1
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
2
Networking Theory
Terms you’ll need to understand:
✓ Open Systems Interconnection
(OSI) model
✓ Peer-to-peer communication
✓ Transmission Control Protocol (TCP)
✓ Internetwork Packet Exchange (IPX)
✓ Split horizon
✓ Holddowns
✓ Triggered updates
✓ Poison reverse
✓ Routing table
✓ Convergence
✓ Routing loop
✓ Distance vector
✓ Link state
✓ Windowing
✓ Acknowledgment
✓ Fragmentation
✓ Maximum transmission unit (MTU)
✓ Handshaking
✓ Termination
Techniques you’ll need to master:
✓ Identifying and describing the
functions of each layer of the
OSI model
✓ Comparing IP and IPX, and
explaining the protocols’ functions
✓ Comparing TCP and UDP, and
explaining the protocols’ functions
✓ Using common routing commands
on Cisco routers
✓ Understanding frame formats for
IP, TCP, UDP, and IPX
2
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
This chapter addresses the CCIE blueprint objectives as laid out by the Cisco
Systems CCIE program. Specifically, the chapter reviews the following topics:
➤ OSI model—Encompasses understanding the functions of the OSI model’s
layers and how each layer compares to the other layers.
➤ General routing concepts—Includes reviewing split horizon, poison reverse, rec-
ognizing the differences between switching and routing, the importance and
techniques of route summarization, comparing link state versus distance vec-
tor protocols, discussing routing loops, understanding tunneling, and review-
ing IP routing tables.
➤ Protocol operation—Includes understanding Windowing/Acknowledgments
(ACK), fragmentation, maximum transmission units (MTU), handshaking,
and termination.
➤ Protocol descriptions and use—Reviews Internet Protocol (IP), IP fragmenta-
tion, Transmission Control Protocol (TCP), User Datagram Protocol (UDP),
and Internetwork Packet Exchange (IPX).
➤ IEEE 802.x standards—Reviews the various 802.x protocol descriptions.
Open Systems Interconnect (OSI) Model
Before discussing any protocols, you need to have a thorough understanding of
the OSI model. This chapter focuses on the function of each layer of the OSI
model. By working through this chapter, you will obtain an understanding of the
functions performed by each layer. If you can understand how each layer per-
forms, then you will be able to understand how a protocol functions. Therefore,
this section focuses on the OSI model and what you, as a potential CCIE profes-
sional, need to know.
OSI Model Structure
The OSI model consists of seven layers and is an international standard that
enables vendors, such as Cisco, to adhere to certain criteria. This will enable, for
example, a Windows PC to communicate with a Unix workstation. Table 2.1
displays the framework of the OSI reference model.
Peer-to-Peer Communication
Each layer of the OSI model has its own function and interaction with the layers
above and below it. Furthermore, there is also peer-to-peer communication be-
tween end devices through each corresponding layer of the OSI model. Peer-to-
peer communication means that each layer of the OSI model uses its own protocol
to communicate with its equivalent peer layer in another system. For example,
3
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
the Transport layer of Device A in Figure 2.1 will communicate with the Trans-
port layer in Device B, assuming there are no intermediate devices. The layers
between the two end stations communicate via protocol data units (PDUs).
In other words, each layer communicates to the corresponding layer above and
below it and also exchanges protocol data units (PDU is an OSI term for a packet)
between end systems. Figure 2.1 shows how each layer of the OSI model pro-
vides services to the layers above and below. The PDU exchanges are represented
by the horizontal lines in Figure 2.1.
Note: Layers 1 and 2 of the OSI model are implemented with hardware. Layers 3
through 7 are implemented in software.
Table 2.1
The OSI reference model.
Layer
Service
Layer 7
Application
Layer 6
Presentation
Layer 5
Session
Layer 4
Transport
Layer 3
Network
Layer 2
Data Link
Layer 1
Physical
Figure 2.1
OSI layer peer-to-peer communication.
Layer
Communication
Application
Presentation
Session
Transport
Network
Data Link
Physical
Application
Presentation
Session
Transport
Network
Data Link
Physical
Peer
Communication
Device A
Device B
4
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
OSI Model Layers
The following sections provide descriptions and typical examples of each OSI
layer. Furthermore, examples of communication methods and functions follow
each layer description.
Layer 1: Physical Layer
The Physical layer consists of standards that describe bit ordering, bit transmis-
sion rates, connector types, and electrical specifications. Information is transmit-
ted as binary bits (ones and zeros). Examples of Physical layer standards include
the following:
➤ RS-232
➤ V.24
➤ V.35
➤ RJ-45
➤ RJ-12
Layer 2: Data Link Layer
The Data Link layer will focus on getting data reliably across any particular kind
of link. Flow control and error notifications are other functions of the Data Link
layer, as well. The Data Link layer applies to all access methods whether they are
LAN or WAN methods. Information being processed at this layer is commonly
known as frames. Examples of data link frame types include the following:
➤ ISDN
➤ SDLC
➤ HDLC
➤ PPP
➤ Frame Relay
Layer 3: Network Layer
The Network layer is used to determine the best path to a destination. Device
addressing, packet fragmentation, and routing all occur at the Network layer.
Information being processed at this layer is commonly known as packets. Ex-
amples of Network layer protocols include the following:
➤ Internet Protocol (IP)
➤ Internetwork Packet Exchange (IPX)
5
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
At the Network layer, a packet is associated with a connection-oriented
protocol, while a datagram is associated with a connectionless protocol.
Layer 4: Transport Layer
The Transport layer is responsible for segmenting upper-layer applications and
establishing end-to-end connections between devices. Other functions of the
Transport layer include providing data reliability and error-free delivery mecha-
nisms. Information being processed at this layer is commonly known as segments.
Examples of Transport layer protocols include the following:
➤ Transmission Control Protocol (TCP)
➤ Novell’s Sequenced Packet Exchange (SPX)
➤ User Datagram Protocol (UDP)
Layer 5: Session Layer
The Session layer performs several major functions, including managing sessions
between devices, and establishing and maintaining sessions. Examples of Session
layer protocols include the following:
➤ Database SQL
➤ NetBIOS Name Queries
➤ NetBEUI
Layer 6: Presentation Layer
The Presentation layer handles data formats and code formatting. The functions
of this layer are normally transparent to the end user, because this layer will take
care of code formats and present them to the Application layer (layer 7) where
the end user can examine the data. Examples of Presentation layer protocols in-
clude the following:
➤ GIF
➤ JPEG
➤ ASCII
➤ MPEG
6
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
Layer 7: Application Layer
The Application layer is closest to the end user, which means that the application
is being accessed by the end user. The major function of this layer is to provide
services to end users. Examples of Application layer services include the following:
➤ File Transfer Protocol (FTP)
➤ Telnet
➤ SMTP
➤ HTML browsers
How Data Flows through the OSI Layers
To get a better understanding of how the OSI layers function, it is important to
know how data flows between the layers. In this section, we’ll trace the data as it
flows through the layers of the OSI model. As you will see in this section, each
layer adds (or encapsulates) some form of header or trailer. (Layer 2, the Data
Link layer, is responsible for adding a trailer.) Figure 2.2 shows the data flow
from Device A to Device B.
Note: The example in Figure 2.2 demonstrates how end user packets (header and data)
flow through the OSI model. The figure assumes there are no intermediate devices.
When the end system receives the unstructured bit stream from the physical
wire, each layer removes the header information applicable to it until the applica-
tion receives the data. The following depicts what occurs in the OSI model’s
layers when an email is sent from Device A to Device B:
1. An application, such as an email program, creates data that will be sent
by an end user, such as an email message. The Application layer (layer 7)
places a header (encapsulation) field that contains information such as
screen size and fonts, and passes the data to the Presentation layer (layer 6).
2. The Presentation layer places layer 6 header information. For example,
the text in the message might be converted to ASCII. The Presentation
layer will then pass the new data to the Session layer (layer 5).
3. The Session layer follows the same process by adding layer 5 header in-
formation, such as information that the Session layer will manage the
data flow, and passes this data to the Transport layer (layer 4).
4. The Transport layer places layer 4 information, such as an acknowledg-
ment that the segment was received in the header, and passes it to the
Network layer (layer 3).
5. The Network layer places layer 3 header information, such as the source
and destination address so the Network layer can determine the best
7
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
delivery path for the packets, and passes this data to the Data Link layer
(layer 2).
6. The Data Link layer places layer 2 header and trailer information, such
as a Frame Check Sequence (FCS) to ensure that the information is not
corrupt, and passes this new data to the Physical layer (layer 1) for trans-
mission across the media.
7. The bit stream is then transmitted as ones and zeros on the Physical
layer. It is at this point that the Physical layer ensures bit synchroniza-
tion. Bit synchronization will ensure the end user data is assembled in
the correct order it was sent.
8. Steps 1 through 7 occur in reverse order on the destination device. De-
vice B collects the raw bits from the physical wire and passes them up the
Application
Presentation
Session
Transport
Network
Data Link
Physical
Application
Presentation
Session
Transport
Network
Data Link
Physical
Data Link
header
(DH)
Data (Bits)
DH
Data
NH
Data
TH
Data
SH
Data
PH
Data
AH
Data
Network
header
Transport
header (TH)
Session header (SH)
Presentation header (PH)
Application header (AH)
Device A
(Sending
Device)
Data
Device B
(Receiving
Device)
Path to Device B
Bits received
by Device B
Data link
trailer
Figure 2.2
End user header and trailer flow.
8
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
Data Link layer. The Data Link layer removes the headers and trailers
and passes the remaining information to the Network layer and so forth
until data is received by the Application layer. Eventually, Device B will
receive an email notification displaying a message to indicate that a new
email message has been received.
Familiarize yourself with the OSI model and each layer’s responsibility.
You should be able to recognize a function of each layer of the OSI
model. The seven layers of the OSI reference model are typically
divided into two categories: upper layers (layers 4 through 7) and lower
layers (layers 1 through 3).
As you can determine from the example of encapsulation, the OSI model pro-
vides a service that allows information to flow smoothly from one layer to an-
other. Eventually, the information will be presented to the end device in a readable
format. Now that we’ve reviewed the OSI model, the next section takes a look at
how packets are sent across a network using a routing algorithm.
General Routing Concepts
Routing simply means moving a packet from one location to another. Routing
uses best-effort delivery and occurs at layer 3 (the Network layer) of the OSI model.
An example of a routing protocol that routes IP is Routing Information Protocol
(RIP). Routing protocols provide the information required to determine the to-
pology of the internetwork and the best path to a destination. A routed protocol
is one that is routed by a routing protocol such as RIP. IP is an example of a
routed protocol. The following sections discuss the differences between a routed
and routing protocol and provide some common examples.
In contrast to routing,
switching is the moving of a frame or frames
from one location to another. Switching occurs at layer 2 in the OSI
model. An example of a switching protocol is transparent bridging.
Note: Chapter 3 describes the available bridging and switching modes available on a
Cisco router.
Routing Vs. Routed Protocols
Routing protocols apply a set of rules to a network topology to determine the best
path to a destination from a given reference point. They also communicate net-
work topology information to other routers in their networks. Routing protocols
build routing tables from the gathered information. Examples of routing proto-
9
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
cols are Open Short Path First (OSPF) and IPX’s Routing Information Protocol
(IPX RIP).
In contrast, a routed protocol is a protocol that contains layer 3 information that
allows it to be moved from one destination to another. Examples of a routed
protocol include IP and IPX.
Routing protocols can be divided into three types—distance vector, link state,
and hybrid. These three routing protocol classifications are discussed in the fol-
lowing sections.
Distance Vector Protocols
Distance vector protocols, such as RIP, determine a path to a network using hop
count as the metric. A hop count is a number that increments each time a packet
traverses a router.
Convergence—the process that ensures all routers in a network have the same
network information as quickly as possible—of distance vector protocols is con-
siderably slower, and periodic updates are sent at set intervals. Figure 2.3 shows
how networks are discovered when using a distance vector protocol.
Each router in Figure 2.3 will have the same IP routing table and will send and
receive periodic updates. Not every routing protocol sends out periodic updates
at the same interval. The distance vector protocol IP RIP sends a periodic update
every 30 seconds.
Link State Protocols
Link state protocols, such as IS-IS and OSPF, create a topology of the network
with each router running that protocol as the root of the tree. Link state proto-
cols implement the shortest path first (SPF) algorithm to determine the path to
a network. The metric used by these protocols is cost, which is determined by an
administrator or calculated by the routing protocol based on a mathematical for-
mula. A network with the lowest cost is chosen as the preferred path to a remote
network. Link state protocols have no concept of hop count. The speed of con-
vergence with link state protocols is much faster when a network change occurs.
This is because a faster algorithm is used and the CPU is heavily utilized to
compute changes rapidly. When using link state protocols, updates are only sent
when a topological change occurs or at an interval set by an administrator.
Link state protocols use hello packets to discover neighbors. A hello packet is an
IP packet sent at regular intervals. When a topology change occurs, a link state
packet is sent to all neighbors with information regarding any new neighbors,
metric changes, or down networks. When a router receives a link state packet, it
records the information in its local database and reconstructs a path to the new
network. If a remote network goes down, the routing table entry will be removed.
10
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
Link state packets are used to notify remote neighbors of available networks. The
aim is to form a link state database that contains all the available networks. The
steps needed to form the database are as follows (Figure 2.4 depicts these steps):
1. Send link state packets to describe the links in a network.
2. Combine link state packets to form a link state database.
3. Run the shortest path first (SPF) algorithm.
4. Create a link tree with the router running the SPF algorithm as the root.
5. Insert networks into the routing table.
Hybrid Routing Protocols
Cisco has created a routing protocol called Enhanced Interior Gateway Routing
Protocol (EIGRP). EIGRP combines the characteristics of both link state and
distance vector routing protocols. This protocol is called a hybrid protocol because
of this combination. A hybrid routing protocol uses distance vector characteris-
tics for choosing a routing path and link state characteristics for changes. EIGRP
maintains neighbor and topology tables instead of a link state database.
Routing Table
show ip route
10.0.0.0/32 is subnetted, 1 subnets
C
10.1.1.1 is directly connected, Loopback0
D
137.10.255.0/24 [90/2681856] via 137.10.253.2, 1w1d, S0
Routing Table
.......
.......
Routing Table
.......
.......
Updates sent and received
Updates sent
and received
Updates sent
and received
Figure 2.3
Learning networks using distance vector protocols.
11
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
Now that you have a general appreciation for routing protocols, let’s talk about
some common routing protocol characteristics.
Common Routing Characteristics
Routing protocols use certain features to ensure that valid routing information is
gathered as accurately as possible and without corruption. This section discusses
IP RIP as an example.
IP RIP is widely used in the Unix industry and is relatively easy to configure and
maintain. To enable RIP on a Cisco router, you simply type the command router
rip and then enable the networks you wish to be advertised with the network
<address> command.
Note: Chapter 6 provides a detailed example of IP RIP operation and
configurations.
One of the main functions of any routing protocol is to discover remote networks
that are reachable via neighboring routers and to converge as quickly as possible.
This ensures that all routers in a network have the same network information.
1. Router R2 sends a
link state packet
advertising the new
Ethernet network.
2. Router R1 receives the link state packet
and installs the new netork into the link
state database.
3. Router R1 runs shortest path algorithm
to determine shortest cost path to the
new network.
4. R1 forms a tree, with itself as the root
of the tree.
5. The new network is inserted into the IP
routing table.
Router R2
activates new
Ethernet network
R1
S0
E0
R2
S0
E0
Figure 2.4
Steps taken by link state protocols to form the link state database.
12
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
When a change occurs, flash or triggered updates are sent, which takes time to
propagate to all routers. The better the convergence time, the more likely net-
work devices will have correct information about all available networks. RIP has
a poor convergence time compared to other protocols, such as OSPF.
IP RIP uses holddowns, triggered updates, split horizon, and poison reverse up-
dates to ensure valid routing updates are sent. When using holddowns, triggered
updates, split horizon, and poison reverse updates, routing protocols (such as IP
RIP) can avoid routing loops, which helps to speed up convergence.
Let’s take a closer look at holddowns, triggered updates, split horizon, and poi-
son reverse updates, as well as summarization.
Holddowns
Holddowns prevent updates about networks that have been altered, disappeared,
or broken from being inserted into a routing table. This, of course, is not the most
accurate routing information, and it should be prevented from being placed in
the routing table. Holddowns ensure that invalid routes are not relearned thus
preventing problems, such as routing loops, within a network, unless the new
route metric is smaller than the original.
Most routing protocols, such as RIP, will base a decision to place a route
into the IP routing table on a metric. In the case of RIP, the network with
the lowest hop count will be chosen.
Triggered Updates
A triggered update is a method used by routing protocols to send updates to neigh-
boring routers outside the normal update interval. Triggered updates are used to
prevent routing loops in networks by sending an update whenever a network
event triggers it. An example of this would be a link going down, which causes a
triggered update.
Distance vector protocols send their full routing table of all active links at set
intervals. In the case of RIP, updates are sent every 30 seconds. What happens if
a network becomes unreachable in between the update interval? In this instance,
a triggered update is used to notify other routers of the network event. This speeds
up convergence time.
Let’s view an example of a triggered update by turning on the following debug
options: debug ip rip and debug ip rip events. Let’s say you have three networks
learned via RIP. Listing 2.1 shows what happens when RIP receives an update
from another IP RIP router. The IOS command show debug in Listing 2.1 also
displays that IP RIP events and protocols updates have been enabled.
13
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
Listing 2.1
Debug IP RIP display.
R1#show debug
IP routing:
RIP protocol debugging is on
RIP event debugging is on
RIP: sending general request on Ethernet0 to 255.255.255.255
RIP: received v1 update from 150.100.1.1 on Ethernet0
150.100.1.0 in 1 hops
0.0.0.0 in 1 hops
199.172.3.0 in 1 hops
199.172.2.0 in 1 hops
199.172.4.0 in 1 hops
Now, let’s say that network 199.172.2.0 goes down. As a result, the triggered
update shown in Listing 2.2 would occur.
Listing 2.2
Triggered update debug output.
RIP: received v1 update from 150.100.1.1 on Ethernet0
0.0.0.0 in 1 hops
199.172.3.0 in 1 hops
199.172.2.0 in 16 hops (inaccessible)
199.172.4.0 in 1 hops
RIP: Update contains 4 routes
Notice that you still get the full routing table, but the network 199.172.2.0 is
marked as inaccessible or with a hop count of 16. This value of 16 tells the router
that the remote destination is no longer reachable and to drop any packets des-
tined for this network. This specification prevents the router from installing the
network in its routing table or sending an update to another router. The router
drops any packets that are received for the network. Therefore, any chance of a
routing loop occurring is prevented.
Distance vector protocols primarily use periodic updates that send the
entire routing table to neighboring routers. Triggered updates are used
when an event occurs outside the normal periodic update interval.
Split Horizon
Split horizon is when a router that has learned of a network (via a route advertise-
ment) from another router and that network will not be re-advertised back to the
sending router. Split horizon is enabled by default on Cisco routers. Split horizon
helps to prevent routing loops by ensuring all routing information is accurate,
which enables information to be properly routed from source to destination.
14
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
Poision Reverse Updates
Poison reverse updates are used in conjunction with split horizon to prevent rout-
ing loops on a larger scale. Poison reverse updates occur when a network is marked
as invalid. For example, when a router receives a route through an interface, it
advertises the same route back out the interface as a poisoned reversed update.
The receiving router receives the invalid entry in the routing table, but with a hop
count of 16, so it removes the network from the routing table. Then, when the
routers converge, the holddown timer expires. In large networks, convergence
takes longer for all routers due to the size of the network. Poison reverse places
networks that have disappeared into an “unreachable state” for a period of time
sufficient enough so that all routers in the network will have the same routing
table through normal convergence.
Other Network Occurences
Some of the more advanced topics of routing include loops and tunneling. A
routing loop is detrimental to an IP network, because the IP packet will never
end up at the correct location. A field in the IP frame called the Time-To-Live
field will prevent IP packets from traversing the networks forever, but the result
will be a disgruntled end user. A tunnel, on the other hand, is a software interface
on a Cisco router that is used to transport non-routable protocols across an IP
network. You may for instance have clients running the native AppleTalk proto-
col. (Note that you can tunnel both routable and non-routable protocols.) In-
stead of enabling AppleTalk along the entire path across your Wide Area Network
you can create a tunnel interface at both remote points and enable AppleTalk
over the IP network. Tunneling AppleTalk over an IP network involves encapsu-
lating AppleTalk in IP and then sending “through” the tunnel to the destination
where it is de-encapsulated.
Route Summarization
Route summarization is used to reduce the number of entries in a routing table.
A routing table consists of entries that define how a remote network can be reached.
The larger the routing table, the more memory required. This is because each
entry takes up available memory. Therefore, if you can reduce the number of
networks to be advertised, you can increase performance and the delivery of packets
across the network because you have now reduced the IP routing table size that
leads to less bandwidth and time required to advertise the network to remote
locations. Summarization is typically used in very large networks, such as the
World Wide Web.
Note: Chapter 6 provides some common commands used on Cisco routers regarding
summarization on IP networks.
15
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
Routing tables can be as large as the memory installed on the router.
For example, an IP RIP table consisting of 1,000 networks will consume
20,000 bytes of memory. Each IP RIP entry consumes 20 bytes of
memory. If your router does not contain enough memory, some of the
remote networks will not be inserted into the IP routing table.
Examining the Cisco IP Routing Table
Routing tables are generated by devices learning new remote networks using
some form of a routing protocol. Routing tables are used by routers, for example,
to make intelligent decisions regarding where packets should be sent so that user
data is sent as efficiently as possible. Hence, one of the most common IOS com-
mands used on a Cisco router is to display a routing table. The command to
display the IP routing table on a Cisco router is:
show ip route
This command can also be written as:
sh ip ro
The Internet routing table consists of almost 70,000 IP routing entries. Listing
2.3 displays a sample IP routing table.
Listing 2.3
An IP routing table.
R1>show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile,
B – BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2
E1 - OSPF external type 1, E2 - OSPF external type 2,
E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
* - candidate defaultU - per-user static route, o - ODR
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 1 subnets
C 10.1.1.1 is directly connected, Loopback0
137.10.0.0/16 is variably subnetted, 4 subnets, 3 masks
D 137.10.255.0/24 [90/2681856] via 137.10.253.2, 1w1d,S0
C 137.10.253.0/24 is directly connected, Serial0
D 137.10.17.0/28 [90/688128] via 137.10.253.2, 1w1d, S0
D 137.10.16.0/27 [90/793600] via 137.10.253.2, 1w1d, S0
16
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
The first half of Listing 2.3 summarizes the codes used to identify how networks
have been learned dynamically, statically, or from directly connected networks
(for example, those networks assigned directly to a router’s interface).
Note that directly connected networks are identified on the left side as C, and D
represents EIGRP discovered networks. IPX and AppleTalk maintain similar
tables. The IP table lists the remote network, the next hop and metric, and how
long the route has been valid. No layer 2 information, like MAC addresses, is
listed in the routing table.
You must familiarize yourself with IP routing tables. An IP routing table
displays how remote networks are reachable. A switch or bridge will
maintain a layer 2 table called a bridge table or content addressable
memory (CAM) table, which lists layer 2 information only, such as
MAC addresses.
Protocol Operation
You must have a good understanding of Windowing/Acknowledgments (ACK),
fragmentation, maximum transmission unit (MTU), handshaking, and termina-
tion. This section deals with common networking concepts so that when we re-
view TCP/IP and other protocol suites in detail in Chapters 4 and 5, you’ll have
a good understanding of how the protocol suites operate from layer 1 of the OSI
model through layer 7.
This section starts by covering connection and connectionless protocol mechan-
ics. Then, the discussion moves on to windowing and acknowledgments as well
as other pertinent protocol operational mechanics.
Connection-Oriented and Connectionless Services
A connection-oriented service is a service that guarantees delivery of informa-
tion to that service whether it is FTP or HTTP. A service that is guaranteed will
provide reliability, ensure segments are delivered and reassembled in order, and
are error free. When data cannot be sent reliably or in order, an error is sent to the
user’s application layer. These connection-orientated protocols, such as TCP, es-
tablish a connection to a destination before any form of data is transferred.
A telephone service is a good example of a connection-oriented service. Before
you can start a conversation, the call setup and data transfer phases must be com-
pleted. After those stages have completed, you can start talking. When you finish
the conversation, the call termination phase takes place. Each of these phases in
a telephone call are characteristics of connection-oriented services. Connection-
oriented services consist of:
17
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
➤ Setup stage
➤ Data transfer phase
➤ Termination phase
In contrast, a connectionless service packages the data information to be sent and
sends it without determining the path to the destination without an acknowledg-
ment. No setup or path determination is carried out. Instead, the higher layers
guarantee delivery.
Table 2.2 summarizes the main characteristics of connection-oriented and
connectionless services and presents examples for each.
Windowing and Acknowledgments (ACK) Services
Windowing and acknowledgment services are used to indicate that packets have
been received (ACK) and how many packets are expected before any acknowl-
edgment is required (Windowing). The window size (amount of data that can be
sent without an acknowledgment) is negotiated at connection time by connec-
tion-oriented protocols, such as TCP.
There must be mechanisms to tell any end device how many packets you can
receive without overflowing your buffer; otherwise, packets will be lost, and ses-
sions will time out. The window size can be adjusted during a connection if both
end systems have more buffer memory available or if memory is decreasing. To
illustrate, Figure 2.5 shows a simple windowing flow.
Let’s say that you have two end systems that have negotiated that only one packet
will be sent before any acknowledgment (ACK) is required. This session would
be inefficient, because acknowledgment packets would traverse the link unneces-
sarily. This form of acknowledgment is basically a form of flow control so that
end systems do not become overwhelmed with data.
Now, look at Figure 2.6. Figure 2.6 shows the same flow as discussed earlier
except that the window size is set to three packets.
In Figure 2.6, the session will perform better than the earlier one-packet ACK
scenario, because only one acknowledgment is required for every three packets
Table 2.2
Characteristics of connection-oriented and conectionless services.
Service
Characteristics
Examples
Connection-Oriented
Path setup, path connection,
TCP, SPX, X25
information transfer,
teardown connection
Connectionless
Data packaged and sent
IP, Ethernet, Token Ring,
frame relay
18
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
sent. Notice that Device B sends an acknowledgment for the next expected packet.
TCP uses this same model for Telnet sessions, for example. This form of ac-
knowledgment is known as a sliding window or advanced windowing.
Fragmentation
Another service provided by various protocols, such as TCP, is fragmentation.
Fragmentation gives you the ability to send user information across a network
regardless of what the minimum frame size between intermediate devices, such
Device A
(sender)
Send Packet 1
Receive ACK 1
Send Packet 2
Receive ACK 2
Send Packet 3
Receive ACK 3
Receive Packet 1
Send ACK 1
Receive Packet 2
Send ACK 2
Receive Packet 3
Send ACK 3
Device B
(receiver)
Device A
(sender)
Send Packets
1, 2, 3
Receive ACK 4
Send Packets
4, 5, 6
Receive ACK 6
Receive Packets
1, 2, 3
Send ACK 4
Receive Packets
4, 5, 6
Send ACK 6
Device B
(receiver)
Figure 2.5
Simple windowing.
Figure 2.6
Advanced windowing. In TCP this is called a sliding window.
19
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
as routers, might be. Sometimes, a data frame might be larger than the allowable
size to the outside world, or a packet might be sent from a Token Ring LAN to
an Ethernet LAN. In such cases, fragmentation is used. Fragmentation allows
data to be broken up into allowable sizes by creating smaller frames and reassem-
bling the packet at the destination.
The Network layer (layer 3) is typically handled by software; hence, the layer
fragments packets as required. Fragmented packets are then reassembled by the
end device. TCP is an excellent example of a protocol that will fragment and
reassemble packets as required.
Maximum Transmission Unit (MTU)
MTU specifies the maximum frame size allowed across a medium. For ex-
ample, on an Ethernet interface on a Cisco router, the default MTU size is set to
1,500 bytes. X.25 can go as low as 128 bytes. Listing 2.4 displays the Ethernet
statistics taken from a Cisco router’s Ethernet interface, note the MTU size is
readily visible.
Listing 2.4
Show interface Ethernet0 command output.
R1>sh interface ethernet0
Ethernet0 is up, line protocol is up
Hardware is Lance, address is 0060.7015.5e4d (bia 0060.7015.5e4d)
Internet address is 150.100.1.4/24
MTU 1500 bytes,BW 10000 Kbit,DLY 1000 usec,rely 255/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
. . .
The preceding code displays an MTU set to 1,500 bytes. On a Token Ring inter-
face, the MTU is 4,464 bytes, as shown in the Listing 2.5, another command
output from a Cisco router.
Listing 2.5
Show interface tokenring0 command output.
R1>sh interface tokenring0
TokenRing0 is up, line protocol is up
Hardware is TMS380, address is 0000.308f.3655 (bia 0000.308f.3655)
Internet address is 137.10.9.1/24
MTU 4464 bytes, BW 16000 Kbit, DLY 630 usec, rely 255/255
Encapsulation SNAP, loopback not set, keepalive set (10 sec)
ARP type: SNAP, ARP Timeout 04:00:00
Ring speed: 16 Mbps
Single ring node, Source Route Transparent Bridge capable
Source bridging enabled, srn 2 bn 1 trn 200 (ring group)
proxy explorers disabled, spanning explorer enabled
20
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
The MTU parameter can be negotiated between end systems when setting up a
connection. However, this negotiation will need to be configured in order for it
to take place.
Make sure you are familiar with the Ethernet and Token Ring interface
display, as shown in Listings 2.4 and 2.5. You should know what each
field means and what is relevant and irrelevant. For example, collisions
on Token Ring interfaces are meaningless.
Handshaking
The handshaking service provides a mechanism where end systems can negotiate
certain parameters, such as link speed, that will be used during data transfer. For
example, the WAN Point-to-Point Protocol (PPP) can negotiate which layer 3
protocols it can carry, like IP or IPX. This handshaking, or negotiation, is done at
the start of the communication session. If the session or any similar session ter-
minates and reestablishes, the same parameters that were originally negotiated
will need to be renegotiated.
Termination
Termination refers to the closure of an active session. Some protocols behave
differently when a session is terminated, like a TCP session. It takes three seg-
ments (known as the three-way handshake) to start a TCP session and four seg-
ments to close it.
Now, let’s begin to focus on the specific frame formats for IP, IPX, TCP, and
UDP as required by the CCIE R/S blueprint.
Protocol Descriptions and Use
Many protocols are used in today’s networks. This section looks at the frame
formats for Internet Protocol (Chapter 5 covers IP in depth), Internetwork Packet
Exchange (IPX), Transmission Control Protocol (TCP), and User Datagram
Protocol (UDP). Following the descriptions of each protocol, we’ll look at the
differences between IP and IPX, and then we’ll compare TCP to UDP.
Internet Protocol (IP)
The Internet Protocol suite is a Network layer protocol that involves logical ad-
dressing. The Internet Protocol is a connectionless protocol that defines a net-
work portion and a host portion, like any layer 3 protocol. An IP address is 32
bits in length, and the subnet mask is used to identify the network and host por-
tion. Typically, an IP client might be a PC or router. An example of an IP address
and a subnet mask is:
131.108.1.1 255.255.255.0
21
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
Figure 2.7 outlines the frame format on an IP packet, and it details where the IP
source and destination address is carried in the payload packet.
Note: See Chapter 5 for a comprehensive description of the IP protocol.
The following provides a summary of each field in Figure 2.7:
➤ Version—Tells the IP version, which is currently set to 4.
➤ IP Header Length (IPH)—Indicates the length of the IP header.
➤ Type Of Service (TOS)—Provides various options to tell higher layers how the
packet is to be handled (8 bits). Parameters, such as precedence, delay through-
put, and reliability are identified in this section.
➤ Total Length—Indicates the length of the IP header and data.
➤ Identification—Enables IP packets to be reassembled in the correct order.
➤ Flags—Identifies the three bits that indicate how an IP packet is to be reas-
sembled. One bit is used to allow fragmentation, and another indicates whether
the packet is the last packet.
➤ Fragment Offset—Indicates where a fragment should be when the packet is
reassembled.
Source Address
(32 bits)
Destination Address
(32 bits)
Options
(plus any padding)
Data
(Variable Length)
Version
(4 bits)
IP Header
Length
(4 bits)
Type Of
Service
(8 bits)
Total
Length
(16 bits)
Identification
(16 bits)
Flags
(3 bits)
Fragment
Offset
(13 bits)
Header Checksum
(16 bits)
Protocol
(8 bits)
Time To
Live
(8 bits)
32 bits
Figure 2.7
IP frame format.
22
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
➤ Time To Live—Sets the upper limit number of how many routers a packet can
pass through. Typically transmission between routers will reduce this value by
one. The maximum value of this field is 255.
➤ Protocol—Identifies to the higher layer what protocols are contained. Some
common protocol numbers are:
➤ 1—ICMP
➤ 6—TCP
➤ 17—UDP
➤ Header Checksum—Indicates a checksum on the header only. Data is not
checked for errors.
➤ Source Address—Specifies the sender’s IP address.
➤ Destination Address—Specifies the destination IP address.
➤ Options (plus any padding)—Identifies any options requested by the TOS field.
➤ Data—Indicates user data.
As you can see in Figure 2.7, an IP packet uses a number of fields to send data
from one host to another. Sending and receiving hosts can be any IP enabled
device, such as a Windows PC or a Unix station. At a minimum, you should
know that:
➤ The IP frame format is connectionless.
➤ The checksum is only calculated on the IP header.
IP Fragmentation
After IP packets are sent, they traverse the network via some form of routing
protocol. Furthermore, IP packets might need to cross hundreds of routers from
various vendors to reach their destination, such as packets traveling on the Internet.
As the packet travels, each intermediate device will have its own characteristics
that will affect how the IP packet is handled. For example, the packets might be
too large for some routers, which means that a packet might be fragmented or
broken up into smaller packets so it can be handled correctly. When the packet
reaches its remote destination, the router at the remote destination must cor-
rectly reassemble the fragments; otherwise, the data will be corrupted. For the
most part, the Internet Protocol (IP) handles fragmentation and packet reassem-
bly as long as the packets arrive at the destination in the same order in which they
were fragmented.
The three fields in the IP header—Identification, Flags, and Fragment Offset—
handle the fragmentation and reassembly of IP packets:
23
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
➤ Identification field—Sets the identity of the IP packet. Usually increments by
one as each packet is sent.
➤ Flags field—Indicates whether the packet can be fragmented and if the packet
is the last packet in a series of packets.
➤ Fragment Offset field—Indicates how many bytes are in the current packet. If
any single packet has been lost, the entire payload must be retransmitted.
Internetwork Packet Exchange (IPX)
IPX is Novell’s layer 3 protocol. The addressing method used in IPX is a network
with the source MAC address appended; 32 bits is used to identify the IPX net-
work; and 48 bits identifies the host portion, because the burned-in address (BIA)
is used to identify the node or client address to IPX. IPX allows clients and
servers to communicate locally or remotely. The routing protocol can be IPX
RIP or Cisco propriety EIGRP on Cisco routers. Figure 2.8 shows the relation-
ship between the OSI model and IPX by comparing them side by side.
Figure 2.8 shows were each protocol fits into the IPX model and the correspond-
ing relationship to the OSI model. For example, IPX is routed using the IPX RIP
routing protocol that provides connectionless routing services at the Network
layer. IPX can also be routed using other routing protocols, which will be dis-
cussed in Chapter 7. The Sequenced Packet Exchange (SPX) protocol provides
connection-orientated services to IPX clients. Comparing IPX to IP, you can see
that the routing protocol at layer 3 for IP, such as OSPF, compares with the
routing protocol for IPX, called IPX RIP. Both protocols service different appli-
cations. TCP (layer 4 of the TCP/IP model) compares to SPX (layer 4 of IPX
Application
Presentation
Session
Transport
Network
Data Link
Physical
NetWare
Control
Program
(NCP)
Service
Advertising
Protocol
(SAP)
Routing
Information
Protocol
(IPX RIP)
NetBIOS
SPX
IPX
Ethernet and token ring
are examples
UTP, coax, and fiber
are examples
Figure 2.8
IPX model compared to the OSI model.
24
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
model). Let’s examine the frame format for IPX, which is outlined in Figure 2.9.
The following summarizes each field:
➤ Checksum—Specifies a setting of FFFF (not used).
➤ Packet Length—Specifies the length of the IPX packet.
➤ Transport Control—Indicates the hop count (initially, it is set to 0).
➤ Packet Type—Indicates the payload type. Examples include 1 for RIP, 4 for
Services Advertisement Protocol (SAP), and 5 for Sequenced Packet Ex-
change (SPX).
Checksum (16 bits)
Packet Length (16 bits)
Transport Control
(8 bits)
Packet Type
(8 bits)
Destination Network
(32 bits)
Destination Node
(48 bits)
Destination Socket
(16 bits)
Source Network
(32 bits)
Source Node
(48 bits)
Source Socket
(16 bits)
Data (Variable)
Bits Specified
Figure 2.9
IPX frame format.
25
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
➤ Destination Network—Specifies the 32-bit destination network.
➤ Destination Node—Identifies the MAC address of the destination.
➤ Destination Socket—Serves as a 16-bit indicator that describes what function
is being used. Examples include 0451 for the Application layer’s protocol
called NCP (NetWare Control Program). Other examples include 0452 for
SAP and 0453 for RIP information.
➤ Source Network—Specifies a 32-bit source network.
➤ Source Node—Specifies a 48-bit source node.
➤ Source Socket—Indicates that the source socket is not using a well-known num-
ber. The source socket number is a random number in most cases.
➤ Data—Follows the header. There is no checksum made on the packet.
The Cisco router supports a number of encapsulation types for IPX networks.
Novell and Cisco use different names for each. On a Cisco router, when you
configure IPX, you can also specify the encapsulation type, as shown in the fol-
lowing IOS display:
R1(config-if)#ipx encapsulation ?
arpa IPX Ethernet_II
hdlc HDLC on serial links
novell-ether IPX Ethernet_802.3
sap IEEE 802.2 on Ethernet, Token Ring, and FDDI
snap IEEE 802.2 SNAP on Ethernet, Token Ring, and FDDI
Table 2.3 shows the available options when configuring an interface for IPX.
Be aware that the encapsulation on end systems must match encapsulation on
the local segment; otherwise, there will be no communication between the rel-
evant devices.
All the encapsulations shown in Table 2.3 have different frame formats. The
frame formats are as follows, using Novell names (the abbreviations are spelled
out in the subsequent bulleted list):
Table 2.3
Encapsulation support on Cisco routers.
Novell Name
Cisco Name
Ethernet_II
ARPA
Ethernet_802.3
Novell-Ether
Ethernet_802.2
SAP
Ethernet_SNAP
SNAP
26
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
➤ Ethernet_II—DA|SA|Type Field|Data|FCS
➤ Ethernet 802.3—DA|SA|Length|Data|FCS
➤ Ethernet 802.2—DA|SA|Length|DSAP|SSAP|Control|Data|FCS
➤ Ethernet_SNAP—DA|SA|Length|DSAP|SSAP|Control|OUI|Type|
Data|FCS
In IPX over Token Ring (which is covered in Chapter 4), the frame format is as
follows:
SD|AC|FC|DA|SA|RIF|DSAP|SSAP|Control|Data|ED|FCS|FS
The abbreviations used in the preceding Ethernet formats are defined as:
➤ DA—Destination address.
➤ SA—Source address.
➤ Type Field—A field that tells higher layers what protocol is carried.
➤ Length—Length of packet.
➤ DSAP—Destination service access point; set to E0.
➤ SSAP—Source service access point; set to E0.
➤ Control—Set to 03 for connectionless services. IPX is a connectionless protocol.
➤ SNAP Header (OUI and Type field)—The unique organization identifier (OUI).
➤ FCS—Frame control sequence used for error control.
IP Vs. IPX
It is important to differentiate between IP and IPX. IP and IPX are both
connectionless protocols and are functions provided at layer 3 of the OSI model.
The differences between IP and IPX are primarily the addressing scheme and
frame formats. IP addresses are represented with 32 bits, and IPX addresses are
48 bits in length.
Transmission Control Protocol (TCP)
The Transmission Control Protocol (TCP) address transports functions of the
OSI model. The Transport layer is primarily concerned with end-to-end data
transport to the upper layers of the OSI model. TCP delivery is guaranteed. TCP
also provides error checking. TCP runs over the IP protocol and is a connection-
orientated protocol. It also uses windowing and acknowledgments to ensure seg-
ments are sent as efficiently as possible. Unlike IP, TCP will reorder segments
that arrive at the destination. Figure 2.10 shows the TCP frame format.
27
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
The fields in the TCP segment have the following functions:
➤ Source Port—Identifies the source port number, which is assigned locally.
➤ Destination Port—Identifies the destination port number.
➤ Sequence Number—Ensures that the order of packets are assembled correctly.
➤ Acknowledgment Number—Specifies the next expected packet.
➤ Data Offset—Identifies the number of 32-bit words in the TCP header.
➤ Reserved—Specifies a setting of zero. This option is unused and set aside for
future use.
➤ Flags—Provides some form of urgency for certain packets. The following are
the six flags that can be used in a TCP segment:
➤ URG Flag—Specifies that the urgent pointer field is significant.
➤ ACK Flag—Specifies that the acknowledgment is significant.
Bits Specified
Source Port
(16 bits)
Destination Port
(16 bits)
Sequence Number
(32 bits)
Acknowledgment Number
(32 bits)
Window
(16 bits)
Urgent Pointer
(16 bits)
Flags
(6 bits)
Checksum
(16 bits)
Options + Padding
(0 or 32 bits)
End User Data
(variable)
Data Offset
(4 bits)
Reserved
(6 bits)
Figure 2.10
TCP frame format.
28
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
➤ PSH Flag—Represents the push function.
➤ RST Flag—Identifies the reset connection.
➤ SYN Flag—Synchronizes the sequence numbers.
➤ FIN Flag—Indicates that there is no more data from the device.
➤ Window—Indicates the number of bytes that the sender is willing to receive.
➤ Checksum—Checks the TCP header and data.
➤ Urgent Pointer—Allows the identification of urgent data.
➤ Padding + Options—If the packet is less than the minimum required to access
the physical medium, padding is used to ensure the packet ends on a 32-bit
boundary. Options are exactly as the name implies. The most common option
is the maximum fragment size, which identifies to the remote device the larg-
est segment size the receiving device is willing to accept.
Common, or well-known, TCP numbers are:
➤ 7—Echo
➤ 9—Discard
➤ 11—Active Users
➤ 20—File Transfer Protocol (FTP) Data
➤ 21—FTP Control
➤ 23—Telnet
➤ 25—Simple Mail Transfer Protocol (SMTP)
➤ 37—Time
CCIE candidates should be aware of the most common port numbers.
User Datagram Protocol (UDP)
UDP is a Transport layer protocol, like TCP, except that end-to-end delivery of
datagrams is not guaranteed. Higher layers of the OSI model are responsible for
ensuring datagram delivery. Therefore, UDP is a connectionless protocol.
UDP runs over the IP layer. Figure 2.11 shows the format of a UDP.
29
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
The following list describes the function of each UDP frame format field:
➤ Source Port—Indicates the port of the sending device.
➤ Destination Port—Communicates with another device listening to the desti-
nation port.
➤ Length—Specifies the length of the UDP header and data only.
➤ UDP Checksum—Represents an optional field and is set to 0 if it is not used.
It is used to report errors to higher layers.
➤ Data—Stores user data.
When a device wishes to talk to another, it will use a well-known UDP port
number as the destination field. The source port will be a random number. For
example, if a router downloads an IOS image from a TFTP server, the destina-
tion port will be 69 (see the list of UPD port numbers). Following are some
common UDP port numbers:
➤ 7—Echo
➤ 9—Discard
➤ 11—Active users
➤ 13—Daytime
➤ 19—Character generator
➤ 37—Time
➤ 53—Domain Name Server (DNS)
➤ 69—Trivial File Transfer Protocol (TFTP)
➤ 123—Network Time Protocol (NTP)
➤ 161—Simple Network Management Protocol (SNMP)
Source Port
(16 bits)
UDP Length
(16 bits)
Destination Port
(16 bits)
Source Port
(16 bits)
UDP Length
(16 bits)
Destination Port
(16 bits)
Checksum
(16 bits)
32 bits
Figure 2.11
UDP frame format.
30
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
TCP Vs. UDP
It is important to differentiate between TCP and UDP. TCP is a connection-
orientated protocol, while UDP is a connectionless protocol. TCP and UDP
provide services at the Transport layer (layer 4) of the OSI model.
IEEE 802.x Protocols
The IEEE has defined various standards that relate to the 802.x protocols family,
such as the descriptions for Ethernet in 80.2.3. Table 2.4 shows the IEEE stan-
dards for 802.x protocol standards, where x represents a standard.
Memorize the most common 802.x protocol standards, such as
Ethernet 802.3. You need to be able to identify which protocol standard
is relevant to Ethernet or Token Ring in today’s networks.
Each IEEE standard has limitations, such as cable length and transmission speed.
Chapter 4 covers 802.3 and 802.5 in detail. The “Need To Know More?” section
at the end of this chapter suggests resources you can use to find more details on
the 802.x family.
You are now ready to test the network theory knowledge you have been intro-
duced to in this chapter by using the following practice questions. The practice
questions are based on the material covered in this chapter
Table 2.4
IEEE 802.x protocol standards.
Protocol
Description
802.1
Internetworking
802.2
Logical Link Control
802.3
CSMA/CD Access Method (Ethernet)
802.4
Token Ring Bus Access Method
802.5
Token Ring LAN
802.6
Metropolitan Area Networks
802.7
Broadband LANs
802.8
Fiber-Optic LANs
802.9
Integrated Voice and Data LANs
802.10
LAN/MAN security
802.11
Wireless MAC and PHY specifications
802.12
Demand Priority Access Method (100VG-AnyLAN)
802.14
Cable TV Access Method and Physical Layer Specification
31
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
Practice Questions
Question 1
Which of the following is not part of the OSI model?
❍ a. Network layer
❍ b. Physical layer
❍ c. Operational layer
❍ d. Application layer
The correct answer is c. The Operational layer is not one of the seven OSI layers.
The OSI model layers are Physical, Data Link, Network, Transport, Session,
Presentation, and Application. Answers a, b, and d are incorrect, because they are
valid OSI layers.
Question 2
IP operates at what layer of the OSI model?
❍ a. Layer 1
❍ b. Layer 2
❍ c. Layer 3
❍ d. Layer 4
❍ e. Layer 5
❍ f. Layer 6
❍ g. Layer 7
The correct answer is c. IP provides a path to a destination that is performed at
the Network layer (layer 3). Answers a, b, d, e, f, and g are incorrect, because they
represent the incorrect OSI model layers for the desired task.
32
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
Question 3
Reordering of data and segmentation is performed at what layer in the
OSI model?
❍ a. Layer 7
❍ b. Layer 6
❍ c. Layer 5
❍ d. Layer 4
❍ e. Layer 3
❍ f. Layer 2
❍ g. Layer 1
The correct answer is d. The main function of layer 4, the Transport layer, is to
ensure that packets are assembled in the correct order. Without this layer, seg-
ments might arrive out of order, and data could get assembled incorrectly. An-
swers a, b, c, e, f, and g are incorrect, because they represent the incorrect OSI
model layers for the desired task.
Question 4
What is the default MTU size on a Cisco Ethernet interface (in bytes)?
❍ a. 1,599
❍ b. 1,500
❍ c. 17,800
❍ d. 1,523
The correct answers is b. The default maximum transmission unit on a typical
Ethernet interface on a Cisco router is 1,500 bytes. Earlier in this chapter, List-
ing 2.4 outlined a typical display on a Cisco routers Ethernet interface. Answers
a, c, and d are incorrect, because they list incorrect MTU sizes. MTU size 1,599
is too high for Ethernet. MTU size 17,800 is used by Token Ring devices. MTU
size 1,523 is not a maximum frame size for any device in the 802.x family.
33
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
Question 5
On which layer of the OSI model is data commonly referred to as segments?
❍ a. Layer 4
❍ b. Layer 3
❍ c. Layer 2
❍ d. Layer 1
The correct answer is a. At layer 4, the data is commonly referred to as segments.
Answers b, c, and d are incorrect, because layers 3, 2, and 1 represent other forms
of information, namely packets (layer 3), frames (layer 2), and bits (layer 1).
Question 6
On which layer of the OSI model is data commonly referred to as packets?
❍ a. Layer 1
❍ b. Layer 2
❍ c. Layer 4
❍ d. Layer 3
The correct answer is d. The data on layer 3 is commonly referred to as packets.
Answer a is incorrect, because layer 1 is associated with bits. Answer b is incor-
rect, because layer 2 is associated with frames. Answer c is incorrect, because layer
4 is associated with segments.
Question 7
Which layer of the OSI model transmits raw bits?
❍ a. Layer 1
❍ b. Layer 2
❍ c. Layer 3
❍ d. Layer 4
The correct answer is a. At layer 1, the lowest layer of the OSI model, bits are
transferred across the wire. Answers b, c, and d are incorrect, because layers 2, 3,
and 4 do not transmit raw bits.
34
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
Question 8
Which of the following IOS commands will display the IP routing table?
❍ a. display ip route
❍ b. display ip table
❍ c. show ip table
❍ d. show ip route
The correct answer is d. The correct syntax to display an IP routing table is show
ip route or sh ip ro. Answers a, b, and c are incorrect, because the options are
invalid Cisco IOS commands.
Question 9
View the following section of an IP routing table:
R 199.172.3.0/24 [120/0] via 150.100.1.1, 1d05h
C 151.100.1.0 is directly connected, Loopback0
How was the network 199.172.3.0/24 learned?
❍ a. Directly connected
❍ b. OSPF
❍ c. Default network
❍ d. RIP
The correct answer is d. Cisco uses abbreviations to identify how a network is
learned in an IP routing table. The R indicates Routing Information Protocol or
RIP. Answer a is incorrect, because directly attached networks are indicated by a
C on Cisco routers. Answer b is incorrect, because O indicates OSPF. Answer c
is incorrect, because the default network is not abbreviated and does not satisfy
the question.
35
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
Question 10
Which of the following cannot be used to prevent routing loops?
❍ a. Split horizon
❍ b. Bridges
❍ c. Holddowns
❍ d. Poison reverse
The correct answer is b. Bridges operate at layer 2 of the OSI model, and they are
unaware of network layer addressing. Answers a, c, and d are incorrect, because
split horizon, holddowns, and poison reverse are mechanisms used to stop a rout-
ing loop from occurring.
Question 11
What metric is used with IP RIP?
❍ a. Hops only
❍ b. Ticks only
❍ c. Hops and ticks
❍ d. Metric cost
The correct answer is a. IP RIP will only use hop count as the metric. Answers b
and c are incorrect, because ticks are not used in the implementation of IP RIP.
The IPX routing version of RIP uses ticks and hops. A tick is a measure of delay
over a particular interface. Answer d is incorrect, because the metric cost is used
by link state routing protocols and not IP RIP, which is a distance vector protocol.
Question 12
Which of the following is not a routing protocol?
❍ a. OSPF
❍ b. RIP
❍ c. EIGRP
❍ d. IPX
36
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
The correct answer is d. IPX is a routed protocol; it is a Network layer addressing
scheme used to identify end nodes and carry end user data. Answers a, b, and c
are incorrect, because OSPF, RIP, and EIGRP are all examples of routing protocols.
Question 13
Why are protocols such as Local Area Transport (LAT) and NetBEUI not
routable protocols?
❍ a. They are only routable with IP RIP.
❍ b. They contain no layer 4 addressing.
❍ c. They contain no network address.
❍ d. They are routable with bridging.
The correct answer is c. For a protocol to be routable, it must have some form of
network addressing. Answer a is incorrect, because IP RIP is used to route IP
only. Answer b is incorrect, because the Transport layer is used to provide end-to-
end delivery. Answer d is incorrect, because LAT and NetBEUI are not routable.
LAT and NetBEUI were primarily designed for local area networks, and they
incorporate no layer 3 addressing.
Question 14
Which of the following is an example of a distance vector protocol?
❍ a. RIP
❍ b. OSPF
❍ c. EIGRP
The correct answer is a. RIP is a distance vector protocol. Answer b is incorrect,
because OSPF is a link state protocol. Answer c is incorrect, because Cisco’s
EIGRP is a hybrid of a distance vector protocol and a link state protocol.
37
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
Question 15
What is the correct sequence of a link state protocol’s performance when it
receives an update?
1. Form a tree with itself as the root.
2. Send the LSP.
3. Install the network in the routing table.
4. Run SPF.
5. Form the database entry.
❍ a. 1, 2, 3, 4, 5
❍ b. 1, 2, 3, 5, 4
❍ c. 5, 4, 3, 2, 1
❍ d. 2, 5, 4, 1, 3
❍ e. 2, 5, 1, 4, 5
The correct answer is d. When a link state protocol receives an LSP, it first sends
the LSP to other routers, then it forms a database entry, runs SPF, forms a tree
with itself as the root, and finally installs the network in the routing table. Hence,
the correct sequence is 2, 5, 4, 1, 3. Answers a, b, c, and e are incorrect, because
they reflect incorrect link state protocol sequences.
Question 16
What IP routing protocol is only supported across Cisco routers?
❍ a. RIP
❍ b. OSPF
❍ c. EIGRP
❍ d. RIP Version II
The correct answer is c. Cisco’s proprietary protocol, EIGRP, can only be used on
routers running Cisco IOS. Answers a, b, and d are incorrect, because the options
are supported by RFCs; most vendors support RIP, OSPF, and RIP Version II.
38
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
Question 17
What is one of the disadvantages of link state protocols?
❍ a. Ease of configuration
❍ b. Slow convergence
❍ c. Fast convergence
❍ d. Memory and CPU requirements
The correct answer is d. Link state protocols require more memory and CPU
cycles to maintain databases. Answer a is incorrect, because link state protocols
typically involve advanced configuration requirements. Answer b is incorrect,
because link state protocols provide fast convergence, which is an advantage over
distance vector protocols. Answer c is incorrect, because, clearly, fast convergence
is an advantage, not a disadvantage.
Question 18
Which of the following applications are connection-oriented services?
❍ a. IP
❍ b. UDP
❍ c. FTP
❍ d. TFTP
The correct answer is c. FTP or file transfer protocol is a connection-oriented
service that provides the ability to transfer files across an IP network. Answers
a,b, and d are incorrect, because IP, UDP, and TFTP are connectionless services.
IP is not an application protocol.
39
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Networking Theory
Question 19
What is the IEEE standard that defines Ethernet operation in CSMA/CD?
❍ a. 802.1
❍ b. 802.2
❍ c. 802.3
❍ d. 802.4
❍ e. 802.5
❍ f. 802.6
❍ g. 802.10
The correct answer is c; 802.3 represents Ethernet networks. Answer a is incor-
rect, because 802.1 represents internetworking. Answer b is incorrect, because
802.2 represents Logical Link Control networks. Answer d is incorrect, because
802.4 represents Token Ring Bus Access Method networks. Answer e is incor-
rect, because 802.5 represents Token Ring LANs. Answer f is incorrect, because
802.6 represents metropolitan area networks. Answer g is incorrect, because 802.10
represents LAN/MAN security networks.
Question 20
You are asked to configure IPX on a Cisco router, which matches the Novell’s
default encapsulation on your local server. What is the Cisco keyword you
must use?
❍ a. ARAP
❍ b. Novell-ether
❍ c. IPX-ether
❍ d. SAP
❍ e. SNAP
The correct answer is b. Novell’s default encapsulation is the Cisco equivalent name
of Novell-ether. Answers a, c, d, and e are incorrect, because, while they are valid
encapsulation types, they are not the default used when configuring Cisco IOS.
40
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 2
Need To Know More?
Chappell, Laura. Advanced Cisco Router Configuration. Macmillan
Publishing: Indianapolis, Indiana, 1998. ISBN: 1-57870-074-4. Chapter 1
provides a good description of internetworks.
Chappell, Laura. Introduction to Cisco Router Configuration. Macmillan
Publishing: Indianapolis, Indiana, 1998. ISBN: 1-57870-076-0. The
first four chapters in this book provide an excellent guide to
internetworking.
Thomas, Thomas M. OSPF Network Design Solutions. Macmillan Pub-
lishing, Indianapolis, Indiana, 1998. ISBN: 1-57870-046-9. The book
provides additional information on OSPF.
www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/index.htm is a
section on the Cisco Web site about internetworking.
www.ieee.com provides excellent reference material on all the 802.x
standards and their limitations.