Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Slide 1
Document related concepts
Computer security wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Wireless security wikipedia , lookup
Distributed firewall wikipedia , lookup
Deep packet inspection wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Computer network wikipedia , lookup
Airborne Networking wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Network tap wikipedia , lookup
Internet protocol suite wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Transcript
Goals • Identify common media connectors • Identify common network components • Identify features of 802 project network standards (hardware protocols) – – – – – 802.2 (LLC) 802.3 (CSMA/CD) *ethernet) 802.5 (token ring) 802.11 (wireless) FIDDI Terminology Common to all Networks • • • • • • • • • • • • • Clients – computer that requests resources from another computer Server – computer on the network that manages shared resources Workstation – desktop computer, most clients are workstations Network interface card ( NIC) – device that connects a computer to the network media Network operating system (NOS) – software that runs on a server to manage network functions Host – computer that enables resource sharing Node – client, server or device that can communicate over a network and is identified by a unique network address Shared resource – data or hardware provided to the client by the server Topology – physical or logical layout of a computer network Connectivity device – special devices which allow 2 or more networks or network segments to communicate Protocol – predetermined method or format for exchanging data between computers. Data packets – distinct units of data transmitted from one computer to another Addressing – scheme for assigning unique identifier to each node Transmission media – means of transmitting data, physical connection wired or wireless Basic Network Hardware • Transceivers– a device that interfaces another device to a network, broadcasts and receives signals to and from the surrounding computers. – NIC card – Access point for wireless network • Repeaters – simplest connectivity device used to regenerate a signal – 2 ports • Hubs – multi-port repeater. Concentrator – Common wiring point for networks based on a star topology. – Takes input through one port and redistributes through all other ports • Each hub is a separate collision domain • Connects 2 LAN segments of the same type to expand collision domains – Type of Hubs • Passive – no power required, passes signal does not regenerate signal • Active – regenerates and cleans signal , power required (repeater) Network Hardware continued… • Switch – physically like a hub, but electronically more sophisticated. – Can determine proper port for packet destination using MAC address reducing network traffic. – Preserves bandwidth on the network using segmentation • Bridges- connects 2 network segments together, forwards frames based on the MAC address – – – – Protocol independent Extend collision domains Segment networks using non-routing protocols All broadcast data is passed Network Hardware cont… • Router – – multi-port device that directs data between networks and nodes using logical addressing, – switches devices that connect to LANs where multiple paths exist, determining best path. – Used to interconnect LANs and WANs – Each port can be configured for a unique network address – Can connect different types of network architecture together • Brouter— – perform the function of bridge and router in one device – Can forward outside subnet • CSU/DSU – channel service unit/data service unit – – connects networks to a communications carrier • Gateway – – Enables communication between 2 completely different computing environments or architectures that do not use the same protocols Basics Concepts of Networking: Media ( *chapter 3) • Media is the physical connection on which signals move from one device to another. (Including wireless media) • Media types are bounded or unbounded – Unbounded • • • • Radio waves Infrared Light pulses Laser beams Microwave – Bounded • Copper • Fiber optic Topologies • Physical or logical layout of the network, (how the signal is carried) • 4 major topologies – – – – Bus Star Ring Mesh • Most networks are hybrid of the basic topologies. • Institute of Electrical and Electronic Engineers (IEEE) defined the topologies in 1980 along with some hardware protocols. – Known as the 802 Project—(for Feb 1980) Bus Networks • Bus – devices are connected on a common linear cable (coaxial cable) – Both ends of the network must be terminated – All computers listen to the cable – only one computer transmits at a time • Signal is seen by all, but processed only by the computer whose address matches the destination address in the packet – Factors affecting performance • Break in the cable or loss of termination will stop network traffic • More computers the longer the wait the slower the network • Simple to install, difficult to troubleshoot Ring Network • Connects computers on a single circle of cable • Foundation for token ring architecture and FIDDI • Logical rings interconnected by multistation access units (MAU) devices • Can reconfigure the ring when a computer goes down – Similar to a hub, internal wiring is a ring with ring-in ring-out ports for extending ring Star Network • Most common network • Star network several computers or devices interconnect to one another over a hub • Modular, centralized administration, easy to troubleshoot • Complex cabling schemes– document!!!! Hardware protocols • Hardware protocols define how the devices put data on and take data off the network cable – also called channel access method – Closely associated with topologies but not the same • Defined in the 802 Project standards (combination of the physical topologies and hardware protocols) – – – – – – • 802.2 802.3 CSMA/CD 802.4 802.5 Token Passing 802.11 802.12 Demand Priority Methods to access the wire – Contention or Probabilistic • – CSMA/CD and CSMA/CA Deterministic or Token Passing • • Token Ring FIDDI CSMA/CD CSMA/CA • IEEE 802.3 standard (often called Ethernet standard) – Defined specifications for moving data across twisted pair and coaxial cables and the terminators used • Star or Bus networks • Carrier sense multiple access collision detect – Each computer listens for traffic on the wire (carrier sense) – If a computer senses the cable is free it sends frame • Often referred to as a packet – All computers can see the signal (multiple access) – No other computer can send until the cable is free again – If a collision occurs the sending computers wait a random time and resend (collision detect) • Collision –frames collide with frames from another computer blending the signals making both frames useless Packet • • Packet- a unit of information transmitted as a whole for one device to another on a network. Large data is broken into manageable packets which are the basic unit of network data communication. Data is broken into packets to: – Avoid flooding the cable speeding up transmissions – Lower the impact of retransmissions • Common packet components ( * common to all protocol packets) include: – Header • • • • Alert signal and or clocking information *source address *destination address *instructions for reassembling – Data • Varies from 512bytes to 4 KB depending on the network – Trailer • *Error checking – CRC (cyclical redundancy check—mathematical calculation performed on the packet at the source and again at the destination) FIDDI • Fiber Distributed Data Interface uses token passing protocol – Uses fiber optic media – CDDI uses copper media • Dual Ring topology – Secondary ring is backup only – Stations can be single or dual attached • A port attaches to primary ring • B port attaches to secondary ring • M port attaches single attached station to primary ring Features of peer to peer network – No dedicated server – Share level security – no central administration • When to use – – – – Security is not an issue, 10 or less computers Simple to configure, low cost Expansion is not an issue Client/Server Network • Client/server- A network in which one or more master computers keeps a database of users and is responsible for responding to network requests • Features of client/server network – – – – – Dedicated server running NOS software Centralized administration Backups made easy Redundancy Security • Permissions – access rights to network resources – Authentication » User ID » Password • Privileges – actions a user can perform on a network • User accounts with rights to change the system – MS –administrator – Novell Netware – Supervisor – Unix or Linux – root (Superuser) Trust Relationships • One-way explicit trusts (Windows NT) • Two-way transitive trusts (Windows 2000) Directory Service • Organizes and simplifies access to resources • Identifies users and resources • Provides a way to organize and access users and resources • Allows you to perform a number of functions • Acts as administration tool and end-user tool Components of Directory Service • Objects – distinct named set of attributes that represents a network resource and its properties – Objects are assigned attributes – Each object must have, at minimum, an object class field and if a user a UID field • 3 types of objects – Root – represents the beginning of the hierarchy – Container- (called OU by MS) • exists off the root or other container used to organize objects into logical groups • Country – – optional • Organization– Represents a country or organization • Organizational unit (OU)—divide leaf objects into workgroups – Leaf • Represents network entities such as users, groups, printers, servers • Distinguished name – objects name along with the completer context starting from root. – .psprinter.accounting.microsoft.us. Organizational Unit (OU) • Subsection under domain • A container that can hold users and computers • Administrative control of an OU can be given to a user • OUs can be assigned policies that apply to their contained objects – Locations where you can create OUs are • Under a domain • Under another OU Media terminology • Carrier wave – the constant voltage of electrical current that carries the data; what the signal wave rides on. • Encoding – the representation of the computers digital zeroes and ones as a physical signal such as electrical current or light pulses – A one bit may be a 5 volt signal and a 0 bit a 2 volt signal – Frequency or amplitude of the signal wave is altered to encode data Analog signal vs digital • Data can be transmitted via one of 2 signaling methods – Analog – Digital • Both are electrical current measured in volts – voltage -- strength of the signal • Digital is more reliable than analog transmission • Digital is less affected by noise than analog transmissions Digital signal • • • • Digital is an on off state positive voltage = 1 no voltage = 0 1’s and 0’s are used to encode data – Pulse = bit – 8 bits = byte – One byte carries one piece of information • Most data transmission is digital Analog signal • Data sent on the wire is usually some form of analog signal – Electrical signals – Radio waves – Microwaves • Analog signals vary in frequency and amplitude Frequency modulation • The data travels along a particular frequency • The carrier signal is modified by the application of the data signal • Signal strength is constant , frequency of the signal changes Amplitude modulation • The amplitude of the carrier signal is modified by the data signal • Frequency of the signal is constant, strength of the signal changes 3 Baseband Transmission • Bi directional using digital encoding • Single fixed frequency • Entire bandwidth for each signal • All devices use one channel • Signal decreases with length (attenuation) 3 Baseband Transmission (cont.) • Baseband systems like Ethernet • Use repeaters to amplify signals • Restores strength & quality • Sends signal out on another cable • Increases span of network 3 Broadband Transmission • Uses analog techniques to encode • Continuous electrical or optic waves • Multiple channels on a single cable • Amplifiers are used to: 3 Broadband Transmission(cont.) • To support two-way communication: –Mid-split uses a single cable • Different frequencies for each channel –Dual cable uses two cables • One each for receive & transmit Transmission Direction • Simplex – Simplest – One direction only ( sending or receiving) • Half duplex – Both directions – One direction at a time • Full duplex – Both directions – Same time – Separate transmit and receives buffers maintained by the transceivers Fiber Optics • Glass or plastic strand core • 2 modes – Single mode fiber • Faster • Longer distance 4000m • More expensive – Multimode fiber • 2000 m • Thicker glass fiber core • Both have limited bend radius • Uses separate lines for send and receive • GB/s transmissions Fiber Optics cont… • 2 methods to translate digital stream to light pulses – LED (light emitting diode) • Short distances – LD (laser diode) • Long distances • Connectors used – Straight tip (ST) – MTRJ – Subminiature assembly (SMA)(SC) Advantages and disadvantages of Fiber Optics • Advantages – Faster data transmission – Longer distance • 150 to 40000 meters segments – Immune to interference – Immune to corrosion – Secure from eavesdropping • Disadvantages – Cost – Hard to install Infrared • Encodes data into pulses of infrared light • Transmission methods include: – Line of sight – Reflective • Uses central access point – Scatter infrared (slowest) • Bounces the signal • Needs reflective surfaces • Reflected light may interfere – Broadband optical telepoint (fastest) • Multiple signals at once on different frequency channels • Infrared is one of the slower technologies • Distance is limited Laser • Overcomes the limits of speed and distance of infrared – 155Mbps– 622Mbps – 4KM – Speed and distance are inversely proportional • More expensive • Harder to install • Line of sight – Affected by physical obstruction • Protocol transparent Radio • Medium of choice for SOHO • 3 categories – Short wave – Very high frequency (VHF) – Ultra high frequency (UHF) • FCC regulates usage of frequencies • License are required except for public bands – 902-928MHz – 5.72-5.85 GHz • Broadcasting power is limited to avoid bleedover • Transmissions are – Single frequency – Spread spectrum The 7 Layers of OSI • Divide and conquer – Breaks networking concepts into easy to understand functions and their devices – Makes troubleshooting easier by isolating the function’s layer and focusing on the protocols and devices responsible – Allows development of new technologies without restructuring the entire network Seven-Layer OSI Model 4 Application Layer (7) • Topmost layer • Represents services that directly support user applications • Window to network services • Handles network access, flow control, and error recovery 6 Presentation Layer (6) • Network translator • On sending end, determines formatting used to exchange data among computers and adds formatting so data can be understood by network • On receiving end, translates data from application format to a common intermediate format • Manages data compression, translation, encryption • I/O redirectors work to redirect resources to a server 7 Session Layer (5) • Allows two applications on different computers to open, use, and close connections • Performs name recognition and provides security • Provides synchronization by placing checkpoints in the data stream • Implements dialog control between communication processes 8 Transport Layer (4) • Sending end: repackages message, divides long messages to ship properly over determined route and arrive error-free • Receiving end: unpacks message, reassembles it, and acknowledges receipt • Provides flow control, error handling, and solves transmission problems 9 Network Layer (3) • Addresses the package using network address scheme • Determines the best route on the network based on network conditions, priority of service • Performs packet switching, routing, traffic management, and controls congestion of data 10 Data-Link Layer (2) • Sending end: sends data frames from network layer to physical layer • Receiving end: packages raw bits from physical layer into data frames • Parts of data frame: Destination ID, Sender ID, Control Data • Acknowledges data frames, error checking, and verification 11 Physical Layer (1) • Bottommost Layer • Hardware-oriented, establishes and maintains physical link between communication computers • Defines how the cable is attached to the NIC • Packet sent as an unstructured raw bit stream over physical medium • Referred to as the “hardware layer” 13 802 Specifications Set Standards for: • Network Interface Cards (NICs) • Wide area network (WAN) components • Components used to create twisted-pair and coaxial cable networks 20 802 Specification Categories 802.1 802.2 802.3 802.4 802.5 802.6 802.7 802.8 802.9 802.10 802.11 802.12 802.13 802.14 802.15 802.16 Internetworking Logical Link Control (LLC) MAC layer, Carrier Sense Multiple Access with Collision Detection (CSMA/CD) LAN (Ethernet) MAC layer, Token Bus LAN MAC layer, Token Ring LAN Metropolitan area Network (MAN) Broadband Technical Advisory Group Fiber-Optic Technical Advisory Group Integrated Voice/Data Networks Network Security Wireless Network Demand Priority Access LAN, 100BaseVG-AnyLAN Unused Cable modem standards Wireless personal area networks (WPAN) Broadband wireless standards 21 Project 802 LLC and MAC Sublayers 22 Function of the Physical Layer • Hardware Layer • Defines the electrical and mechanical aspects of the network media • • • • Voltages Cables Connectors NICs, hubs and repeaters • Converts the bit stream furnished by the data-link layer into electrical, radio or optical signals and sends it across the media • Frame– the smallest unit of information that is sent after the Data-Link layer adds its header Layer Network device Unit of information Media Access control NIC drivers /MAC address Frames Physical Connectors Bits and , cables, voltages NICs, hubs, repeaters Three Components of the Physical Layer • Physical Signaling (PLS) • Physical Medium Attachment (PMA) • Medium Dependent Interface (MDI) CRC • Performs a mathematical algorithm on the frame • Adds result to trailer of packet • Receiving end does the same • ACk is sent if the same • NACK if different Types of Fiber • Cable types – Loose-tube • Multi-strand, single cable – Tight-buffered • Single strand • Kevlar sheath • Cable of choice for interior installation • Single-mode fiber – One signal per strand – Faster rates longer distances • Multi-mode – Wavelength division multiplexing– several light beams per cable – Shorter distances due to modal dispersion Signaling • Optical transmitter – Light emitting diode – Laser diode • Light on light off logic – Speed is direct corollary of the pulse rate – LED is slower MHz – LD GHz • Pulse width modulation – Streaming light short separators • Pulse rate modulation – Duration of separator is changed Unbounded Signaling • Optical – Infrared – laser • Radio • Microwave Optical • Infrared • Works like fiber light pulses – Line of sight – Scatter infrared – Reflective – Broadband optical telepoint • Laser – Requires line of sight Radio • AlohaNet – first radio-based network • 802.11 standard – 2.4GHz frequency range • 1-2 Mbps • 802.11a – 5GHz range • 5Mbps, 11Mbps and 54Mbps speeds • 802.11b – 2.4GHz at higher speeds Functions of the Data Link Layer (Layer 2) • • • • • Physical Addressing Network Topology Error Notification Access to the physical media Flow Control Data Link Sub Layers • Data Link is divided into 2 sub-layers – Logical Link Control (LLC) • Defines the rules that govern the establishment of logical interface points (SAPs) between devices and layers – Media Access Control (MAC) • Defines physical addressing and medium • Channel Access methods Physical Address (MAC sublayer) • MAC address – 48 bit fixed physical address burned into the network interface by the manufacturer – Displayed in 6 part hexadecimal notation • 00:60:B6:A1:78:17 – First 24 bits = Organizational Unique Identifier (OUI) • Assigned and administered by IEEE Registration Authority – Last 24 bits = manufacturer assigned interface serial number • Used to uniquely identify all network interfaces • Each addressable port of a device must have a unique MAC address Network Topologies—physical or logical layout of the network • Bus • Ring • Star • Mesh • Hybrid Bus • Devices are on a common linear cable (backbone, trunk or segment) • Cable requires termination on both ends • Break in the cable will bring the network to a halt • Uses contention to access the wire Star • Cable segments from each computer are connected through a central component called a hub • Centralized management • Requires more cable than a bus • Failure of a cable or computer affects only that computer • Failure of a hub affects the whole segment Ring • Connects computers on a single circle of cable • Uses a token to move data • Data is passed by each computer in one direction • Failure of a computer can stop the network Baseband signaling • • • • Used by most LAN technologies Digital communication Full bandwidth Bi-directional IEEE • IEEE developed the 802 standards for design and compatibility for hardware components operating in the data-link and physical layers of the OSI • Common 802 standards – – – – 802.3 – Ethernet (CSMA/CD) 802.12 – Demand Priority Access 802.11 – CSMA/CA 802.5 – Token Ring • FDDI (ANSI X3T9.1 standard) CSMA/CD (ETHERNET) • Follows the 802.2 and 802.3 standards • Star or Bus Topology • Baseband Transmission • Contention based, probabilistic • Carrier Sense Multiple Access – All devices listen for traffic on the wire – A device sends only if the wire is clear • Collision Detect – – If a collision occurs the systems back-off and after a random time resend • More traffic more collisions – Segmenting the network can reduce collisions • Use a switch to create separate collision domains 10BaseT • 10Mbps Baseband over Twisted Pair (cat 3,4,5,or 6) • Star pattern, internal bus signal • Hub is a multi-port repeater • Maximum segment length 100 meters • Maximum computers on a network 1024 • Minimum distance between computers is 2.5 meters • RJ-45 connections, transceivers on the NIC 7 10BASE-2 •200 meters (185) maximum segment •Thinnet, –easy to manipulate –not TV coax (75 OHM cable RG58U) •RG-58A/U and RG58C/U 50ohm coaxial(IEEE spec) •minimum length is .5 meters or 20 inches •Transceiver built into NIC •BNC connector, terminators (50 ohm) •Bus topology, 5-4-3 rule 7 10BASE-5 •Standard Ethernet-- used when ethernet was introduced •Transceivers,attached to thicknet via vampire taps, drop cables less than 50 meter max to NICs connect with AUI or DIX port 2.5 meters apart •500 meter maximum segment length •2500 meter maximum network length •5 segments using repeaters (5-4-3 rule) 5-4-3 rule – Max 5 segments – 4 repeaters – 3 populated segments 7 10BASE-F •Fiber-optic cable •3 subcategories –10BASE-FL fiber to the desktop (LAN) –10BASE-FP passive hubs (rather than repeaters) maximum cable length 500 meters per segment –10BASEFB Fiber backbone between hubs •All use star topology •10BASE-F cont… • Used for long runs between buildings 2000meter max segment length • 1023 max number of segments • Max device per segment = 2 • CSMA/CD channel access method • High cost – reserved for connections between hubs or for connections requiring security from EMI • difficult to install 7 Token Ring • Developed by IBM •IEEE 802.5 standard •Star-wired topology –Star cabled, operate as logical ring •Token passing channel access method •Wired in a star from the hub– logical ring in the hub •NICs are either 4Mbps or 16Mbps baseband transmission •Used with fiber and switches for high speed and distance 7 Beaconing •Active monitor sends beacon announcement every 7 seconds •If computer does not receive the beacon puts a message on the ring –Source address –Address of upstream computer •Continues to send until it receives beacon from upstream number •Finally the only machine beaconing is the one directly downstream from the fault •Hub reconfigures ring dropping the non-responsive device FDDI • Fiber optic cable • Token passing channel access • Uses dual ring topology for redundancy – Data flows in opposite directions • NICS are – Dual attachment stations (A port stations can reconfigure the ring) – Single attachment stations FDDI • Key difference in frame transmission from token passing –FDDI computer can transmit as many frames as it can produce in a predetermined period of time before releasing the token Error Detection • • • • • Lost Frames Checksum or CRC Frame Size Buffer Overflow Interference Data Link notifies Transport Layer. Error correction is done in the Transport layer. Network Layer • Allows internetworking-- Services of the network layer allow different networks to find each other • Services may be used by LAN’s but WAN’s cannot exist without them • Supports both connection-oriented and connectionless service from upper layer protocols • Protocols are typically routing protocols Routable Protocols • Protocols that support multipath LAN to LAN communication • TCP/IP • IPX/SPX Non-routable • Work only in local LAN • Use physical addressing Connection-Oriented Protocols • • • • • Connection is established Data is sent in orderly,slower fashion Packet receipt is acknowledged Resends error packets Connection is terminated Connectionless Protocols • Place the data on the network and assume it will arrive • Faster than connection oriented – Does not establish, maintain or tear down a session • Packet sequencing and sorting is handled in the higher layers • Not as reliable as connection oriented • PDU is a datagram Functions of the Network Layer • Manage Logical Addressing • Translate logical to physical address • Route messages between networks – Determine best path – Controls congestion • Uses priority and network conditions • Does switching and routing of packets • PDU is a packet or datagram at this layer Protocols of the Network Layer • Internet Packet Exchange—(IPX) – logical addressing protocol used by Novell NetWare • Internet Protocol – (IP) – logical addressing protocol used by TCP/IP networks • Internet Control Message Protocol –(ICMP)– used to send control, confirmation and error messages • Border Gateway Protocol –(BGP)—internet inter-domain routing protocol • Open Shortest Path First- (OSPF)– a link state , interior gateway protocol used in TCP/IP networks • Routing Information Protocol –(RIP)– an Internet routing protocol that uses hop count metric • Address Resolution Protocol-(ARP)– resolves logical to physical address • Reverse Address Resolution Protocol –(RARP) – resolves physical to logical address IP • Provides source and destination addressing and routing • Connectionless datagram protocol – assumes other protocols will ensure reliable delivery Classes • There are 5 Classes • Class A(1-126),B(128-191),C (192-223) unicast addresses used by networks • Class D multicast address (224-239) • Class E is experimental, future use (240255) Routing in TCP/IP • Subnet mask is used to identify the network portion of the IP address • Only devices on the same network can “see “ each other • Default gateway is an address of a multihomed device (router) – Maintains a table of all known networks – Forwards the packet via the port connected to the network of the destination IP Netmask • Signifies the part of the address used for the network and the part used for the host • Default mask for each Class • A 255.0.0.0 • B 255.255.0.0 • C 255.255.255 • 1= network 0=hosts Routing Tables • Static – Administrator manually configures route tables (reconfigure for changes) – More secure • Dynamic – Routers use routing protocols to configure routing tables – Routing tables must contain a minimum of 2 fields • IP address prefix (netmask) • Next hop (gateway) • Most include the metric of a route Distance Vector • Simple • Router knows only of directly connected devices • Maintains a table of next hop on interface – Uses metric to determine hop count and routes accordingly • Not very secure • Not scalable (15 hop limit) • RIP protocol Link State • Monitor condition of each connected link • Advertise conditions to neighboring routers –Link speed –Latency –Status of routers on the network • OSPF protocol Internet Control Message Protocol • ICMP- RFC792- defined • Integral part of IP– part of Internet Layer – Uses IP datagram delivery facility to send messages • ICMP messages function—(used by routers) – Flow Control– destination host sends • ICMP Source Quench Message to sender – Temporarily stops transmission – Detectiong unreachable destination— • System which detected problems sends destinatin unreachable to datagrams source • If destination is network or host intermediate – System sends • If port is unreachable – Destination host sends message – Redirecting routes • Gateway sends ICMP Redirect Message – Better route – to tell the host to use a different gateway ARP • Address resolution protocol – Determines hardware address for IP – If address is not cached then broadcasts request • RARP – Reverse address resolution protocol • Maintains a database of machine numbers, (created by system administrator) • Provides IP number to hardware address Transport Protocols • Facilitate communication sessions between computers • Ensure reliable movement of data – Monitor flow control – End to end error detection recovery • Responsible for end-to-end integrity of data – Congestion control • solves transmission problems • Breaks data into chunks (segments data) and and sequences segments begins encapsulation Transport Layer (4) • Sending end: repackages message, divides long messages to ship properly over determined route and arrive error-free • Receiving end: unpacks message, reassembles it, and acknowledges receipt • Provides flow control, error handling, and transmission. 9 6 Transport Protocols •Ensure reliable data delivery •TCP (Transmission Control Protocol) •SPX (Sequenced Packet eXchange) – Novell’s connection-oriented protocol •NWLink (MS implementation of SPX) •NetBEUI-MS standard transport layer non-routable (NetBEUI/NetBIOS) 6 Connectionless Protocols •Place the data on the network and assume it will arrive •Faster, doesn’t waste time establishing, maintaining, and tearing down connections. •Packet sequencing and sorting are handled at higher layers •Not as reliable as connection-oriented •Connectionless packets referred to as datagrams 6 Connection-Oriented Protocols •Connection is established •Data sent in orderly, slower fashion •Packet receipt is acknowledged •Resends error packets •Connection is terminated Port Numbers • Logical address that points to a specific protocol • • Identifies application to transport layer Up to 65,536 ports • 2 port addresses – Well known ports (0-1023) • Controlled and assigned by IANA • Destination port – Ephemeral ports • Used by client to establish connections • source and destination • Registered ports (1024-4951) – Accessible to network users and processes with no special administrative privileges – Must be registered with IANA • Dynamic or private ports (49152-65535) – Open for use without restriction Well Known Ports • • • • • • • • • • 20 FTP data 21 FTP control 23 Telnet 25 SMTP 53 DNS 80 HTTP 444 HTTPS 109 POP v2 110 POP v3 2049 NFS Flow Control • Buffer overflow – Do nothing ; potential for large number of retransmissions • Stop and Wait – Ack packet for each frame • Static Window – Set number of frames to transmit before waiting for ack • Agreed on during the handshake • Sliding Window – Receiving device sends a hold packet . 2 types: • Selectively repeat---Only nack generates resends • Go back n--- cumulative ack – Packets arrive in sequence – Resends bad packet and any that followed it Error Control • Types of error – Packet loss – Packet corruption – Packet duplication DNS (Domain Name System) – Transport layer, name-to-address resolution protocol – DNS server keeps a list of system’s names and their IP addresses. • Can use a system’s logical name (microsoft.com) rather than its numerical address when communicating • Session --Virtual connection for the purpose of transferring data • Dialogue –series of sessions used for a complex process or transfer of a large quantity of data. Session Layer Functions • Allows applications on different computers to open, use and close a connection – Structured dialog – Security – name recognition – Synchronization • check points in data Steps for establishing a session • • • • • Logon on authentication Establish connection ID number Agree on services and duration Determine who initiates transfer Coordinate ack and retransmission procedures • Session layer relies on support from lower layers to create sessions. In TCP/IP the transport and session functions are combined in the transport layer. Logon Authentication • Connection oriented --required before session building can begin • credentials– user information required by a system to permit access to network resources – Username and password – Cached and checked each time a resource is accessed • Client/server model authentication is done by the security database of the server running the service • Peer to peer model – the password is compared to the password assigned to the resource Presentation • Network Translator • On sending end determines format used to exchange data among networked computers and adds formatting so data can be understood • Uses a commonly recognized intermediary format, receiving computer translates back to own format • Managers data compression, translation, and encryption • Redirector operates here Presentation Layer Protocols • Presentation layer implementations are not typically associated with a particular protocol stack. • Some examples of presentation layer coding and conversion schemes include – – – – – – – ASCII. EBCDIC Motion Picture Experts Group (MPEG) QuickTime Tagged Image File Format (TIFF) Joint Photographic Experts Group (JPEG) Graphics Interchange Format (GIF), Compression • Choice of file format dictates compression scheme • Source encoding– compression at file level – Lossless– • Maintains quality • tif and bmp – Lossy• Trade quality for size • gif and jpg • Data compression– compression at transfer – Finite set of symbols— – Run length encoding Encryption • Data security – – sending device scrambles the bit order before transmitting – Receiving device has key to unscramble • 3 common methods – Substitution cipher • Substitute one letter for another – Transposition cipher • Reorders characters – Data encryption standard (DES) • Most secure • 64 bit key exchanged at beginning of the session determines bit order • May use Exclusive Or-Gate in data stream to change the key Application (7) • Services that directly support the users applications • Application processes communicate between applications and lower layer services • Allow software programs to negotiate formatting, procedure, security and synchronization – File transfer Data base access E-mail • Window for application to access network services Hardware • Gateway TCP/IP Protocol Stack • • • • • 4 layers Process/Application Host to Host Internet Network Access app/pres/sess transport network datalink/physical IP • IP V4 uses a 32 bit address in 4byte divisions • Each byte has 256 possibilities • 0 and 255 reserved for network broadcast • 127 is a loop back • 1-254 are used to denote networks or hosts IP Addressing • Logical Address assigned to each host • IP locates the network of a device • Once the network is located the network will find the device by the host portion of the address Subnet Mask • Used to denote which part of the address Is the network and which is the node • 1 masks the network 6 IP Addressing (Ver. 4) •First octet denotes class A, B, C, D, E •Class A,B,C are network classes •Class D is multicast addresses •Class E is experimental – Class A 1-126 16,387,064 hosts •(254*254*254 hosts) – Class B 128-191 64,512 hosts •(254*254 hosts) – Class C 192-223 •254 hosts per network Fully Qualified Domain Name • Unique computer name within a DNS namespace – Example—sales.www.emcp.com • Read from left to right • More specific information is on the left Network layer protocols of TCP/IP suite – IP – BootP – DHCP – ICMP – ARP – RARP DHCP • Places available IP addresses into a pool and leases to clients • 50% maturity client request renewal from leasing server • 75% maturity client requests reassignment from any server • Can hand out most TCP/IP configuration parameters •ICMP (Internet Control Message Protocol) – RFC 792 – TCP/IP best troubleshooting aid – Network layer protocol used to send control messages (errors and confirmations) • Out of band messages separate from the data – •ARP Address Resolution Protocol – Network layer protocol used to resolve a logical (IP) address to a physical (MAC) address – When a system begins a conversation with a host that it does not have a physical address for, it sends and ARP broadcast packet requesting the physical address that corresponds to the logical address. Then, the Data Link layer can correctly send the packet through the network. – RARP- assign IP address to MAC address WINS NETBIOS to IP Requires WINS server WINS database is dynamic– system broadcasts when it boots to the network Server extracts information Hosts and LMHosts Statically resolve IP addresses Hosts DNS to IP LMHosts NETBIOS to IP 6 TCP/IP Protocol Suite •RIP (Routing Information Protocol) – Network layer protocol – Distance-vector routing protocol used for route discovery (hops) •OSPF (Open Shortest Path First) – Network layer protocol – Link-state routing protocol used by routers running TCP/IP to determine the best path through a network. Transmission Control Protocol (TCP/IP) Three-Way Handshake: • Requestor sends a packet specifying the port number and its initial sequence number (ISN) to server • Server acknowledges with its ISN, which consists of the requestor’s ISN, plus 1 • The requester replies with the server’s ISN, plus 1 12 Configuring TCP/IP • TCP/IP protocol can be configured one of two ways – Dynamic via DHCP (automatic IP) – Static – IP set • IP address • Subnet mask • Gateway IP for forwarding packets beyond the LAN Gateway • A gateway in TCP/IP is a doorway to other networks • Usually an internal port of a router • Can be a 2nd ethernet card on a dual homed system • If multiple gateways are listed in the routing table, they will be queried in the order listed • Default gateway– defines where to send a packet if the network or node is not recognized Subnetting • Borrowing host bits of a IP network address – More networks fewer hosts per network • Reduce congestion • Security CIDR (Supernetting) • Classless Interdomain Routing (classless IP) • Response to the depleted supply of IPv4 addresses • Borrow bits from the network portion of the address to allow for more hosts – Used for networks that require more than 254 hosts – Network addresses must be contiguous or fall within the range of the subnet mask • To combine class C the 3rd octet of the first address must be divisible by the range of addresses • If public addressing must be contiguous range • Network Address uses an IP prefix/CIDR block – 192.168.16.0/20 TCP/IP Utilities • Troubleshooting utilities that are part of the TCP/IP suite – Tracert – Ping – IPconfig – Nbtstat – Route – Netstat IPX/SPX • Developed by Xerox in early 1980s • Default network protocol for Novell NetWare versions prior to 5.0 • Protocol provides transport services for data over the network • IPX is connectionless protocol • SPX is connection oriented protocol NetBEUI • IBM NetBIOS Enhanced User Interface (1985) for LAN Manager server application • Default protocol for WNT3.51 • NetBEUI is a non routable protocol – Operates mostly in the Data Link Layer – Modeled after the LLC of the OSI – Requires a bridge or switch to segment the network • Fastest of all protocols currently in use • Discontinued as of XP AppleTalk Addressing • Name Binding Protocol (NBP) dynamically assigns a unique node ID to each host and binds the NBP name to the ID • Datagram Delivery Protocol (DDP) provides point to point delivery functions – Uses a 16 bit network number – DDP packet contains source and destination address, hop count and checksum • Hop count over 16 is discarded • Connectionless protocol WAN Overview • Most are combinations of LANS and communication components connected by WAN Links – – – – – Packet-switching networks Fiber-optic cable Microwave transmitters Satellite links Cable television coaxial systems • Usually leased from service provider due to cost • Use the following transmission technologies – Analog– digital---packet-switching Remote Access (WAN) Protocols • Point to Point Protocol (PPP) • Point to Point Tunneling Protocol (PPTP) – Used on Virtual Private Network (VPN) • Remote Desktop Protocol (RDP) • Citrix Independent Computing Architecture protocol (ICA) PPTP (tunneling for VPN) • More secure connection • Uses encryption keys Supports multiprotocol VPN • Can connect via the internet to network • Connect to the RAS server • PPTP routes IP, IPX, or NetBEUI PPP protocol packets over TCP/IP network – Uses encapsulation Circuit Switching • Used in telephone communication • Established connection from point A to point B maintained for duration of the session – Packets arrive in order • Used by Public Switched Telephone Network (PSTN) (POTS) • And Integrated Services Digital Network (ISDN) Packet Switching Networks • Switches direct packets over pathways.For short and long distance – Fast efficient , reliable • Internet is packet switching network • Data handling: – Original data is segmented into packets – Each packet is labeled with sequence and destination – Each packet sent individually onto the network • By fastest, shortest route – Reconstructs data at destination end • Does not depend on any single pathway – Use Virtual circuits for temporary dedicated pathways – Switched Virtual Circuit– ppp established when needed – Permanent Virtual Circuit– established as permanent logical connection T1 • Most widely used digital line type • PPP 2 wire pairs – Send and receive – Full duplex rate of 1.544Mbps – Transmits digital voice and data and video • Most costly of WAN links – Can subscribe to a channel in 64Kbps (fractional T-1) CSU/DSU • Channel service unit/data service unit • Provides network interface for the T1 connection and your computer equipment • CSU provides filtering of noise and intercepts loopback signals • DSU provides synchronization and timing Sonet/SDH • Synchronous Optical Network and Synchronous Data Hierarchy are competing technologies • SONET – Physical Layer protocol uses fiber optics for transmission • Can be configured in dual ring or bus topology – 155Mbps-2.5Gbps transmission – Deliver voice data and video – Sonet uses Time Division Multiplexing to mix signals of different speeds into a single high speed transmission SONET cont… • SONET networks are divided into 3 separate regions – Local collector ring– individual access – Regional network– collates signals into a single pipeline – Broadband backbone– moves data over the highspeed pipeline VPN • Uses the Internet for remote connection • Uses PPTN protocol, encrypting data and securing the connection RAID (tab 16.4) • Redundant array of independent disks • Levels – Level 0 striping • 64k blocks divided equally across disk– no redundancy • 2-32 drives • Large logical disk – Level 1 Disk Mirroring • Two drives single controller – Disk duplexing • Two drives , two controllers – Level 2 Striping with ecc • Block is distributed across stripes – Level 50 RAID1 and RAID5 Security in the NOS • Security patches • Security features: – – – – – – – – Share level access User level access Authentication File system security Printer security Directory services IP Security Kerberos Share level – Owner is responsible for security – Restrictions are set on the share (passwords are optional) • Read only (read and copy) • Full control ( anything including modify permissions and ownership) • Change ( read edit delete) User Level – User ID and password are the key to the network resources (Credentials) • Association of permissions and rights are through the Security Identification (SID) number in Windows – Kept in the Security Accounts Management database (SAM) • Novell the user is an object and permissions are properties of that object – Directory Services tracks UID and GID against the object properties – Credentials are checked each time a resource is accessed Building Barriers • Firewalls – Circuit gateway– session layer of OSI – directs all traffic to the gateway IP port – Substitutes sending machines IP address with gateway address – Intercepts incoming traffic, filters and passes it on – Application gateway– control traffic primarily by opening and closing ports Firewalls continued • Direct traffic via: – Packet filtering – Stateful inspection – Proxy service Proxy service • Similar to proxy servers • Intercepts packets from the outside and forwards to host • Replaces outgoing IP address with gateway (circuit gateway) SSL and TLS • Secure Socket Layer (SSL) Connection security protocol that provides secured point to point connection between 2 devices – SSL Handshake protocol--Requires secure connection and credential exchange (encryption and key exchange) – SSL Record Protocol– encapsulates network data and allows encryption and transmission • Transport Layer Security (TLS) – recent implementation of SSL focuses on transport layer
