N10-007ExamObjectives(Domains)
• 1.0NetworkingConcepts 23%• 2.0Infrastructure 18%• 3.0NetworkOperations 17%• 4.0NetworkSecurity 20%• 5.0NetworkTroubleshootingandTools 22%Total 100%
1.0NetworkingConcepts• 1.1BasicNetworking• 1.2OSIModel• 1.3ProtocolsandPorts• 1.4Switching• 1.5Routing• 1.6AdvancedSwitchingandRoutingConcepts• 1.7IPAddressing• 1.8NetworkTypesandTopologies• 1.9WirelessTechnologies• 1.10SummarizeCloudConceptsandtheirPurposes• 1.11ExplaintheFunctionsofNetworkServices
1.0NetworkingConceptsObjectives
• Describebasicnetworking• Explaindevices,applications,protocols,andservicesattheirappropriateOSIlayers
• Explainthepurposesandusesofportsandprotocols• Explaintheconceptsandcharacteristicsofroutingandswitching• Givenascenario,configuretheappropriateIPaddressingcomponents• Compareandcontrastthecharacteristicsofnetworktopologies,typesandtechnologies
• Givenascenario,implementtheappropriatewirelesstechnologiesandconfigurations
• Twoormorecomputersconnectedtogether• Thecomputerscanbeanytypeofcomputingdevice• Theconnectioncanbewiredorwireless
WhatisaNetwork?
HowComputersCommunicateonaNetwork
BothSidesNeed:Applicationsthatwanttotalkto
eachotherCommonprotocol(language)
NetworkInterfacetoconnecttonetworkTransmissionMedia(wiredorwireless)
WhyHaveaNetwork?
• Sharedataandinformation• Remotecommunication• Shareresourcessuchasprinters,faxes,databases,andservices• Distributeacomputingworkload
• Sensor– Monitor• Client– Server• Multiplefacilitiesworkingtogether
• Costeffectivenessandreliability
BasicComponentsofNetworking
Host1 Host2
Usually,bothhostshaveapplicationsthatwanttocommunicate
App App
BasicComponentsofNetworking(cont’d)
Host1 Host2
Usually,bothhostshaveapplicationsthatwanttocommunicate
Butmostappsarenotdesignedtouseanetworkdirectly
App App
BasicComponentsofNetworking(cont’d)
Host1 Host2
Usually,bothhostshaveapplicationsthatwanttocommunicate
Butmostappsarenotdesignedtouseanetworkdirectly
Theyneedtheoperatingsystemwithitsnetworkingservicestohelpthem
App App
BasicComponentsofNetworking(cont’d)
Host1 Host2
Networkinghasthefollowingcomponents:
App AppApplicationsthatwanttocommunicate
BasicComponentsofNetworking(cont’d)
Host1 Host2
Networkinghasthefollowingcomponents:
App AppApplicationsthatwanttocommunicate
Protocol ProtocolAcommonlanguage(protocol)
BasicComponentsofNetworking(cont’d)
Host1 Host2
Networkinghasthefollowingcomponents:
App AppApplicationsthatwanttocommunicate
Protocol ProtocolAcommonlanguage(protocol)
NIC NICAnetworkinterface
BasicComponentsofNetworking(cont’d)
Host1 Host2
Networkinghasthefollowingcomponents:
App AppApplicationsthatwanttocommunicate
Protocol ProtocolAcommonlanguage(protocol)
NIC NICAnetworkinterface
Atransmissionmediatophysicallyconnectthem
BasicComponentsofNetworking(cont’d)
Host1 Host2
Let’slookatthisagain,withexamples
WebBrowser WebServerApplicationsthatwanttocommunicate
BasicComponentsofNetworking(cont’d)
Host1 Host2
WebBrowser WebServerApplicationsthatwanttocommunicate
TCP/IP TCP/IPAcommonlanguage(protocol)
Let’slookatthisagain,withexamples
BasicComponentsofNetworking(cont’d)
Host1 Host2
Networkinghasthefollowingcomponents:
WebBrowser WebServerApplicationsthatwanttocommunicate
TCP/IP TCP/IPAcommonlanguage(protocol)
IntelPro1000MB
IntelPro1000MB
Anetworkinterface
BasicComponentsofNetworking(cont’d)
Host1 Host2
Networkinghasthefollowingcomponents:
WebBrowser WebServerApplicationsthatwanttocommunicate
TCP/IP TCP/IPAcommonlanguage(protocol)
IntelPro1000MB
IntelPro1000MB
Anetworkinterface
Atransmissionmediatophysicallyconnectthem
CAT6cable
Client/Server
Host1 Host2
WebBrowser(Client)
WebServer(Server)
Clientinitiatestheconnection
ServerwaitsforclientstoconnectCanacceptorrejecttheconnectionattempt
Usuallyadedicated
computeractsastheserver
Hierarchical
Mainframe/MiniComputer
App“Dumb”terminals(screenandkeyboard/mouse)connecttoamainframeorminicomputer
Terminalshavenoprocessingpowerontheirown
Allprocessingandstorageisperformedonthecentralcomputer
1.2OSIModel
• Layer7– Application• Layer6– Presentation• Layer5– Session• Layer4– Transport• Layer3– Network• Layer2 – DataLink• Layer1- Physical
ISO/OSI– InternationalOrganizationforStandardization/OpenSystemsInterconnection
Physical
DataLink
Network
Transport
Session
Presentation
Application
1
2
3
4
5
6
7 Customer servicecounterforapptorequestnetworkservices
HTTP,HTTPS,FTP,TFTP,SMTP,POP3, IMAP4,SMB,NFS,RDP,LDAP,DNS,DHCP,SSH,Telnet,SNMP…
Bothsidesagreeoncommondataformat
Allencryption,multimediaformats,charactersets,encryption
Keepseparateconversationsseparate
Ports,namedpipes, NetBIOS,RPC
Establish,manage,teardownaconnection
TCP,UDP
Addlogicaladdress,choosethebestroute
IP,ICMP,IGMP
Formatthedatafortransmission,addphysicaladdress
LANandWANprotocols,ARP
Actuallytransmitpacketas1’sand0’s
Allphysicalandelectricalcharacteristicsofconnectorsandtransmissionmedia
Layer7– ApplicationLayer
• “Customerservicecounter”thatapplicationsusetorequestnetworkservices
• Usercantypicallyinteractatthislayer• Applicationsconnectbyspeakingalanguage(protocol)• CommonLayer7protocolsinclude:
• SMTP,POP3,IMAP,HTTP,HTTPS,RDP,DNS,DHCP,SMB,NFS,FTP,TFTP,Telnet,SSH,SIP,NTP,SNMP,LDAP,
• Atthislayerthedataiscalled“data”• Firewalls,proxies
Layer6– PresentationLayer
• Bothsidesnegotiateacommondataformat• Usermayormaynotbeabletointeractwiththislayer
• MightbepromptedtoinstallAdobeFlashPlayertowatchavideo• Commonformatsinclude:
• Multimediaformats– JPG,PNG,GIF,MP3,MP4,MKV,MOV,WAV,PDF…• Encryptionalgorithmandbitsize– DES,AES,MD5,SHA-1,160bit,128bit…• Compression– H.264,H.263,MPEG-4,MPEG-2,AAC,• Charactersets– ASCII,Unicode,EBCDIC
• Atthislayerthedataiscalled“data”• Firewalls
Layer5– SessionLayer
• Keepseparateconversationsseparate• Itisherethatahosthasthefirstconceptofcommunicatingwithanotherhost
• Usuallydonebyassigningports(sourceanddestination)toaconversation
• CanalsobeNetBIOSnamedpipesorUnixsockets• Atthislayerthedataiscalled“data”• Firewalls,packetfilteringrouters,multi-layerswitches• SOCKSproxies
Layer4– TransportLayer
• Pivotallayer– abstractsthemechanicsofthenetworkfromthehigherlayers
• Starts,manages,andtearsdownthesession• Firstlayertoencapsulatethedatawithaheader• TCP,UDP• Firewalls,packetfilteringrouters,multi-layerswitches
Layer4– TransportLayer(cont’d)
• TCP:• Breaksupdataintomanageablepiecesfortransmission• Addssequencenumberstoeachsegmentforreassemblyatotherend• Embedsthesourceanddestinationportsintoitsheader• Establishesthesessionwithahandshake• Provideserrorcorrectionandflowcontrolduringsession• Tearsdownsessionwithahandshake
• UDP:• Embedsthesourceanddestinationportsintoitsheader• Dependsontheapplicationforsessionestablishment,management,errorcorrection,flowcontrol,andteardown
Dataiscalleda“Segment”
Dataiscalleda“Datagram”
Layer3– NetworkLayer
• EncapsulatesLayer4payloadwithaLayer3header• Addsalogicaladdress(usuallyIPaddress)• Choosesthebestroute• IP,ICMP,IGMP• Routers,Firewalls,multi-layerswitches
Dataatthislateriscalleda“packet”
Layer2– DataLink
• Addsaphysicalsourceanddestinationaddress• EncapsulatesLayer3packetintoaframe• Formatstheframetobesuitablefortransmissionmedia• Checksincomingframesforerrors
• Discardsframesthatdonotpassasimplecyclicalredundancycheck(CRC)• Hastwosublayers:
• LogicalLinkControl(LLC)– describestheLayer3payload• MediaAccessControl(MAC)– putsonthephysicaladdresses
• ARP,Ethernet,TokenRing,PPP,HDLC,FrameRelay• Switches,bridges
Dataatthislateriscalleda“frame”
Layer1– PhysicalLayer
• Actualtransmissionoftheframeas1’sand0’s• Allelectricalandmechanicalaspectsofthetransmission• Includesconnectors,wiringtypes,wirelesstechnologies,baseband,broadband,modulation,speed,bandwidth,clockrate,voltages,frequencies,powerlevels…
• Hubs,repeaters,patchpanels,networkinterfacecards,RJ-45,STP,UTP,thicknet/thinnetcoax,CAT3/5/5e/6/6a/7,fiberoptic,2.4/5GHz,Wi-Fichannels,ZigBee,Z-Wave,infraredandotherwirelesstechnologies
Dataatthislayeriscalled“bits”
ProtocolDataUnit(PDU)
• Aspecificblockofinformationtransferredoveranetwork• ThistermisusedinreferencetotheOSImodel,describingdifferenttypesofdatathataretransferredateachlayer
• ThePDUforeachlayeroftheOSImodel:• Application=data• Presentation=data• Session=data• Transport=segment(TCP),datagram(UDP)• Network=packet• DataLink=frame• Physical=bit
1.3ProtocolsandPorts
• ProtocolsandPortsOverview• TransmissionControlProtocol(TCP)• UserDatagramProtocol(UDP)• InternetProtocol(IP)• InternetControlMessagingProtocol(ICMP)• InternetGroupMessaging Protocol(IGMP)• AddressResolutionProtocol(ARP)• Layer7RemoteControlProtocols• Layer7FileTransferProtocols• Layer7Messaging Protocols• Layer7WebTrafficProtocols• Layer7StreamingMediaProtocols• Layer7InfrastructureManagementProtocols
WhatisaProtocol?
• Setofrulesor“language”forcommunication• Canexistatanylevel/layerofnetworking• Ahostwilluseseveralprotocolstomakeaconnectiononthenetwork• Examples:
TCP,UDP,IP,HTTP,FTP,etc..
WhatisaPort?
• Anumberassignedbytheoperatingsystemtoaprocess(application)• Distinguishesoneapplicationfromanotheronthenetwork• Aserverapplication/servicelistensonaport
• Waitsforincomingclientconnectionsthatconnecttothatport• Thisway,evenifthesamehosthasmultipleconnectionstothesameserver,theservercandistinguishbetweenthedifferentconnections
WhatisaPort?(cont’d)
• AclientapplicationtemporarilyborrowsaportfromitsOStomaketheconnection
• PortisusuallygivenbacktotheOSwhentheclientapplicationnolongerneedsit• OSthenloanstheavailableporttoanotherappthatneedsit
• Typically,clientandserverportsinaconnectionarenotthesame• PortsaremostcommonlyusedbyTCPandUDP
• TCPorUPDcanhavemultiplesessions(connections)atthesametime• Portsidentifytheupperlayerprotocol(HTTP,FTP,Telnet,etc..)thatTCPorUDPiscarrying
• Portsareusedtohelptheoperatingsystemdeterminewhichservicetodelivernetworktrafficto
WhatisanIPAddress?
• Anumberthatacomputerordeviceusestoidentifyitselfonthenetwork
• Typically,eachnetworkinterfacecardonacomputerhasitsownIPaddress
• EachIPaddressmustbeuniqueonthenetworksothereisnoconflict• IPaddressesareanalogoustophonenumbersorstreetaddresses• Example:
192.168.1.1
WhatisaSocket?
• Asocketisaportthatisinuse• Itisacombinationofprotocol,IPaddress,andport• Thiscombinationuniquelyidentifiestheconnection• Example:
TCP 192.168.1.5:80
Protocol IPAddress Port
TCP/IPSuite
• Suite(collection)of6coreprotocols:• TCP,UDP,IP,ICMP,IGMP,ARP• AllbutARPhaveanIANAassignedprotocolnumber(protocolID)
• TherearemanyauxiliaryprotocolsattheotherOSIlayers(especiallyLayer7)
WhatisaConnection-OrientedProtocol?
• Attemptstoensurereliabilityandcompletenessoftransmission• Usesahandshaketocreateandendasession
• Likesendingregisteredmail• Keepstrackoftheconversation• Ensuresthattheothersideisresponding
• Istheothersideacknowledgingreceivedpackets?• Resendspacketsthatarenotacknowledged• Acknowledgementsandresendsaddoverheadaslowtheconversation
• Respondstorequestsfromtheotherside• Receiverinformssenderhowmanypacketsitcanreceiveatatime• Senderspeedsuporslowsdownthetransmissionrateaccordingly
• Usedwhenreliabilityismoreimportantthanperformance• Filetransfers,email,videoondemand
WhatisaConnection-lessProtocol?
• Makesnoattempttoensurecompletenessofthetransmission• Nohandshake
• Doesnotevenknoworcareiftherecipientisonlineoroffline• Likesendingpostcards
• Expectshigherlevelprotocolsortheapptorequestresendsifsomeofthedatadidnotarrive
• Assumeslostpacketsarenotimportantorwillbere-transmitted• Usedwhenperformanceismoreimportantthanreliability
• Real-timevoiceorvideo• DNSorSNMPqueries
Connection-OrientedvsConnectionless
Connection-Oriented ConnectionlessTCP UDP,IP,ICMP,IGMP,ARPHandshaketosetup/tear downsession NohandshakeFlowcontrol /errorcorrection Noflowcontrol/errorcorrection“Reliable” “Unreliable”or“besteffort”Focusonreceiving allthedata Focus onspeed/performanceUsed fordownloadingfilesincludingwebpages,emails,filetransfers,video-on-demand,remotecontrol
Usedforreal-timecommunicationsthataretime sensitive,and/orcantoleratesomelossVoIP andvideoconferences,SNMP,DNS,DHCP
TransmissionControlProtocol(TCP)
• Layer4host-to-hostprotocol• Providesreliable,connection-orientedcommunicationoverIPnetworksbetweentwoendpoints
• Attemptstoguaranteedelivery• Dataisbrokenintosmallersegmentswithsequence#s• Usesareceivewindow(slidingwindow)thattellssenderhowbigthereceiver’sbufferisfromsegmenttosegment
• PayloadoftheInternetProtocol(IP)• Embedssourceanddestinationportsinitsheader• Sessionestablishedbythree-wayhandshake(SYN– SYN/ACK– ACK)• Sessionclosedbyafour-wayhandshake(FIN-ACK-FIN-ACK)• ProtocolID6
UserDatagramProtocol(UDP)• TCP’s“LittleBrother”• Layer4connectionless(“unreliable”)protocol• Usedprimarilyforestablishinglow-latencyandlosstoleratingconnectionsbetweenapplicationsontheInternet
• LikeTCP,UPDembedssourceanddestinationportsinitsheaderandisapayloadofIP
• Thisprotocolsendsshortpacketsofdata,calleddatagrams• UDPisanidealprotocolfornetworkapplicationsinwhichlatencyiscriticalbutlossisnot
• gaming,real-timevoiceandvideo• SNMP,DNSqueriesandDHCP• Applicationsthatprovideforwarderrorcorrectiontechniquestoimproveaudioandvideoqualityinspiteofsomeloss
• ProtocolID17
InternetProtocol(IP)
• Networklayerconnectionlessprotocol• ThemethodbywhichdataissentfromonecomputertoanotherontheInternet
• EachcomputerorhostontheInternethasatleastoneIPaddressthatuniquelyidentifiesitfromallothercomputersontheInternet
• ThemostwidelyusedversionofIPv4.• However,IPVersion6(IPv6)useandsupportiscontinuingtogrowworld-wide
• IPv6allowslongeraddressingandvastimprovementoverIPv4
• ProtocolID4
InternetControlMessageProtocol(ICMP)• Anerror-reportingprotocolusedbynetworkdevices(e.g.routers)togenerateerrormessagesandmanagetrafficflow
• Layer3payloadofIP• AnyIPnetworkdevicecansendandreceiveICMPmessages• UsedbyPINGapplication• Hasmanymessagetypes/codesfordifferentpurposes:
• Echorequest• Echoreply• Destinationunreachable• Sourcequench• Redirect• Routersolicitation• Routeradvertisement• Timeexceeded
• ProtocolID1
ApplicationsthatUseICMP
• PING• AnapplicationthatusesICMPtoproveLayer3connectivity• NOTaprotocol– donotconfusewithICMP
• Traceroute• StreamofICMPechorequestsORUDPdatagramswithlimitedTTL• RouterthatdiscardstheexpiredpacketandsendsExpiredinTransitmessagewhileidentifyingitself
• Microsofttracerouteapplicationiscalledtracert
InternetGroupManagementProtocol(IGMP)
• Usedbyhoststonotifyroutersthattheyarestillinterestedinreceivingmulticastsfromupstreamserver
• ProtocolID2
AddressResolutionProtocol(ARP)
• UsedtomapMACaddressestoIPaddresses• SendsLayer2broadcast(FFFFFFFFFFFF)queryingalllisteningnodestoidentifywhichoneisusingthespecifiedIPaddress
• Mappingsaretemporarilystoredinthedevice’sARPcache• Doesnothaveanassignedprotocolnumber
Telnet
• Oldstyleremotecontrolprotocol• Providesclientwithacommandpromptonaremotedevice• TCPPort23• Alltransmissionsaresentandreceivedincleartext
R3#>
somecommand
SecureShell(SSH)• EncryptedreplacementforTelnet• Bothsidestradepublickeystoencryptthesession
• MostSSHapplicationscancreatetheirownpublic/privatekeypair
• AlsoincludesSecureCopy(SCP)andsecureFTP(SFTP)• AlsoknownasSecureSocketShell• TCPport22
R3#>
“#@^x.&$”
RemoteDesktopProtocol(RDP)
• Usedtointeractwiththedesktopofaremotecomputer• ChosenbyMicrosoftforitsTerminalServices• Clientsendskeystrokesandmouseclickstoserver• Serversendsbackscreenvideo• Computingactuallyhappensontheserver• Printer,speakers,drives,andfilesharescanbemappedbetweentheclientandserver
• TCP3389• Youhavedifferentchoicesforencryptionandcompression
ServerMessageBlock(SMB)
• MicrosoftFileandPrintprotocol• OriginallyTCP139usingNetBIOSoverTCP/IP• UpdatedasCommonInternetFileSystem(CIFS)TCP445• NowreferredtoasSMB3.0TCP445• Subjecttomanyexploitsincluding:
• EternalBlue• WannaCryransomware
FileTransferProtocol
• TCP21=commandport• TCP20=dataport• Requiresusertoauthenticate• Alltransmissionsareincleartext• ActiveMode:
• Clienttellstheserverwhatportit’susing• Theserverstartsthedataconnectioninaseparatesession• Theclient’sfirewallmayinterpretthatconnectionattemptasanunauthorizedoutsideconnectionandblocktheserver’sdataconnection
• PassiveMode:• Theclientstartsthedataconnectioninaseparatesession• Theclient’sfirewallnotestheclient’soutboundconnection,andpermitstheserver’sinboundresponse
FTPHandshake
SERVER SERVERCLIENT CLIENT
20Data
21Cmd
20Data
21Cmd
1026Cmd
1027Data
1026Cmd
1027Data
2024Data
ActiveFTP PassiveFTP
1
2
3
4
1
2
3
4
TrivialFileTransferProtocol(TFTP)
• UDPport69• SimplifiedversionofFTP• Noauthentication• Alltransmissionsareincleartext• Oftenusedtosave/loadrouterandswitchoperatingsystems,updates,andconfigurationfiles
• BecauseitusesUDPwithnoflowcontrolorerrorchecking,itisnotwellsuitedtocrossmultipleroutersortraversemanynetworksegments
SecureFileTransferProtocol(SFTP)
• SecureFileTransferProtocolisalsocalledSSHFileTransferProtocol• Encryptsthefiletransfer• Isanetworkprotocolforaccessing,transferringandmanagingfilesonremotesystems
• Requiresthattheclientbeauthenticatedbytheserver• Allowsbusinessestosecurelytransferbillingdata,fundsanddatarecoveryfiles
• RunsonTCPport22aspartoftheSSHsuite• Youcanchangetheportifdesired
EmailProcess
ABC.com Email Server
ABC.com Email Client
ABC email client sends email message to
abc.com email server
MX company.com = mail
192.168.1.52 mail.company.com
XYZ.com DNS Server
XYZ.com Email Server
XYZ.com Email Client
SMTP
ABC email server sends email message to XYZ email server
MailboxDatabase
XYZ email client retrieves email
message from its mailbox
SimpleMailTransferProtocol(SMTP)
• Internet(TCP/IP)standardforelectronicmail(email)transmission• Transmissionsareincleartext• Usedforsendingemail
• Clienttoserver• Servertoserver
• TCPport25(IANAalsoallocatedUDP25butit’snotusedtoday)• Hasencryptedversions(SMTPusingSSL):
• TCPport587• TCPport465(legacy)
PostOfficeProtocol(POP3)
• OneofthemostcommonlyusedInternetmailprotocolsforretrievingemailsfromaserverbyalocalclient
• Supportedbyallmodernemailclientsandwebservers• Allowsyoutodownloademailmessagesonyourlocalcomputerandreadthemevenwhenyouareoffline
• Messagesaredownloadedlocallyandremovedfromtheemailserver
• POP3protocolworksontwoports:• Port110isthedefaultPOP3cleartextnon-encryptedport• Port995usesSSL/TLSencryptedsecureport
InternetMessageAccessProtocol(IMAP4)
• Amailprotocolusedforaccessingemailonaremotewebserverfromalocalclient
• IMAPisoneofthemostcommonlyusedInternetmailprotocolsforretrievingemails
• Supportedbyallmodernemailclientsandwebservers• MessagesstayonEmailserver• AllowsinteractivesessionwithEmailserver
• IMAPallowssimultaneousaccessbymultipleclients• Suitableifauserisgoingtoaccessemailfromdifferentlocationsorbymultipleusers
• TCP143(cleartext)• IMAP4/SSLusesTCP993
HyperTextTransferProtocol(HTTP)
• Usedtocarrywebtraffic• TCP80• Itisstateless,whichmeansitdoesn’tattempttorememberanythingaboutthepreviousWebsession
• Transmissionsareincleartext;isnotsecurefortransactions• Hasthefollowingrequests:GET,POST,PUT,HEAD,DELETE,OPTIONS
UniformResourceLocator(URL)
• Usedtouniquelyidentifyaresourceovertheweb• Hasthefollowingsyntax:
protocol://hostname:port/path-and-file-namehttp://www.company123.com/docs/index.htmlhttp://extranet.company123.com:8888/login.aspx
• Protocol:Theapplication-levelprotocolusedbytheclientandserver• HTTP,HTTPS,FTP,etc..
• Hostname:TheDNSdomainname• www.company123.com• IPaddress(e.g.,192.128.1.2)oftheserver
• Port:TheTCPportnumberthattheserverislisteningforincomingrequestsfromtheclients(typically80or443)
• Path-and-file-name:Thenameandlocationoftherequestedresource,undertheserverdocumentbasedirectory.
HyperTextTransferProtocolSecure(HTTPS)
• EncryptedversionofHTTP• TCP443• UsesSecureSocketsLayer(SSL)toencryptdata• Stateless(likeHTTP)• ShouldnotbeconfusedwithSSL
SessionInitiationProtocol(SIP)
• Establishes,manages,tearsdownVoice-over-IP(VoIP)callsandmultimediaconferences
• TheSIPprotocolisamemberoftheVOIPProtocolFamily• TCPandUDP5060(unencrypted)and5061(TLSencrypted)
H.323
• RecommendationfromtheITUTelecommunicationStandardizationSector(ITU-T)
• Definestheprotocolstoprovideaudio-visualcommunicationsessionsonanypacketnetwork
• TCPport1720isusedbytheH.323teleconferencingprotocol(mostcommonlyencounteredinMicrosoftNetMeeting)duringcallsetupnegotiation
• OtherportsusedbyH.323:• 1718– Gatekeeperdiscovery(UDP)• 1719– GatekeeperRAS(UDP)• 1720– H.323Callsetup(TCP)• 1731– AudioCallcontrol(TCP)
DynamicHostConfigurationProtocol(DHCP)
• AnautomatedwaytoassignIPaddressestohostsonanetwork• ClientsrequestanIPaddressfromanylisteningDHCPserver• DHCPserverhaspre-configuredpoolofavailableIPaddresses• Serverleasesanaddressforalimitedtimetotheclient• DHCPisbasedontheearlierBOOTPprotocol• Communicationsarebybroadcastincleartextwithnoauthentication• UDP67isthedestinationportofaserver• UDP68isusedbytheclient
DomainNameSystem(DNS)
• Ahierarchicaldecentralizednamingsystemforcomputers,services,orotherresourcesconnectedtotheInternetoraprivatenetwork
• Usedforhumanconvenience• MapsfriendlynamestoIPaddresses• UsesUDPandTCPport53
• UDPforqueries• TCPforzonetransfers(replication)betweenservers
DomainNameSystem(DNS)(cont’d)
• Transmissionsareincleartext• RecordsarestoredonDNSservers• Serversareorganizedhierarchically:
• Rootservers,topleveldomainservers,nameservers
• Typesofrecords– A,AAAA,CNAME,MX,PTR,NS,SOA,SRV,TXT,andothers
• DNSSEC– accompanyingdigitalsignaturesverifyauthenticityofrecords
SimpleNetworkManagementProtocol(SNMP)• Usedtomonitorandmanagedevicesonnetworks• SNMPmanagerusesamanagementinformationbase(MIB)toaskanagentserviceondevices/servers/servicesabouttheircurrentstatus
• UDP161formanagerqueriesandagentreplies• UDP161fordeviceagentsto“raisetraps”(sendpre-configuredalerts)tothemanager
• Themanagerneedstousethesamecommunitystringasthedevice• Averysimpleauthenticationmechanism• Mostsystemsusebothpublicandprivatecommunitystrings
• v1,v2,v2carecleartext• v3isencrypted
NetworkTimeProtocol(NTP)
• Widelydeployedtimesynchronizationservice• UDP123• TheNTPserver(hopefully)hastheprecisetime(probablyobtaineddirectlyfromanatomicclock)
• Sentincleartext• OftenusedinActiveDirectorydomainstosynchronizeinternalserverclockstoanexternalauthoritativesource
• Securityconcerns;Man-in-the-middle,DDoS,stackoverflows
SimpleNetworkTimeProtocol(SNTP)
• AlesscompleximplementationofNTP• Usesthesameprotocolbutwithoutrequiringthestorageofstateoverextendedperiodsoftime
LightweightDirectoryAccessProtocol(LDAP)
• Searchandcopydatafromdirectoryservices• ItisalightweightversionofX.500(DirectoryAccessProtocol)• TCP389• Openstandard• Quiteversatiledeployedbymanyproducts&businesstypes:
• DirectoryservicessuchasMicrosoftActiveDirectory• Telecommunications,finance,manufacturing,retail,education,andgovernment
• Providesdatastorage,scalability,highavailability,disasterrecovery,logging
LightweightDirectoryAccessProtocolSecure(LDAPS)• LDAPoverSSL• TCP636• Providesadditionalsecuritybysupporting:
• Automaticallyencodingpasswordswithone-waydigestsorencryption• ExtensibleauthenticationviatheSASLframework,certificates,Kerberostickets,multi-factor
• Passwordpolicyfeatureslikepasswordexpiration,passwordqualityvalidation,andaccountlockoutfromtoomanyfailedattempts
• Fine-grainedaccesscontrolthatcanimposerestrictionsonthedatathatisavailabletovariousclassesofusers
• Openstandard
1.4Switching
• Packet-switchedvs.Circuit-switchedNetwork• PropertiesofNetworkTraffic• ContentionManagement• InterfacePropertiesandSegmentation• Switching• SwitchingLoopManagement• VLANs
Circuit-SwitchedNetwork
• Oldtelephonesystem• AkaPSTNorPOTS
• Onceconnectionisestablished,thecircuitisyoursanddoesnotchangeuntilyouhangup
• Connectionisdedicatedandinuseevenifnoonespeaks/nodataisbeingtransmitted
Packet-SwitchedNetwork
• Voiceordataissentinpacketsthroughprovider’scloud• Trafficwillflowthroughdifferentrouters/switchesdependingonmomentaryconditions
• Nowastedbandwidth- morepacketscanbeplacedontothenetwork• Requiresgoodtrafficmanagementforcallqualitytobeacceptable
Addressing
• Everypacketmusthaveasourceanddestinationaddress• Layer2Addressing
• Identifiesanodeonalocalnetworksegment• TypicallyaMACaddress• Usedtogetapacketacrossalocalsegmenttothenexthop• Changeswitheachnewnetworksegment
• Layer3Addressing• Identifiesanodeacrosstheentirenetwork• TypicallyanIPaddress• Remainsconstantacrossthepacket’sentirejourney
• Exception:itmightbetranslatedbetweenpublicandprivatenetworks
Unicast• Onesenderà onereceiver• Aone-to-onetransmissionfromonepointinthenetworktoanotherpoint
• Eachpointisidentifiedbyanaddress• TherearebothLayer2andLayer3unicastaddresses
Broadcast
• Onesenderà Everyonereceives• Thescopeofthebroadcastislimitedtoabroadcastdomain• Theoppositeofaunicast• Broadcastingislargelyconfinedtolocalareanetwork(LAN)technologies
• Ethernetandtokenringareexamples• IPv4Layer3broadcastaddress=255.255.255.255• Layer2broadcastMACaddress=FFFFFFFFFFFF• IPv6doesnotsupportbroadcasting
• Thesameresultcanbeachievedbysendingapackettothelink-localallnodesmulticastaddress
Multicast• Onesenderàmultiplereceivers• Receiversmust“tunein”tothemulticastasit’sbeingtransmitted• IPmulticastisabandwidth-conservingtechnology• Reducestrafficbysimultaneouslydeliveringasinglestreamofinformationtopotentiallythousandsofcorporaterecipientsandhomes
• Applicationsthattakeadvantageofmulticastincludevideoconferencing,corporatecommunications,distancelearning,anddistributionofsoftware,stockquotes,andnews
• IGMPisusedtodynamicallyregisterindividualhostsinamulticastgrouponaparticularLAN
• HostsidentifygroupmembershipsbysendingIGMPmessagestotheirlocalmulticastrouter
• IPv4MulticastaddressrangeassignedbyIANAis224.0.0.0– 239.255.255.255• IPv6includesmulticast(alongwithanycastandunicast)asapackettype
TransmissionModeMode Transmission
DirectionExample Comment
Simplex Onewayonly TVorradiobroadcast
Notusedonamodernnetwork
Half duplex Transmitterstaketurns
Hub,coaxbus LikeawalkietalkieNetworktrafficcanchangedirectiononthesamepathway
Fullduplex Bothsidessimultaneouslytransmitandreceive
Switch portinfullduplexmode
Likeatelephone.Requirestwopathways(eithertwowiresortworadiofrequencies)
WhatisNetworkContention?
• Multiplenodestrytousethenetworkatthesametime• Contentionleadstocollisions• Contentionneedstobemanaged
CSMA/CD
• CarrierSenseMultipleAccesswithCollisionDetection• TheLANaccessmethodusedinEthernetnetworks• Whenadevicewantstogainaccesstothenetwork,itcheckstoseeifthenetworkisfree
• Networkisnotfree,thedevicewaitsarandomamountoftimebeforeretrying
• Networkisfreeandtwodevicesaccessthelineatexactlythesametime,theirsignalscollideandbothstopandwaitarandomamountoftimebeforeretrying
• Whenthelineisfreethatlasttransmissionisresent
CSMA/CA
• CarrierSenseMultipleAccesswithCollisionAvoidance• MostlyusedonWi-Finetworkstoday
• HistoricallyusedonAppleTalknetworks
• WirelessAccessPointpollseachdevice(roundrobin)toseeifit’sreadytotransmit
• Ifthereisacollision,CSMA/CAdoesnotdealwithrecovery,itwaitsforthelinetobefree
CollisionDomain
• Anetworksegmentwherecollisionscanoccur:• Hub• Coaxbus
• Acollision occurswhentwodevicessendaframeatthesametimeonthesamenetworksegment
• Ifframescollidebothdevicesmustsendtheframesagain• Veryinefficientonacontention-basednetworklikeEthernet• Switchportsdividethenetworksegmentintocollisiondomains
BroadcastDomain
• AnetworksegmentwhereLayer2(ARP)broadcastsareallowedtopropagate
• IncludesallswitchportsinasingleVLAN• Evenacrossmultipleswitches• SwitcheswillpropagateARPsacrosstrunklinksandnon-trunkingsimpleuplinks
• RoutersandVLANsdividethesegmentintobroadcastdomains
Activity1.4.1– CreatingCollisionandBroadcastDomains• Let’sseehowtomanagetrafficthroughtheuseofcollisiondomainsandbroadcastdomains
InterfaceProperties
• Anetworkinterfacecard(NIC)shouldhaveatleastoneaddress• Typicallyaphysical(MAC)address• TheMACaddressisusuallyburnedintotheNIC’sfirmware• CanbetemporarilychangedbytheOS(usuallyforspoofingpurposes)
• Canalsohavealogical(IP)addressassignedtoit• WillbesuitedtoaspecificmediatypeandLayer2framing
• OnaLAN,usuallyEthernetorWi-Fi• IncludestheMTUofthatsegment
• Theinterfacewillhaveaspecificspeedandduplex• Mighthavetobemanuallyconfigured• Usuallycanbeauto-negotiated
MaximumTransmissionUnit(MTU)• Largestsizepacketorframethatcanbetransmittedonanetworksegment
• TCPusestheMTUtodeterminethemaximumsizeofeachpacketinanytransmission
• ToolargeanMTUsizemaymeanretransmissionsifthepacketencountersarouterthatcan'thandlethatlargeapacket
• ToosmallanMTUsizemeansrelativelymoreheaderoverheadandmoreacknowledgementsthathavetobesentandhandled
• MostLayer2protocolshaveadefaultMTU• Ethernetis1500bytes• DialupPPPis296bytes• MostsynchronousserialWANprotocolsare1500bytes
NetworkSegment
• Generaltermthatdescribesonediscretepartofanetworkwheretransmissionsoccurfreelyinanunmanagedway
• Hub• Coaxbus
• Collisionscanhappenonasegment• Thetransmissionmediaisusuallythesame
• Wired• Wireless
• Segmentsareusuallyconnectedtogetherby:• Bridge• Switch• Router
Repeater
• Adevicethatretransmitsasignal• Extendstheusefullengthoftransmissionmedium
• TraditionallyusedtoextendacoaxialbussegmentonanEthernetnetwork• Cannowextendtwistedpaircable• CanalsoextendthelengthofPoweroverEthernet(PoE)ontwistedpair
• Makesnodistinctionbetweengarbageandgoodtraffic• 5-4-3rule
Hub
• Amultiportrepeater• Createsabasicnetworksegment• MosthubsareEthernet• Mayhavedifferentporttypes
• MultipleRJ-45jacksinfront• BNCconnectorforThinnetcoaxinback
• Allhubports(ofthesametype)arepartofasinglesegment• Allhubportsarepartofthesamecollisiondomain• Hubsarehalf-duplexbynature• Today,theword“hub”isusedmoretorefertoaUSBhub
Switch
• AhardwaredevicethatmakesforwardingdecisionsbasedonLayer2(MAC)addresses
• Micro-segmentsabasicsegment• Eachswitchportbecomesasegment• Nocollisionsifthereisonlyonenodeperport
• Mostswitcheshavehighportdensity(alotofports)• TheswitchbuildsatemporarytablethatmapsMACaddressestoitsports
• Oldersoftware-basedswitcheswerecalled“bridges”• (“bridge”canalsorefertoanydevicethatconnectsdissimilarnetworksegmentssuchaswiredandwireless)
Layer2Addressing
• Aphysicaladdress“burnedinto”theNIC• Specifictothatnetworksegmentonly• Eachframewillhaveasourceanddestinationaddress• UsuallyaMACaddress
• 48-bit(12hexadecimalnumbers)physicaladdress• aaaa.bbbb.ccccaa:aa:bb:bb:cc:cc• Aka“burnedinaddress”or“physicaladdress”
• Canbeviewedusingthefollowingcommands:• Windows:ipconfig/all• Linux:ifconfig-a• Cisco:showinterface
MediaAccessControl(MAC)AddressTable
• UsedbyaswitchtomapMACaddressestoitsports• SwitchconsultsitsMACtabletodeterminewhichporttorepeataframeoutof
• Sometimesalsocalleda“CAM”(contentaddressablememory)table• NottobeconfusedwithanARPcache• OnaCiscoswitch,youcanviewtheMACtablebyenteringthefollowingcommand:
show mac-address-table
CiscoSwitchingHierarchy
• Threelayermodel• Core
• High-speedbackbone
• Distribution• Trafficaggregation• ACLsandVLANrouting
• Access• Enddevicesplugin
PortMirroring
• Aswitchconfigurationthatcopiesallframesfromtheswitch’sbackplanetoaspecificport
• UsuallyyoupluganSNMPmanagerorothermonitoringdeviceintothemirroredport
• Thedevicecanthenreceivealltrafficthatcrossestheswitch• Portmirroringisalsoknownasswitchedportanalyzer(SPAN)androvinganalysisport(RAP)
• PortmirroringisimplementedinLANs,WLANs,andVLANsformonitoringandtroubleshootingpurposes
• Notallswitchessupportportmirroring• Multiplevendorsoffermonitoringsoftware
PoweroverEthernetPoEandPoE+(802.3af,802.3at)• Describesanyofseveralstandardorad-hocsystemswhichpasselectricpoweralongwithdataontwistedpairEthernetcabling
• Themaindifferencebetweenthe802.3af(PoE)and802.3at(PoE+)standardsisthemaximumamountofpowertheyprovideoverCat5cabling
• 802.3afmax=15.4watts• 802.3at(PoE+)=25.5watts
SwitchingLoop• Occursonanetworkwhenthereisaredundantlinkbetweenswitches
• Switchesbytheirnaturefloodbroadcasts,multicasts,andunknownunicastsoutallports(excepttheportitwasreceivedon)
• Loopscausebroadcaststorms:1. AhostsendsaLayer2broadcast(suchasanARPorDHCPdiscover)2. Theswitchrepeatsthebroadcastoutallotherports,includingthe
redundantlinktotheotherswitch3. Theotherswitchinturnrepeatsthebroadcastoutallitsports,includingthe
firstlinktothefirstswitch4. Theprocessrepeatsendlessly
SpanningTreeProtocol(STP)
• IEEE802.1d• Switchesself-organizetoidentifyredundantlinks• Switcheselecta“RootBridge”asafocalpoint
• SwitchwiththelowestBridgePriorityand/orMACaddresswinselection• TheRootsendsoutRootBridgeProtocolDataUnits(RootBPDUs)whichareforwardedbyallotherswitchesoutallotherports
• IfaswitchreceivesthesameRootBPDUfromtwoormoredifferentports,itknowsthereisaredundancy
• Redundantlinksareputinablockingstate• Adminconfiguredportpriority(lowerisbetter)• Linkspeed(fasterisbetter)• Portnumber(lowerisbetter)
VirtualLocalAreaNetwork(VLAN)
• Groupingofswitchportstocreateaseparatenetworksegment• Generallyusedforsecurityortrafficmanagement• Typicallyusedtoseparatedepartments,rooms,devicetypes,orsecuritylevels• YoucreatetheVLANontheswitch,thenaddphysicalportstotheVLAN• SwitchportsgenerallyonlybelongtooneVLANatatime
• Exception:whenanIPphoneconnectstothenetworkthroughaPC• SwitchporthasoneVLANforthephone,oneVLANforthePC
• Initially,allswitchportsareinthesamedefaultVLAN(usuallyVLAN1)• IfyouconfigureaporttojoinaparticularVLANandthenunjointheport,itrevertsbacktothedefaultVLAN
• IfyoudeletetheVLANwithoutunjoiningtheportsfromit,thoseportsbecome“orphaned”and(usually)gointoablockingstate
• theystopforwardingtraffic
GLASS-CORE10.1.2.2
PVST+Spanning-TreeRootforAllVLANs
DSW-G-110.1.2.3 DSW-G-2
10.1.2.4
DSW-1-110.1.2.5
DSW-1-210.1.2.6
DSW-2-110.1.2.7
DSW-2-210.1.2.8
SW-ACCOUNTING10.1.2.16
ASW-G-110.1.2.9
ASW-G-210.1.2.12
ASW-1-110.1.2.11 ASW-2-1
10.1.2.13ASW-2-210.1.2.14
Gi1/0/50,52Gi1/0/50,52
Gi1/0/45-46Gi1/0/23-24
Gi1/0/33,35Gi1/0/23,24
Gi1/0/40,52
Gi1/0/48,52
Gi1/0/51-52Gi1/0/25-26
CAMPUSVLANandSPANNING-TREECONFIGURATION
ASW-G-310.1.2.10
Gi1/0/23,24
Gi1/0/38,40
AllVLANs
VLAN1– 99DSW-G-1=Root
Secondary
VLAN100- 130DSW-1-1=
RootSecondary
VLAN140- 180DSW-1-2=
RootSecondary
VLAN200- 230DSW-2-1=
RootSecondary
VLAN240- 280DSW-2-2=
RootSecondary
PVST+ROOTforALLVLANs=CORE
ROOTSECONDARIESPERVLAN:1– 99=DSW-G-1100– 130=DSW-1-1140– 180=DSW-1-2200– 230=DSW-2-1240– 280=DSW-2-2
NOTE:ExceptforVLAN2,allVLANinterfacesresideinCORE
ALLswitcheshaveaVLAN2interfacefordevicemanagement
VLAN VLANINTERFACE
SubnetID DESCRIPTION– GROUND FLOOR
1 192.168.1.1 192.168.1.0/24 Production(adminarea)
2 10.1.2.2 10.1.2.0/24 Switchmanagement
4 192.168.4.1 192.168.4.0/24 Cameras
5 10.1.5.1 10.1.5.0/24 Phones
6 10.1.6.1 10.1.6.0/24 Access PointManagement
7 172.16.0.1 172.16.0.0/20 STUDENTWLAN
8 172.16.16.1 172.16.16.0/24 STAFFWLAN
9 10.1.9.1 10.1.9.0/24 ClassroomManagement
41 10.1.41.1 10.1.41.0/24 AcademicOffices
42 10.1.42.1 10.1.42.0/24 Library
VLAN VLANINTERFACE
SubnetID DESCRIPTION– FIRSTFLOOR
100 10.1.100.1 10.1.100.0/24 Classroom LAB100
110 10.1.110.1 10.1.110.0/24 Classroom110
120 10.1.120.1 10.1.120.0/24 Classroom120
130 10.1.130.1 10.1.130.0/24 ClassroomLAB130
140 10.1.140.1 10.1.140.0/24 Classroom140
150 10.1.150.1 10.1.150.0/24 Classroom150
160 10.1.160.1 10.1.160.0/24 Classroom160
170 10.1.170.1 10.1.170.0/24 Classroom170
180 10.1.180.1 10.1.180.0/24 Classroom180
VLAN VLANINTERFACE
SubnetID DESCRIPTION– SECONDFLOOR
200 10.1.200.1 10.1.200.0/24 Classroom LAB200
210 10.1.210.1 10.1.210.0/24 Classroom210
220 10.1.220.1 10.1.220.0/24 Classroom220
230 10.1.230.1 10.1.230.0/24 ClassroomLAB230
240 10.1.240.1 10.1.240.0/24 Classroom240
250 10.1.250.1 10.1.250.0/24 Classroom250
160 10.1.251.1 10.1.251.0/24 Classroom260
170 10.1.252.1 10.1.252.0/24 Classroom170
180 10.1.253.1 10.1.253.0/24 Classroom180
Trunking(802.1q)
• VLANscanbeextendedtootherswitchesviatrunklinks• TrunklinkscarrytrafficfromallVLANsfromoneswitchtoanother
• AbroadcastinaVLANwillextendacrossthetrunklinktoallswitchesandtheirportsthatusethatVLAN
• IEEE802.1QisthemostcommonprotocolforcarryingallVLANtrafficfromoneswitchtoanother
• 802.1QVLANframesaredistinguishedfromordinaryEthernetframes• 4-byteVLANtagisinsertedintotheEthernetheader
TaggingandUntaggingPorts
• AtagidentifieswhichVLANaparticularframebelongsto• Portsthatcomputers,phones,andenddevicesarepluggedintodonottagtheirframes
• TheenddeviceshavenoknowledgeoftheVLAN
• TagsareonlymeaningfulonatrunklinkthatcarriestrafficfromallVLANsbetweentwoswitches
• DefaultVLAN1trafficisuntagged(per802.1q)• AllotherVLANtrafficistaggedsothereceivingswitchknowswhichVLANtheframebelongsto
AddressResolutionProtocol(ARP)
• Layer2protocol• MapsIPaddressestophysical(MAC)addresses• UsesLayer2broadcaststoqueryalllisteningdevicestoseewho“owns”aparticularIPaddress
• ArequirementonEthernetandWi-Finetworks• TheARPcacheisatemporarylist(inRAM)oftheseMACtoIPmappings
• Entrieswillageoutinafewminutesifnotused
IPAddress
• Layer3address• Logicaladdress
• Notburnedintothehardware• Caneasilybechangedorspoofed
• Uniquelyidentifiesanodeonanetwork• Cannotbeduplicatedonthesamenetwork• AnodewithaduplicateIPaddresswilldisplayanerrorandbeunabletogetonthenetwork
• Anodecanhavean:• IPv4address(example:192.168.1.17)• IPv6address(example:2600:1700:b170:2380::23• Both
SubnetMask
• A32- or128-bitnumberthatdividesanIPaddressintotwoparts:• Network• Host
• Aseriesofcontiguous1’sthatabruptlyend,followedby0’s• ThatdividinglineiswhatdividestheIPaddressintonetwork|host• NetworkIDfallsunderthe1’s|HostIDfallsunderthe0’s
• Usedbyanodetomakeadecision:• Isthedestinationonthesamenetworkasme?• Ifso,ARPtofindthedestinationMACaddressandthensendthepackettothedestination
• Ifnot,sendthepackettothedefaultgatewayforfurtherdelivery
ClassfulSubnetMasksinDifferentNotations
11111111.00000000.00000000.00000000=255.0.0.0=/811111111.11111111.00000000.00000000=255.255.0.0=/1611111111.11111111.11111111.00000000=255.255.255.0=/24
DefaultGateway
• Theexitpointforonenetworktoconnecttoothernetworks• Typicallyaninterfaceonthelocalrouter• Computersandothernetworkdevicessenddatathatisboundforothernetworkstothedefaultgateway
• Thedefaultgatewaymustknowwhattodowiththepacket• Deliverittoahostononeofitssegments• Relayittoanotherrouterfordelivery
Router• AdevicethatmakesforwardingdecisionsbasedonLayer3(IP)addresses
• Canbehardwareorsoftwarebased• Canconnectmanytypesofnetworksegmentsandmediatypes• Therouterbuildsaroutetabletodeterminethebestpath(interface)tosendthepacketoutof
Router(cont’d)
• Therouterwillreplaceorre-writethepacket’sLayer2headerasthepacketmovesfromonenetworktypetoanother.Examples:
• Ethernetà Ethernet• Ethernetà PPP• Framerelayà HDLC
• Therouterthatconnectsanetworksegmenttotheoutsideworldiscalledthe“defaultgateway”
WhatisRouting?
• Themovementofpacketsbetweennetworks• Performedbyrouters• Routersmustknowwhattodowithapacket
• Musthaveanentryfortherouteinitsroutetable• ORmusthaveadefaultroute• Ifneitherexists,therouterwilldropthepacketandsendanICMPunreachablemessagetothesender
IPPacketFragmentation• RoutersusuallyfragmentIPpacketsthatexceedtheMTUofthenextsegment
• Fragmentedpacketsarereassembledbythefinalreceivinghost• OneformofDenial-of-Serviceistocraftfragmentedpacketsthatcannotbereassembled
• AnIPpacketcanhavea“Don’tfragment”flagraisedinitsheader• Inthatcase,anoversizedIPpacketisdroppedbytherouter
RoutedvsRoutingProtocols
• Routedprotocols=theactualusertraffic• Example:IP
• Routingprotocols=thelanguageroutersusetocompareandupdateeachother’sroutetables
• Processisdynamic• Aroutercanusemorethanoneroutingprotocolsforcompatibility• Canbean:
• interiorgatewayprotocol(IGP)forprivateinternalnetworks• exteriorgatewayprotocol(EGP)forpublicexternalnetworks(Internet)
• Example:RIP,OSPF,EIGRP,BGP• CanbeusedinbothIPv4andIPv6
StaticRouting
• Administratormanuallyentersroutesintotherouter• Onlyusefulifyouhaveveryfewrouteswithnoredundancy• Benefits
• Lessprocessingandlessresourcesascomparedtodynamicrouting• Lessbandwidthrequirementusedbydynamicrouting• Extrasecuritybecausemanuallyadmittingorrejectingrouting
• Disadvantages• Needtoknowthecompletenetworktopologyverywellinordertoconfigureroutescorrectly
• Topologychangesneedmanualadjustmenttoallroutersthingwhichisverytimeconsuming
DynamicRouting
• Routersuseroutingprotocolstolearnaboutdistantroutes• Eachrouterlearnsaboutthenetworksthatotherroutersareconnectedto
• Whennewnetworksareaddedorremoved,theroutersupdateeachother
DefaultRouting
• Thereisonlyonepossibleexitforthetraffictotake• Ahostcanspecifyitslocalrouter(defaultgateway)• Aroutercanspecifyanupstreamrouter
VLANRouting
• BecauseeachVLANhasitsownsubnet,routerscanroutebetweenVLANS
• VLANroutingcanbedonethefollowingways:• TherouterhasphysicalconnectionstoeachVLAN• Therouterinterfaceisconfiguredasatrunkport,dividedintosub-interfaces(oneforeachVLAN)
• Therouterisactuallyasoftwareprocessinsideamultilayerswitch• YouneedtocreateaVLANinterfaceforeachVLANthatneedstoberouted• EachVLANinterfacemustbeconfiguredwithanIPaddress,asthedefaultgatewayforthatVLAN
• AlldevicesontheVLANareconfiguredtousethatVLANinterfaceastheirdefaultgateway
RouterOnAStick
• SomeroutersallowtheirFastEthernetporttobeconfiguredasaVLANtrunklink
• Thephysicalinterfaceis“divided”intomultiplelogicalsub-interfaces• Eachsub-interfacebecomesthedefaultgatewayforthatVLAN• Theroutersendstheframebacktotheswitchonthesamelink,butnowwiththetagofthedestinationVLAN
• Thisconfigurationisknownas“routeronastick”
NetworkAddressTranslation(NAT)• AroutermighthavetotranslateprivateIPaddressestopublicIPaddressesbeforeroutingapackettotheInternet
• NATtranslatesIPaddressesonaninternalnetworktoIPaddressesonanexternalnetwork
• TherouterkeepsanentryofthismappinginitsNATtable• PureNATprovidesaone-to-onetranslationfromIPAddresstoIPaddress.Example:
10.1.2.20à24.1.1.1
• Allowsonlyonenodeatatimetousethesametranslatedaddress• Requiresmultipleavailableoutsideaddressestobeuseful
PortAddressTranslation(PAT)• Allowsmultipleinsidenodestoshareasingleoutsideaddress• Eachconnectionisassignedauniquesourceporttodistinguishitfromtheothers.Examples:10.1.2.20:50000à24.1.1.1:5000010.1.2.21:50001à24.1.1.1:50001
• PATisalsoreferredtoasNAToverload
RoutingProtocols(IPv4andIPv6)
• Amethodforrouterstolearnroutesnotdirectlyconnectedtothem• Theroutersautomaticallyshareandcombinetheirroutetables
• DistanceVectorprotocols• RIPv1(obsolete)• RIPv2• BGP• EIGRP(wasproprietary,butisnowopenstandard)
• LinkStateroutingprotocols• OpenShortestPathFirst(OSPF)• IntermediateSystemtoIntermediateSystem(IS-IS)Distance-vectorroutingprotocols
DistanceVectorRoutingProtocols
• Distancevectorroutingmeansroutesareadvertisedasvectorsofdistanceanddirection:
• Distance=“metric”• Direction=whichinterfaceleadstothenexthoprouter/finaldestination
• Usesaroutingalgorithmwhereroutersperiodicallysendroutingupdatestoallneighborsbybroadcasting/multicastingentireroutetablesonafixedinterval
RoutingInformationProtocol(RIP)v1
• Theoriginaldistancevectorroutingprotocol• Averysimpleinteriorgatewayprotocol• Fullroutingtableisbroadcastoutallinterfacesevery30seconds• Routerconvergenceisslow(uptoseveralminutes)• IncomingRIPadvertisementsfromneighboringroutersareacceptedandaddedtotheroutetablewithnoverificationofsourceorvalidationofroute
• Metric=hopcount• Howmanymoreroutersmustthepacketpassthroughtoreachthedestination• Allnetworkspeedstreatedequally- noregardforbandwidth,delay,orotherconditionsonaparticularlink
RIPv2
• UpdatetoRIPv1• Updatesaresentbymulticast,notbroadcast
• Thisrelievesnon-routerdevicesonthesegmentfromhavingtoprocessabroadcastthatisnotmeantforthem
• Routerscanbeconfiguredtoauthenticateeachother• Routerscanbeconfiguredtotransmit/receivev1,v2,orboth
ChallengesandSolutionsofRIP
• Invalidroutescanstayinaroutetableforseveralminutes• Thisleadstorouterssendingtrafficto“blackholes”• Solution:ifoneofyourlinksgoesdown,transmitanimmediateupdateoutallotherlinkswithnodelay
• “Flapping”route(linkkeepsgoingupanddown)• Solution:Ifaneighborsendsyouanimmediateupdate,placeaholdontheroutebeforedeletingitfromyourowntable
• “CounttoInfinity”• Tworouterskeepfeedingeachotherfalseupdatesinarunawayprocess• Solutions:
• Maximumhopcountof16(inanyonedirectionfromthatrouter)• Splithorizon- Routerwillnotadvertiseoutaninterfacewhereroutewaslearned• Poisonreverse- immediatemarkadownedrouteasunreachable(16hops)
Link-stateRoutingProtocols
• Linkstateroutingismorecomplexthandistancevector• Routerconvergenceisveryfast• Routersquicklyupdateeachotheronthestateoftheirlinks• Iflinksdonotchangestate,• Everyrouterbuildsitsowntopologytable(routingdatabase)ofthenetwork
• Thebestroutefromthetopologytablegoesintotheroutetable• Ifitlearnsthataparticularlinkhasgonedown,itconsultsitsowndatabaseforthenextbestroute
• RequiresmoreRAMandprocessingpoweronaroutertocalculateandmaintaintheroutingdatabase
• OSPFandIS-ISareexamplesoflinkstateroutingprotocols
OpenShortestPathFirst(OSPF)
• Verywidelyusedinteriorgatewayprotocol• Routersarelimitedtoan“area”(eachwithmaxof400routers)• Trafficbetweenareastravelsthroughthebackbone“Area0”• Requiresawell-designedhierarchicalnetworktobeefficient
HybridRoutingProtocol
• AroutingprotocolthatcombinesthebestfeaturesofDistanceVectorandLinkState
• EIGRPisanexampleofahybridroutingprotocol
EnhancedInteriorGatewayProtocol(EIGRP)• OriginallyCiscoproprietary
• Nowanopenstandard
• Actualrouteupdatesaresentonlyasneeded• Routerssendsimple“hello”packetstokeeptheirrelationshipalive• Usesfewnetwork(bandwidth)resources
• Uses5“K”constantstodeterminethemetric:• Bandwidth,delay,load,reliability,MTU• Defaultisbandwidth+delay
• Canloadbalancetrafficacrossunequalpaths• UsestheDUALalgorithmtoensuretherearenoroutingloops• Routerconvergenceisveryfast(seconds)• Generallythepreferredinteriorroutingprotocol
• Worksverywellinanyinteriornetwork• Evenifthenetworkisdisorganizedandpoorlydesigned
• EIGRPnetworkboundariesaredefinedbytheAutonomousSystem(AS)numbertheroutersbelongsto• AnASisanetworkthatfallsunderasingleadministrativeumbrella
BorderGatewayProtocol(BGP)
• THEexteriorgatewayprotocol(theonlyoneusedontheInternet)• IsaPathVectorprotocol
• Viewsanentireautonomoussystemasahop• BGPisalwaysusedbetweenISPs• MostISPsalsouseaninteriorversionofBGPwithintheirownnetwork
• Usesanumberofcriteriaforbestpathselection(the“weight”ofaninterface,shortestASpath,lowestorigin,andothers)
• ThefocusofBGPdesignandimplementationisonsecurityandscalability
FirewallOverviewProtects“trusted”privatenetworkfrom“untrusted”Internet
Privatenetwork
Internet
Controlsbothinboundandoutboundtrafficbasedonrulessetbyadministrator
DemilitarizedZone(DMZ)
• Anuntrustednetworkbetweentwofirewalls• Internet-facinghostsareplacedhere• Typicallyusedtoisolateand(somewhat)protectpublicserverssuchas:
• DNS• Webserver• MX(emailrelay)• Spamandwebtrafficfilteringappliances
TypicalDMZ
• AKA“ScreenedSubnet”• IPaddressesinDMZcanbepublicorprivate
LAN DMZ Internet
I’mabastionhost
ExternalFirewallInternalFirewall
“Dirty”DMZ
• External“firewall”isapacketfilteringrouter
LAN DMZ Internet
PacketFilteringRouter
Firewall
PerimeterNetwork
• Likea“sideyard”• Stilluntrusted• Containsthebastionhost(s)
LAN
PerimeterNetwork
Internet
Firewall
AccessControlLists
• Asetofrulesusedtocontroltrafficinandoutofafirewall,router,ormultilayerswitch
• EachpacketiscomparedtotherulesintheACLandprocessedaccordingly• Rulescaninclude:
• Protocol• SourceIPaddress• DestinationIPaddress• Sourceport• Destinationport
• ACLactionsareusuallypermitordeny• MostACLshaveanimplicit“deny”attheend
• Ifyouconfiguredenyrules,youneedtohavea“permitall”ruleattheendtoallowallothertraffic
PortForwarding
• Atechniquethatallowsexternaldevicestoaccesscomputersonaprivatenetworks
• UsesanIPaddressplusportnumbertoroutenetworkrequeststospecificinternaldevices
• Typicallyconfiguredonafirewall
1.6AdvancedSwitchingand
RoutingConcepts
• Ipv6Concepts• PerformanceConcepts• DistributedSwitching• Software-defined
Networking
Addressing• AnIPv6addressis128bitsinlengthandwritteninhexadecimal• Every4bitscanberepresentedbyasinglehexadecimaldigit,foratotalof32hexadecimalvalues
• Colonsseparatethegroupsof4-bithexadecimaldigits(:)• Shortcutsfornotation
• Collapse/omitLeading0s– fe80:0000:0000:0000:a299:9bff:fe18:50d1asfe80:0:0:0:a299:9bff:fe18:50d1
• CollapseAll-0sHextets– 0000:0000:0000:0000:0000:0000:0000:0000as::• Youcanonlycollapseonce!
• Usebothoftheabovetogether– fe80:0000:0000:0000:a299:9bff:fe18:50d1asfe80::a299:9bff:fe18:50d1
IPv6UnicastAddressTypes• GlobalUnicast – similartoIPv4publicIPaddresses
• AddressesareassignedbyIANAandusedonpublicnetworks• Theseaddresseshaveaprefixof2000::/3,meaningalltheaddressesthatbeginwithbinary001
• UniqueLocal – similartoIPv4privateaddresses• Usedinprivatenetworks• NotroutableontheInternet• TheseaddresseshaveaprefixofFD00::/8
• Linklocal – similartoIPv4APIPA(selfassigned)addresses• Usedforsendingpacketsoverthelocalsubnet• Routersdonotforward packetswiththisaddressestoothersubnets• IPv6requiresalink-localaddresstobeassignedtoeverynetworkinterfaceonwhichtheIPv6protocolisenabled
• TheseaddresseshaveaprefixofFE80::/10
DualStack
• Indual-stackconfiguration,thedeviceisconfiguredforbothIPv4andIPv6networkstacks
• Thedual-stackconfigurationcanbeimplementedonasingleinterfaceorwithmultipleinterfaces
• Endnodesandrouters/switchesrunbothprotocols• IfIPv6communicationispossibleitisthepreferredprotocol
Tunneling
• A“tunnel”isatransmissioninwhichonepacketishiddeninsideanotherpacket
• MostfrequentlyusedinVPNs
• ThesamesolutioncanbeappliedtotunnelIPv6packetsinside(over)IPv4networks
• Differenttunnelingtypes:• 6to4- hidev6packetsinsidev4packets• 6rd(6rapiddeployment)- alightweightvariantof6to4• ISATAP- dualstacknodes(typicallyservers)actasproxiesonaLAN
“Tunneling”=hideapacketinsideapacket
InternetSender
VPNServer
FinalDestination
• Tunnelsaretypicallyencrypted• Tunnelscanbe:
• Host-to-host• Betweenrouters
6to4NetworkAddressTranslation(NAT)
• EdgerouterstranslatebetweenIPv6andIPv4astrafficgoesinandoutoftheirnetwork
RouterAdvertisement(RA)• Aperiodicmulticastannouncementofarouter’sIPv6address• HostslistenforRAstolearnwhatnetworktheyareon• Ifahostdoesnotwanttowait,itcansendaRouterSolicitation(RS)multicasttoaskanylisteningrouterwhatnetworkitison
• OncethehostknowsthenetworkID,itcanappenditsownMACaddress(plussomepadding)tocreateafullIPv6address
NeighborDiscoveryProtocol(NDP)• MulticastICMPmessage• Usedbyahostto:
• Discoverthelink-layeraddressofaneighboronthesamenetwork(locallink)• Verifythereachabilityofaneighbor• Trackneighboringdevices
TrafficShaping
• Alsoknownas:• Packetshaping• QualityofService(QoS)• bandwidthmanagement
• Themanipulationandprioritizationofnetworktraffictoreducenetworkcongestionforapplicationsthatneedreal-timepriority:
• Voice• Video• Teleconferencing• Telemedicine• Networkmanagement
• Usedtooptimizeorguaranteeperformance,improvelatency,orincreaseusablebandwidth
QualityofService(QoS)
• Helpsmanagepacketloss,delayandjitteronyournetworkinfrastructure• AlsoanimportantfactorinsupportingthegrowingInternetofThings(IoT)• Appliedtoapplicationsthatbenefitfrommanagingpacketloss,delayandjitter
• Voice• Video
• Identifyandmarktrafficusing• ClassofService(CoS)- Ethernet(QoSenforcedbyswitch)• DifferentiatedServicesCodePoint(DSCP)- IP(QoSenforcedbyrouter)
• Tobemeaningful,mustbesupportedbyeverydevice(switch,router)alongthepacket’spath
DifferentiatedServicesCodePoint(Diffserv)
• AwaytoidentifyandmarktrafficsoQoScanbeappliedtothecorrectnetworktraffic
• Allowshigherprioritytraffictoreceivepreferentialtreatment
• AlsoknownasDSCP• MarksadatastreamintheLayer3packetheader• Variousapplicationscanbemarkeddifferently• Allowsnetworkequipmenttocategorizedataintodifferentgroups
• Routershaveoutboundtransmitqueueswithdifferentpriorities• TheyplacepacketswithdifferentDSCPcodesintotheappropriatequeue
ClassofService(CoS)
• AQoSmechanismthatworksatLayer2• Differentapplicationscanbemarkeddifferently• QoSisenforcedbyswitches
DistributedSwitching
• Anarchitecturethatlinksremotetelecommunicationsportsintoalargerstructure
• Thenetworkismadeupofswitchingstationsthatareremotelydistributed
• Thestationsarecontrolledbyacentralizednetworkcontrolcenter• Thedistributedswitcheshavetwolevelsofcommunication:
• witheachother(oftenoverlonghaullinks)• withtheirlocalusers
• Distributedswitchingistypicallyimplementedinavirtualenvironment
Software-DefinedNetworking(SDN)
• Routingandswitchinglogicisremovedfromthedevices• Routing/switchingdecisionsaremadebyacentralsoftwaremodule• Routersandswitchesare“whitebox”genericdevicesthatdoasthey’retold
• Thisbird’seyeviewoftrafficallowsforbetter,moreresponsivetrafficmanagementandshaping
• Supportsbusinessneeds• Madepossiblethroughvirtualization• Centralcontrollerpotentialtargetforhacking
1.7IPAddressing
• Publicvs.Private• LoopbackandReserved• SubnetMask• DefaultGateway• VirtualIP• Subnetting• AddressAssignments
PublicIPAddress
• AnIPaddressthatcanbeusedontheInternet• CoordinatedbytheInternetCorporationforAssignedNamesandNumbers(ICANN)
• RegionalInternetRegistries(RIRs)assignregion-specificblocksofIPaddressestoISPs
• ISPsgivethesenumberstocustomers• Examples:
• IPv4- 198.134.5.6• IPv6- 2605:e000:1129:80bc:0:588c:745a:ee82
PrivateIPAddress• LegitimateIPaddress,butnotusedontheInternet• Canbeusedandroutedonprivatenetworks• Usedoninternalnetworks• UsedtoextendthelifespanofIPv4/slowthedepletionofpublicIPaddresses
• MustbeNAT/PATtranslatedfortraffictotravelontheInternet• NATingisusedtoovercomethedepletingnumberofIPv4publicaddresses
PrivateIPAddress(cont’d)• Can(andtypicallydo)useVLSM• MustbetranslatedtoapublicaddressfortraffictogoontheInternet• IPv4PrivateAddressBlocks:
• 10.0.0.0/8 10.0.0.0- 10.255.255.255• 172.16.0.0/12 172.16.0.0- 172.31.255.255• 192.168.0.0/24 192.168.0.0- 192.168.255.255
• IPv6PrivateAddressBlock:• fc00::/7 (essentiallyfdxx:xxxx:xxxx)
PrivateIPv4AddressBlocks
RFC1918name IPaddressrange numberof
addresses
largest CIDR block(subnet
mask)Hostidsize Default
maskbits Description
24-bitblock 10.0.0.0–10.255.255.255 16,777,216 10.0.0.0/8
(255.0.0.0) 24bits 8bits single classAnetwork
20-bitblock 172.16.0.0–172.31.255.255 1,048,576 172.16.0.0/12
(255.240.0.0) 20bits 12bits16contiguous classBnetworks
16-bitblock 192.168.0.0–192.168.255.255 65,536 192.168.0.0/16
(255.255.0.0) 16bits 16bits256contiguous classCnetworks
AutomaticPrivateIPAddressing(APIPA)
• SelfassignedIPv4addresses• HostsuseifDHCPclientcannotobtainalease
• UsedbyMicrosoftandMacintosh
• 169.254.0.0/16• Notroutableonanynetwork,publicorprivate
Self-Assigned(LinkLocal)IPv6Addresses
• SimilartoIPv4APIPAaddresses• Everyinterfacehasalinklocaladdress,regardlessofanyotheraddressing
• fe80::3cbf:a6e0:5923:3545%127(Preferred)
Loopback
• Asoftwareinterfacewhichcanbeusedtoemulateaphysicalinterface
• Theloopbackinterfacesarealwaysupandrunningandalwaysavailable,evenifotherphysicalinterfacesintherouteraredown
• Routerloopbacksareoftenusedtoidentifytherouterandfordiagnosticsandtesting
• IPv4loopbackaddressis127.0.0.1• IPv6loopbackaddressisexpressedas::1(all0swithasingle1)
ReservedIPv4AddressesSeveralTypes:• Private
• NotusedontheInternet• 10.0.0.0/8• 172.16.0.0/12• 192.168.0.0/16
• APIPA• Notroutable• Self-assigned• 169.254.0.0/16
• Loopback• Notroutable• Assignedtoaloopbackinterface• 127.0.0.0/8oraprivateaddress
ReservedIPv6AddressesLink-localaddresses• Designedtoonlybeusedonalocalphysicallink/non-routable• Self-assigned• Everylinkrequiredtohavealink-localaddress• SimilartoIPv4APIPAaddresses• Thelink-localaddressblockisFE80::/10
FE80 toFEB0Theseaddressesareforuseinaprivatenetwork,likeIPv4's10.0.0.0/8,172.16.0.0/12,and192.168.0.0/16IPranges
• TheprivateIPsubnetisFD00::/7withtheeighthbitsetto1,soit'seffectivelyFD00::/8.ThesubnetrangesfromFD00toFDFF.
ReservedIPv6Addresses(cont’d)
Privateaddresses• Routable,butonlyinaprivatenetwork,notontheInternet• SimilartoprivateIPv4addresses• TheprivateIPsubnetisFD00::/7withtheeighthbitsetto1• It’seffectivelyFD00::/8• ThesubnetrangesfromFD00toFDFF
SubnetMask
• Allnodesonasubnetmusthavethesamesubnetmask• Ifanodehasadifferentsubnetmaskfromtheothers,itmayseeothernodes(includingitsdefaultgateway)asbeingonadifferentnetwork
• Useipconfig/ifconfigtoverifysubnetmaskconfiguration
DefaultGateway
• Everynodethatyouwanttobeabletosend/receivetrafficoutsideitsnetworkmusthavethecorrectdefaultgateway
• Theremaybesomenodesyoudonotwanttoleavetheirsegment/bereachablebyoutsidedevicesforsecuritypurposes
• IPcameras• IPphones
• Ifyoupingadevicewithnodefaultgateway,itwillprobably:• Receivethepacketok• Beunabletorespondbecauseithasnowaytoleaveitsownsegment
• Usethefollowingtotestthatanodehasthecorrectdefaultgatewayconfigured:• ipconfig/ifconfig• ping• tracert/traceroute
VirtualIP• AnIPaddresssharedbymultipleserversorrouters• Typicallyusedforfailoverclusters,networkloadbalancing,orredundantrouters
• ClientssendtraffictothevirtualIPratherthanindividualdeviceIPs• UsetheclustermanagementtoolstoverifyvirtualIP• Ensurethatallhostspointtotherouter’svirtualIPasthedefaultgateway
• EnsurethatDNSrecordspointtothevirtualIPofthecluster/NLB
WhatisSubnetting?
• Dividingalargernetworkintosmallersub-networks(subnets)• Thesubnetsareconnectedbyrouters• Thesubnetmaskisusedbyallhoststodetermineifthedestinationisonthesameordifferent(sub)network
• Allhostsonthesamesubnet(includingthedefaultgateway)mustusethesamesubnetmask
• Requiredsothatallcanagreeupontherangeofaddressesthatbelongtothatsubnet
ClassfulAddressing
• RFC791• TheInternet'sfirstmajoraddressingschemeforIPv4• Fiveclasses:A,B,C,D,E• Classesdistinguishedbythehighorderbits• TheInternetAssignedNumbersAuthority(IANA)oversawallclassfulnetworkassignments
• TheHostportionwasassignedbylocalorganization’snetworkadministrator
• Routersprocessedpacketsaccordingtotheirclassfulnetwork
ClassesA,B,C,D,andEDeterminedbyhighorder(farleft,greater)bitsinfirstoctetA- 000000000- 127.x.y.z /8255.0.0.0
01111111B- 10000000128- 191.x.y.z /16255.255.0.0
10111111C- 11000000192- 223.x.y.z /24255.255.255.0
11011111D- 11100000224- 239.x.y.z N/A- multicasting
11101111E- 11110000240- 255.x.y.z N/A- experimental
11111111
ClasslessIPAddressing• Addressesthelimitations(wastefulness)ofclassfuladdressing• AppliesacustomsubnetmasktoallocateonlytheneedednumberofhostIDstoanetwork
• Usedinsubnettingtodivideaclassfulnetworkintosmallersubnets
VariableLengthSubnetMask(VLSM)
• Customized(classless)subnetmask• Oftenmorethanonesubnetmaskisusedinanetwork• Requirescarefulsubnetdesigntobeimplementedwell
ClasslessSubnetMaskExamples
11111111.11111111.11110000.00000000=255.255.240.0=/2011111111.11111111.11111000.00000000=255.255.248.0=/2111111111.11111111.11111100.00000000=255.255.252.0=/2211111111.11111111.11111110.00000000=255.255.254.0=/2311111111.11111111.11111111.00000000=255.255.255.0=/24
ClasslessSubnetMaskExamples(cont’d)
11111111.11111111.11111111.10000000=255.255.255.128=/2511111111.11111111.11111111.11000000=255.255.255.192=/2611111111.11111111.11111111.11100000=255.255.255.224=/2711111111.11111111.11111111.11110000=255.255.255.240=/2811111111.11111111.11111111.11111000=255.255.255.248=/2911111111.11111111.11111111.11111100=255.255.255.252=/30
ClasslessInter-DomainRouting(CIDR)Notation• CIDRistheuseofVLSMontheInternet• CIDRnotationisashorthandwayofrepresentingasubnetmask
• Thenotationcanapplytoanylengthsubnetmask,classfulorclassless
StepstoSubnet
1. WriteouttheIPaddressinbinary2. Inserttheoriginalsubnetmasktoshowthedividingline3. Refertothesubnettingtabletodeterminehowmanybitstomove
themask4. Movethemasktothenewlocation5. Re-calculatethenetworkIDandsubnetmask
128 64 32 16 8 4 2 1 #ofsubnets needed
7 6 5 4 3 2 1 0 #of bitstomovethemask
SubnettingTable
StaticAddressing
• Manuallyconfiguredonadevice• Doesnotchange• DevicesthatshouldusestaticIPaddresses:
• Routers/gateways• Servers• Switches• Firewalls• Proxies• Anydevicethatneedstoalways“befound”atthesameaddress
DynamicHostConfigurationProtocol(DHCP)
• AservicethatautomaticallyassignsIPaddressestoclients• Canbeprovidedbyservers,routers,orotherdevices• Usesabroadcast-basedDORAhandshaketoassignanIPaddresstoaclient
• TheDHCPleaseisusuallyforalimitedtime• Clientsmustrequestanextensionoftheleasetocontinuetousetheaddress
DHCPv6• Performedbymulticast
• IPv6doesnotsupportbroadcasts
• AKAStatefuladdressautoconfiguration• WithStatelessauto-configuration,hostcanbuildaddressusingMAC-toEUI64andlinkprefixfromrouteradvertisements
AutomaticPrivateIPAddressing(APIPA)
• DHCPclientsthatcannotobtainaleasewillselfassignanaddress• TheaddressrangereservedforAPIPAis169.254.0.0/16• Canbeusedforaverysmallorhomenetworkwithusersthathavelittlenetworkingknowledge
• NotusefulforNATclientsbecausetheydonotknowtheaddressoftheirdefaultgateway
• However,APIPAaddressescannotberoutedonanynetwork,publicorprivate
EUI-64
• TheIEEE’s64-bitExtendedUniqueIdentifier(EUI-64)format• AfterahostobtainsthenetworkIDfromtherouter,itusesitsownMACaddresstocreatethehostIDpartoftheIPv6address
• The48-bitMACaddressispaddedwithFFFEinthemiddletomakeittherequisite64-bitslong:
62-45-BD-D5-11-CBà 6245:BDFF:FED5:11CBFinalIPv6addressthenbecomessomethinglikethis:
IPReservations
• UsedbyDHCPservertoprovidethesameIPaddresstothesamehost• Basedonthehost’sMACaddress• HostmuststillgothroughtheDHCPprocess• TheIPaddressstaysthesame,butotherinformationcanbeupdatedperiodicallythroughrenewalofthelease:
• Defaultgateway• DNSserveraddress• Domainname• AnyotherDHCPscopeoptions
1.8NetworkTypesandTopologies
• WiredTopologies• WirelessTopologies• NetworkTypes• TechnologiesthatFacilitatethe
InternetOfThings(IoT)
Logicalvs.Physical
• Networktopologydefinesthelayoutofanetwork• Thetopologydetermineshowdevicesconnectandcommunicate• Topologiesareeitherphysicalorlogical
• physical– physicallayoutofdevicesonanetwork• Logical- thewaythatthesignalsworkonthenetworkmediaorhowdatatraversesthenetworkfromonedevicetoanother
Point-to-Point
• Onlytwonodesonalink• Examples:• WANlinkbetweentwolocations• Line-of-sightwirelessbetweentwobuildings• Uplink/trunklinkbetweentwoswitches• TwoPCsconnectedbyacrossovercable
Bus• Inbusthereisamaincablethatconnectsalldevicesonanetwork
• ItiscalledthebackboneThisisoftenusedtodescribethemainnetworkconnectionscomposingtheInternet
• Advantage-Busnetworksarerelativelyinexpensiveandeasytoinstallforsmallnetworks;Ethernetsystemsusebus
• Disadvantage- Ifthereisabreakinthemaincable,thenetworkgoesdownandproblemscanbedifficultto
Star
• Inastar,networkdevicesareconnectedtoacentralcomputer,calledahub
• Nodescommunicateacrossthenetworkbypassingdatathroughthehub
• Alsoknownas:• Hub-and-Spoke• Point-to-multipoint• EspeciallyonWANsorwireless
• Advantage– ifonedevicemalfunctions,theremainderofnetworkstillfunctions
• Disadvantage- ifcentralcomputerfails,thewhonetworkisdown
Ring• Inaring,thenetworkdevicesarearrangedinaringorloop
• Datatraversesthereceivingthedatathatisaddressedtoit
• Advantage– regeneratessignalwhenpassingdatathrougheachdevice,socansupportalargernetwork
• Disadvantage– canbeslowerthanstar;Ifonedevicegoesdownallofdeviceswillbeimpacted
Mesh• Inmesh,networkdevicesareconnectedwithredundantinterconnections
• Everydeviceisconnectedtoeveryotherdevice
• Canbethoughtofasaredundantstar• Twotypesofmeshtopologies
• Fullmesh- Everyhasacircuitconnectingittoeveryotherdeviceinanetwork
• Expensive,butgoodforbackbone• Partialmesh- Islessexpensivewithlessredundancy
• Goodfordevicesthatconnecttobackbone
HybridTopology
• Anycombinationofthevarioustopologiestocreatealargernetwork
STAR STAR
Point-to-Pointlink
InfrastructureMode
• Star/hub-and-spoketopology• Wirelessaccesspointisthehub• MostWi-Fitopologyishierarchical(star)
Ad-hocMode• FullMeshtopology• Nocentralaccesspoint• Peer-to-peerwirelessnetwork• Eachnodecreatesapoint-to-pointlinkwitheveryothernode• Practicallimitof10devices• Example:laptopsinaconferenceroom
BoundedandUnbounded
• Bounded• Wired• Youcancontrolitsboundaries
• Unbounded• Wireless• Youcan’tfullycontrolitsboundaries
Wired(Bounded)CommunicationMedia
• CopperCable– carrieselectricalsignals• FiberOpticCable– carriesLEDorlaserlight
Wireless(Unbounded)Network• Wi-Fi• Cellular• Bluetooth
• Wirelesssimplyusesradioinsteadofcables
• BothLANsandWANscanhavepartsoftheirnetworkbewireless
TypesofNetworks
LAN10m– 1km
Room,floor,building,campus
CANSeveralkm
Campusofbuildings
MAN10kmCity
WAN10km– wholeworldCity,state,country,continent,world
PAN1meter
Basedaroundaperson
LocalAreaNetwork• Limitedtoasmallgeographicalregion
• Afloor,building,orcampus
• UsesLAN-basedordual-usenetworkprotocols/technologies• Ethernet• Wireless• TokenRing• ATM
• Oneorganizationusuallyownsalltheequipment/infrastructure
SmallOffice/HomeOffice(SOHO)LANExample
• Createsawired/wirelessnetworkinyourhomeoroffice
• NeedsaroutertoconnecttotheInternet
Internet
WirelessLAN
• LANbasedonwirelesstechnologies• Wi-Fithemostcommonimplementation• CanalsoincludeBluetooth,Infrared,ZigBeeandothershort-rangewirelesstechnologies
• Addedsecurityrisksbecausethenetworkis“unbounded”(youcan’tcontrolitsborder)
CampusAreaNetwork(CAN)
• AlargeLAN,coveringacampusofbuildings• Likelytohaveahigh-speedfiberopticbackbone• SmallerMANnetworksaresometimesreferredtoas“CANs”
MetropolitanAreaNetwork(MAN)
• Anetworkthatconnectsuserswithcomputerresourcesinageographicareaorregion
• Typicallyaroundatown/municipality(5- 50km)• LargerthanaLAN• SmallerthanaWAN
• UsesMAN-specificprotocols• LAN(high)speedonfiberopticcable• Oftenusedbycompaniestoconnectmultiplesitesaroundtown• SimilartoanInternetServiceProvider(ISP),butnotownedbyasingleorganization
• Oftenseveralsmallernetworksformalargernetwork• Customersconnecttothesenetworks
MANProtocols
• ATM• AsynchronousTransferMode
• FDDI• FiberDistributionDataInterface
• SMDS• SwitchedMulti-megabitDataService
WideAreaNetwork(WAN)
• Connectsremotelocations• Acrosstowns,states,evencontinents• Ownedbyaserviceprovider
• Likelytousedifferentnetworkprotocolsinvariousnetworksegments• Customerspayfortheprovidertoconnecttheirremoteoffices• TraditionallymuchslowerthanLANsorMANs• TheInternetisthelargestexampleofaWAN
TheInternetistheUltimateWAN
• Comprisedofthousandsoftelecomsallconnectedtogether• WhenatelecomprovidesInternetservice,itiscalledan“ISP”(InternetServiceProvider)
• Permitsbillionsofdevicesandpeopletocommunicateacrosstheglobe
CellularNetwork• AtypeofWAN• Usescellulartechnology• Cellphonesconnecttocelltowers• Celltowersconnecttoeachother
ControllerAreaNetwork(CAN)Bus
• Arobustvehiclebusstandard• Designedtoallowmicrocontrollersanddevicestocommunicatewitheachotherinapplicationswithoutahostcomputer
• Acarisacommonexample
StorageAreaNetwork
• Aspecialized,high-speednetwork• Providesblock-levelnetworkaccesstostorage• SANsarecomposedofhosts,switches,storageelements,andstoragedevicesthatareconnectedbyavarietyoftechnologies,topologies,andprotocols
• SANscanspanmultiplesites• Advantages
• Increasespeedandreliabilityinstorageorapplication• Mayimprovesecurity• CanplayanimportantroleinBusinessContinuity
PersonalAreaNetwork
• Acomputernetworkorganizedaroundanindividualperson• Setupforpersonaluseonly• Devicestypicallyincludeacomputer,phone,printer,tabletand/orotherpersonaldevices
• Canusemanytechnologies(wiredorwireless)• TraditionallywasBluetooth-based
• USBandFireWirecanlinktogetherawiredPAN• Alsoknownasapiconet(especiallyBluetoothimplementations)
InternetofThings
• TheconceptofconnectinganytypeofdevicetotheInternet• Alldeviceshaveuniqueidentifiers
• mosthavestandardizedonIPv6• SomeuseUUIDsorMACaddresses
• Devicescantransferdataoveranetworkwithoutrequiringhuman-to-humanorhuman-to-computerinteraction
ScopeoftheInternetofThings
• AKAInternetofEverything• AccordingtoCisco,thenumberofdevicesconnectedtotheInternetexceedstheentirehumanpopulationofEarth
• Let’slookatIoTprojectionsandvision:• Images\ciscoinfographic- ArikHesseldahl- News- AllThingsD.html
SecurityConcernsofInternetofThings
• Currently,hackershijackhomerouters,set-top-boxesandnetwork-attachedstoragedevices
• Lessinterestinthedatatheycontain• MoreinterestinIoTcontrollercomputingpower:
• Minebitcoins• Sendspam• Crackpasswords
• Mostdevicescanberemotelycontrolledthroughasmartphoneapp• Ifyourphoneishacked,itmakesyourentirehomenetworkvulnerable
802.11
• AKAWi-Fi• Asetofmediaaccesscontrol(MAC)andphysicallayer(PHY)specifications
• Hasmanyvariants:• 802.11,a,b,g,n,ac,ax• ManyothersnotimplementintheUSImages\802.11-standards-timeline.pdf
• UsedtoimplementWLANs• 900 MHzand2.4,3.6,5,and60 GHzfrequencybands• Everincreasingspeedandthroughput
• Somevariantstradedbandwidthfordistance• Generallytoopower-intensiveforsmallIoTdevices
ZigBee
• Anopen-sourcewirelesslanguagethateverydaydevicesusetoconnecttooneanother
• IEEE802.15.4• Cheapandlowpower• 250kb/s• 2.4GHz(mostcommon)• Somecountriesuseotherfrequencies(784MHz,868MHz,914MHz)
• Meanttocreatesafe“smart”homes• NotIP-based
• UsesMACaddressing• AES-128symmetricencryption
ZigBeeDeviceExamples
• Lighting• Voicecontrol• Homeenergymanagement• Thermostat/humiditycontroller• Securityalarmhub• Homeautomation• Smokealarm/gas/motionsensor
Z-Wave
• Proprietarywirelesstechnology• DirectcompetitortoZigBee
• 100kb/s• 908.4MHz• Won’tinterferewithWi-Fi• Mightinterferewithsomecordlessphones
• NotIP-based• Uses(upto)64-bithexadecimaladdressing
• SupportsAES-128encryption• Butnotallmanufacturersimplementit
Z-WaveDeviceExamples
• Exampledevices:• Lighting• Thermostats• Smartlocks• Garagedooropeners• Voicecontrol• Ratandrodenttraps• Smoke/Co2/motionsensorsandalarms• Homeenergy/watermanagement
Thread
• Anopenwirelessprotocol• DevelopedbyaconsortiumofGoogle'sNestLabs,SamsungElectronics,ARMandothers
• Designedtobeasmart-homenetworkingprotocolthatcouldsupporttheInternetofThingsforyearstocome
• NativelyhandlesIPv6• LikeZigBee,isbasedonthe 802.15.4radiostandard
WeMO
• Proprietary(Belkin)• PiggybacksonexistingWi-Finetworks• Self-healing,low-powermesh• UsesWPA2Wi-Fisecurity• Upto250devices• Battery-operateddevicescanberechargedthroughthehomenetwork• Examples:
• Lighting• Coffeemakers• Crockpots
BluetoothMesh
• BuildsupontheBluetoothLowEnergystandard• CompatiblewithanyBluetooth4.0LEdevice
• Allowsdevicestocommunicatewitheachotherinadistributednetwork
• SimilartohowZigBeeandZ-Wavedevicesconnect
• Muchlongerrange—upto300feet• Lowtransmissionratemakesitunsuitablefordata-heavyapplicationssuchasvideo
ANT/Ant+• Aproprietary(but openaccess) multicast wirelesssensornetwork technology• Conceptuallysimilarto,butnotcompatiblewith,BluetoothLE• Ultra-lowpower(ULP)wirelesscollection,automatictransferandtrackingofsensordata
• ANT+isaninteroperabilityfunctionthatcanbeaddedtothebaseANTprotocol.• AllowsforthenetworkingofnearbyANT+devices• Facilitatestheopencollectionandinterpretationofsensordata• Allowsaccessoriessuchasheartratemonitors,speed/cadencesensors,footpodsandpowermetersto“talk”toANT+compatibledevicesandfitnessequipment
• Currentfocusisonsport,wellnessmanagementandhomehealthmonitoring• Examples:Nike,Adidas,Fitbit
BluetoothLowEnergy(LE)
• AKABluetoothSmart• Designedforverylowpoweroperation• Optimizedforstreamingdatatransfersuchaswirelessaudio• Uses16- or32-bitdeviceuniqueidentifiers(UUIDs)• Usedbymostmodernsmartphones• Usedinmedicalmonitors
• Glucose,BP,Heartrate,etc..
• 2.4GHz
ComparisonofIoTTechnologies
Z-Wave ZigBee WeMo ThreadBluetoothmesh
BluetoothLE Ant
Operatingrange(feet) 100 35 100 100 330 33- 1970 100
Maxno.devices 232 65,000 Router-
dependent 250-300 32,000 8(canbeextended) 65,533
MaxDatarate 9.6-100kb/s 40-250kb/s Router-dependent 250kb/s 1mb/s 2mb/s 60kb/s
Frequency 908/916MHz(U.S.)
915MHz/2.4GHz 2.4GHz 2.4GHz 2.4GHz 2.4 GHz 2.4GHz
Networktype Mesh Mesh Star Mesh Mesh Scatternet(extendedstar)
P-P,star,tree,mesh
Encryption AES-128 AES-128 WPA2 AES AES-128 AES-128 AES64/128bit
Near-FieldCommunications(NFC)
• Asetof communicationprotocols thatenabletwoelectronicdevicestoestablish communication
• Devicesmustbeveryclose4cm(1.6inches)• Oftenusedbysmartphonesforpoint-of-saletransactions• Canalsobeusedfor:
• Filesharing• Inventorycontrol/lossprevention
NFCTags
• Asmallmemorychipattachedtoanantenna
• AnNFCreader(e.g.mobilephone)activatestheantennaandchipwithitselectricfield
• Contentscanthenbetransferredfromchiptoreader
RadioFrequencyIdentification(RFID)
• Useselectromagneticorelectrostaticcouplingtouniquelyidentifyanobject,animalorperson
• RFIDtagsdonotrequirepower• Commonlyusedfor:
• Accesscontrol(RFIDbadges)• Inventorycontrol/lossprevention
Infrared(IR)
• Usesinfraredlight• Theoriginalwireless• Requiresline-of-site,mirrors,orextenders• Originallyusedbylaptopmiceandremotecontrols• Stillusedinhomeentertainmentsystems
1.9WirelessTechnologies
• RadioBasics• 802.11Standards• Wi-FiFrequencies• Wi-Fi AntennaConcepts• Bluetooth• Cellular• SiteSurveys
HowRadioWorks
• Data/voice/videopiggybacksona“carrier”frequency• Radioisaverybroadspectrumofelectromagneticfrequenciesthatcanbeusedtocarryvoice,video,dataoranyotherkindofinformation
• Rangesbetweensoundandinfrared
WhatInterfereswithRadio?
• Obstructionsthatreflectorabsorbthewaves:• steel,concrete,mountains,water,forests,atmosphericconditions
• Otherelectromagnetictransmissionsthat“confuse”oroverwhelmthereceivingdevice:
• otherdevicestransmittingattoocloseproximity/frequency• wavereflections• solarandelectricalstormactivity• burstsofradiantenergyfrommachines,motors,appliances,faultyelectricalcircuits,powerlines
• Earth’smagneticfield
ElectromagneticWavesHaveThreeBasicFeaturesüWavelength(distancebetweenpeaks)measuredinmeters/millimeters
üFrequency(howoftenthewaverepeats)measuredinhertz(Hz)orcyclespersecond
üAmplitude(powerlevelorintensityofthewave)measuredinwatts,kilowatts(thousandsofwatts)ormilliwatts(thousandthsofwatts)
RadioFrequenciesareTypicallyMeasuredin:
• Kilohertz(thousandcyclespersecond)• Megahertz(millioncyclespersecond)• Gigahertz(billioncyclespersecond)
WirelessLANsusemicrowavefrequencies
Intelecommunications,theterm“radio”nowincludesmicrowavefrequencies
Modulation• Theactofpiggy-backingasignal(voice/video/music/data)ontopofapowerful“carrier”wave
• Thecarrieristheappropriatepower/frequency/waveformforthetransmissionmedia(air,water,wire,fiberopticcable)
• Themodulatedcarrieristhentransmittedthroughthemedia• Thereceiverpicksupthetransmissionandstripsoffthecarrier(demodulates)sothatonlythedataisleft
SpectrumAnalyzerViewofWirelessSignals
Imagescourtesymetageek.com
802.15.4ZigBee802.11ac
802.15Bluetooth
CordlessPhone MicrowaveOven
802.11n
802.11andtheOSIModel
• Layers1&2
Layer1Sublayers:PhysicalLayerConvergenceProcedure(PLCP)- addpreambleandPHYheader
PhysicalMediumDependent(PMD)- modulateandconverttobits
Layer2Sublayers:LogicalLinkControlLLC- receiveMACServiceDataUnit(allupperlayerdata)
MediaAccessControl(MAC)- addsource/destMACaddresses,BSSID
Atthislayertheframeiscalledan“MPDU”
FHSSandDSSSSignalspreadacrossbothspaceandtimeDatabitsmodulatedwitha“chip”signalspreadout(aswellashop)simultaneouslyacrossmultiplefrequenciesinthechannel
Candeliverupto11Mb/s
SignalspreadacrosstimeCarrierRFconstantlyhoppingaround
differentfrequencieswithinthechannelRobust,butcanonlydeliverupto3Mb/s
DSSSModulation
• RFCarrierismultipliedwithanextradigitalsignal• pseudonoisecodes(aka“chips”)
• Theresultingcarriersignalbecomesverywide• AllowstheWi-Fisignaltobelowerthanthesurrounding“noise”threshold
• Youcanstillreceiveanddecodewithoutlossofquality
802.11a
• Oneofthefirst Wi-Fiwirelessnetworkcommunicationstandards• 5.0GHzkeptitoutofcongested2.4GHzband• Maximumtheoreticalbandwidthof54Mbps
• 6Mbpsmorecommon
• Shortdistance- upto75feetoutdoors• OrthogonalFrequencyDivisionMultiplexing(OFDM)modulation
OFDMModulation• Dividesagivenchannelintomanynarrowersubcarriers• Spacingissuchthatthesubcarriersareorthogonal• Theywon’tinterferewithoneanotherdespitethelackofguardbands(unusedfrequencies)betweenthem
802.11b• ThefirstwirelessLANstandardtobewidelyadopted• Builtintomanylaptopcomputersandotherformsofequipment• 2.4GHz
• OperatedinthecongestedISMband• Competitionwithgaragedooropeners,cordlessphones,babymonitors,etc.
• 11Mbpsmax• Upto400feetoutdoors
• Couldbesignificantlyextendedwithadirectionalantennaandmorepower• Longerdistancemadeitmorepopularthan802.11a• Antennanotcompatiblewitha- youhadtohaveadualantennatooperatebothaandb
• DirectSequenceSpreadSpectrum(DSSS)modulation
802.11g• Providedhigherspeedsof802.11awhileoperatingat2.4GHz• Replacedthe802.11bstandard• Maximumrawdatathroughputof54Mbps
• Practicalmaximumthroughputofjustover24Mbps
• 150feetindoors• DirectSequenceSpreadSpectrum(DSSS)modulation
802.11n
• Developedtoprovidemuchbetterperformance• Rawspeedis600Mbps• Backwardscompatiblewithearlier802.11a/b/gstandards• 175+feetindoors• OrthogonalFrequencyDivisionMultiplexing(OFDM)modulation
802.11ac
• GigabitWi-Fi• VeryHighThroughputupto7Gbps• 5.8GHzISMband• 256QuadratureAmplitudeModulation(QAM)
256QAM
• RFcarriersignalisdividedinto“constellations”• Sub-signalsthatareoutofphase(non-interfering)witheachother
• Eachconstellationismodulatedwithpartofthedatasignal
802.11ah(HaLow)
• 900MHzforextendedrange• Lowenergyconsumption(competeswithBluetooth)• Largegroupsofstations/devicescancooperatetosharesignal• 347Mbpsmax• SuitedforIoT• (upto)256QAMmodulation
802.11ax
• Designedtoimproveoverallspectralefficiency,especiallyindensedeploymentscenarios
• 2.4/5GHz• OFDMA*+1024QAMmodulation• Expectedtohave4xthroughputof802.11ac• Stillindevelopment- expectedpublicreleasedate2019
*OrthogonalFrequencyDivisionMultipleAccess
SpeedandDistance• Speed=throughputinKbps,Mbps,orGbps• Speedcanbenegotiateddownuntilthelinkisstableforbothsides• Thespeeddecreasesasthedistancebetweenthetransmitterandreceiverincreases
ChannelBandwidth• Channelwidthcontrolshowbroadthesignalisfortransferringdata• Byincreasingthechannelwidth,speedandthroughputofawirelessbroadcastcanbeincreased
• Higherchannelbandwidthscansupportahigherdatarateandmorebandwidth
2.4GHz
• PartoftheIndustrial,Medical,Scientific(ISM)band• Unlicensed– anyonecantransmitwithinpowerlimits
• Longerwaveformrequiresanantennaofappropriatelength• Abletoreachfartherthanthe5GHzfrequencywhichmeansmorecoverage
• Fewerchanneloptionswithonlythreeofthemnon-overlapping• Manydevicesuse2.4GHzfrequencieswhichcauseinterference
• Microwaves,cordlessphones,babymonitors
2.4GHzChannels• Achannelisactuallyarangefrequencies• 22MHzwide• Dataisspreadacrossthechannelrange• Channels1,6,11,and14aretheonlynon-overlappingchannels*• Ch.12– 13alsousedbyEurope• Ch.12- 14alsousedbyJapan
*USonly- othercountrieshavedifferentpatterns
5.0GHz
• AlsopartoftheISMband• Shorterwaveformneedsshorterantennalength
• 2.4and5GHzantennasarenotcompatible
• Shorterdistancethan2.4GHz• Fewerinterferencesourcesthan2.4GHz• 45channels• 23non-overlappingchannels• Alsousedbyradarandmilitary
Unidirectional/Omnidirectional
• Omnidirectionalantennasradiate signalfroma360-degreefield• Theygenerallyarelongrod-likecylinders
• Unidirectionalantennasradiatesignalina45-90degreedirectionalfield
• Anarrowerfieldfocusesthesignal• Allowsthesignaltotravelfarther
• RegardlessofOmniorUni,anotherconsiderationsisgain• thehigherthedBi(gain)thefurtheritwillreach
ChannelBonding
• Channelbondingisanarrangementofcommunicationslinksinwhichtwoormorelinksarecombinedforredundancyorincreasedthroughput
• Channelsbondedcanbewiredlinksandcellularlinksforwirelessbonding
• 802.11(Wi-Fi),channelbondingisusedinSuperGtechnology• Twostandard54Mbpschannelsarebondedtogethertoprovide108Mbpsthroughput
• Firstusedin802.11a
MultipleInputMultipleOutput(MIMO)
• Theuseofmultipletransmitandreceiveantennasonaradio• Multipliesthecapacityofaradiolink• Sendmultiple“streams”ofdataatthesametime• FirstusedinWi-Fi802.11n
• Alsousedincellular3G&4G,andWIMAX4G
MultiUserMIMO(MU-MIMO)
• AKANext-GenACorACWave2• AllowsaWi-Firoutertocommunicatewithmultipledevicessimultaneously
• Decreasesthetimeeachdevicehastowaitforasignal• Dramaticallyspeedsupanetwork• MostrouterstodayuseMU-MIMOantennas
Bluetooth
• OSILayers1&2• 802.15• Apacket-basedwirelessprotocolforexchangingdataovershortdistances
• Devicesusea“profile”tospecifydesiredbehavior/features• Uses48-bithexadecimaladdressing
Bluetooth(cont’d)
• Requiresdevicesto“pair”(formaconnection)• Devicesthatautomaticallycreateaconnectionare“bonded”• Createsahub-and-spokepiconet
• 1“master”,7“slaves”
• Currentversions:• 4.0(includesLowEnergy)• 5.0(IoT)• AESencryption• 1- 3mb/sdatatransferrate
CommonBluetoothUseCases
• Wirelessmouse/keyboard/joystick• Wirelessheadset/earphone• WiiorPS3gamingcontroller• Wirelessprinter• Fileanddatatransferbetweenphones• Transmit/streamhealthsensordata• IoTdevices
BluetoothDeviceClasses
Class MaxPermittedPower(mw) TypicalRange(meters) Common Uses
1 100 100 Bluetoothaccesspoint,industrialdevices
2 2.5 10 Phones, mostconsumerdevices
3 1 1 Headsets
4 0.5 0.5 Headsets
BluetoothScatternet
• Slaveofonepiconetisthemasterofanotherpiconet
• Onenodemightbetheslaveoftwomasters
• Amastercancommandaslaveto“park”(becomeinactive)untilthemasterwakesitbackup
WhatisaCellularNetwork?
• Acommunicationnetworkwherethelastlinkiswireless• Thenetworkisdistributedoverlandareascalledcells• Eachcellisservedbyatleastone(butusuallythree)transceivers
BenefitsofCellular
• Morecapacitythanasinglelargetransmitter• Thesamefrequencycanbeusedformultiplelinksaslongastheyareindifferentcells
• Mobiledevicesuselesspowerthanwithasingletransmitterorsatellite
• Thecelltowersarecloser
• Largercoverageareathanasingleterrestrialtransmitter• Additionalcelltowerscanbeaddedindefinitelyandarenotlimitedbythehorizon
TDMA
• TDMA(TimeDivisionMultipleAccess)isatechnologyusedindigitalcellulartelephonecommunication
• Divideseachcellularchannelintothreetimeslotsinordertoincreasetheamountofdatathatcanbecarried
CDMA
• CodeDivisionMultipleAccess• AcompetingcellphoneservicetechnologytoGSM• OriginallydesignedbyQualcommintheU.S.• PrimarilyusedintheU.S.andportionsofAsiabyothercarriers• Usesa“spread-spectrum”technique
• electromagneticenergyisspreadtoallowforasignalwithawiderbandwidth
GSM
• GlobalSystemforMobilecommunications• AvariantofTDMA• Worldwidethemostpopularcellulartechnology
• 80%oftheworldusesit
• NotusedintheUSA
SiteSurvey
• Physicalvisitandwalkthroughofanexistingorpotentiallocation• Usedtoidentifyexistingorpotentialchallengestoinstallingthenetwork
• Awirelesssitesurveyfocuseson:• Requiredcoverage• Antennaplacementanddesign• Cabledistances• Powerdistributiontoaccesspoints• Placementofwirelesscontrollers• PhysicalobstructionstoRFsignal• PotentialRFI/EMIinterferencesources
PredictiveSiteSurvey
• Avirtualsurveyofasite• Usesrelevantinformationaboutthesitetoplanthewirelessnetwork• Savesmoneyoverthetraditionalsurvey• Makesassumptionsandmaymissactualphysicalissues
1.10Summarize
CloudConceptsandtheirPurposes
• TypesofServices• CloudDeliveryModels• SecurityImplications/Considerations
WhatisaCloud?
• Aserviceprovider’sdatacenter• CustomersconnectovertheInternetviabrowserorVPN• Assets/servicesarevirtualized• Customerscanputdesireditemsinashoppingcartandquickly“standthemup”
• TherearethreeprimarycategoriesofCloudservices:• Software-as-a-Service(SaaS)• Platform-as-a-Service(PaaS)• Infrastructure-as-a-Service(IaaS)
Software-as-a-Service(SaaS)
• Typicallyofferedasasingleinstanceofasingleapplication• AMicrosoftSQLdatabase• Oneemailserver/system
• Softwareislicensedonasubscriptionbasisandcentrallyhostedbythirdparty
• Theprovidertakescareoftheconfigurationandmaintenanceoftheservice
• Thecustomercustomizesthedeploymentfrompre-configuredsetofoptions
• Thismodelistheleastcomplexfromthecustomer’sperspective
Platform-as-a-Service(PaaS)
• Acloudcomputingmodelinwhichathird-partyproviderdeliversandmaintainsaplatform(usuallyaserverwithoperatingsystem)forthecustomertodevelop/buildandruntheirownserviceon
• Savesthecustomerfromhavingtoinstallandmaintainin-househardwareandsoftware
• Thecustomerchoosesthedesiredlevelofperformance,whichtheprovidertranslatesinternallytoacertainamountofhardware
• Thecustomerisusuallyresponsiblefortheconfigurationoftheoperatingsystemandapplication
• Usedpredominantlyforapplicationdevelopmentanddeployment
Infrastructure-as-a-Service(IaaS)
• Athird-partyhoststheinfrastructurecomponentsconventionallypresentinanon-premisesdatacenter,includingservers,storageandnetworkinghardware,redundancyandvirtualization
• Usuallyincludesbilling,monitoring,logaccess,security,loadbalancingandclustering,storageincludingbackups,replicationandrecovery
• Thecustomeriscompletelyresponsibleforchoosing,configuring,securing,andutilizingallcomponents
• Requiresahighlearningcurve• Thisisthemostcomplexmodelfromthecustomer’sperspective
Otheras-a-ServiceTypes
• XaaS– EverythingasaService• Anycombinationoftools,products,ortechnologiesthataprovidercanofferfromtheircloud
• SometimesusedasanumbrellatermtoencompassSaaS,PaaS,andIaaS
• DBaaS– DatabaseasaService• SaaSthatspecificallyfocusesondatabases
• DaaS– DesktopasaService• VDIvirtualdesktopswithappspre-installed• Userstemporarilydownloadtotheirdevice
Otheras-a-ServiceTypes
• SECaaS– SecurityasaService• Providerintegratestheirsecurityservicesintoyourcorporateenvironment
• IDaaS– IdentityasaService• Cloud-basedsinglesignonauthenticationandaccesscontrol
• CaaS– CommunicationasaService• VoIP,InstantMessaging,collaboration,videoconferencing
• MbaaS– MobileBackendasaService• Allowswebandmobileappdeveloperstolinkapplicationswithbackendcloudapplicationsandstorage
• MaaS– MalwareasaService• Rentabotnet(“stresser”)• NottobeconfusedwithMobilityasaServiceorMonitoringasaService
TrydoingaGooglesearchfor“networkstresser”
PublicCloud
• Aserviceprovidermakesresources,suchasvirtualmachines(VMs),applicationsorstorage,availabletothegeneralpublicovertheInternet
• Publiccloudservicesmaybefreeorofferedonapay-per-usagemodel
• Themaindifferencebetweenpublicandprivatecloudsisthattheindividualororganizationisnotresponsibleforanyofthemanagementofapubliccloudhostingsolution
• Thedataisstoredintheprovider'sdatacenterandtheproviderisresponsibleforthemanagementandmaintenanceofthedatacenter
PrivateCloud
• Aprivatecloudisacloudcomputingmodelthatinvolvesasecurecloudbasedenvironmentwhereonlythespecifiedorganizationcanaccessitsresources
• Datacentermaybewhollyin-houseonthecompany’spremises,orprovidedbyathirdparty
• Privatecloudservicescanvaryconsiderablyfromatechnicalaspect,thereforeitisusuallycategorizedbythefeaturesthattheyoffertotheirclient
Hybrid
• Hybridcloudisacloudcomputingenvironmentwhichusesamixofon-premises, privatecloud,andthird-party, publiccloudserviceswithadaptationbetweenthetwoplatforms
• Byallowingloadstomovebetweenprivateandpubliccloudsascomputingneedschange,thehybridcloudgivesorganizationsgreaterflexibilityanddatadeploymentoptions
RelationshipbetweenLocalandCloudResources• ThetraditionalITmodeladvantagesanddisadvantages
• Advantages:Verysecure/fullcontrolofapplicationsanddata• Disadvantages:OwnHardware/upgrades,software/upgrades,power/issues,redundancyandbusinesscontinuity,largein-houseITdepartment
• Cloudcomputingmodeladvantagesanddisadvantages• Advantages:Flexibilityandscalabilitywithhardware,software,powerissues,redundancyandbusinesscontinuityarehandledbyvendor,andsmallerITdepartment
• Disadvantages:Securitymightbeaprimaryconcern,expertisewithapplicationneeds
CloudConnectivityMethods
• Webportal– customeraccessesthecloudthroughawebsite• VPN– customermakesaVPNconnectionovertheInternettothecloudsystem
• PubliccloudservicesmayofferVPNappliancesornativeVPNthroughthenetworkservicescontrol
• Directconnection- Amorepredictableconnectionmightbedirectprivateconnectionviaco-locationfacilities
• Referredtoascloudhotels,cloudproviderspartnerwithlargedatacenterproviders• DirectconnectionscomeintwoEthernetspeedsof1Gbpsor10Gbps
• Telcomanaged– IndividualsororganizationshaveawidervarietyofconnectivitywithTelcoproviders
• TelcoprovidersofferMPLSandEthernetconnectionoptionsandavarietyofcontractlengths
CloudSecurityImplications/Considerations
• Youarenotincontrolofyourdata• Theprovidermusthavegoodcontrolsandassurancesinplace• Youwillneedtoimplementcompensatingcontrolstocoveranygapsdiscoveredintheprovider’ssecurity
• Youwillberesponsibleforthesecurityofanyaspectofthecloudthatyouarepermittedtoconfigure
IaaSSecurityImplications/Considerations
• Similartotheconcernsofatraditionalcorporatedatacenter• Youthecustomerwillberesponsibleforallaspectsofsecurityatalllevelsofyournetwork
• Providerisresponsibleforsecurityofphysicalequipmentandpersonnelthatmaintainsthephysicalequipment
• Youthecustomerareresponsibleforensuringcompliancestandardsareevaluatedandmet
• Anauditorwillneedtobeabletodetermineifcompliancerequirementsaremet
PaaSSecurityImplications/Considerations
• Theproviderisresponsibleforphysicalequipmentandplatform/systemavailability
• Youthecustomerareresponsiblefor:• Anyapplicationsyouhaveconfiguredonthatplatform• Monitoringaccessandusage• Keepingtrack ofregulatorycompliance
• Oneofthefeaturesyouwillhavetodecideoniswhetherornotyouwillinclude(andpayfor)redundancy
SaaSSecurityImplications/Considerations
• Theproviderisresponsibleformostofthesecurity• Youthecustomerarefocusedonapplicationconfigurationanddataprotection
• Youarealsolikelytobeconcernedwithmaintaining:• IdentityandAccessManagement(IAM)controls(e.g.,singlesign-onandfederation)
• Dataprotection technology(e.g.,datalosspreventionandencryption)
• Youmightchoosetointegrateyouron-premisesdeploymentwiththeSaaSdeployment
DomainNameSystem
• MapsIPaddressesto“friendly”hostnames• Existsforhumanconvenience• AllowsIPaddressestochange• Placesallorganizationsinasinglehierarchy• Usesahierarchicalnamingscheme• Distributeddatabasemanagementandnamelookuppermitsorganizationstomanagetheirownrecords
DNSHierarchicalStructure
• TheDNShierarchyiscomprisedofthefollowingelements• RootLevel,TopLevelDomains,SecondLevelDomains,Sub-domain,andHosts
• TheDNSrootzoneisthehighestlevelintheDNShierarchytree• Itanswerstherequestsforrecordsintherootzone• ProvidesalistofauthoritativenameserversfortheappropriateTLD(top-leveldomain)
• Theyarethefirststepinresolvingadomainname
• ThenextlevelintheDNShierarchyisTopleveldomains(therearemany)
• Theyareorganizationalhierarchyandgeographichierarchy
Hierarchycontinued
• ThenextlevelintheDNShierarchyisTopleveldomains(therearemany)
• Theyareorganizationalhierarchyandgeographichierarchy
• ThenextlevelintheDNShierarchyistheSecondLevelDomains• Thisincludesthemainpartofthedomainname
• Thesub-domainisthenextlevelintheDNShierarchy• Thesub-domaincanbedefinedasthedomainthatisapartofthemaindomain
• Theonlydomainthatisnotalsoasub-domainistherootdomain
DNSHierarchy
.com
Root “.”
.net .org .edu .uk
ituonline google comptia
europe americas
A50.57.255.51www.ituonline.com
MX192.168.45.67mail.ituonline.com
I’mdelegatingyoutomanage
europe.comptia.orgdatabase
PointerstoTLDNSservers
TopLevelDomains
Domains
Sub-domains
americas.comptia.orgrecordsareintheparentcomptia.org
database
DNSProcess
.comDNS Server
192.168.1.52 mail.company.com192.168.1.68 www.company.com
company.comDNS Server
Root (“.”) DNS Server
Local DNS Server
DNS Client
“I need the IP address for www.company.com.”
“Please hold while I retrieve the information
for you.”
“Ask the .com server –here’s its address.”
“Ask the company.com server – here’s its address.”
“Yes I have it. Here it is.”
“www.company.com?”
DNSProcess(cont’d)
.comDNS Server
company.comDNS Server
Root (“.”) DNS Server
Local DNS Server
DNS Client
“Thanks.”
“Here you go.”192.168.1.52 mail.company.com
192.168.1.68 www.company.com
192.168.1.52 mail.company.com192.168.1.68 www.company.com
A,AAAA
• ThemostbasictypeofDNSrecord• MapfriendlynamestoIPaddresses• TheAAAA(alsoquad-Arecord)specifiesIPv6addressforgivenhost
• ItworksthesamewayastheArecord
CanonicalName(CNAME)
• Domainnamealiases• ComputersontheInternetoftenperformsmultiplerolessuchasweb-server,ftp-server,chat-serveretc..
• Tomaskthis,CNAMErecordscanbeusedtogiveasinglecomputermultiplenames(aliases)
• Forexample,aservermaybebothaweb-serverandanftp-server,sotwoCNAMErecordsconfigured
• YoualsoneedtheoriginalArecordtofindouttheactualIPaddressofthehost
• TheCNAMErecordspointtotheArecord• Thisway,youonlyneedtoupdateonerecordiftheIPaddresschanges
MailExchanger(MX)
• Usedtospecifythee-mailserver(s)responsibleforadomainname• EachMX-recordpointstothenameofane-mailserverandholdsapreferencenumberforthatserver
• Ifadomainnameishandledbymultiplee-mailservers,aseparateMX-recordisusedforeache-mailserver
• YoualsoneedtheArecordtoknowtheactualIPaddressoftheserver
NameServer(NS)
• TheDNSserversthatareauthoritativeforazone• Haveacopyofthedatabase
• AzoneshouldcontainoneNS-recordforeachofitsDNSservers(primaryandsecondaryservers)
• Thisisimportantforzonetransfer(replication)purposes
• NSrecordshavethesamenameasthezoneinwhichtheyarelocated.• AveryimportantfunctionoftheNS-recordisdelegation
• ADNSserverthatishigherupinthenamespacetreepointsdowntothenextDNSserverthathastherecordsforanindependentchilddomain
• Forexample,the.comDNSserverdelegatescontroltotheMicrosoft.comserver
Service(SRV)
• Specifiesthelocationofaservice• Therecordismadeof3parts:
• Service• Protocol(usuallyTCP/UDP)• Domainname
• AcommonimplementationisinActiveDirectory• SRVrecordspointtothedomaincontrollersresponsibleforthevariousroles
Pointer(PTR)
• Usedforreverselookups• MapsIPaddressestofriendlynames
• ThereverseofwhatA-recordsandAAAA-recordsdo
• AnIPv4PTRrecordshowstheIPaddressinreverse,with"in-addr.arpa"appendedtotheend
• AnIPv6PTRrecordshowseachhexdigitoftheIPaddressinreverseorder• dotsbetweeneachdigit• "ip6.arpa"appendedtotheend
• PTRrecordsareoftenusedforsecurity• AnodeusinganIPaddressmustbeabletoidentifythedomainit’sfrom
TXT(SPF,DKIM)• TXT(Text)recordscontainfreeformtextofanytype
• AfullyqualifieddomainnamemayhavemanyTXTrecords• TXTrecordsusuallyeasilyreadinformationaboutaserver,network,datacenter,orotherinformation
• ThemostcommonusesforTXTrecordsare:• SenderPolicyFramework(SPF)• DomainKeys(DK)• DomainKeysIdentifiedE-mail(DKIM)
• AnSPFrecordisatypeofDNSrecordthatidentifieswhichmailserversarepermittedtosendemailonbehalfofanorganization
• DKsareadeprecatede-mailauthenticationsystem• Verifythedomainnameofane-mailsenderandthemessageintegrity
• DKIMisanemailauthenticationmethoddesignedtodetectemailspoofing
Internalvs.ExternalDNS
• AnExternalDNSservercontainsonlyrecordsthatthegeneralpublicneedstoknow:
• Webserver• Mailexchanger• PublicDNSservers
• AnInternalDNSservercontainsalloftheprivateDNSrecordsthatthecompanyuses(foralloftheinternalserversandresources)
• ItmightalsoincludepublicrecordsforinternalclientsthatneedtogoouttotheInternettoaccessthoseservices
Third-party/Cloud-hostedDNS
• YoucanoutsourcethemanagementofyourDNSserverstoathirdparty• Mostcommonlydoneforpublicrecords• Alsodoneaspartofaclouddeployment• Advantages:
• Fasterresolutionofexternalfacingservers• Internaltoexternalresolution• Bettersecurityandprotectionagainstnewestthreats• Redundancytoavoidsingle-pointsoffailure
• Disadvantages:• Youmightnothavedirectcontrolovertherecords• Youmighthavetorequesttheproviderupdatetherecordsforyou,resultingindelaytimes
Forwardvs.ReverseLookup
• Forwardlookup=youknowthenamebutyouneedtheIP• Reverselookup=youknowtheIPbutyouneedthename• NslookupisausefulcommandlinetooltoqueryaDNSserver
• Itusesreverselookups• Youwon’tbeabletouseittoqueryaDNSserverthatdoesnothaveareverselookupzoneconfigured
DNSStatistics
• 13DNSRootNameServers• Currently1528TLDshttps://en.wikipedia.org/wiki/List_of_Internet_top-level_domains#N_%E2%80%A6_O
• ~330.6milliondomainnameshttps://blog.verisign.com/domain-names/verisign-domain-name-industry-brief-internet-grows-to-330-6-million-domain-names-in-q1-2017/
MostDomainRegistrationsbyTLD
https://blog.verisign.com/domain-names/verisign-domain-name-industry-brief-internet-grows-to-330-6-million-domain-names-in-q1-2017/
DHCPDORALeaseProcess
• Layer2Broadcast• Leasecanbelimitedtimeorindefinite
• Leasewillinclude:• IPAddress• SubnetMask
• Leasecanincludeoptions:
• DefaultGateway• DNSServer(s)• DNSDomainName• Otheroptions
DISCOVER
OFFER
REQUEST
ACK
DHCPCLIENT DHCPSERVER
MACReservations
• YoucanreservespecificIPaddressesinaDHCPpoolforparticularhosts
• BasedonMACaddresses• Whenthehostbroadcastsadiscovermessage,theDHCPservercheckstoseeifitsMACaddressmatchesanyofthereservations
• ThisensuresthatthesameMACalwaysgetsthesameIPaddress• UsefulifyouneedtoensurethatserversalwayshavethesameIPaddress,butthatotherDCHPconfigurationoptionsmightbeupdated
DHCPPool
• AblockofavailableIPaddressesforaparticularDHCPscope• Mayormaynotincludetheentirerangeofpossibleaddressesforthatsubnet
• Probablyhasafewaddressesexcludedfromthepool
IPExclusions
• IPaddressesinasubnetrangethataresetasideforstaticconfiguration
• Ensuresthattheseaddressesarenotaccidentallyleasedouttoclients• Exclusionsoftenincludethefirst10,20,orevenmoreIPaddressesinasubnet
• Theseaddressesarethenusedtostaticallyconfiguretherouter,switches,servers,printers,etc..
ScopeOptions
• ADHCPscopeisasetofconfigurationsforaparticularnetworksegment• Thescopeisdefinedbyitsbasenetworkaddressandsubnetmask• Scopeoptionsareadditionalinformationfortheclients:
• Addressofthedefaultgateway• Domainnametobeused(afavoritetechniqueofISPs)• AddressoftheWINSserver(deprecatedMicrosoftLANnameresolutionserver)• NetBIOSnodetype(deprecated)
• Scopesalsohaveotherconfigurationoptionssuchasleasetime,reservations,andexclusions
• ADHCPserverwillhaveonescopeforeachnetworksegment/subnetitservices
DHCPLeaseTime
• Thelengthoftime(indaysorhours)thataclientmayusetheIPaddress
• Theclientisresponsibleforenforcingtheleaseandattemptingtorenewtheleasebeforetheleasetimeisup
• Ifaclientdoesnotrenewitslease,theDHCPservermarkstheaddressaspotentiallyunused
• EventuallytheIPaddressisreturnedtothepoolforanotherclienttouse
DHCPProcessTimetoLive(TTL)• DuringtheleaseprocessaDHCPclientsendsarequestforIPinformation
• IfnoDHCPserverrespondstotheclientrequest,theclientsendsDHCPDiscovermessagesatintervalsof0,4,8,16,and32seconds,plusarandomintervalofbetween-1secondand1second.
• IfthereisnoresponsefromaDHCPserverafteroneminute,theclientcanproceedinoneoftwoways:
• IftheclientisusingtheAutomaticPrivateIPAddressing(APIPA)alternateconfiguration,theclientself-configuresanIPaddressforitsinterface.
• Iftheclientdoesnotsupportalternateconfiguration,suchasAPIPA,orifIPauto-configurationhasbeendisabled,theclientnetworkinitializationfails
DHCPRelayAgent/IPhelper
• AhardwaredeviceorsoftwareprogramthatcanpassDHCPorBOOTPmessagesbetweenDHCPclientsandservers
• NecessaryiftheDHCPserverisonadifferentsubnetfromitsclients• MostrouterscanbeconfiguredasDHCPrelayagents
NetworkTimeProtocol(NTP)
• Usedtosynchronizetheclocksofcomputersoveranetwork• TheNTPclientinitiatesatime-requestexchangewiththeNTPserver,thencreatesalink
• Oncesynchronized,theclientupdatestheclockaboutonceevery10minutes,usuallyrequiringasinglemessageexchange
• NTPservers,ofwhichtherearethousandsaroundtheworld,haveaccesstohighlypreciseatomicclocksandGPSclocks
• AtypicalimplementationistohavealocalNTPserver• Synchronizeswithapublicservice• Thensynchronizesallinternalservers• ActiveDirectoryPDCEmulatordomaincontrollerisanexample
NTPEnterpriseTimeCoordination
TheU.S.NavalObservatoryAlternateMasterClockatSchrieverAFB(Colorado)
NISTCesiumFountainAtomicClock
Stratum0
Stratum1YourADPDCorrouter
Stratum2DevicesthatsynctoStratum1
Stratum3DevicesthatsynctoStratum2
InternetProtocolAddressManagement(IPAM)• AmethodofautomaticallytrackingandmanagingIPaddressusageinyourenterprise
• Youcanmonitorandascertain:• FreeIPaddressspaceexists• Subnetsthatareinuseareasexpectedandwhoisusingthem• ThestatusofeachIPaddress(permanentortemporary)• Defaultroutersthatthevariousnetworkdevicesusethem• ThehostnameassociatedwitheachIPaddress• ThespecifichardwareassociatedwitheachIPaddress