View
219
Download
0
Category
Preview:
Citation preview
7/25/2019 Sect1 Network Functionality
1/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 1
Section 1
Network Functionality
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 2
The Network Security Model(Filtering & Cryptology)
Bad Bits . . .S
A
DConfidentiality and Integrity
Filtering
Denied
X Xobservation
modification
A
log/alert
Bad bits failauthenticationor match a filterdeny rule... orfail to match anyfilter permit rule
VPN
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 3
Topics at a Glance The OSI and TCP/IP stacks
Encapsulation & Inter-layer linkages
Hubs, switches, and routers
Collision and broadcast domains
Layer 2 and layer 3 addressing
IP space and net-mask calculations
DHCP, DNS, NAT/PAT, ARP, and VLANs
Fragmentation
Ports, TCP and byte accountability Routing a packet (header and layer views)
Routing protocols (DV, LS, PV, IGP, EGP and AS)
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 4
The OSI Stack
How many layers? ____
Any real world implementations ofthis specific 7-layer stack? ____
Most popular in-use stack based onthe OSI model? ________
Why
stack
at all... why not just
package it all in one product?
7/25/2019 Sect1 Network Functionality
2/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 5
The OSI Stack Can you name the 7 layers?
P________ D___ N____
T_______ S____________
P________ A________
1 Physical
2 Data Link
3 Network
4 Transport
5 Session
6 Presentation
7 Application
Try out thismnemonic
memory aid
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 6
The OSI Stack Match each layer to these overly
simplified functional descriptions
___ routes packets between networks
___ host-to-host view of a connection
___ bit representation on the wire
___ OS link to protocol stack and network
___ hardware addressing done here
1 Physical
2 Data Link
3 Network
4 Transport
5 Session
6 Presentation
7 Application
___ sequences packets to correct port
___ end-to-end encryption usually occurshere
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 7
Match each layer to the
units
thatthey work with
The OSI Stack
___ segments
___ bits
___ frames
___ , ___ and ___
messages
(another generic term)
___ packets/datagrams
The generic term for anyof these; however, is PDU,
which stands for
_________________
_________________
1 Physical
2 Data Link3 Network
4 Transport
5 Session
6 Presentation
7 Application
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 8
The OSI Stack
1 Physical
2 Datalink
3 Network
4 Transport
5 Session
6 Presentation
7 Application
1 Physical
2 Datalink
3 Network
4 Transport
5 Session
6 Presentation
7 Application
Virtual comm channel
between each
peer
layer
Of course the physical channel is
real
7/25/2019 Sect1 Network Functionality
3/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 9
En-/De-capsulation What is the relationship between
layer i and layer i+1?
Either of these answers is correct
layer i+1
rides on top
of layer i
layer i+1
is encapsulated inside
layer i
layer i
carries
layer i+1
layer i+1
is tunneled inside
of layer i
layer i adds its headers (and possiblytrailers) to layer i+1
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 10
The TCP/IP Stack TCP/IP
runs
the Internet!
TCP = ? _______________________
IP = ? _______________
What layer is TCP? ___
What layer is IP? ___
Which gets encapsulated insidewhich?______________________________
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 11
The TCP/IP Stack
1 Physical
2 Datalink
3 Network
4 Transport
5 Session
6 Presentation
7 Application
1 Physical
2 NW Int face
3 Internet
5 Application
4 Transport
How do they
stack
up against each other
OSI TCP/IP
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 12
Bandwidth (KNOW these!)
Measure of data throughput capacity
For digital data, measured in _______per second (bps or b/s)
Metric abbreviations:
Kbps = 103 ~= 210 a thousand bps
Mbps = 106 ~= 220 a million bps
Gbps = 109
~= 230
a billion bpsTbps = 1012 ~= 240 a trillion bps
7/25/2019 Sect1 Network Functionality
4/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 13
Bandwidth in Perspective
OC-24
(~1.25Gbps)
OC-1 (52Mbps)
T-3 (45Mbps)
T-1 & DSL Lite(1.5Mbps)
V.90 56Kmodem(~50Kbps)
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 14
LAN Topologies Only three basic (practical) types
________: Data travels through every NIC
_________: Data travels to every NIC
PC
NIC
PC
NIC
PC
NIC
PC
NIC
Each NIC caninspect &manipulate a tokenfor access control
Each NIC will seethe same trafficas all others
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 15
LAN Topologies________: Data travels between two
NICs at a time (unless it is a broadcast message)
PC
NIC
PC
NIC
Each NIC willonly see thetraffic addressedto it
PC
NIC
PC
NIC
Switch
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 16
LAN Topologies________: A direct link is provided
between every two NICs
PC
NIC
PC
NIC
Simply does notscale well and isnot used inpractice,particularly at theLAN level
We see somedegree of meshi-ness at the corelevel of theinternet howeverPC
NIC
PC
NIC
7/25/2019 Sect1 Network Functionality
5/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 17
LAN Topologies Which topology is this?
Answer: ______________________
PC PC
PC
PCPC
PC
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 18
Physically... it looks like a star
But what happens when I move thePCs to sit on one long table?
Is this no longer a
star
topology?
LAN Topologies
PC PC PC PCPCPC
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 19
LAN Topologies
The point is... physical layout isinconsequential
What matters is the electricalbehavior of the data pathways
To know this, we need to inspect thedevice at the center of the
star
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 20
If it is a MAU (or MSAU) then we havea ring
LAN Topologies
If it is a MAU (or MSAU) then we havea ring
To PC
Ring ina box
7/25/2019 Sect1 Network Functionality
6/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 21
If it is a hub then we have a busLAN Topologies
To PC
Think big blobof solder
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 22
If it is a switch then we have a
star
LAN Topologies
To PCX
X
X
X
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 23
LAN Topologies
Most popular LAN topology today...
Physical star into a logical star (switch)
Hubor
Switch
PC PC
PC
PCPC
PC
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 24
Basic Network Components
At what OSI layer do each of thesework at?
Repeater? ___
Router? ___
Hub? ___
Switch? ___
Bridge? ___ (most similar to switch)
7/25/2019 Sect1 Network Functionality
7/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 25
Hub aka Concentrator Hubs are considered
brainless
Basically a convenient, centralized,plug-in device to electrically connectall hosts on the network
Have no fear of hubs... they
re easy!
H C
C
C
C
C
C
C
C
These twonetworksbehave the
same way
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 26
Collision Domain Because hubs flood everything they
receive, they form collision domains
You have a collision domain if, whenone device transmits, allotherdevices on that network segment
hear(or seeif you prefer) it
This results in collisions and conges-tion, but also means that a networkeavesdropper can see others traffic
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 27
Repeater
Repeaters are also
brainless
Simply amplify digital signals andpass them along, un-inspected andunmodified
Provides a means for extending thelength of a segment
H H
R011001001 011001001
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 28
Precursor to the switch
Typically only has two ports
Traditionally used to
convert
between two different topologies orprotocols
The term is used mostly in the wire-
less world these days Let
s jump ahead to the switch...
Bridge
7/25/2019 Sect1 Network Functionality
8/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 29
Switch Switches, like hubs, form networksby connecting hosts
Unlike hubs, switches have someintelligence built into them in thatthey understand layer 2 addressing
Switches can learn which hosts liveoff of each port
Switches will either: block, forward,or _________ incoming frames
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 30
Switch
Event: Switch is turned on
Switch Action: None
Host Port
?
Switch
s Table
H
CA
CD
CC
S
CB
1 2 3
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 31
Switch
Event: CA sends to CD
Switch Action: _______ ?
Host PortA 1
Switch
s Table
HCD
CC
S
CB
1 2 3
CA
The switch is learning...
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 32
Switch
Event: CC sends to CB
Switch Action: _______ ?
Host PortA 1C 3
Switch
s Table
HCD
CC
S
CB
1 2 3
CA
7/25/2019 Sect1 Network Functionality
9/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 33
Switch
Event: CD sends to CA
Switch Action: _______ ?
Host PortA 1C 3D 1
Switch
s Table
HCD
CC
S
CB
1 2 3
CA
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 34
Switch
Event: CB sends to CD
Switch Action: _______ ?
Hub Action: ___________ ?
Host PortA 1C 3D 1B 2
Switch
s Table
HCD
CC
S
CB
1 2 3
CA
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 35
Switch
Event: CC sends to CB
Switch Action: _______ ?
Host PortA 1C 3D 1B 2
Switch
s Table
HCD
CC
S
CB
1 2 3
CA
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 36
Switch
Table entries will eventually
ageout
unless more traffic is received
What if...
very short age-out period?
very long age-out period?
Notice how much more efficient theswitch is at managing bandwidththan the hub... once it has learned
where every host
lives
7/25/2019 Sect1 Network Functionality
10/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 37
Switch
Event: CB spoofs CA and sendssome traffic... somewhere
Switch Action: __________________
_______________________________
____________________________ ?
Host PortA 1C 3D 1B 2A 2?
Switch
s Table
HCD
CC
S
CB
1 2 3
CA
A
A Mini Cyber-Security Case StudyHost Port
E 2
F 2G 2H 2
I 2. .. .. .
ZZZ 2
Switch Table
HCD
CC
S
CB
1 2 3
CA
E,F,G,H,I,ZZZ
B is an attacker who
spoofs ~thousands (or
however many are
necessary) of MACs.
Think throughthis attack-chain
using CIA
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 38
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 39
Broadcast Domain
Unlike hubs, switches can intelligen-tly block or forward based upon layer2 (hardware) addresses
The result, is that each port on aswitch is a separate collision domain
However if a device on a switch sends
a limited __________________ packet,
this will be flooded out every port
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 40
Gateway
Precursor to the router
The term is now used quite liberallyto indicate just about any networkconnection or translation deviceDefault Gateway (a router)
Security Gateway (VPN server, authenti-cation server, etc.)
Protocol Translation Gateway (convertsbetween say TCP/IP and SPX/IPX
etc.
7/25/2019 Sect1 Network Functionality
11/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 41
Router Speaks at layer 3, which for the
TCP/IP protocol stack is? ____ (protocol?)
Like switches, routers perform block,forward, and broadcast (flood)decisions based upon information intheir routing table
Unlike switches, routers map__________ to interfaces, rather than______ to portsas the switch does
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 42
Router Routers basically do this
Read the destination IP address inevery packet that arrives, then
Determine if destination is local or not
If local then deliver to that local device
Else, search the __________________to find the proper outbound interfaceto get the packet one hop closer to itsultimate destination
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 43
Router(R) vs Switch(S)
H1
S
H2 Hn. . .
R
NW1
NW2
NW3
I connect networks atlayer 3, thus I create
internetworks
I connect hosts atlayer 2, thus I
create networks
And remember... a cloud may consist of only a single host
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 44
Router
R
FDDI LAN
Ethernet LAN
running IPX
Router
s are multi-lingual when it comes toprotocols. They make Internetworking possible!
Switches are generally NOT
multi-lingual
;however
translational
switches do exist
Frame RelayWAN
Ethernet LAN
running IP
7/25/2019 Sect1 Network Functionality
12/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 45
Broadcast Domain (again) Unlike switches, if a router sees a
limited broadcast packet it will block it
To summarize hub, switch and routerbehavior with respect to domains
A _________ cannot partition anything
A ___________can partition a collisiondomain, but not a broadcast domain
A _______________ can partition both acollision domain and a broadcast domain
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 46
Layer 3 Switch (??)Aka IP Switch
Aka Router Switch
Aka Switch Router... you get the idea
It
s actually a ____________
But is built using _________ technology
Basically, this means that routingdecision are made in ______________rather than_______________
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 47
ASIC
An industry trend !
ASIC = _________________________
Idea is to move functionality fromsoftware into hardware
Hardware runs at
________
speedand will always beat software since it
does not incur the penalty of all thosememory lookups & inst. decodings
Market demand justifies developmentJ.D. Fulp CISSP, ISSEP, ISSAP, CSIH 48
Layer 2 Addressing
Each NIC (not necessarily each com-puter) has a factory built-in hardwareaddress
The hardware address is the layer 2address
It is also called the _____ address
MAC addresses are ___ bits in lengthwhich is ___ hex digits in length
7/25/2019 Sect1 Network Functionality
13/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 49
Layer 2 Addressing Anatomy of a MAC address
First 24 of 48 bits represent the mfr.
Last 24 of 48 bits represent a uniquemfr. assigned number
Example:
Every NIC in the world should thushave a unique MAC address !
02 60 8C 26 B5 A2
3COM Corp.
12 hexdigits
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 50
Ethernet Header (& Trailer)
Numbers indicate # of bytes
Preamble is not considered p/o header
Header 14 bytes, trailer is 4 bytes
Note min/max size of an entire Ethernetframe ( 64 1518 bytes )
8 6 6 46-1500 4
Preamble Src MAC payload
Dest MAC Frame Type CRC
2
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 51
Ethernet FramePreamblesynchronizeshardware fortransmissionof frame... wecan think of itas the layer 1
header
Preamble is 64 alternating 1s and 0s
8 6 26 46-1500 4
What
s actually in the payload field?
Ans: Application payload (aka
userdata
) plus ______________________
________________________________
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 52
Ethernet Frame
8 6 6 46-1500 4
The two byte frame type field indicates the typeof PDU header that is in the data field
0x0800 IPv4
0x809B AppleTalk
0x8137 IPX
0x86DD IPv6
0x8038 DECNet
2
Just a few ofthe morepopular L-3
protocols
7/25/2019 Sect1 Network Functionality
14/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 53
Layer 3 Addressing IP is the language spoken at layer 3
IP addresses are ____ bits in length
32 bits are broken into ____
octets
IP addresses are typically formattedin ___________________ format
E.g., 130.109.45.217
The largest number an octet can beis _____ (28-1)
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 54
Layer 3 Addressing IP addresses are controlled, decon-
flicted, and assigned via severalagencies, prominant are:
IANA: Internet Assigned NumbersAuthority
ICANN: Internet Corporation forAssigned Names & Numbers
ARIN: American Registry for InternetNumbers
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 55
Layer 3 Addressing
IP address scheme is hierarchical
A network part
Possibly a subnet part
A host part
In _________ mode, the network/hostboundary falls on an octet boundary
In _________ mode, the network/hostboundary is determined by thesubnet mask
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 56
Layer 3 Addressing
IP Address classes A-E
N = a network address octet
H = a host address octet
Class A: N.H.H.H
Class B: N.N.H.H
Class C: N.N.N.H
Class D: Reserved for Multicasting Class E: Reserved for Future Use
More networks...
less hosts per
network
7/25/2019 Sect1 Network Functionality
15/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 57
Layer 3 Classes How do you know what class a given
IP address belongs to?
Two methods for answering this
(1) Memorize the first octet cutoffs
class A 0..127
class B 128..191
class C 192..223
class D 224..239
class E 240..255
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 58
(2) Convert 1st octet to binary and lookat # of consecutive leading 1s
0xxxxxxx class A
10xxxxxx class B
110xxxxx class C
1110xxxx class D
1111xxxx class E
So what class is 186.56.209.32
Layer 3 Classes
128 64 32 16 8 4 2 1
Build18610in
binary
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 59
Layer 3 Classes
18610 = 1 0 1 1 1 0 1 0 2
So it
s a class B address
What is the network address in thisclass B IP address example
Ans: 186.56.0.0
What is the host address in this
example?
Ans: 186.56.209.32
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 60
Layer 3 Classes
How many hosts can a class B IPaddress specify? (Hint: N.N.H.H)
Ans: ______
The 2 comes from the fact that...
an all zero octet means
_____________
an all one octet means
_____________
,or
all hosts on this network
7/25/2019 Sect1 Network Functionality
16/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 61
Layer 3 Addressing Hosts and routers often need to
figure out what network an IP is on
This is the role/function of networkmasks (aka subnet masks)
Masking utilizes the logical ANDoperation (below X is a binary variable)
X and 0 = __ (i.e.,
mask-out
X)
X and 1 = __ (i.e., keep X)
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 62
Layer 3 Addressing What would a class C mask look like
in dotted-decimal notation?
200.100.50.25
. . .
. . .
class C address
class C mask
Result (network address)
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 63
Layer 3 Addressing
What would a Class C mask look likein binary?
In bit-count notation, the class C
mask is written as ______ This is also called CIDR
11001000.01100100.00110010.00011001
. . .
. . .
IP addr
Mask?
NW addr
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 64
Layer 3 Addressing
Write the class B dotted-decimalmask: _____._____._____._____
Write the class B mask in bit-countnotation: _____
What network does the host IPaddress 117.216.89.46 /8 belong to?
Ans: _____._____._____._____
Write the /8 mask in dotted-decimalnotation: _____._____._____._____
7/25/2019 Sect1 Network Functionality
17/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 65
Layer 3 Addressing IP space is a finite resource, just like
SSNs and telephone numbers
The classful A, B, C system imposesrigid, fixed-size networks
Results in wasted IPs
CIDR to the rescue
CIDR = __________________________
__________________________________
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 66
Layer 3 Addressing With CIDR we allow the network-host
cut to be placed anywhere
Example, assume you only need 18 IPaddresses for your small network
Your ISP gives you 200.200.200.96/27
Note this is an appropriately-sized(smaller) chunk of IP space than thesmallest (Class C) available under theclassful system
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 67
Layer 3 Addressing
Lets take this 200.200.200.96/27example and review the typical IP-typequestions that arise
How many hosts can you address?
What is your host address range?
What is your broadcast address?
What is your mask in dotted-decimal (ifbit-count was given) or bit-count (if dot-ted-decimal was given)
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 68
Layer 3 Addressing
Viewing in binary is helpful
IP addr
Mask?
11001000.11001000.11001000.01100000
11111111.11111111.11111111.11100000
The slash-27 cut
Network bits to the left
Host bits to the right
200 200 200 96
7/25/2019 Sect1 Network Functionality
18/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 69
How many hosts can you provide anaddress for now?
Layer 3 Addressing
Ans: 25 - 2 = 30 (plenty)
5 bits of host space left
Network bits (27) Host bits (5)
11001000.11001000.11001000.011*****
11111111.11111111.11111111.11100000
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 70
Layer 3 Addressing What will your host addresses be?
96+00001 = 97
through96+11110 = 126
200 . 200 . 200 .011 * * * * *
So...valid IPs are:
200.200.200.97 through200.200.200.126
11001000.11001000.11001000.011*****
11111111.11111111.11111111.11100000
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 71
Layer 3 Addressing
What is the broadcast address forour 200.200.200.96 /27 network ?
Just set all the host bits to 1
Ans: 200.200.200._____
11001000.11001000.11001000.01111111
11111111.11111111.11111111.11100000
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 72
Layer 3 Addressing
What is you network mask in dotted-decimal?
Set all the network bits to 1 and allthe host bits to zero and convert
Ans: _____._____._____._____
11001000.11001000.11001000.01100000
11111111.11111111.11111111.11100000
7/25/2019 Sect1 Network Functionality
19/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 73
Layer 3 Addressing A summary of the last octet masks:
X.Y.Z.100000002 = 12810 = /25
X.Y.Z.110000002 = 19210 = /26
X.Y.Z.111000002 = 22410 = /27
X.Y.Z.111100002 = 24010 = /28
X.Y.Z.111110002 = 24810 = /29
X.Y.Z.111111002 = 25210 = /30
X.Y.Z.111111102 = 25410 = /31
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 74
Tips for IP/Network QuestionsFirst establish the cut between net-
work and host bits as set by the mask
Set all host bits to 0 to get networkaddress
Set all host bits to 1 to get broadcastaddress
All addresses between network andbroadcast are valid (assignable) IPs
Set all network bits to 1 and all host bitsto 0 to get the mask
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 75
Some Special IP Addresses
Seven you should know about:
1. The network address: e.g., N.N.0.0
2. Directed broadcast: e.g., N.N.N.255
3. Limited broadcast: 255.255.255.255Sent to all hosts on
this
network, i.e.,the network of origin. Example ofusage? ________
4. The this host or the
I don
t have an IPIP address: 0.0.0.0. Example ofusage? ________
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 76
Some Special IP Addresses
5. The loopback address: 127.*.*.* For de-bugging purposes allows a single machineto test its protocol stack by talking to itself
6. The IPv4 Link-Local address space:169.254.*.* for hosts that fail to get an IPfrom DHCP server. (RFC 3927)
7. The private address space (RFC 1918)
- Class A: 10.*.*.*- Class B: 172.16.*.* 172.31.*.*
- Class C: 192.168.*.*
7/25/2019 Sect1 Network Functionality
20/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 77
Layer 3 Private Addresses Private addresses can be used by
anyone without having to registerthrough an authority
Great idea! Allows unlimited reuse ofthese addresses
Intended to be used on your ownisolated intranet
Cannot connect to Internet though...why?___________________________
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 78
Layer 3 Private Addresses So... if you
re NOT going to connectto the public network, could youchoose whatever IP addresses youwanted? Ans: ______
But what happens if you DO want toconnect to the public network usingnetwork address translation (NAT)?
Next slide illustrates potential problem
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 79
Layer 3 Private Addresses
Host inintranet
Router
Server onInternetThe Internet
212.74.206.28
212.74.206.47131.120.0.1
Registered IPs
Un-registered IP
Do you see the problem here?
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 80
NAT & PAT
Private addresses are an excellentsolution for isolated intranets
However, the inability to connect tothe Internet is very constrictive
Two mechanisms provide a solutionNAT: Network Address Translation
(a
pool
of available public IPs)
PAT: Port Address Translation(a
pool
of port #s using a singlepublic IP)
7/25/2019 Sect1 Network Functionality
21/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 81
10.3.6.19 Data
NATPrivate IPs
10.3.X.X /16
PublicInternet
Local Router
(running NAT)
Pool of
Public IPs210.46.10.5210.46.10.6
210.46.10.7210.46.10.8 210.46.10.5 Data
210.46.10.6 Data
10.3.5.26 Data
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 82
NAT
Local Router
(running NAT)
Pool of Avbl Public IP Addresses
Avbl Public IP mapped to
No 210.46.10.5 10.3.5.26
No 210.46.10.6 10.3.6.19Yes 210.46.10.7 ---.---.---.---
Yes 210.46.10.8 ---.---.---.---
Routerkeeps atable ofpublic-to-private IPmappings
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 83
NAT
There are two types of NAT:
Dynamic: Router can map & un-mappublic IPs to private IPs as necessary
Static: One public IP is permanentlymapped to one private IP
Always configure for dynamic unless?
_________________________________
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 84
PAT
Private IPs
10.3.X.X /16
PublicInternet
Local Router
(running PAT)
Public IP
210.46.10.5
10.3.6.19 Data4912
10.3.5.26 Data3705
210.46.10.5 Data2610
210.46.10.5 Data2611
source portnumber
7/25/2019 Sect1 Network Functionality
22/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 85
PAT
Local Router
(running PAT)
Pool of Avbl Port Numbers
Avbl Port# mapped to .
No 2610 10.3.5.26 : 3705
No 2611 10.3.6.19 : 4912Yes 2612 ---.---.---.---
Yes 2613 ---.---.---.---
Routerkeeps atable ofexternal-port-to-
internal-IP:port
mappings
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 86
Unicast
Router SwitchSwitch
Hub
1.2.3.0 /24
1.2.4.0 /24
1.2.5.0 /24
From: 1.2.3.25To: 1.2.5.17
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 87
Multicast
Router SwitchSwitch
Hub1.2.5.0 /24
From: 1.2.3.25To: 224.4.8.6
1.2.4.0 /24
1.2.3.0 /24
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 88
_ Broadcast
Router SwitchSwitch
Hub
From: 1.2.3.25To: 1.2.5.255
1.2.4.0 /24
1.2.3.0 /24
1.2.5.0 /24
What kindofbroadcast is
this?
?
7/25/2019 Sect1 Network Functionality
23/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 89
_ Broadcast
Router SwitchSwitch
Hub
From: 1.2.3.25To: 255.255.255.255
1.2.4.0 /24
1.2.3.0 /24
1.2.5.0 /24
What kindofbroadcast is
this?
?
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 90
Collision/BroadcastDomains
hub
How many collision domainshere? _______
How many broadcast domainshere? _______
This is aa) LAN?
b) segment?c) network?d) internetwork?
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 91
Collision/BroadcastDomains
hub
switch
How many collision domainshere? _______
How many broadcast domainshere? _______
This is aa) LAN?
b) segment?c) network?d) internetwork?
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 92
Collision/BroadcastDomains
router
hub
hub
switch router
7/25/2019 Sect1 Network Functionality
24/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 93
Collision/BroadcastDomains
How many collision domains on theprevious slide? _______
How many broadcast domains on theprevious slide? _______
The previous slide shows aa) LAN?b) segment?c) network?d) internetwork?
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 94
Layer 4 (Transport) Layer 3 (IP) provides no guarantee of
message delivery
Layer 3 simply provides an addressinfrastructure for
best-effort
delivery by routers
If a message is lost, IP won
t tellyou... because it won
t know
The responsibility of trackingmessage delivery is pushed up tolayer 4, the TCP part of TCP/IP
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 95
Layer 4 (Transport)
The TCP/IP protocol stack definestwo layer 4 protocols
TCP provides reliable delivery
UDP (User Datagram Protocol) providesunreliable delivery
Another way of stating this
TCP is connection-oriented
UDP is connectionless
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 96
Packet vs Circuit Switching Packet-Switching
Message divided into packets
Packets need not travel thesame node-to-node paththrough the network
Circuit-Switching
Message may or may not getdivided into separate packets
Path will be establishedbefore transmission
All data will travel the same path
7/25/2019 Sect1 Network Functionality
25/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 97
Packet Switching
CH1 H2C
C
C
C
C
C
Host 1 sends
HELLO!
to Host 2
Assume packet data payload limited to 2 chars
1of3 HE
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 98
Packet Switching
CH1 H2C
C
C
C
C
C
As load/congestion changes occur within thecomm infrastructure, switching/routingdecisions may result in different paths
2of3 LL
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 99
Packet Switching
CH1 H2C
C
C
C
C
C
It
s even possible for packets to arrive out oforder
3of3 O!
2of3 LL
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 100
Packet Switching
Packets could arrive out of order, no
big deal, that
s why packets arenumbered with a __________ number
No circuit setup and tear-downoverhead with packet-switching
But, a good deal of overhead in the___________________
Similar model to postal system
7/25/2019 Sect1 Network Functionality
26/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 101
Circuit Switching A set path is established prior to any
data being sent
Much like the telephone system, sogood circuit-switch technologyexamples include
xDSL (various versions of Digital Sub-scriber Line)
Dial-up (modem connection via thePOTS
Plain Old Telephone System
)
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 102
Circuit Switching
CH1 H2C
C
C
C
C
C
Host 1 sends
HELLO!
to Host 2
HELLO!
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 103
Virtual Circuit Switching
Hybrid of packet & circuit switching
Data gets divided into packets(like packet switching)
All data travels the same predeterminedpath (like circuit switching)
Frame Relay and ATM (Asynchro-nous Transfer Mode) are two suchtechnologies that works this way
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 104
Virtual Circuit Switching
CH1 H2C
C
C
C
C
C
Note how the header no longer requires a sequencenumber to ensure packet re-build order
Fm:H1 HEFm:H1 O!
Fm:H1 LL
7/25/2019 Sect1 Network Functionality
27/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 105
Connection vs ConnectionlessMeet me at
12:30
Aye sir... meetyou at 12:30
TCP
UDP
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 106
Layer 4 (Transport) TCP/IP
Connection-oriented
The sending TCP host numbers thepackets and sets timer at time of packettransmission
The receiving TCP host reorders andaccounts for packets
Receiving TCP
acks
received packets
If timer expires before ack is received,sending TCP re-trasmits that packet
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 107
Layer 4 (Transport)
UDP/IP
UDP is Connectionless
Packets are not numbered
No accounting of packets
Send and assume reception
If not received . . . UDP doesn
t care, letthe higher layers figure it out order a re-
transmission if it s important enough
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 108
TCP Header (Ports)
How many port #s are there? ______
A semi-formal segregation exists
Port #s < 1024
The
well known
ports
Reserved for specific services
1024
7/25/2019 Sect1 Network Functionality
28/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 109
TCP Header (Ports)Port #s > 49151
The
upper
or
ephemeral
ports
Client-side of connection uses thesethough there are a few exceptions
Assigned
on-the-fly
by clientsystem, thus also referred to as the_______________ ports
In THIS class, we will consider all portsabove 1023 to be
clients
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 110
SomeWell-Known
Ports
20 21 22 23 25
53 67/68 69 80 110
123 137-139
143 161 443
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 111
TCP Header (Ports)
Ports>1024
Ports1024
Ports1024
Ports1024
Ports
7/25/2019 Sect1 Network Functionality
29/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 113
Seq#: 327Ack#: 0
Flag: Syn
Win: Seq#: 477
Ack#: 328Flag: Syn/AckWin: 1000Seq#: 328
Ack#: 478
Flag: AckWin: 600
TCP 3-way HandshakeHost A
time
Host B
time
Initial
SequenceNumbersare sent in the
Syn
packets
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 114
TCP Packet Accountability Hosts sending packets start a timer
at time of transmission
If timer expires prior to the receptionof an ack for that packet, the packetis resent
Hosts dynamically adjust this timerto account for distance, congestion,etc. lot
s of cool statisticalmathematical optimization analysis
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 115
Seq#: 328Ack#: 478
Flag: Ack
Win: 600
Seq#: 328Ack#: 478
Flag: AckWin: 600
TCP Packet AccountabilityHost A
time
Host B
time
X A s timerexpires, so Aresends the
packet
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 116
Hosts advertise their window size inthe TCP headerInitially tells other host the maximum
buffer space (ito # bytes) available
Once data transfer begins, keeps otherhost updated as to available space
Mechanism for recipient to keep fromgetting overwhelmed, for example:
Window = big # send, send, send
Window = 0
stop... I
m full
TCP Sliding Window
7/25/2019 Sect1 Network Functionality
30/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 117
TCP Sliding WindowHost A
time
Host B
time
Seq#: 328Ack#: 478
Flag: Ack
Win: 600
Seq#: 478
Ack#: 428Flag: AckWin: 900
Seq#: 428Ack#: 478
Flag: AckWin: 600
Seq#: 478
Ack#: _____ ?Flag: AckWin: 700
Track the Seq &Ack numbers
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 118
TCP Sliding Window (cont)Host A
time
Host B
time
Seq#: 720
Ack#: 1228Flag: AckWin: 1000
Seq#: 620
Ack#: 1228Flag: AckWin: 1000
Seq#: 520
Ack#: _____ ?Flag:Ack
Win: 50
Seq#: 628Ack#: 520
Flag:Ack
Win: 558
X
What should
A
ack
now?
___________
Seq#: 1028Ack#: 520
Flag:AckWin: 800
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 119
Seq#: 1228Ack#: 620
Flag:AckWin: 700
TCP Sliding Window (cont)
Host A
time
Host B
time
Now what will A Ackback to B once thesegment is finally
received?
Ack# ______
Seq#: 620
Ack#: 1228Flag:AckWin: 1000
B will keep
receiving Ack
620 from A, andwill realize that thatsegment mustvebeen lost.
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 120
TCP Session Termination Can proceed in three ways
Reset Something wrong happens (protocol violation/confusion)
Confused host send packet with TCP Reset flag set
3-way handshake Client sends Fin-Ack (client finished sending)
Server sends Fin-Ack (server finished sending too)
Client sends Ack
4-way handshake
Client sends Fin-Ack Server sends Ack (server not finished sending)
Server sends Fin-Ack (server finished sending)
Client sends Ack
7/25/2019 Sect1 Network Functionality
31/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 121
ICMP ICMP = Internet Control Message Prot.
Is it a layer 3 or 4 protocol? _______
Used to send ____________ &_____________ mesages
Some common ICMP messages:
echo request/reply (ping & traceroute)
address & subnet-mask requests
time exceeded
destination un-reachable
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 122
ICMP Ping provides a great connectivity
test utility
Ping or
Traceroute (or tracert) is ping wrap-ped inside a loop that increments theTTL value until the target is reached
Traceroute provides more detailedpath information
Tracert or
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 123
ICMP (tracert 1.2.3.4)
? ?
?
?
?
?
1.2.3.4
ping(ttl=1)
ping(ttl=2)
ping(ttl=3)
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 124
ICMP Tracert ExampleH:\>tracert usna.edu
Tracing route to usna.edu [131.122.220.30]
over a maximum of 30 hops:
1
7/25/2019 Sect1 Network Functionality
32/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 125
TCP/IP Inter-layer Linkages
Application
Ethernet?
IP?
TCP?
Example:
_______ # 25SMTP
Example:______# 0x0800IPv4
Example:
___________ # 6TCP
How does each lower
layer
know
whichhigher layer to pass
its payload up to?
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 126
The Default Gateway
All hosts need tobe told which wayto go to get out ofthe local networkand toward thelarger Internet.That is... get one
hop
closer to the
highway
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 127
The Default Gateway
People often get confused regardingwhat device/IP should be configuredas the default gateway
Basically, imagine that a network fullof devices is a room full of people.
Setting the default gateway is equiva-lent to pointing out the (default) exit
door to everyone in the room Point all devices to the exitrouters inside IP address
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 128
ARP
ARP stands for __________________
Resolution is
network-speak
for amapping... or a binding
Specifically: ARP = map ( IP MAC)
And while we
re at it . . .
RARP stands for _____________ ARP
RARP = map ( _________ )
Wanna keep them straight?ARP starts with a vowel... so does IP
7/25/2019 Sect1 Network Functionality
33/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 129
ARP ARP is necessry whenever a host has
an _____ address, but does not havethe corresponding _____ address
Device needing the MAC will send alimited broadcast (255.255.255.255) tothe local network asking whomeverhas this IP, please tell me your MAC
The reply (if any) is sent directly to therequestor (unicast) which will thenstore this in its ARP cache
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 130
ARP Any device receiving an ARP will . . .
Read the IP address in the ARP request
Compare the IP to its own IP
If the same, reply via __________ ( )to the sender with its MAC address
With MAC address now in hand, thesender can complete the layer 2header (it now has the destinationMAC address it needed)
unicast orbroadcast?
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 131
Routing a Packet
VariousLayer 2
IP
TCP
App/Data
Internet
Bob Sam
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 132
Routing a PacketPass datadown tolayer 3
Determinelocal subnet
address
Compare localsubnet addr todestination IP
Check ARPcache or ARPfor dest MAC
Check ARP cache orARP for the appropriate
GW router
Send to DGW router(ARP if necessary)
Arethey thesame?
Route
entry for destnetwork?
Is there adefault route
entry No
Yes
No
YesYes
Action by the sending host
NoError
Bob
7/25/2019 Sect1 Network Functionality
34/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 133
Data Goes Down the Stack
Port #s Data
Data
Fm: MAC-BobTo: MAC-DGW Port #s DataFm: IP-Bob To: IP-Sam
Data
Fm: IP-Bob To: IP-Sam
. . . 10010101000101101001001011111101010 . . .
Internet
DefaultGatewayRouterBob
Data
switch
Port #s
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 134
Switch Action
Fm: MAC-Bob To: MAC-DGW ? ??
MAC on PortRob 7Alice 3DGW 2. . . . ?
Switches only know layer 2 . . . the rest is a mystery
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 135
Router ActionDest Network Interface# Dest MAC .NW-Prefix IP-Sam ethernet 1 MAC-ISPRtr
. . . other entries . . .
?
Router reads layer 3 then re-writes layer 2 for next hop
Fm: MAC-Bob To: MAC-DGW ? ?Fm: IP-Bob To: IP-Sam
Fm: MAC-DGW To: MAC-ISPRtr
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 136
Switches in the Core Also
Layer 2
Layer 3
Layer 2 Layer 2
Layer 3
S D
C i s c o A S 5 8 0 0 S E R IE S
P ow er
C I S C O S Y S T E M S
But they
re not talking Ethernet . . . probably ATMor Frame Relay using virtual circuit switching
7/25/2019 Sect1 Network Functionality
35/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 137
ARP (if necessary) for Last Hop
Fm: MAC-RtrZ To: MAC-RtrB ? ?Fm: IP-Bob To: IP-Sam
?Internet
Listen up... ifany of you owns
IP address
IP-Sam ? Tellme your MAC
Fm: MAC-RtrB To: MAC-Sam
Sam
That
s me,my MAC is
MAC-Sam
M
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 138
The Big (Stack) Picture
SMTP
3567
25
IPCIPM
MACCMACR
5 App
4 Src
4 Dest
3 Src
3 Dest
2 Src
2 Dest
IPC sends e-mail (SMTP) to a mail server at IPM
Legend
MACCMACR
IPCIPM
MACRMACM
SMTP
3567
25
IPCIPM
MACRMACM
S RC
1 Media
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 139
The Big (Stack) Picture
POP3
110
29034
IPMIPC
MACMMACR
5 App
4 Src
4 Dest
3 Src
3 Dest
2 Src2 Dest
IPC downloads (POP3) mail from the mail server
Legend
IPMIPC
MACRMACC
POP3
110
29034
IPMIPC
MACRMACC
HR C
1 Media
M
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 140
DNS
DNS = _________________________
Related to ARP in that it is also a
resolution
protocol
ARP = _________ resolution
DNS = _________ resolution
Specifically: DNS = map (Name IP)
Why do we have such a mechanism?
7/25/2019 Sect1 Network Functionality
36/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 141
DNS Summary
fixed toplevel
domain(tld)
vulcan.cs.nps.navy.mil.
individual
machinename
domainowner
sdiscretion(arbitrary)
fully qualifieddomain name
(fqdn)
root
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 142
DNS Summary
DNSSystem
fqdn W.X.Y.Z
{ Name space}
With exceptionof top leveldomain, fullyflexible
{ IP space}
Fixed 4 octetnumber space,but flexible viavariable lengthmasks
DNS... ahierar-chicallydistributeddatabaseof fqdn:IPmappings
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 143
DNS Servers & Domains
Every domain must have at least oneserver configured to providename IP resolution
More than one name server will
Enhance performance
Protect against single-point-of-failure
Typically a primary (P) andsecondary (S) name server arespecified
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 144
DNS Servers & DomainsHere is the minimum
knowledge
needed bythe various DNS players to get it going
Root Server
Non-RootServer
Client
Non-Root
ServerI know the address of
my DNS server
I know the address ofall DNS servers one
level below meWe know theaddress ofall the root
DNS serversand all DNSservers one
level belowus
7/25/2019 Sect1 Network Functionality
37/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 145
DNS Servers & DomainsEachnetworkedmachine mustbe told whereto find its DNSserver.
Note this IPaddress doesnot haveto be
local
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 146
DNS Resolution DNS clients request ______________
look-ups from their DNS servers
Basically client is saying
you do allthe work... I
ll wait on the answer
DNS servers utilize ______________look-ups to other servers in thehierarchy
Basically server is saying
if youdon
t know the answer tell me whomight
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 147
Pure Recursive Resolution
Root Server
.mil
Domain Server
.navy
Domain Server
.nps
ClientHerrmann
Domain Server
.army
Domain Server
.usma
ClientPatton
11
23
4
5
6
7
8
9
This is NOT the way it is done. Why not?
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 148
Iterative Resolution
Root Server
.mil
Domain Server
.navy
Domain Server
.nps
Client
.Herrmann
Domain Server
.army
Domain Server
.usma
Client
.Patton
11
23
4
56
7 8
9
7/25/2019 Sect1 Network Functionality
38/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 149
Authoritative or Not? Name servers provide two different
types of answers
Authoritative: Means the answeringserver is the original source of informa-tion for the IP address in the request
Non-authoritative: Means the answeringserver has a cached entry for the IPname binding that was obtained from aprevious lookup
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 150
Split DNS Split DNS is a DNS security option
Some names are resolved
Servers intended for public
Some names are not resolved
Servers with private IP addressesintended only for local users
Perhaps for security reasons... wedon
t want anyone connecting to them
Bottom line: A means to limit nameresolution for select systems
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 151
DHCP
DHCP = ________________________
Requires a DHCP server to lease outavailable IP addresses
Allows a host to join a network andobtain an IP address w/o administra-tor involvement
Permits
Plug-and-Play Networking
DHCP is an improved implementationof RARP and bootp
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 152
DHCP DHCP server can be configured to
hand out . . .Permanent IP addresses to __________
Dynamic addresses from a pool ofavailable addresses to clients
The address is held for some set leaseperiod, then either . . .It
s given up and goes back into the pool
Client negotiates for an extensionTry
ipconfig /all
from command line
7/25/2019 Sect1 Network Functionality
39/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 153
DHCP When you configure a DHCP server,
you will want it to provide the followinginformation, at a minimum
An IP address
The networks subnet mask
The IP of its ___________________(router)
The IP address of a _____ server
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 154
Why does it occur?
Heterogeneous nature of internetworks
Different h/w for different transmissiontechnologies specify different maximumframe (layer 2) sizes
This maximum frame size is referred toas the ______________________ or MTU
E.g., the MTU for Ethernet is ____ bytes
Frag-men-ta-tion
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 155
IEEE 802.5
PPP
Some MTU Sizes (bytes)
1,500
296
IEEE 802.117,981
4,464
IEEE 802.31,5001,500
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 156
Frag-men-ta-tion
So what must happen when aframe travels to a network with asmaller MTU
MTU = 1500 MTU = 500
Router
The connecting router has to breakup the IP packet into smaller packets
7/25/2019 Sect1 Network Functionality
40/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 157
Frag-men-ta-tionIP Header Layer 4 and 5 (payload)
IP Hdr 1 data 1
IP Hdr 2 data 2
IP Hdr 3 data 3
New IP headers are almost identical to the original IPheader, but some modifications are necessary
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 158
The IP Header
Ver HLen Svc Type Total Length
TTL Protocol Header Checksum
Source IP Address
Destination IP Address
PaddingIP Options
Identification Flags Fragment Offset
32 bits
0 4 8 16 19 24 31
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 159
The IP Header
Identification field is the link thatunifies all fragments of an originalsingle IP packet, thus it is duplicated
Flags field: 3 bits R-DF-MF where
R is Reserved (must be zero)
DF = 1 means Don
t FragmentMF = 1 means More Fragments... i.e.,
this is not the last fragment
Identification Flags Fragment Offset
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 160
Fragment Offset indicates the posi-
tion of the fragment
s data relative tothe beginning of the data in the origi-
nal packet, in units of 8 bytes
Combination of these three fields +
the total length field allows the desti-nation host to rebuild the originalpacket
The IP Header
Identification Flags Fragment Offset
7/25/2019 Sect1 Network Functionality
41/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 161
Frag-men-ta-tion Where should fragments get
reassembled . . .
By other downstream routers when theMTU gets larger?
By the destination host?
Router reassembly is not a good idea
Routers would have to maintain stateinformation for all packets processed
Fragments may travel different routes!
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 162
MTU2
RouterRouter
Frag-men-ta-tion
MTU8
MTU5
M o n t e
r e y
M o n t e r e y
n t
M o
e
r e
y
Frag Offset = ____ Flags = ____
Assume
each letter is8 bytes insize
Frag Offset = ____ Flags = ____
Frag Offset = ____ Flags = ____
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 163
MTU5
Frag-men-ta-tion
MTU8
MTU2
MTU2
M o n t e r e y n t e r e
M o
M o
n t
e r
e
y
y
Packets can arrive out of order
Assumeeach letter is
8 bytes insize
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 164
Frag-men-ta-tion
M o n t e r e y
0 1 2 34567
Frag Offset = 2
M o
Frag Offset = 0
Frag Offset = 7
y
n t
Frag Offset = 2
M o
Frag Offset = 0
Frag Offset = 7
e r
Frag Offset = 4
e
Frag Offset = 6
y
n t e r e
Assumeeach letter is
8 bytes insize
7/25/2019 Sect1 Network Functionality
42/50
7/25/2019 Sect1 Network Functionality
43/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 169
640-714
FO MF PL
80 0 75
Re-assembly Exercise (4)FO MF PL
40 1 160
FO MF PL
20 1 160
FO MF PL
0 1 160
FO MF PL
60 1 160
0-159 160-319 320-479
480-639
Missing fragment
Question #4: What was the total length (TL) of the original(unfragmented) packet? ________________
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 170
VLANs VLAN = ____________ LAN
Switches that support the creation ofVLANs allow themselves to be split(partitioned) into >1 ________ domain
VLANs are isolated from each other
Ports on a single switch can beassigned to different VLANs
Ports on multiple switches can beaggregated to form a single VLAN
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 171
VLANsPorts 1-5
assigned toVLAN 36
Ports 6-8assigned to
VLAN 25
Communications between the 2 VLANs wouldrequire layer 3 service (e.g., a router)
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 172
VLANs
36 36
36
25 25
25
Trunk Line
2 separate VLANs (2 broadcast domains)
7/25/2019 Sect1 Network Functionality
44/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 173
Before . . .
LAN 3
LAN 2
LAN 1
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 174
After . . .VLAN2 & 3
VLAN1, 2 & 3
VLAN1 & 3
TrunkLine
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 175
Routing & RoutingProtocols
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 176
Routing Protocols
Routers learn about the location ofnetworks in one of three ways
Implicitly network(s) they are
homed
in
Statically added to the routing table
Dynamically learned from other routersby sharing routing table information
Dynamic route learning is madepossible by routing protocols
7/25/2019 Sect1 Network Functionality
45/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 177
Routing ProtocolsMy route
info
Myroute
info
Myroute
info
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 178
Routing Protocols No individual router needs to know
the exact location of all networks
Each individual router need onlyknow the next hop to get a packetone step closer to its destination
In effect, the collective route informa-tion of all routers superimposestrees onto what is otherwise a rather
meshy
internetwork.
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 179
Routing Protocols
A.B.C.0e0A.B.E.0 e1
s0
I can reachA.B.F.0 in 1 hopA.C.0.0 in 4 hops
I can reachA.C.0.0 in 2 hopsB.0.0.0 in 3 hops
Routing protocolupdates from
neighbor routers
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 180
Routing Protocols
A.B.C.0e0A.B.E.0 e1
s0
I can reachA.B.F.0 in ___ hopsA.C.0.0 in ___ hopsB.0.0.0 in ___ hopsA.B.E.0 in ___ hops
What would thisrouter then
advertise to anyother router in theA.B.C.0 network?
7/25/2019 Sect1 Network Functionality
46/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 181
Code To reach Forward out
C A.B.C.0 ethernet 0 interfaceC A.B.E.0 ethernet 1 interfaceR A.B.F.0 ethernet 1 interfaceR A.C.0.0 serial 0 interfaceR B.0.0.0 serial 0 interfaceS default serial 0 interface
Routing Table
e0e1
s0 Code C = directly connectedCode S = static entryCode R = routing protocol
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 182
Shortest-Path Spanning Tree Graph theory from Discrete Mathe-
matics gets heavy utilization innetworking
Each graph node (network router) isnot concerned with all edges . . . onlythe minimum set of edges that willprovide the shortest possible path toall other nodes (i.e., a shortest-pathspanning tree)
Superimposing trees on graphs alsoremoves loops !
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 183
I wanna be theroot of a
shortest-pathspanning tree
Actual physical connections with somedimensionless units ofrelative conge-stion 10
3
10
3
6
2
13
58
46
15
Shortest-Path Spanning Tree
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 184
Result of Dijkstra shortest path algorithmrun from the leftmostrouter 10
3
10
3
6
2
13
58
46 1
5
Cool !
Shortest-Path Spanning Tree
7/25/2019 Sect1 Network Functionality
47/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 185
4
6
3
103
1 2
Same logicaltopology physicallyre-oriented tolook like a
classical
tree
Shortest-Path Spanning Tree
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 186
Of course each router will create its ownshortest path spanning tree
10
3
10
3
6
2
13
58
4 61
5
Cool !
Shortest-Path Spanning Tree
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 187
The trees can be
broken
. . .
10
3
10
3
6
2
13
58
4 61
5
XUh oh!
Shortest-Path Spanning Tree
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 188
Events that may call for routing table(spanning tree) changes:
New link is added
Existing link is broken
Server farm is added to a network
Bandwidth-eating WORM
BW-hungry mux-media mux-casting app
Other congestion causing events
Etc.
Shortest-Path Spanning Tree
7/25/2019 Sect1 Network Functionality
48/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 189
Convergence Notification of a topology (or conges-
tion) change takes time to reach allaffected nodes of the network
_______________ = the process of allrouters
tables arriving at the same(correct) topological map of theinternetwork
___________ convergence is desired
During convergence, routers will fora period have an
inconsistent view
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 190
Bottom router has
computed a newspanning
treebutothersmay notbe aware ofthe change yet
Convergence
10
3
10
3
6
2
13
58
4 6
5X1
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 191
Routing Protocols
3 gen
l classes of routing protocolsDistance Vector (DV)
Link State (LS)
Path Vector (PV)
Another major classification isInterior Gateway Protocols (IGP), for
intra-autonomous system (AS) routing
Exterior Gateway Protocols (EGP), forinter-AS routing
AS = {routers} under common admin
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 192
IGP, EGP, and ASTwo autonomous systems(ASs), which internally usean IGP
AS border routers talkto one another usingan EGP
Most common EGP is
the Border GatewayProtocol (BGP)
7/25/2019 Sect1 Network Functionality
49/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 193
Autonomous System
?
The definition of AS has been unclear and ambiguous for sometime.The classic definition of an Autonomous System is a set ofrouters under a single technical administration, using an interiorgateway protocol and common metrics to route packets within
the AS, and using an exterior gateway protocol to route packetsto other ASes. Since this classic definition was developed, it hasbecome common for a single AS to use several interior gatewayprotocols and sometimes several sets of metrics within an AS.The use of the term Autonomous System here stresses the factthat, even when multiple IGPs and metrics are used, theadministration of an AS appears to other ASes to have a single
coherent interior routing plan and presents a consistent pictureof what networks are reachable through it.
- From RFC 1930
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 194
DV Routing Protocol Examples:
RIP (Routing Information Protocol)
IGRP (Interior Gateway Routing Prot.)
Aka Bellman-Ford-[Fulkerson] algo.
General characteristics:
Entire _______ is shared
Table shared with ________________ only
Table shared at scheduled intervals (~30 secs)whether or not a change has occurred
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 195
DV Routing Protocol
Knowledge of network info >1 hopaway is merely inferred
DV routing also called
______________________
Here
swhat Iknow
Here
swhat Iknow
Here
swhat Iknow
Periodicexchange of
routing tables
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 196
LS Routing Protocol
Aka Shortest-Path-First (SPF) algo.
Examples:
OSPF (Open Shortest Path First)
NLSP (Novell Link State Protocol)
General characteristics:
Only ___________ are shared (i.e., delta)
Deltas are shared with _____ routers in ASShared info is more detailed and provides
for construction of a global network view
7/25/2019 Sect1 Network Functionality
50/50
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 197
LS Routing Protocol All routers have global picture of entire
internetwork . . . not just the view fromthe neighbors
As you should guess this entails arelatively large amount of . . .
CPU processing (to build the initial map)
memory (to store map as a data structure)
Once built though, this global mapfacilitates rapid ________________!
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 198
LS Routing Protocol
X
A
B
C A
B
C
A C
AB linkjust went
down
D D
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH 199
Finished
Recommended