DS3 interfaces on a Cisco 7000 series router.
|
DS3 interfaces on a Cisco 7000 series router. |
|
|
Table of contents, → indicates a link to a dedicated page.
This academic model organizes any look at network protocols. Remember this by reading from bottom to top:
|
Advice |
Application | |
| People's | Presentation | |
| Sales' | Session | |
| Take | Transport | |
| Not | Network | |
| Do | Data-Link | |
| Please | Physical |
| Application | Let's be honest: The top three layers are pretty much academic. Practical implementations like TCP/IP leave this to the application itself. Some network applications like NFS really have seven or so layers, analogous to these, but they are the exception! |
| Presentation | |
| Session | |
| Transport | Deals with end-to-end process addressing using ports. TCP is a connection-oriented protocol, UDP is a message-passing protocol. |
| Network | Route a packet from its source to its destination, including hops through routers across multiple networks. IP is the protocol. |
| Data Link |
Data link layer
uses hardware addresses (also called
MAC addresses or physical addresses) to
transmit
a frame across a network link. Physical layer is physics and electrical engineering — how to modulate electrical signals and photons to send zeros and ones. Both these layers are done in the network interface. ARP is a protocol mapping MAC address to IP address. |
| Physical |
Typical racks of network equipment: switches, routers, and WAN interfaces.
This is where you program your collection switches to partition themselves into multiple virtual LANs. The switch only forwards frames between ports on the same VLAN. Put another way, each VLAN is its own broadcast domain. It also has a unique logical IP address block. You can reconfigure which VLAN a physical port belongs to, and effectively move a host to a new LAN without changing any cabling.
The packets have to pass through a router to travel between VLANs. The VLANs logically partition the large physical LAN to increase security. Routers can forward packets between VLANs, but only subject to any packet filtering rules. This leads to the odd looking situation of a router with multiple Ethernet interfaces plugged into the same switch.
Multiple switches can be connected via a trunk connected to specially designated ports. Cisco switches can run the proprietary DTP Dynamic Trunking Protocol to manage the VLAN configuration.
a = port on VLAN "a" }
b = port on VLAN "b" }- three activities done in each of three rooms
c = port on VLAN "c" }
T = trunking port
room 1 room 2 room 3
+--------------+ +--------------+ +--------------+
| Switch #1 | | Switch #2 | | Switch #3 |
|abcaaaabbbbccT| |TaaaabbbbbbccT| |Taabbbbccccccc|
++++++++++++++++ ++++++++++++++++ ++++++++++++++++
+---------+ |||||||||||||| |||||||||||||| ||||||||||||||
| a+-+||||||||||||+------+||||||||||||+------+|||||||||||||
| router b+--+||||||||||| ////|||||||| //|||||||||||
| c+---+|||||||||| //// |||||||| // ||||\\\\\\\
+---------+ ////||||\\ //// ||||||\\ VLAN a |||| \\\\\\\
//// |||| \\ VLAN a |||||| \\ |||| \\\\\\\
//// |||| \\ VLAN b VLAN c VLAN b VLAN C
VLAN a VLAN b VLAN c
Firefox users may find that "monospace" isn't really a constant-width
font, and Courier works much better for ASCII art.
In the above example, every host on VLAN "a" is directly connected to every other VLAN "a" host and can send a frame directly across the trunked switches. But to send a packet to host on VLAN "b" or "c", it would see the destination's IP address was on another logical network (see below for IP routing details), and it would send it to the router port on VLAN "a". The router would then send the packet directly across the other VLAN from its port connected to the appropriate VLAN.
Consider the complicated alternative required if you used simple switches that did not support VLAN. VLAN-capable Cisco 2900-XL 100 Mbps switches are available used on eBay for $30-60 each including shipping:
room 1 room 2 room 3
+----------+ +----------+ +----------+
|Switch #1a| |Switch #2a| |Switch #3a|
| aaaaaaaa | | aaaaaaaa | | aaaaaaaa |
+--------+ +-++++++++-+ +-++++++++-+ +-++++++++-+
| | |||||||| |||||||| ||||||||
| +--------+||||||+--------------+||||||+--------------+|||||||
| | aaaaaa aaaaaa aaaaaaa
| router +----+
| | | +----------+ +----------+ +----------+
| +--+ | |Switch #1b| |Switch #2b| |Switch #3b|
| | | | | bbbbbbbb | | bbbbbbbb | | bbbbbbbb |
+--------+ | | +-++++++++-+ +-++++++++-+ +-++++++++-+
| | |||||||| |||||||| ||||||||
| +---+||||||+--------------+||||||+--------------+|||||||
| bbbbbb bbbbbb bbbbbbb
|
| +----------+ +----------+ +----------+
| |Switch #1c| |Switch #2c| |Switch #3c|
| | cccccccc | | cccccccc | | cccccccc |
| +-++++++++-+ +-++++++++-+ +-++++++++-+
| |||||||| |||||||| ||||||||
+-----+||||||+--------------+||||||+--------------+|||||||
cccccc cccccc ccccccc
A rack of Cisco 3600 and 2600 routers forwarding packets based on their destination IP addresses.
In order to understand IP addresses, netmasks, subnet design, VLSM, CIDR, etc., you should read the 3com paper! Click on Understanding IP Addressing on this page.
If that doesn't work, try this direct link.
If all else fails, search for it at Google
Here is information on your IP address block — a lookup of the DNS PTR record, the network assignment and possibly some routing information:
The key to all this is the following relations of decimal versus binary:
Decimal Binary How the binary is built
0 00000000
128 10000000 (128)
192 11000000 (128 + 64)
224 11100000 (128 + 64 + 32)
240 11110000 (128 + 64 + 32 + 16)
248 11111000 (128 + 64 + 32 + 16 + 8)
252 11111100 (128 + 64 + 32 + 16 + 8 + 4)
254 11111110 (128 + 64 + 32 + 16 + 8 + 4 + 2)
255 11111111 (128 + 64 + 32 + 16 + 8 + 4 + 2 + 1)
Given that, we can build the following table of netmasks:
Useful only for| Useful for subnets | Useful for subnets | Useful for subnets
CIDR blocks | of /8, or for CIDR | of /8 or /16, or for | of any networks
of any networks| blocks of /16 and | CIDR blocks of /24 |
| /24 networks | networks |
| | |
0.0.0.0 /0 | 255.0.0.0 /8 | 255.255.0.0 /16 | 255.255.255.0 /24
128.0.0.0 /1 | 255.128.0.0 /9 | 255.255.128.0 /17 | 255.255.255.128 /25
192.0.0.0 /2 | 255.192.0.0 /10 | 255.255.192.0 /18 | 255.255.255.192 /26
224.0.0.0 /3 | 255.224.0.0 /11 | 255.255.224.0 /19 | 255.255.255.224 /27
240.0.0.0 /4 | 255.240.0.0 /12 | 255.255.240.0 /20 | 255.255.255.240 /28
248.0.0.0 /5 | 255.248.0.0 /13 | 255.255.248.0 /21 | 255.255.255.248 /29
252.0.0.0 /6 | 255.252.0.0 /14 | 255.255.252.0 /22 | 255.255.255.252 /30
254.0.0.0 /7 | 255.254.0.0 /15 | 255.255.254.0 /23 | 255.255.255.254 /31
Note that not all combinations are really useful, apply the follow exceptions.
0.0.0.0 isn't useful for much of anything at all. Plus, those CIDR blocks represented by the first column are awfully big! Unless you're running a backbone, or selling IP space to a continent, you probably won't encounter them.
255.0.0.0, 255.255.0.0, and 255.255.255.0 define the classful /8, /16, and /24, or Class A, B, and C, respectively. They cannot define subnets of their own classful nets.
255.254.0.0, 255.255.254.0, and 255.255.255.254 cannot define subnets of /8, /16, and /24 nets, respectively, as that would only allow one bit for the host number, and that is not allowed by the RFC's.
CIDR is an acronym for Classless Inter-Domain Routing, and relates to higher level abstractions of IP address blocks.
To answer the question, "Does this set of classful network
addresses form a CIDR block",
instead answer the following question.
Is there a netmask /X such that:
If so, the answer is "Yes", and the CIDR block description is the first network address followed by /X.
As an example, this is a CIDR block, divided as indicated:
| Host bits
| ---------
200.201.200.0 = 1100 1000 1100 1001 1100 10|00 xxxx xxxx
200.201.201.0 = 1100 1000 1100 1001 1100 10|01 xxxx xxxx
200.201.202.0 = 1100 1000 1100 1001 1100 10|10 xxxx xxxx
200.201.203.0 = 1100 1000 1100 1001 1100 10|11 xxxx xxxx
<----- 22 constant bits ---->|<- varying ->
CIDR block = 200.201.200.0/22
But this is not a CIDR block:
| Host bits
| ---------
200.201.201.0 = 1100 1000 1100 1001 1100 1|001 xxxx xxxx
200.201.202.0 = 1100 1000 1100 1001 1100 1|010 xxxx xxxx
200.201.203.0 = 1100 1000 1100 1001 1100 1|011 xxxx xxxx
200.201.204.0 = 1100 1000 1100 1001 1100 1|100 xxxx xxxx
<----- 22 constant bits --->|<-- varying ->
The above is not a CIDR block, because not all eight possible combinations of the last three bits of the classful network designations are used, 001, 101, 110 and 111 are missing. But this shows us what would have to be added to make it a CIDR block:
| Host bits
| ---------
200.201.200.0 = 1100 1000 1100 1001 1100 1|000 xxxx xxxx <-- added!
200.201.201.0 = 1100 1000 1100 1001 1100 1|001 xxxx xxxx
200.201.202.0 = 1100 1000 1100 1001 1100 1|010 xxxx xxxx
200.201.203.0 = 1100 1000 1100 1001 1100 1|011 xxxx xxxx
200.201.204.0 = 1100 1000 1100 1001 1100 1|100 xxxx xxxx
200.201.205.0 = 1100 1000 1100 1001 1100 1|101 xxxx xxxx <-- added!
200.201.206.0 = 1100 1000 1100 1001 1100 1|110 xxxx xxxx <-- added!
200.201.207.0 = 1100 1000 1100 1001 1100 1|111 xxxx xxxx <-- added!
<----- 22 constant bits --->|<-- varying ->
CIDR block = 200.201.200.0/21
VLSM stands for Variable Length Subnet Mask, and is used with CIDR.
The best place to look is the 3com paper (see above), but here's a fairly simple example. Let's say you're allocated the /24 address space 200.201.202.0/24, and you have to address hosts on the following networks:
Assign the addresses as below, where bits marked "x" can take all possible patterns other than all zeros and all ones.
Number Final
IP Addresses, Dotted-Quad and Binary Net Base Address of Hosts Octet
--------------------------------------------------------------------------------
200 . 201 . 202 . ???
1100 1000 1100 1001 1100 1010 01xx xxxx 200.201.202.64/26 62 65-126
1100 1000 1100 1001 1100 1010 10xx xxxx 200.201.202.128/26 62 128-190
1100 1000 1100 1001 1100 1010 001x xxxx 200.201.202.32/27 30 33- 62
1100 1000 1100 1001 1100 1010 110x xxxx 200.201.202.192/27 30 193-222
1100 1000 1100 1001 1100 1010 1110 xxxx 200.201.202.224/28 14 225-238
1100 1000 1100 1001 1100 1010 0001 xxxx 200.201.202.16/28 14 17- 30
1100 1000 1100 1001 1100 1010 0000 01xx 200.201.202.4/30 2 5- 6
1100 1000 1100 1001 1100 1010 0000 10xx 200.201.202.8/30 2 9- 10
1100 1000 1100 1001 1100 1010 0000 11xx 200.201.202.12/30 2 13- 14
1100 1000 1100 1001 1100 1010 1111 00xx 200.201.202.240/30 2 241-242
1100 1000 1100 1001 1100 1010 1111 01xx 200.201.202.244/30 2 245-246
1100 1000 1100 1001 1100 1010 1111 10xx 200.201.202.248/30 2 249-250
Final octet for host addresses on each network:
Minimum = final octet of base address plus one
Maximum = final octet of base address plus number of hosts
Final octet for broadcast on each net:
Broadcast = final octet of base address plus one plus number of hosts
Inadequately theoretical for you? Then read the paper by Mikail Atallah and Doug Comer.
Click here for my simple explanation of what IPsec is, what cryptographic security it provides, and a little about how to set it up. For more details:
See http://www.iana.org/assignments/multicast-addresses for the assigned multicast addresses and address blocks.
RFC 1112 describes how to do multicast.
Anycast, on the other hand, is described in RFC 1546 and RFC 4786.
RFC 2460 is the formal specification of IPv6 or Internet Protocol, Version 6. RFC 4291 defines the IPv6 addressing architecture. And RFC 2461, RFC 2462, RFC 2463, RFC 2464, RFC 2465, RFC 2466, RFC 2471, and RFC 2473 address various details and applications of IPv6.
See the NSA's US Patent 6,947,978, "Method for Geolocating Logical Network Addresses". It builds a network latency topology map using latency to and between known nodes.
Check the current Internet backbone activity with the Internet Traffic Report. The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.
Cisco 2514 router, Cisco 2912XL Catalyst switch, Cisco 4500 router
Click here to see how routing works.
Click here to see how NAT (Network Address Translation) works.
An article about virtual Cisco routers and Linux servers:
http://nirlog.com/2007/07/09/simulating-cisco-and-linux-networks/
Dynamips, the Cisco 7200 simulator itself:
http://www.ipflow.utc.fr/index.php/Cisco_7200_Simulator
VNUML (Virtual Network User Mode Linux), the Linux simulator: http://www.dit.upm.es/vnumlwiki/index.php/Main_Page
I was working on this networking project in Japan, and ... Click here to be subjected to them.
A demonstration of how a PHP script on the server can read and reformat the connection information and the client's request: http://www.moanmyip.com/
Including Jessica Simpson's thoughts on open-source routers, Gillian Anderson's on LAN switching, Elizabeth Hurley on the Cisco 2600 series routers, Mr Rogers on the RS-232 standard, and other really odd stuff: http://routergod.com/
If you're curious, look here:
According to the Oxford English Dictionary, it is "an attendant, ministering, or indwelling spirit." Socrates wrote of his daemon as his inner spirit. The designers of daemons in Unix (a concept later ported to most other operating systems) intended this meaning, as pointed out in some manual pages. It's an uncommon word these days, we usually use the Arabic djinn, these days often spelled genie, when we're talking about what used to be called a daemon in the Middle Ages.
|
|
|
|||||||||
|
|||||||||
|
| © Bob Cromwell Sep 2010. Created with /bin/vi and ImageMagick, hosted on OpenBSD with Apache. Root password available here, privacy policy here. |
