Saturday, May 4, 2013

CCNA Review 02

In this review article we are going to go back to revisit some of the network fundamentals that sums up the operation of the network from a bird's eye view.

An IP address is a Layer 3, Logical address that is 32-bits in length. As such, it can be represented in four dot-separated decimal octets with each octet having a value between 0 and 255. As IP addresses are used for end-to-end path determination, it must be universally unique (and as for private addresses, locally unique). An example of an IP address is:

IP addresses are typically coupled with a subnet mask. A subnet mask is a 32-bit mask, represented the same way as the IP address (in four dot-separated decimal octets). The most striking thing about the subnet mask is that it is made up of contiguous 1s, as such: (Binary 11111111.11111111.00000000.00000000) (Binary 11111111.11111111.11000000.00000000) (Binary 11111111.11100000.00000000.00000000)

Subnet masks can be represented by its octet form, or more conveniently (and professionally), the CIDR format (Classless Inter-Domain Routing, but pronounced "sider"). The CIDR format is a representation of the number of 1s in the subnet mask. Using the same example: (CIDR /16) (CIDR /18) (CIDR /11)

So far we've talked about how a subnet mask is represented but not what it does. A subnet mask is actually used to allow a host to know what network it is in, and whether another host it is communicating to is locally accessible (in the same network as itself) or foreign (requiring a router to reach).

The subnet mask in a router allows it to accurately build its routing table to reflect the actual networks that are available. For example, the network and networks may be at different places. Without the subnet mask (as per RIPv1), routers would assume its an address to its classful boundaries and wrongly reflect it as a route.

For example, we have a host with a subnet mask of From this, we can tell that the host is in the network by performing a logical AND between the host address and its subnet mask. It is the 10th host in the network.

Suppose that our host wants to reach It would first perform the logical AND between the subnet mask and the target address. The result is, which it concludes to be in the same network.

If the host wants to communicate with, it would attempt to apply its own subnet mask to the address. In this case, he'll see it as (which may not be the actual network that the host is in), and conclude that the target is outside its local network.

For communications in the local network, upon confirmation that the target is local, a host would send out an ARP request to resolve the target's MAC address. A MAC address is another type of addressing, 48-bits long, represented as a set of 12 hexadecimal characters. MAC formatting varies from pair-grouped (11-22-33-44-55-66) to quartet-grouped (1122-3344-5566). The delimiters vary typically between the period (.), colon (:) and the hyphen (-).

MAC is a Layer 2 (Ethernet) physical addressing that switches use to switch frames between its ports. Switches does not see the IP address. The MAC header contains the source and destination port, which allows switching of packets from point-to-point.

As previously mentioned, an ARP request is used to resolve a MAC address. Once the source host has the destination host's MAC address, communication through an Ethernet network can begin.

If on the other hand, the host discovers that the target is actually outside of its network, it would need to find a way to it. It would first check its internal routing table, and if there are no entries available, the request would be send through its default gateway. In this case, instead of ARP-ing for the target host, it would ARP for the MAC of the default gateway. The MAC is used as a means to get from point-to-point, and it changes as it passes through routers, but the IP address will remain the same end-to-end.

Notice that we've been talking about ARP. What exactly is ARP? ARP stands for Address Resolution Protocol, which is used to resolve a target's MAC from its IP. ARP contains four important fields, the SHA (Sender Hardware Address), SPA (Sender Protocol Address), THA (Target Hardware Address), TPA (Target Protocol Address). Suppose that A wants to communicate with B in a local network, A would need to find B's MAC using the following ARP Request.

Frame Header - MAC Source: A, MAC Destination: BROADCAST
SPA - A's IP
TPA - B's IP

There are three common types of messages:
Unicast - One-to-One communication
Broadcast - One-to-All communication
Unicast - One-to-Group communication

All hosts would receive this request because it is a broadcast message and they would check if the TPA is referring to them. It would be dropped if it is not intended for them. Otherwise, it would send the following reply:

Frame Header - MAC Source: B, MAC Destination: A
SPA - A's IP
TPA - B's IP
(Notice that SHA/THA are not the fields used for switching in the frame header).

Take a typical scenario:

Suppose that A wants to communicate with B. It would first check if B is in the same subnet as itself. If it is not, it would attempt to send the request through the router R1. Before it could do that, it would need to perform an ARP to find out the MAC of the router. Once that is done, the packet with the following header would be sent out. At point v, it would be as such:

Upper Layers and Data
Source IP - A's IP
Destination IP - B's IP
Source MAC - A's MAC
Destination MAC - R1's MAC
 The switch receives it and if it is the first time it is receiving the destination MAC (i.e. it doesn't know where the router is), it would send it out on all ports as if it were a broadcast. (The returning packet from the router would allow the switch to know its location later on) The packet exiting at wire w will be exactly the same as the one on v.

Each network is typically a broadcast domain. Networks are connected by switches, and daisy-chained switches. Routers are used to separate networks, so each interface of the router represents a broadcast domain. Routers are seen as separators that stop broadcast traffic from traversing between networks, which is really useful when dealing with large networks with large volumes of broadcast traffic.

Once the router receives it, it first checks that the MAC is intended for it. It begins processing the IP header and finds out that it is actually not the final recipient. It begins to check its routing table for the correct destination and either send it to a default route or the correct next-hop router. In this case, R1 will determine that R2 is the next hop. It rebuilds the frame's MAC header portion as such, leaving the other things intact:

Upper Layers and Data
Source IP - A's IP
Destination IP - B's IP
Source MAC - R1's MAC
Destination MAC - R2's MAC

R2 does the same and finds out that B's network is actually connected to it from the y wire. Therefore it forwards it out of that port after rebuilding the  MAC header as shown:

Upper Layers and Data
Source IP - A's IP
Destination IP - B's IP
Source MAC - R2's MAC
Destination MAC - B's MAC

If B hasn't communicated with the network before, the switch would again send it out as if it were a broadcast. B receives it and finds out that the MAC destination and IP destination is itself (the frame is intended for it), so it processes it further.

Since we're on the topic of IP addresses, let's talk about how IP is assigned to a host. There are two ways that a host can get an IP. The simplest but most non-scalable way is through static addressing. Static addressing is when a network administrator manually enters a static (unchanging) IP for each computer. Another way is to set up a DHCP server to perform dynamic IP address. The DHCP server automatically assigns IP addresses based on a range/pool that is allocated to it. Addresses are leased for a time period and if it is not used it will be taken back and reassigned to another client. The client requests it when it boots up / is connected to the network. It sends out a broadcast message requesting for DHCP and if a server is in the local network it would reply with an address.

However, because broadcast traffic is local to the network, would it therefore mean that there must be a DHCP server in every network? That could work, but there is something known as the "DHCP Relay" which allows certain broadcast messages in a subnet to be forwarded as a unicast to a DHCP server centrally managed elsewhere. In this case, the router can be set up as a DHCP Relay (via the "ip helper-address x.x.x.x" command, which will be reviewed in a later article). The DHCP server would then be set up with multiple pools, and it will assign an address (send it back to the router) based on the source interface the DHCP Relay is sending from.

A single host can have one or multiple NICs with one or multiple IP addresses per NIC connected to one or multiple networks. This is known as multihoming and allows separation of services on a single server or load balancing in the case of multiple NICs.

IP addresses come in three common classes, and two more uncommon classes. Class of the address is determined by the first octet. The classes are:
A - 1-127.x.x.x
B - 128-191.x.x.x
C - 192-223.x.x.x
D (Multicast) - 224-239.x.x.x
E (Experimental) - 239-255.x.x.x

Addresses can be public or private. Public addresses are Internet routable and it is registered/assigned by the IANA. Private addresses are freely usable but must be translated through NAT/PAT before it can be routed into the Internet (reviewed in a later article).

Private addresses blocks are allocated as shown:
A - ( to
B - ( to
C - ( to

There are also special address ranges to note: is reserved for Loopback addresses, but typically only is used widely. is reserved for autoconfiguration addresses when a host is unable to obtain an IP address from a DHCP server.

Cisco's guidelines for a network is 500 maximum hosts or the broadcast messages will be too much to handle. Subnetting is used to split large networks into smaller, manageable ones. For example, if we are given a network, we can make four /26 networks as shown:

This process is known as subnetting, which would be covered in a future article.

No comments :

Post a Comment