide as the aggregate of the combined signals. At the receiving end the combined signal is de-multiplexed and all individual signals are recovered. Wavelength Division Multiplexing (WDM). Multiple beams of different colored light are transmitted on the same fiber. Technically this is a form of frequency division multiplexing. Each light beam carries a separate channel of data.
Analog-to-Digital and Digital-to-Analog code conversion is performed by codec equipment. The analog signal rises and falls in intensity smoothly, with no clock cycles and no limited numbers of states as in digital signaling. For voice traffic The range of 300 to 4K Hz is filtered off (the low and high frequencies are discarded by a bandpass filter). It is then via pulse
code modulation (PCM) the signal is sampled at twice
the 4K rate, 8000 times per second( Nyquist showed there would be no
loss of information if sampled at twice the highest frequency rate),
At the destination end the digital signal is converted back to analog by DAC
converters into the local loop.
Cellular Telephony A cell is a
geographical division that can be serviced by cellular telephony. A handoff will occur when a customer leaves one geograhical cell and enters another cell. During the transition that is managed by the MTSO the sending and receiving channels will change (transparently to the user) Roaming is said to occur when a customer leaves his/her cellular system and moves into a foreign system. Roaming requires the equipment to be technologically compatible along with adminstrative permissions to allow the call. Channel Reuse is employed to multiply the effective channel capacity and allowing more subscribers to be service by the limited number of communication channels available. Consequently there is no channel reuse in adjacent cells due to interference from other users using the same channel. Generally the number of cells divided by seven gives that amount of channel reuse safely permitted. Code Division Multiple Access (CDMA) allows multiple stations to transmit at the same time in the same channel with little regard for interference. Generation 2
(1990-2006) aka Global System for Mobile communication (GSM) Nearly the entire world standardizes on GSM.
User Datagram Protocol (UDP). A simpler protocol used by VOIP at the transport layer. UDP is connectionless and unreliable. UDP does not guarantee that packets will arrive in order nor that the packet timing will match the original source timing. This may introduce jitter. Real Time Protocol
(RTP) adds sequence number and timestamp information to the
UDP. This will allow the receiver to buffer the packets,
then correctly sequence the packets and present them with
the proper timing to the destination user. This is
why you have a lag at the receiver end. |
|
Definition: Wide Area
Networks are large single networks built over the
current telephone network infrastructure. Thus WANS are
governed and managed by the first two network standards layers:
physical and datalink.
A regulated carrier is a company that owns the right of way or has permissions to run communication channels over a piece of real estate. WAN links are managed by regulated carriers. Carriers set the pricing and set the service limits and availability. Any of which can change anytime. Compared to LANs the WAN is high cost and low speed. Using the telephone network to carry data: A modem is a device that will modulate an digital signal to an analog signal so that it can be carried over the local loop of the telephone network from a customer's premises, then demodulate the analog signal back to the original digital signal when it re-enters another digital network. The modem uses amplitude modulation to transmit on of two signals, a one or a zero. Using successive clock cycles or time intervals it sends either a loud (1) or soft (0) tone to simulate digital code. Problems: Point-to-Point
Private LEASED Line Networks Private Line Data
Networks Topologies for Private
Line Networks Redundancy and reliability
implies as many connections as possible. Private Line Speed
Offerings The T3 line operates at 44.736Mbps and can multiplex 672 x 56kbps channels. E3 operates at 34.368Mbps Fractional T1 Private Lines are bundling of 56Kbps channels to provide customers whose speed requirements are greater than 56K but less than T1. Bonded T1 combine multiple T1 lines that will provide customers whose speed requirements are greater than T1 but less than T3. Synchronous Optical Network/Synchronous Digital Hierarchy(SONET/SDH) come in multiples of 51.84Mbps . The lowest SONET/SDH speed is 155.52Mbps and this ranges up to several gigabits per second.
Several Types of DSL High-rate Digital Subscriber Line (HDSL) was designed for business access that requires symmetric upload and download speeds at a higher rate using greater loads. Uptime is very important. It offers speed in both directions at 768kbps through 1.544Mbps. Also over single voice-grade UTP wiring. Super High-rate Digital Subscriber Line (SHDSL) is also designed for heavy business use. It offers speed in both directions of up to 2.4Mbps also over voice grade wire. SHDLS can also operate over longer distances between the office and the telephone company switching station. Fiber to the Home
(FTTH) Quality of Service
Guarantees
High Shared Speed
Public
Switched Data Networks (PSDN) The PSDN transport core is usually represented as a cloud, (like the PSTN cloud). The customer or end user does not have to be concerned with managment of traffic in the cloud, that is the carriers' responsibility. Carriers provide these
services: Service Level Agreements (SLA) are quality of service guarantees for throughput, reliability, availability, latency, error rate and uptime. More stringent SLAs will increase the price of service since the carrier must allocate more computing and labor resources to ensure that the SLA requirements are met. Virtual Circuits Frame
Relay A Frame Relay Access Device (FRAD) is used at each user's site to connect it the the nearest Point-of- Presence (POP) via a leased line. The POP is the gateway into the PSDN cloud. The customer speed is limited by the port speed at the POP. The
FRAD has a CSU/DSU (channel service unit/data/service unit)
used to protect the telephone network and to format the data properly.
Since port speed is the most expensive pricing
element, the customer attempts to select a port speed that is
sufficient but not extravagant. PVC
Needs Asynchronous Transfer Mode (ATM) Most network protocols have variable-length data fields. This give flexibility, but have a downside in that the switches must perform much computation, introduce latency and therefore more cost when dealing with variable-length frames. ATM
shorter frames (called cells), 53 bytes in length, reduce the time that
a switch has to hold on to a frame. The smaller bus fills up faster.
Metropolitan Area Networks (MAN)
is an ethernet network that spans a single urban area. Services Carrier
IP Networks The Internet, on the other hand, provides low-cost and universally available service at the IP Layer (Layer 3), but has poor security and problems with congestion. Vendors are beginning to provide carrier IP networks that are based in Network Layer 3.
Virtual Private Networks (VPN) VPN
Types: Point-to-Point
Tunneling Protocol (PPTP). IP
Security (IPsec)
|
|
Definition: Internetworking operates at two layers: Internet Layer and the Transport Layer. These layers manage the movement of packets from the source to the destination host. The IP Packet is passed to the DataLink Layer which places it into an Ethernet Frame envelope. The IP Layer is responsible for fragmenting and routing the packet. IP Protocol at the Internet Layer is by itself is unreliable. Transport Control Protocol/Internet Protocol(TCP/IP) is a reliable protocol used at the Transport layer. It can detect and correct errors at all network layers below. The destination host acknowledges received messages. The origin host will resend a message if it does not receive an acknowledgement in a fixed amount of time. This amount of time that it waits is called a TimeOut.
User Datagram Protocol (UDP) is an unreliable protocol also used at the Transport layer. UDP cannot correct any errors. It simply discards the packets in error. Routing is the decision that routers make in which to forward packets to the next station closer to its destination. Forward routing decisions are more complex than Ethernet Datalink layer switching decisions, and therefore routers are more expensive to purchase and operate than switches.
The IP Address and a Network Mask data are used to make routing decisions. The IP Address (Version 4) is a 32-bit string that is divided into 4 octets separated by decimal points. The address is conceptually divided into 3 variable-length parts providing the network with hierarchical addressing. This consists of a network part which identifies a station's network on the Internet, a subnet and a host part which identifies a smaller more precise location of the station in some sub-network. The parts of the IP Address Network part is the major subdivision. All hosts in the network share the same network part. Subnet is the intermediate subdivision. All hosts in the subnet share the same network part. This delineates a more precise address of some part of the owned network. Host part is the detailed address of a particular machine in the subnet of the network.
Masking A mask of all ones in dotted-decimal would be 255.255.255.255 Recall that the decimal number 255 is the same as FF in hexadecimal, which is the same as 11111111 in binary. The Network Mask is used to separate the network part from the subnet and host parts (or the network and subnet parts from the host part). The mask consists of ones and zeroes. The bits in the IP address are "ANDed" with the bits of the Mask. This operation may be difficult and tedious for humans, but it is extremely efficient and fast for machines. The bit locations in the IP Address corresponding to bit locations in the mask that contain ones allow that bit to be "seen". Anding
operations are mathematically known as "Intersection" operations. Operations and results: 1 And 1 =
1
1 Or 1 = 1 The Subnet Mask is used to separate the network part plus the subnet part from the host parts. The part of the network address that corresponds to the position of the ones in the mask is the network-subnet part. The part corresponding to the position of the zeroes is the host part. Routers use masks to make their routing decisions.
Example
of IP Masking
224.208.15.170 IP
address in decimal octets
Typical Routing Rows
Router Types A Border Router is one that connects different networks with different network numbers. It lies topographically on the periphery of a network.
An Internal Router is one that connects different subnets within the same network. It lies topographically inside the network. A router connection entry/exit is called an Interface. (On a switch these points are called ports) Routers have multiple IP addresses and multiple MAC (datalink) addresses, one for each interface. The router's function is to examine each incoming packet and to forward it closer to the packet's ultimate destination station; or to another best next-hop router on its path to which it will hand off routing responsibility. Routers may continue handing off to another router in the hierarchy until it reaches the Internet Backbone, at which time the packet will will begin a descending path to its ultimate destination. Each router table has a default row used to forward the packet if there is no match from any of the other rows. Each packet has a "time to live" field that is usually a maximum of 30 hops, at which point the packet will be discarded from the network due to undeliverable. This is required to prevent undue congestion caused by undeliverable packets traveling the network. A multiprotocol router is one that can handle not only forwarding of TCP/IP packets but IPX/SPX and SNA architected datagrams as well, The multiprotocol router handles the translations between protocols. It acts as a gateway among different architected networks.
Typical Routing Rows
Compare the result with the destination value in the row. If it matches put that row in the "selections basket". After checking for a match in all rows, find the best match in the basket. If only one match, then take it. If there are multiple longest matches of equal length then choose the one with the best metric (cost or speed). If no destination matches the masked result then choose the Default row. Send out the packet on the interface with the best row match. Dynamic
Routing Protocols Routing Information Protocol (RIP) is simple, low cost, management free. But not very efficient because its metric is merely the number of router hops needed to get to the destination. Poor security from attackers. OpenShortest Path First (OSPF) is secure, efficient, has a complex metric based upon a mix of cost, throughtput and traffic delays. It costs much more to manage than RIP. Enhanced Interior Gateway Routing Protocol (EIGRP) is proprietary of Cisco Systems. It is very efficient because it is based on a mix of interface bandwidth, load on the interface, delay and measured reliability. But you are required to have all of your routers to be Cisco.
Address
Resolution Protocol (ARP) (1) the Ethernet frame to its next-hop router along the path, (2) an Ethernet frame directly to an attached host if it is on one of the subnets directly attached to the router. If the router discovers that the packet is destined for a station on a directly attached subnet then the following takes place: Essentially the router's IP
layer creates an ARP request to the host asking for its 48-bit MAC
DataLink layer address. Then every attached host's IP layer
examines the request (discarding if it is not for itself) and
generates an ARP response that includes its own MAC address.
Routers also need to know the MAC Datalink addresses of next-hop routers. Each router examines the IP packet for the destination address, broadcasts that to its adjacent stations. When it receives a response the packet is then repackaged into an Ethernet frame and sent onward. The Domain Name Service (DNS) is used to translate a name to an IP address. A domain is any group or resources (routers, network and hosts) under the control of an organization. There are currently 13 root DNS server is at the top of the DNS hierarchy. They manage the top-level domains; such as .com, .net, .edu, .org, .gov, etc.. The second-level domains, which are located to the left of the top-level qualifiers are usually specific to an organization. Such as: google.com, irs.gov, foxnews.com, warren.edu. Owners of second-level domains are required to have their own DNS servers (at least 2, master and slave). The domain names can be further qualified by their organization, such as forms.irs.gov, us.ibm.com.
Supervisory Messages at the IP Layer Internet Control Message Protocol (ICMP). These are advisement messages not error correction. They are optionally sent only to help the sending process or its human user diagnose problems. PING is used to echo off another IP address, generally to test for existance or travel time.
IPv4 Fields of the IP Packet Time to Live (TTL) Value inserted ( 64 to 128) that is decremented at each router visited; prevents packets from circulating endlessly in search of non-existent destinations. Protocol describes
the contents of the data field; which process must recieve the
information. Source and Destination Addresses tells origin site and delivery site. Identification, Flags and Fragment Offset is used in the event that the network's maximum packet size is smaller than this original packet. The packet is divided into small packets, then reassembled at the destination based on this information. Checksum is the CRC validation Data contains the TCP, UDP or ICMP Segment
Fields of the TCP Segment Source and Destination Port Numbers These are the origin and targetting ports for the packet. Sequence Number is used by the receiver to place the arriving packets in order. Acknowledgement Number is used by the receiver to acknowledge to the sender the particular sequence numbered packet that had arrived successfully. Flag Fields.
Allow the receiver to know the type of segment that it is
receiving. Data Field contains the contents of the original information.
Ports Servers applications "listen" for requests on particular ports. Client applications request service by targetting applications on particular ports at some IP address. Sockets are the combination of an IP address and a port number. This designates a particular connection to a specific application at a specific host site. Example: 209.192.47.152:8192 will target host machine at IP address 209.192.47.152 at an application listening on port 8192.
|
|
Definition: Security is the effort to create a protected networked computing platform, designed so that agents (users or programs) can only perform actions that have been determined, allowed and traceable. This involves specifying and implementing a "security policy". cdghrThe actions in question can be reduced to operations of access, modification and deletion. Programmed security agents should be able to detect and correct system compromises. A system has been compromised if it has been successfully attacked. Security compromises are both widespread and varied among network computers.
Security Threats Viruses
Worms require their targets to have specific vulnerabilites that they can exploit. The worm author is knowledgeable of different operating system and application programming design flaws and builds his worm to test and employ those known flaws to obtain his ends. When a software developer learns of a design exposure in the code, he can close the vulnerability with new or modified programming code that is known as a software patch. Crackers use this window of opportunity to launch vulnerability-enabled worms to exploit the software flaw.
Social
Engineering
Hacking is a complimentary term, whereas Cracking infers criminal behaviour. Human attacks are usually specifically targetted, looking for specific classes of information. A number of different approaches can be attempted until some succeed.
Send scanning probes to map the target network and identify possible ports of entry and listening programming. Responses to these probes wil reveal information about the general network design, including the operating system running. Exploit the design flaws in the listening programming. Use obtained userid access and passwords. Employ password brute force methods. Attempt to use super user accounts, such as Administrator on Windows and ROOT on UNIX. Install your payload. Become invisible to the users
by establishing a presence via an userid(s) and passwords that cannot
be removed. Setup programming agents that will communicate back to you IP address info, userids, password changes, permission changes, etc while you are not actively engaged in the attack. Delete all logging and footprints that trace your attack and setup. Harvest the information and do the damage.
A distributed denial of service attack is where the attack is launched against a single target from a number of machines at the same time. BOTS are exploitation programs that can be remotely controlled and updated. Bots are extremely dangerous because unlike viruses, they take their mrching orders from a central remote location. The human behind the attack can change his tactics during an ongoing attack. Who
are the attackers? Security
Planning Plan-Protect-Respond
Cycle Risk Analysis is the process of balancing the security threats and its associated protection costs. Comprehensive Security is an investigation of all possible avenues of penetration and then ensuring that these access points are securely closed off. Defense in Depth is putting in place multiple lines of defense against an attack. Any protection can be broken or penetrated. Having multiple defenses thwart and attackers chance of success. They at least will slow down the attack giving a longer opportuning of being detected.
The access control plan should address both physical access to the hardware systems and logical access to the information.
Authentication Userid names and Passwords must be non-trivial, complex, random and long. A dictionary attack can crack passwords almost instantly. Make passwords complex enough that brute force methods must be used. A brute force attack trys all possible combinations of characters. Every password for every site should be unique. Digital Certificates, also known as public key authentication, though strong, is expensive and time consuming to implement. Biometrics is the use of bodily measurements to identify a user of a computing resource. This includes fingerprinting, retinal and iris scans, and face recognition technologies.
Firewalls A Firewall is a hardware or software mechanism that is set up to intercept all IP traffic, such that each IP packet is examined as to meeting security policy. Packets that successfully pass the security policy are allowed to pass. Failing packets are either rejected back to the source or simply discarded with no notification to the origin. A packet filter firewall examines the various fields in the Internet and Transport headers of individual packets. The firewall makes allow/deny decisions based upon rule criteria and the source, destination and interface of the IP, TCP, UDP and ICMP fields. Packets that are identified as provable attack packets are discarded. Ingress filtering is the testing of packets arriving from the outside of a network. Egress filtering is the examination of packets leaving the network. The rule criteria is known as an Access Control List. This includes IP Address and Destination or Source Port numbers. Packet filter firewalls are limited in that they only look at individual packets in isolation, not in context of adjacent traffic. A Stateful Firewall allows by default all connections initiated by internal machines but blocks all connections initiated by external hosts. This firewall type records connections internally initiated and matches packets returning from the outside. If they are part of an approved connection then they are allowed to pass. Packets arriving from the outside attempting to open a connection, that has not been internally initiated are dropped by default. Connections that are initiated from an inside machine to an outside host are permitted by default. The default behavior can be modified by a Stateful Inspection Access Control List, that modify the default behavior of the stateful firewall. This may allow external connections to a particular internal resource, such as a webserver, that needs to serve outside clients. Stateful firewalls can filter
large volumes of traffic inexpensively. An Application
Firewall examines the application layer content of packets. Application Content Filtering will examine the conversation of a given protocol and may disallow certain "commands" of the protocol; or not permit certain URL destinations. Examples:
While firewalls drop proven attack packets or policy failed packets, Intrusion Detection Systems log suspicious packets and alert administrators if an attack or penetration appears to be underway. Currently IDS is immature and give a number of false positives. Like firewalls, Intrusion Protection Systems drop packets only after examining both IP headers and the application message contents. Once an attack is identified, subsequent packets participating in the attack are dropped. IPS are capable of identifying Denial-of-Service attacks and other types that are too complex for firewalls to identify or stop. If the IPS rules are not sufficiently precise it will drop legitimate packets. Intrusion Detection Systems log multipacket attacks based upon deep (multi network layer) packet inspectioins of streams of packet flows. An adminstrative alert is posted regarding a possibility of attack, but does not stop the attack. Intrusion Prevention Systems applies IDS processing methods and actually stops a number of attacks if they can be identified fairly accurately.
Defense
in Depth
Cryptographic Systems VPN Cryptographic Standards: SSL/TLS, PPTP, and IPsec (as well as others) provide security to multimessage dialogues with three (3) hanshaking phases followed by ongoing communication. Negotiation and
Authentication Key Exchange In Public Asymmetric Key Encryption, such as (RSA), two keys are needed. The owner generates a private key and a public key in such a way as it is impossible to determine one key from the the other. Then the owner publishes the public key for everybody. The sender encrypts messages with the published public key. The receiver decrypts incoming messages with the receiver's private key, (which is the only key that will work to decrypt the message). Only the receiver knows his/her own private key and so only it can decrypt the messages coded with the public key. PKE is heavy on computer resource consumption. Public Key encryption is usually only be done on short messages, so it is used to transport symmetric keys. Rivest, Shamir and Adelman invented RSA Public Key encryption. The following steps outline RSA key generation: 1) Generate two prime numbers, p and q, and compute n=qp and K=(p-1)(q-1). The following steps outline RSA encryption: 1) Let m be the message represented as a number in the interval [0, n-1]. You can decrypt RSA with the following: 1) Compute m=c**d mod n, where m is the original message. Key Exchange in SSL/TLS A Session Key is a symmetric key that is used for only the current communication session. A new symmetric key is generated on the next conversation. Ongoing Communication Example: Kate generates a pair of keys using RSA. She publishes the public key. Hardening
Computing Resources Response
to Attack
|
|
Definition: Network Management
Issues Total Cost of Ownership includes the total purchase cost of the network products, base price, configured price, initial licensing charges, one-time fees, initial installation and setup costs; and recurring charge and ongoing costs. Network Simulations
provide an econimial alternative than building actual prototypes. Examine the output and validate the simulation.
IP Management IP Subnet Planning is dividing the addressablity of your network into different logical smaller networks. You can only manipulate the bits of the IP that you are given control over. Subnetting the network and balancing subnet and host part sizes. The 2**N -2 Rule Use of private,
non-routeable IP addressing schemes. Administrative IP Servers Dynamic Host Control Protocol (DHCP). DHCP is a communications protocol that lets network administrators manage and automate the assignment of Internet Protocol (IP) addresses in an organization's network. DHCP allows devices to connect to a network and be automatically assigned an IP address. Domain Name Services (DNS) maps URL and domain names to IP addresses. Windows Internet Name Services (WINS) provides IP addresses for NETBIOS computer names for both Windows environments and the UNIX SAMBA windows interface. Proxy. A server that receives requests intended for another server and that acts on the behalf of the client behalf (as the client proxy) to obtain the requested service. A proxy server is often used when the client and the server are incompatible for direct connection. For example, the client is unable to meet the security authentication requirements of the server but should be permitted some services. Lightweight Directory Acess Protocol (LDAP). LDAP is a software protocol for enabling anyone to locate organisations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet. LDAP is a "lightweight" (smaller amount of code) version of Directory Access Protocol (DAP), which is part of X.500, a standard for directory services in a network. Routers, switches, clients and servers must be configured to work with TCP/IP and the network on which they exist. Network Management Utilities are software programs that help administrators to help configure, modify, monitor and secure their networks. Remote management is highly important. Security A network manager is a software mechanism that runs from a central site whose responsibility to to administer devices deployed across the network; such as routers, switches and PCs. The manager can execute GET and SET commands to gather statistics and change properties. A network management agent is a hardware or software mechanism that communicates with the network manager on behalf of the managed device. The manager through the agent manages the properties of deployed network objects. Traps are programs that wait for an event or condition to occur, collect information regarding the condition, time, components involved, lateral information and send it to the manager for alert or analysis. Telnet is a protocol for logging on to a remote system. It is not secure because it transmits in clear text. Secure Shell (SSH) is a protocol similar in function to Telnet but is highly secure. Data and authentication is strongly encrypted. Tunnels are also available for other applications. Trivial File Transfer Protocol (TFTP) allows file uploading and downloading without authentication. It is widely used by thin-client for re-imaging or IPLing of the operating system.
Overprovisioning LANS for traffic peaks. Quality of Service (QoS) Guarantees Traffic Shaping is the restricting of network traffic entering at various access or gateway points. Filtering is the discarding of unwanted traffic at access switches.
Return to Professor Page] |