0% found this document useful (0 votes)

47 views534 pages

RSP 100 Lab Answer

The RSP 100 course provides an extensive overview of networking concepts and standardized protocols essential for those entering the IP networking field. It covers key topics such as network designs, OSI and TCP/IP models, IP addressing, routing protocols, and various management protocols. The course is structured into multiple modules, each focusing on different aspects of networking, including security features and common applications.

Uploaded by

rogerduck

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

47 views534 pages

RSP 100 Lab Answer

Uploaded by

rogerduck

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 534

RSP 100

Routing and Switching

Protocols

Student Guide
Revision 0619
RSP 100

Copyright © 2019 Ruckus Networks, an ARRIS company All rights reserved.

350 West Java Dr., Sunnyvale, CA 94089 USA

All or some of the products detailed in this document may still be under development and certain
specifications, including but not limited to, release dates, prices, and product features, may
change. The products may not function as intended and a production version of the products may
never be released. Even if a production version is released, it may be materially different from the
pre-release version discussed in this document.

Nothing in this document shall be deemed to create a warranty of any kind, either express or
implied, statutory or otherwise, including but not limited to, any implied warranties of
merchantability, fitness for a particular purpose, or non-infringement of third-party rights with
respect to any products and services referenced herein.

The Ruckus, Ruckus Wireless, Ruckus logo, Big Dog design, BeamFlex, ChannelFly, Xclaim, ZoneFlex
and OPENG trademarks are registered in the U.S. and other countries. Ruckus Networks,
MediaFlex, FlexMaster, ZoneDirector, SpeedFlex, SmartCast, SmartCell, and Dynamic PSK are
Ruckus trademarks worldwide. Other names and brands mentioned in this document or website
may be claimed as the property of others. 18-1-B

Revision: June, 2019

RSP 100 Course Introduction

RSP 100
Routing and Switching Protocols

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 1 – 1

RSP 100 Course Introduction

Module 1
Course Introduction

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 1 – 2

RSP 100 Course Introduction

Legal Disclaimer

All or some of the products detailed in this presentation may still be under development and
certain specifications, including but not limited to, release dates, prices, and product
features, may change. The products may not function as intended and a production version
of the products may never be released. Even if a production version is released, it may be
materially different from the pre-release version discussed in this presentation.
Nothing in this presentation shall be deemed to create a warranty of any kind, either express
or implied, statutory or otherwise, including but not limited to, any implied warranties of
merchantability, fitness for a particular purpose, or non-infringement of third-party rights
with respect to any products and services referenced herein.
The Ruckus, Ruckus Wireless, Ruckus logo, Big Dog design, BeamFlex, ChannelFly, Xclaim,
ZoneFlex and OPENG trademarks are registered in the U.S. and other countries. Ruckus
Networks, MediaFlex, FlexMaster, ZoneDirector, SpeedFlex, SmartCast, SmartCell, and
Dynamic PSK are Ruckus trademarks worldwide. Other names and brands mentioned in this
document or website may be claimed as the property of others. 18-1-B

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 1 - 3

RSP 100 Course Introduction

Course Overview

This self-paced course provides an extensive view of networking concepts and technologies
while exploring the standardized protocols used in networks today. It can also serve as a
foundational course preparing students that are entering into the IP networking field
needing a working knowledge of a networks structure and function. Studies include the
physical and logical understanding of basic networking operations, layer2/3 addressing and
standardized multi-vendor supported core, management and monitoring protocols.
Multicast forwarding using PIM and IGMP protocols are discussed as well as an overview of
popular WAN technologies deployed in the past and present.

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 1 – 4

RSP 100 Course Introduction

Course Objectives

• After completing this course, attendees should be able to:

– Describe key network designs as well as network devices
– Describe physical and logical topologies including WAN solutions
– Describe the OSI reference model and the function of each layer
– Describe the TCP/IP model and compare it to the OSI
– Explain the data encapsulation and de-encapsulation process
– Describe physical layer connectivity
– Explain Power over Ethernet
– Discuss Layer 2 solutions including VLAN types and tagging
– Describe L2 redundancy protocols including Spanning Tree Protocol (STP)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 1 – 5

RSP 100 Course Introduction

Course Objectives (cont.)

– Explain Link Aggregation using LACP

– Discuss Neighbor Discovery Protocols (LLDP)
– Explain Internet Protocol (IP), including IP addressing versions, subnetting and Classless Inter-Domain
Routing (CIDR)
– Describe Address Resolution Protocol (ARP), IP routing tables and routing types
– Explain route metrics and their effects on static, dynamic and Equal-Cost Multi-Path (ECMP) routing
– Describe OSPF protocol, packet types, area types, and link state advertisement (LSA) types and adjacency
– Describe basic BGP functions including Internal BGP (IBGP) and External BGP (EBGP) and basic route
advertisements
– Identify multicast traffic at Layer 2 and Layer 3 using protocols PIM and IGMP

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 1 – 6

RSP 100 Course Introduction

Course Objectives (cont.)

– Describe management protocols such as Simple Network Management Protocol (SNMP) and Network
Time Protocol (NTP)
– Discuss network service protocols
• Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) and Internet Control Message
Protocol (ICMP)
– Discuss several common protocols including FTP, TFTP, Telnet, SSH and HTTP
– Describe Quality of Service (QoS) concepts
– Discuss sFlow and OpenFlow 1.3 concepts
– Describe the function of Virtual Router Redundancy Protocol (VRRP)
– Describe authentication protocols as well as networking features including access control lists (ACLs),
and Network Address Translation (NAT)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 1 – 7

RSP 100 Course Introduction

Course Agenda

• M01 Introduction
• M02 Networking Fundamentals
• M03 Standards and Protocols
• M04 Ethernet and Media Access Control
• M05 Virtual LANs
• M06 Layer 2 Redundancy
• M07 Link Aggregation and L2 Discovery
• M08 IP Addressing
• M09 IP Routing Fundamentals
• M10 Dynamic IP Routing Protocols
• M11-Multicast Routing

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 1 – 8

RSP 100 Course Introduction

Course Agenda

• M12-Common Applications and Protocols

• M13-Resiliency and Performance
• M14-Security Features and Protocols

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 1 – 9

RSP 100 Module Name

Ruckus Training Resources

Ruckus Education
YouTube Channel

Ruckus Training Portal

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved 10

Revision 0218 <Mod #> - 10

RSP 100 Course Introduction

End of Module 1
Course Introduction

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 1 – 11

RSP 100 Networking Fundamentals

Module 2
Networking Fundamentals
Revision February 2017

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 2 – 1

RSP 100 Module Name

Legal Disclaimer

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 2 - 2

RSP 100 Networking Fundamentals

Objectives

• After completing this module, attendees will be able to:

– Describe key network designs
– Identify network devices and their functions
– Describe physical and logical topologies
– Describe WAN technologies

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 2 – 3

RSP 100 Networking Fundamentals

Network Concepts

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 2 – 4

RSP 100 Networking Fundamentals

Network Types

• Networks are often categorized based on geographic boundaries

• Local Area Network1

– A centrally managed network of trusted devices located in a limited geographical area or facility
– Usually contains multiple redundant paths and faster link speeds

• Wide Area Network2

– A network that expands over a large geographical area
– Managed and leased through a telecommunication provider
– Connects distant LANs or to other telecommunication providers
– Usually slower speeds due to distance and lease costs

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Early Local Area Networks were identified as broadcast and collision
domains. Because of the media and architecture used (BUS technology) LANs were
broken into LAN segments. To limited the degradation of a LAN and limiting the
frequency of possible collisions. Modern networks use more efficient devices and no
longer use BUS architecture thus the definition of a LAN more refers to a geographical
area instead of a single segment.
The fundamental components of a LAN include:
Computers
Interconnections (NICs and the media)
Networking devices (switches, and routers)
LANs ability to connect large amount of devices though physical hardwiring or
wireless (Wi-Fi) connections provide an efficient way for devices to share network
resources.

Footnote 2: WAN connections can either be dedicated circuits like ATM or a shared
resource similar to Frame Relay. Either are provided by a telecommunication carrier
allowing the data to be transported on their established networks. Many different
WAN solutions can be used depending on the customer requirements. More details
about WAN technologies will be explained later in this module.

Revision 0218 Mod 2 – 5

RSP 100 Networking Fundamentals

Public and Private Networks

• Public networks (Internet)1

– Accessible by everyone allowing interconnections between other public and private networks
– Devices such as web and mail servers are exposed to public networks allowing everyone access to their
services

• Private networks (intranet)2

– Limits access to its resources and services to only authorized users
– Generally created within an organization or company
– Can be connected to a public network using a barrier (firewall) establishing restrictions and access rules

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Public networks are generally created and maintained by Internet Service
Providers. The internet is a collection of ISP public networks with interconnections to
other providers as well as connections to private networks. No one person or
organization owns the internet because it is a collection of independently owned
public networks that are interconnected.
Footnote 2: Private networks are generally connected to public networks (internet)
allowing access to public services it offers. Because the private network often provide
access to sensitive company data, access into the private network is highly protected.
Rules and restrictions are put in place based on the network owners preferences.

Revision 0218 Mod 2 – 6

RSP 100 Networking Fundamentals

153_LAN.png

Local Area Networks (Private Network)

• Created and managed by an company or organization providing network services to its employees or
customers
– Generally established in a small geographical area known as a Local Area Network (LAN) 1
– Most LANs have connections to public networks providing access to services outside the private network
– Often private IP addresses are used within the LAN2

• Services provided can include:

– Printers
– IP Phones Client
– Intranet web servers3
– Shared storage (network drive) Switch

IP Phone

Server

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Because of the close proximity of devices that connect to the same LAN,
speeds are usually faster between these devices. Private LANs often connect to the
internet or other private LANs through the use of a Wide Area Network (WAN). WANs
will be discussed in more detail later in this module.
Footnote 2: Private IP addresses are officially identified by the Internet Assigned
Numbers Authority (IANA) and can be used by anyone that creates and maintains a
private network. Because IP address used on the Internet are required to be unique
(public) these addresses cannot be used on the internet and will be dropped by the
provider if attempted. When a device on a private network requires access to a public
service its private address is translated to a public address (at the firewall) before it is
forwarded to the internet. When the reply is received by the firewall it will then
replace the public IP address with the requesters private address and forward to the
requester. This process is known as Network Address Translation (NAT) and will be
discussed further in later modules.
Footnote 3: Intranet web servers are often used in companies allowing access to
sensitive proprietary company information accessible by its employees. This
information is only accessible on the private network (LAN).

Revision 0218 Mod 2 – 7

RSP 100 Networking Fundamentals

Enterprise Campus Networks

• LANs linked between a multi-building/floor company or school within a limited proximity

– Interconnections and equipment is owned and maintained by the campus tenant
– Because connections are owned higher link speeds and multiple link paths can be achieved1

• Enterprise LANs allow for centralized services such as:

– Phone systems (gateways)
– Servers
– Internet connections
– Wide Area Network links to other company locations

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Because of their proximity of each other the need for a service provider
is eliminated. This allows the intra connections to be personally managed therefore
there is not a significant increase in cost for higher speeds unlike with a service
provider.

Revision 0218 Mod 2 – 8

RSP 100 Networking Fundamentals

Branch Networks

• Connects the LANs of a remote office with a central location

• Branch office may utilize its own servers or use its Wide Area Connection (WAN) to
centralized services1
• Connectivity to the central site can be:2
– Dedicated private WAN circuit
– Virtual Private Network (VPN) tunnel through their Internet connection

VPN WAN

Branch B

Provider
WAN Circuit

Central Site
Branch A

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Many times a branch office will have its local server to allow for faster
connections to users. This sever can offer services such as Point-of-Sale completion or
a proprietary application used by employees. Some branch servers will have either a
constant connection back to the central office or may periodically connect for
updates through the WAN connection.
Footnote 2: Private WAN circuits are dedicated connections provided by a local
telecommunication provider. These links are generally a point-to-point connecting the
two locations sometimes called a private circuit. Other technologies like Virtual
Private networks can be leveraged to provide a secure tunnel through the branch
internet connection. Provider WAN technologies will be discussed later in module.

Revision 0218 Mod 2 – 9

RSP 100 Networking Fundamentals

Internet Evolution

• The internet originated from the US Government seeking to create a fault tolerant
computer network in the 1960s
• US DoD led in the development of packet switched ARPANET which was the first network
based on the Internet Protocol (IP)
• Commercial Internet Service Providers began offering services in late 1980s causing the
decommission of ARPANET in 1990
• Early devices were generally servers and PCs however it has now evolved to many unique
dedicated devices using the benefits of the Internet1
• This has caused the internet to be known now as the Internet of Things (IoT)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Because of the TCP/IP suite and its adaptability has caused the growth of
purpose build devices such as IP cameras, home/building automation appliances, and
phones. It is not uncommon to have most any electronic device to connect to the
internet and provide remote connection of services to the device. Companies now
take advantage of the internet by offering services and conveniences to its customers
as well as remote capabilities for its employees.

Revision 0218 Mod 2 – 10

RSP 100 Networking Fundamentals

Network Devices

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 2 – 11

RSP 100 Networking Fundamentals

153_early

Early Network Devices

• Hub
– Provided connectivity for Server

multiple devices to share a LAN

segment Server

– Each device connected participates NIC

in a collision domain1
• Bridge2 Hub

– Separates collision domains into Bridge

smaller network segments
– Prevents the forwarding of traffic to Hub

other LAN segments when the source

and destination is on the same segment
• Both were replaced by switches which
perform these functions3 Host
Host

Host

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Diagram Description: that provides a port allowing connectivity to the network. The
graphic shows a single LAN with two collision domains. Early networks used hubs and
bridges to provide connectivity however these technologies had limitations.
Footnote 1: When a hub is used each device connected has to wait until the network
is free before it can use the network to transmit. The more devices that are
connected to that segment the chance for collisions increase.
Footnote 2: Before bridges there were large collision domains which greatly degraded
network performance. Not only do collisions decrease when collision domains are
separated but also allows local devices increased utilization of the network resource.
Footnote 3: Hubs and bridges are rarely found in modern networks today and have
been replaced by switches. Switches perform the same tasks of both of these devices
but treat each of its ports as a bridge to other ports on the switch. As a result most
devices connected to a switch have their own LAN segment and do not have to share
its LAN resources.

Revision 0218 Mod 2 – 12

RSP 100 Networking Fundamentals

153_modern

Modern Network Devices

• Switch1
– Intelligent layer 2 device (Improvement
WAN
over hubs/bridges)
– Segments collision domains
and provides enhanced features
• Can be segmented into multiple LANs WLAN
Router
known as VLANs Router
• Filters traffic by only forwarding frames
out the port connected to its destination
Switch
• Router2
– Functions at layer 3 and is used to
route traffic between LANs allowing
the forwarding of traffic from source to
destination
– WLAN routers operate as a router as well as a
wireless access point that transmits and
receives Wi-Fi signals

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Each switch port is a LAN segment with its own collision domain. Filters
incoming data frames and limits forwarding only to ports the frames destination. This
this increases network utilization and reduces congestion. Switches also have the
ability to be divided up into multiple logical LAN segments known as a virtual LAN.
The most common switch used in networks today are Ethernet. OSI layers and VLANs
will be discussed in more detail later in this course.
Footnote 2: Routers provide routing decisions and forward data frames from one
layer 3 segment to another using IP addresses.

Revision 0218 Mod 2 – 13

RSP 100 Networking Fundamentals

Broadcast and Collision Domains

• Broadcast Domain includes Ethernet segments connected by repeaters, hubs, bridges, and
switches
– Broadcast frame will be sent out on all Ethernet segments in the Ethernet network
– A broadcast domain generally defines a LAN separated by a Layer 3 device1

Collision & Broadcast Domain Broadcast Domain

IP Router

Switch Switch
Hub Hub
Multiple
Collision
Domains

• A collision domain is a logical network segment where data frames can collide with each
other when they are transmitted2

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: In the diagram, there is a single logical Ethernet segment (connections to

the hubs) on the left of the IP Router forming a single collision domain. Additionally,
there are several Ethernet segments on the right side of the IP Router interconnected
by two Ethernet switches, each forming their own collision domain.
Footnote 2: Because switches act like bridges they limit the forwarding of frames to
links headed towards the destination device. This allows isolation and segmentation
eliminating devices competing for the media. Collisions decrease network efficiency
on a collision domain; if a collision occurs, both devices must abort transmission and
retransmit at a later time

Revision 0218 Mod 2 – 14

RSP 100 Networking Fundamentals

Other Network Devices

• Special Functions
• Proxy server1
– Intermediary device that can filter and/or cache web content for a group of users
– Provides content control and improved performance
• Firewall2
– Acts as a barrier between a private network (high trust) and a public network (low trust)
– Policies and rules can be applied based on the level of protection needed
• Load balancer (Layers 4-7)3
– Provide the distribution of traffic among multiple servers allowing for redundancy and greater
throughput

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: It can be considered a firewall for web content by storing copies of

frequently used web pages allowing delivery of requested content from its local
cache. Any host using the proxy for its web delivery will send requests to the proxy
for fulfillment. If the proxy does not have the content requested cached locally it will
request new or refreshed content from its originator. Its key benefit it to allow an
organization to filter what is being delivered to its users as well as improve
performance by fulfilling web requests locally instead of using its WAN connections
which can be slower connections.
Footnote 2: Firewalls are critical in protecting from outside hackers or unauthorized
users from accessing sensitive data within a private network. It can also prevent
internal users accessing certain services outside the private network that
administrators identify might compromise their network such as viruses sending
unauthorized data.
Footnote 3: Load balancers increase the amount of concurrent users accessing a
single service such as a website or application. Traffic is first sent to the load balancer
and is then forwarded to a server that can handle the request. As more traffic for that
service is sent to the balancer it can delegate the responsibility of responding to the
request. An example of a load balancer would be a hostess of a restaurant. As
customers come in the hostess will seat them at a table that is serviced by the least
busy waiter. It would not make sense for the hostess to put all the customers in one
section that is handled by one waiter. By balancing the customers out between
available waiters allows all customer to experience favorable service.

Revision 0218 Mod 2 – 15

RSP 100 Networking Fundamentals

Other Network Devices (cont.)

Special Functions
HTTP

Firewall

Proxy Server
Hacker

HTTP

Load Balancer

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 2 – 16

RSP 100 Networking Fundamentals

Network Topologies

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 2 – 17

RSP 100 Networking Fundamentals

Network Topologies

• A topology identifies the physical or logical placement of devices within a network to

efficiently forward traffic and improve fault tolerance
• Older topologies like bus and ring were limited to the technology that was currently
available
– Bus used a single cable as a backbone connecting all devices1
– Ring was typically deployed with token ring where a ring was required for it to function2

Backbone Cable

Terminator Terminator

Node

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: 10Base-2 ("ThinNet") and 10Base-5 ("ThickNet") are examples of these

topologies due to their properties. Both were popular many years ago for bus
topologies.
Footnote 2: Ring topology still a popular solution for network providers deploying
WAN solutions such as a metro ring. Token ring is an older enterprise LAN technology
that was replaced by Ethernet due to its benefits and easy deployment.

Revision 0218 Mod 2 – 18

RSP 100 Networking Fundamentals

Network Topologies

• Star topology
– Can consist of a layer 2/3 device providing a central connection for devices which can then share a common uplink
– Traffic is isolated to the links connected to the sender and receiver providing efficient forwarding
• Hybrid or Tree topology1
– Multiple star topologies can be connected to a tree providing aggregation of uplinks to a core network
– Tree topologies are the a common deployment in modern networks

Star Hybrid/Tree

Switch
Node

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Many times due to network requirements multiple topologies are

deployed in a single network. The goal is to provide efficient forwarding of traffic at a
reasonable cost. Using a tree topology and attaching other topologies such as a star
allow for efficient use of ports and uplink connections.

Revision 0218 Mod 2 – 19

RSP 100 Networking Fundamentals

Full and Partial Mesh Topologies

• Full Mesh1
– Creates interconnection between all other
network devices in the environment Full Mesh

– Provides high redundancy and efficient

forwarding
– Can be more costly to deploy
• Partial Mesh2
– Creates additional links above basic
connectivity and is a common
Partial Mesh
mesh deployment
– Provides redundancy but is not as
costly to deploy as full mesh
– Preferred when WAN circuits are
involved in topology

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Because of the full mesh devices can forward traffic directly towards its
destination providing the shortest path however if the direct link fails many alternate
paths can be used to deliver traffic. Full mesh is usually deployed where high
availability is critical because it can be more expensive due to its port utilization and
maintenance. Because of the high redundancy chances for detrimental loops can
occur. Care should be taken when deploying a full mesh topology.
Footnote 2: Partial mesh is a common deployment when redundancy is required.
Requires less port utilization and is easier to create and manage. More cost effective
if WAN circuits are used in the topology

Revision 0218 Mod 2 – 20

RSP 100 Networking Fundamentals

Network Considerations

• Considerations when designing a network

– Requirements1
• Where is this network being deployed and how critical is its reliability

– Budget2
• Redundancy within a network increases reliability however increases costs

– Cabling3
• Edge switches are best placed close to the end devices they are serving and connect back to a central location

– Future growth4
• As demands on the network increase networks will have to handle larger traffic loads

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Network reliability is important due to the growing dependence of what

network provide however failure in some networks can be more devastating that
others. Higher reliability for hospitals, military and other emergency services is critical
and generally designed with higher redundancy such as full mesh deployments
despite its costs.
Footnote 2: Budget is always a factor but a balance between reliability/redundancy
and cost can be achieved. Acceptable interruptions when designing a network are
identified which can effect the cost. Many times downtime can be calculated by loss
of revenue and can help identify the necessary resilience needed in a network.
Footnote 3: More common than not links between network devices use fiber
allowing higher bandwidth, longer distances, greater security and less electrometric
or radio-frequency interference (EMI/RFI). PCs and IP phones however still use
traditional Cat 5/6 cables for connectivity and have a more limited run distance
(usually around 300 feet).
Footnote 4: Planning for future growth can be a difficult challenge but if
miscalculated can cause loss in production and increased costs. Things that need to
be considered when anticipating future demands on the network are:
• Additional personnel or services offered on the network
• Increased productivity of existing users as they improve their skills resulting in
more tasks in less time
• Workstation upgrades and bring your own device (BYOD) demands

Revision 0218 Mod 2 – 21

RSP 100 Module Name

Network devices that allow for pay as you grow options where additional ports or higher
speeds can be unlocked as demands increase are effective ways to ensure your network can
keep up with the pace of progress.

Revision 0218 <Mod #> - 21

RSP 100 Networking Fundamentals

Traditional Hierarchical Topology

Mission Critical General Purpose

Clients Clients

Mobile
Clients

Access

Distribution

Core

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The most common network architecture uses a classic three-tier design, known as a
hierarchical network design. These layers or tiers are:
• LAN access layer – Provides user access to the network at the level where host
devices are connected.
• Distribution layer – Controls the boundary between the access and core layers.
Also known as the aggregation layer, it acts as an aggregation point for access layer
devices and provides policy-based connectivity.
• Core layer – Provides fast transport between distribution layer devices and routes
large amounts of traffic.
This design is advantageous in an environment where clients consume applications
running on dedicated physical servers, and network traffic typically flows from the
client, through the data center network tiers, to the application, and back out. This
traffic pattern is typically referred to as north-south. This environment tolerates
oversubscription in the switching components because, on average, each server
connection uses a relatively small portion of network bandwidth. To help ensure
application availability, network resiliency is delivered through redundant switching
components and network connections.

Revision 0218 Mod 2 – 22

RSP 100 Networking Fundamentals

Deployment Topologies

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 2 – 23

RSP 100 Networking Fundamentals

Client Connectivity

• For client connectivity,

access layer switches
are typically housed in
wiring closets
distributed on multiple to Core

floors of each building

on the campus
(MDF or IDF)1

• Within data centers with high a concentration of server racks the distribution may be
deployed as:
– Top-of-Rack
– Middle-of-Row
– End-of-Row

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: MDF – Main Distribution Frame IDF – Intermediate Distribution Frame

Access layer switches are connected to distribution layer switches that feed traffic to
other segments or to the network core.
High-performance uplinks are required to accommodate the fan-in of multiple access
layer switches to the aggregation layer

Revision 0218 Mod 2 – 24

RSP 100 Networking Fundamentals

153_ToR_deployments.png

Top-of-Rack (ToR) Deployments

• Aggregation switches connect to access switches located within the same or adjacent racks
• Top-of-rack design enables subscription ratio to be handled at the rack

Top-of-Rack
Aggregation
Switches
Switches

Copper
Fiber

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Many organizations are increasingly deploying not just servers but racks of servers,
blade systems, and integrated rack-and-blade systems. With the reduced size of
servers and other network systems the rack size remains constant, making it the
deployment “choke point” in many data centers. Top-of-Rack solutions simplify and
shorten cable runs facilitate the replication of rack configurations. This offers a
solution by placing switching resources in each rack so that server connectivity can be
aggregated and interconnected with the rest of the data center through cables
connected to end-of-row aggregation-layer switches.
For on-demand data centers, network access can then be deployed and cabled when
servers are deployed. Cabling is simple and cost effective by using inexpensive copper
cable within the rack and fiber optic cable for uplinks. With a modular solution at the
end-of-row, optical cables may be used for all server connections, and available
connections in the modular switches should be forecasted long before the servers are
deployed.

Revision 0218 Mod 2 – 25

RSP 100 Networking Fundamentals

Middle and End-of-Row (MoR/EoR) Switching

• Very scalable server aggregation to high availability switches with full redundancy
• High-performance: Flexible choice of wire-speed or oversubscribed interfaces, lower
latency
• Cuts down access layer switches, but requires more cabling across racks
• Allows the use of more efficient chassis based switches

End-Of-Row Middle-Of-Row

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Traditional modular chassis devices have commonly been used in End-of-Row

deployments, where cable lengths are relatively long between network devices. Cable
lengths may exceed length limitations; careful planning is required to accommodate
network connectivity. Another issue is device port utilization: this may become an
issue with some chassis-based devices, and many of these devices require
considerable power and cooling. In addition, large chassis-based devices use a great
deal of rack space which is always a critical issue in large data centers.
In a Middle-of-Row provides some advantages over end of row deployment, such as
the ability to reduce cable lengths to support 10GbE server connections. High-density,
large form-factor devices are supported, fewer uplinks are required in comparison
with top of row deployments, and a simplified network topology can be adopted.
In an End-of-Row configuration, devices are deployed at the end of a row to support
all the servers in that row. This configuration is common in data centers with existing
cabling where high-density devices are placed at the end of a row of servers. End of
row configurations can support larger form factor devices than Top-of-Rack
configurations. They also require fewer uplinks and simplify the network topology.
Because they require cabling over longer distances than top of row/bottom of row
configurations, they are best for deployments incorporating 1GbE connections and
relatively few servers.

Revision 0218 Mod 2 – 26

RSP 100 Networking Fundamentals

Stacking

• Many stacking technologies allows for management of the switches as a single virtual
switch1
• Hot insertion or removal of stack members
• Cross-unit link aggregation from the stack2
• Local switching of data within the stack
• Stacking can be established either vertically or horizontally as seen below3

1 GbE
10 GbE+ for stacking

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Stacking is most often found in wiring closets of a campus network. The
switches are literally stacked on top of each other in a rack and connected together
with short copper cables. Horizontal stacking allows the switch to remain at the top
of each server rack and they are connected with longer, more flexible cable options.
For example, copper cables can be used to connect switches together and then one
fiber optic cable can be used to complete the stack loop. This solution drastically
reduces management of edge switches since the stack appears as a single switch.
Footnote 2: Link aggregation is the idea of having multiple physical links between two
switches to logically be considered one. This allows the forwarding of traffic on all
port members while all combined are considered one link. More details on link
aggregation will be discussed in later modules.
Footnote 3: Vertical stacking is common when deployed providing end users
connectivity such as an IDF or on a building floor. Horizontal stacking provides a Top-
of-Rack solution within a data center to simplify management and flatten the
network. With modern datacenters many times servers need to talk to other servers
(east/west traffic) as much as to its end clients (north/south traffic). This solution
provides an effective way to provide both flow types at the same time.

Revision 0218 Mod 2 – 27

RSP 100 Networking Fundamentals

Introduction To WAN Technologies

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 2 – 28

RSP 100 Networking Fundamentals

Wide Area Networks (WANs)

• Connect two or more networks together

over distance
• Use public telephone
leased lines, cable companies, network
and service providers, and satellite
systems
• Are not geographically limited
– Cross cities and countries
• Feature transmission speeds typically
lower than LAN speeds

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

A wide area network (WAN) is a computer network that covers a broad area (that is,
any network whose communications links cross metropolitan, regional, or national
boundaries). Contrast this with LANs or MANs, which are usually limited to a room,
building, campus, or specific metropolitan area (such as a city), respectively. The
largest and most well-known example of a WAN is the Internet.
Many WANs are built for one organization and are private. Others, built by ISPs,
provide connections from an organization's LAN to the Internet.
WANs are often built by using leased lines. At each end of the leased line, a router
connects to the LAN on one side and a hub within the WAN on the other. Leased lines
are permanent dedicated connections established through a public
telecommunications carrier (for example, T1 or T3).

Revision 0218 Mod 2 – 29

RSP 100 Networking Fundamentals

Common WAN Technologies

• ATM - Protocol that is used over a SONET backbone that makes up the traditional public
switched telephone network (PSTN)1

• Frame Relay – Packet switched service providing cost-effective solution because it does not
require private or circuit switched leased lines

• MPLS – Multiprotocol Label Switching provides the ability to support many different WAN
technologies over a single IP network
– Highly scalable to provide private layer 2 and layer 3 services by the use of labels
– Enhanced features such as QoS and fault tolerance are possible as well as traffic engineering capabilities
– Cost effective solution because of its versatility and high utilization of shared resources

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Synchronous Optical Networking (SONET) is a standards based optical

interface transmission solution providing high-speed IP traffic forwarding (51 Mbps to
40 Gbps)
SONET provides features such as self-healing ring architecture and are commonly
used to aggregate T1 and T3 lines.
ATM provides cell switching and multiplexing technology providing circuit switching
with features like consistent transmission delay and guaranteed capacity. Cell
switching consists of Encoding data into small sized cells of the same size and
transmitting them to their destination.
Footnote 2: Frame-relay is more efficient than older technologies such as X.25
because it removes flow and error control to the end devices. This allows the
overhead of frame relay to be smaller providing lower delay and higher throughput.
Frame relay allows communication with multiple destinations using only a single local
network connection (WAN). It is however quickly being replaced with more modern
WAN technologies like MPLS.
Footnote 3: MPLS is the most common WAN technology today. Providers are able to
maintain a single Layer 3 IP network and provide many different WAN connections
while providing separation or privacy at the edge. Although traffic is forwarded over
the same links forwarding decisions are based on the MPLS labels and not traditional
IP headers. Providers edge devices can maintain separate MAC and routing tables for
the customers connecting and can even provide routing protocol adjacencies.

Revision 0218 Mod 2 – 30

RSP 100 Networking Fundamentals

Common WAN Technologies

• CWDM/DWDM
• Is a technology that uses multiple lasers transmitting several wavelengths of light
simultaneously over a single optical fiber

• Dense Wavelength Division Multiplexing (DWDM)

– Enables systems to support a large number of distinct wavelengths over the same physical fiber
– Higher costs due to the tight specifications required by the lasers

• Course Wavelength Division Multiplexing (CWDM)

– Is used for shorter distances (up to 60 km)
– Provides a greater resiliency and tolerance by increasing the space between channels
– Supports fewer channels (wavelengths) than DWDM

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 2 – 31

RSP 100 Networking Fundamentals

Dark Fiber

• Optical fiber infrastructure that is dedicated to your organization1

• Dark refers to the fact that these are extra unused fibers were laid by service providers
anticipating future growth2

• These fibers are leased to organizations needing connections between locations

• Usually unlit by the provider requiring enterprises to purchase equipment to transfer

traffic

• Often used when companies want to implement WDM or extend their LANs

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Depending on the needs of the client dark fiber can be a simple link
between two sites or have repeaters to extend the range. Many times the client is
responsible for providing the end devices to perform the light generation and
forwarding of traffic. Virtual dark fiber can be available where a provider offers a
single wavelength within a fiber limiting the client to light up that wavelength only.
This cuts the cost of leasing the whole fiber.
Footnote 2: The largest expense of a provider when running fiber is the labor.
Considering that it is wiser to include plenty of extra fiber when laying fiber avoiding
having to go back and lay more. This also allows them to recover some of their costs
by leasing out the unused fiber to companies or other providers.

Revision 0218 Mod 2 – 32

RSP 100 Networking Fundamentals

LAB EXERCISE

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 2 – 33

RSP 100 Networking Fundamentals

End of Module 2
Networking Fundamentals

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 2 – 34

RSP 100 Standards and Protocols

Module 3
Standards and Protocols

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 1

RSP 100 Standards and Protocols

Legal Disclaimer

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 2

RSP 100 Standards and Protocols

Objectives

• After completing this module, attendees will be able to:

– Describe the OSI reference model and the function of each layer
– Describe the TCP/IP model and compare it to OSI
– Explain the data encapsulation and de-encapsulation process

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 3

RSP 100 Standards and Protocols

Standards and Protocols

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 4

RSP 100 Standards and Protocols

Standards and Protocols – Introduction

• The physical medium provides interconnectivity between computer systems and devices
but does not define how communication should occur
• Internetworking standards and protocols define the format of communications and the
methods in which data should be transmitted between interconnected computer systems
and devices

PCs

Switch
Servers

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 5

RSP 100 Standards and Protocols

Communication Protocol Overview

• A protocol is a set of rules and conventions for communication between computers on a

network
– Includes guidelines regulating the characteristics of a network:
• Access methods
• Allowed physical topologies
• Cable types
• Data transfer speeds
• Data format
• Encoding methods

• The Open Systems

Interconnection (OSI)
Model is framework for Data Data

communications between Communication

Protocol
Communication
Protocol
devices on a network

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Network protocols define the rules and conventions that allow network devices to
communicate. They define the techniques necessary for network devices to send and
receive messages.
Networking protocols include methods for devices to identify and connect with each
other. They also define rules for how the sent and received data must be formatted.
Many networking protocols have been developed over the years. Some were
developed for very specific purposes and environments. While others were
developed to allow a common form of communications between devices all over the
world.

Revision 0218 Mod 3 - 6

RSP 100 Standards and Protocols

Internetwork Standard Organizations

• Many organizations1 have contributed to the standards that networking devices adhere to
that allow a common form of communication
– ISO – International Organization for Standardization
– ANSI – American National Standards Institute
– EIA – Electronics Industries Association
– IEEE – Institute of Electrical and Electronic Engineers
– IAB – Internet Activities Board
• Internet Research Task Force (IRTF)
• Internet Engineering Task Force (IETF)
– ITU-T – International Telecommunication Union Telecommunication Standardization Sector
• Formerly CCITT

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

A wide variety of organizations contribute to internetworking standards by providing

forums for discussion, turning informal discussion into formal specifications, and
proliferating specifications after they are standardized.
Most standards organizations create formal standards by using specific processes:
organizing ideas, discussing the approach, developing draft standards, voting on all or
certain aspects of the standards, and then formally releasing the completed standard
to the public.
Footnote 1: Some of the best-known standards organizations that contribute to
internetworking standards are:
• International Organization for Standardization (ISO)—ISO is an international
standards organization responsible for a wide range of standards, including many
that are relevant to networking. Its best-known contribution is the development
of the OSI reference model and the OSI protocol suite.
• American National Standards Institute (ANSI)—ANSI, which is also a member of
the ISO, is the coordinating body for voluntary standards groups within the United
States. ANSI developed the Fiber Distributed Data Interface (FDDI) and other
communications standards.
• Electronic Industries Association (EIA)—EIA specifies electrical transmission
standards, including those used in networking. The EIA developed the widely used
EIA/TIA-232 standard (formerly known as RS-232).

Revision 0218 Mod 3 - 7

RSP 100 Standards and Protocols

Internet Protocol Development

• There are processes for suggestions on developing new protocols

– IAB: Internet Activities Board1
– IETF: Internet Engineering Task Force2
– RFCs: Request for Comments3

RFC Process
“Use the existing protocol standards
whenever such standards apply,
invent new protocols only when existing
protocols are insufficient, but be
prepared to migrate to international
Message Formats standards when they become available
and provide equivalent functionality.“

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: The Internet Activities Board (IAB) is chartered both as a committee of

the Internet Engineering Task Force (IETF) and as an advisory body of the Internet
Society (ISOC). Its responsibilities include architectural oversight of IETF activities,
Internet Standards Process oversight and appeal, and the appointment of the RFC
Editor. The IAB is also responsible for the management of the IETF protocol
parameter registries
Footnote 2: The Internet Engineering Task Force (IETF) is a large open international
community of network designers, operators, vendors, and researchers concerned
with the evolution of the Internet architecture and the smooth operation of the
Internet. It is open to any interested individual.
Footnote 3: A Request for Comments (RFC) is a memorandum published by the
Internet Engineering Task Force (IETF) describing methods, behaviors, research, or
innovations applicable to the working of the Internet and Internet-connected
systems. Essentially, Internet standards are defined in these documents called
Requests For Comments (RFCs).
Through the Internet Society, engineers and computer scientists may publish
discourse in the form of an RFC, either for peer review or simply to convey new
concepts, information, or (occasionally) engineering humor. The IETF adopts some of
the proposals published as RFCs as Internet standards.
NOTE: When working with TCP/IP, it may be necessary to read an RFC. You can access
a list of all the RFCs in this index link: http://www.ietf.org/iesg/1rfc_index.txt

Revision 0218 Mod 3 - 8

RSP 100 Standards and Protocols

OSI Reference Model

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 9

RSP 100 Standards and Protocols

Layered Network Models

• Layered models provide framework for defining and explaining the networking concepts
and technologies that facilitate communication between interconnected devices

• Network models provide a variety of benefits:

– Reduce complexity
– Reduce ambiguity
– Support interoperability
– Promote modular development

• OSI and TCP/IP are two different, but related, layered network models

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 10

RSP 100 Standards and Protocols

ISO OSI Seven-Layer Reference Model

• The OSI model OSI Model Layer Units

– Divides communication into seven layers1

Application Message
– Provides a framework for key network technologies
7

– Each layer does a specific job, then passes the data

Application
to the next layer2 Layers
Presentation 6 Message

• The seven layers are often grouped into

Session 5 Message
two main sections:
– Application — How the data is interpreted at the end point
Transport 4 Segment
– Transport — How data is passed through the internetwork

Network 3 Packet
Transport
Layers
Data Link 2 Frame

Physical 1 Bits / Bytes

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: The OSI model uses seven logical layers, each with specific functions that
transfer information among applications. In this model, communications originate at
the top layer (Layer 7) of the transmitting device, move down to its lowest layer
(Layer 1), and travel across the network to the receiving device. The message arrives
at the lowest layer of the receiving device and moves back up through the layers on
this device to Layer 7.
The seven layers are described in detail on the following slides.
Footnote 2: As a message is passed down, the lower layer adds a header to it. This is
called encapsulation, because it is like placing an object into a capsule. The header is
sometimes called a wrapper. Each successive lower layer encapsulates what it
receives from the layer above it. The inverse happens on the receiving side as the
message is first stripped of its header, and then the inner contents (the "data"
portion) is passed up. This can be described as a decapsulation process. Each
successive upper layer receives the data message from the layer below, and then
removes its own header and passes the data on.

Revision 0218 Mod 3 - 11

RSP 100 Standards and Protocols

Layer 7—Application Layer

• The Application Layer provides services to OSI Model Layer Units

applications/ programs and their users to

Application 7 Message
access resources over the network
• Example: When an Internet browser is used, Application
Presentation 6 Message
Layers
HTTP operates at the Application Layer, but
the Web browser does not1 Session 5 Message
• Additional Application Layer protocols include
FTP, telnet, SNMP, and DNS2 Transport 4 Segment

Network 3 Packet
Transport
Layers
Data Link 2 Frame

Physical 1 Bits / Bytes

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: A web browser is, in itself, not a part of the network interconnection
process. The browser is an program that uses the data in the Application layer
message to display content, such as web pages.
Footnote 2: Network protocols evolve over time. New protocols become important
and existing protocols lose their prominence. Current, widely used protocols include:
• HTTP – Hypertext Transfer Protocol is the protocol used by the World Wide Web
• FTP – File Transfer Protocol is used to transfer data
• SNMP – Simple Network Management Protocol is used to manage devices in your
network
• DNS – Domain Name System is a service that resolves host names to IP addresses

Revision 0218 Mod 3 - 12

RSP 100 Standards and Protocols

Layer 6—Presentation Layer

• The Presentation Layer takes data provided OSI Model Layer Units

by the Application Layer and converts it into

Application 7 Message
a format that the other layers can understand
• Example: The choice between binary or ASCII Application
Presentation 6 Message
Layers
for a file transfer application such as FTP
• Additional data formats include MPEG, JPEG, Session 5 Message
GIF, and TIFF1
Transport 4 Segment

Network 3 Packet
Transport
Layers
Data Link 2 Frame

Physical 1 Bits / Bytes

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The Presentation Layer can be thought of as a translator. It ensures that data from the
sending application can be read successfully by the receiving application.
The Presentation Layer implementations are not typically associated with a particular
protocol stack. Some well-known standards for video include QuickTime and Motion
Picture Experts Group (MPEG). QuickTime is an Apple Computer specification for
video and audio, and MPEG is a standard for video compression and coding.
Footnote 1: Among the well-known graphic image formats are:
• Moving Picture Experts Group (MPEG) – Is a standard for audio and video
compression and transmission.
• Joint Photographic Experts Group (JPEG) – Is a compression and coding standard
for still graphic images that works well on photographs, but not well on lettering or
black-and-white line drawings.
• Graphics Interchange Format (GIF) – Is a standard for compressing and coding
graphic images that does not degrade as it is compressed.
• Tagged Image File Format (TIFF) – Is a standard, flexible coding format for graphic
images that uses no compression.

Revision 0218 Mod 3 - 13

RSP 100 Standards and Protocols

Layer 5—Session Layer

• The Session Layer establishes, maintains, and OSI Model Layer Units

terminates the session with the remote host

Application 7 Message
• Examples: Interactive login and file transfer
connections Application
Presentation 6 Message
Layers
– The session disconnects and reconnects if there is
an interruption
Session 5 Message
• Common protocols and associated services include
RPC, NFS, and SCP1 Transport 4 Segment

Network 3 Packet
Transport
Layers
Data Link 2 Frame

Physical 1 Bits / Bytes

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: The following services and protocols are defined on the Sessions layer:
• Remote Procedure Call (RPC )
• AppleTalk Session Protocol (ASP)
• Network File Services (NFS)
• Session Control Protocol (SCP )
Protocols that work at this layer, such as NetBIOS and RPC, ensure that requests and
responses between applications are completed correctly.

Revision 0218 Mod 3 - 14

RSP 100 Standards and Protocols

Layer 4—Transport Layer

• Provides end-to-end communication services for OSI Model Layer Units

Physical 1 Bits / Bytes

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 15

RSP 100 Standards and Protocols

Layer 3—Network Layer

• Is responsible for routing data (packets) through OSI Model Layer Units

the network
Application 7 Message
– Handles the addressing and delivery of data
• Performs these functions1: Application
Presentation 6 Message
Layers
– Host addressing
– Message forwarding
Session 5 Message
– Fragmentation and Reassembly
• IP is the predominant L3 protocol in use today Transport 4 Segment

• Systems are identified by logical (IP) addresses

Network 3 Packet
Transport
Layers
Data Link 2 Frame

Physical 1 Bits / Bytes

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Functions of the network layer include:

• Host addressing — On the Internet, addresses are known as IP addresses.
• Message forwarding – Networks use specialized hosts, called gateways or routers,
to forward packets between networks that are partitioned into subnetworks and
connected to other networks. One example is mobile applications, where
messages must follow a user from one location to another.
• Fragmentation and Reassembly – Different transmission mediums allow different
frame sizes. If the packet at the network layer is too large for the medium, the
network layer must break the packet up into smaller pieces and send each piece
separately. Once received at the destination, the separate pieces are reassembled
to recreate the completed packet.
To route data from a web server, dynamic route distribution protocols, such as Border
Gateway Protocol (BGP) and Open Shortest Path First (OSPF) (used extensively in
large enterprise networks) are commonly implemented on routers.
On nodes located at the network edge, static routing is often used instead of a
routing protocol. This type of routing makes use of a default gateway, and all data for
those IP addresses that do not match any routes in the routing table is sent to this
device.
The Network Layer is sometimes referred to as the routing layer among IT people
who work with routers and Layer 3 switches.

Revision 0218 Mod 3 - 16

RSP 100 Standards and Protocols

Layer 2—Data Link Layer

• The Data Link Layer defines how upper-level data OSI Model Layer Units

is formatted into data frames for transmission over

Application 7 Message
a given network technology
• Examples of Layer 2 protocols include a variety of Application
Presentation 6 Message
Layers
network communication standards
– Ethernet, Token Ring, Frame Relay
Session 5 Message
• At this layer, systems are identified by their
hardware or MAC address Transport 4 Segment

Network 3 Packet
Transport
Layers
Data Link 2 Frame

Physical 1 Bits / Bytes

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 17

RSP 100 Standards and Protocols

Layer 1—Physical Layer

• The Physical Layer defines the electrical, mechanical, OSI Model Layer Units

procedural, and functional specifications for

Application 7 Message
activating, maintaining, and deactivating the
physical link between communicating Application
networked systems Layers
Presentation 6 Message

Session 5 Message

Transport 4 Segment

Network 3 Packet
Transport
Layers
Data Link 2 Frame

Physical 1 Bits / Bytes

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Multiple specifications are sometimes used to complete all details of the Physical
Layer. For example, RJ-45 defines the shape of the connector and the number of
wires or pins in the cable. Ethernet and the 802.3 standard defines the use of wires or
pins 1, 2, 3, and 6.
Within the OSI network architecture model, the Physical Layer translates
communication requests from the Data Link Layer into hardware-specific operations.
It deals with details such as connector types, cable specifications and lengths, and
voltages.

Revision 0218 Mod 3 - 18

RSP 100 Standards and Protocols

Source Node and Destination Node Stacks

OSI
• The diagram shows how the source node stack Client Reference
Model
Server

corresponds directly to the same services

on the destination node Application HTTP Message

Presentation ASCII Message

Session Message

Transport TCP Segment

Network IP Packet

Data Link Ethernet Frame

Physical Bits / Bytes

Wire

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 19

RSP 100 Standards and Protocols

TCP/IP Protocol Suite

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 20

RSP 100 Standards and Protocols

TCP/IP Protocol Suite

• The TCP/IP protocol suite is the set of communication protocols used for the Internet and
other similar networks
– Defined in RFC 1122 and 1123

• Named after two of the most important protocols1:

– Internet Protocol (IP)
– Transmission Control Protocol (TCP)

• The TCP/IP suite transitioned the responsibility of reliability of delivery from the network to
the end devices, resulting in TCP

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: The Internet Protocol Suite is commonly also known as TCP/IP, named
from two of the most important protocols in it: The Transmission Control Protocol
(TCP) and the Internet Protocol (IP), which were the first two networking protocols
defined in this standard. The Internet Protocol Suite, like the OSI model, is
constructed in a set of layers. Each layer performs a specific function involving the
transmission of data. In particular, the layers define the operational scope of the
protocols within.
The TCP/IP model consists of four layers (RFC 1122 and 1123). From lowest to
highest, these are the:
• Link Layer
• Internet Layer
• Transport Layer
• Application Layer

Revision 0218 Mod 3 - 21

RSP 100 Standards and Protocols

TCP/IP Protocol Suite (cont.)

• Can be loosely mapped to the OSI model

• Has four layers OSI Model Layers TCP/IP Layers TCP/IP Protocol Suite

– Application Application Layer

– Transport Presentation Layer Application Layer HTTP FTP SMTP DNS RIP SNMP

– Internet Session Layer

– Link1 Transport Layer Transport Layer TCP UDP

ICMP (Ping) ICMPv6

Network Layer
Internet Layer IP (IPv4) IPv6
ARP/RARP NDP
Data Link Layer
802.11 Frame
Link Layer Ethernet Wireless ATM
Relay
Physical Layer LAN

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: The Link Layer of the TCP/IP model is often compared directly with the
combination of the Data Link layer and the Physical Layer in the OSI protocol stack.
Although they are congruent to some degree in technical coverage of protocols, they
are not identical. The Link Layer in TCP/IP is wider in scope and in principle is a
different concept and terminology of classification. This may be observed when
certain protocols, such as the Address Resolution Protocol (ARP), which is confined to
the Link Layer in the TCP/IP model, is often said to fit between the OSI Data Link Layer
and the Network Layer. In addition, TCP/IP expects applications to be responsible for
everything above the Transport Layer. In general, direct or strict comparisons should
be avoided.
Internet Layer protocols are:
• IPv4 - Internet Protocol version 4
• IPv6 - Internet Protocol version 6
• ICMP - Internet Control Message Protocol (IPv4)
• ICMPv6 - Internet Control Message Protocol Version 6 (IPv6 version of ICMP)
• IGMP - Internet Group Management Protocol
Link Layer protocols are:
• ARP - Address Resolution Protocol (IPv4)
• NDP - Neighbor Discovery Protocol (IPv6 version of ARP)

Revision 0218 Mod 3 - 22

RSP 100 Standards and Protocols

Internet Protocol (IP)

• OSI network Layer 3 (L3) protocol

• Current IP protocol versions
– IPv4 — First version to be widely deployed
– IPv6 — Next-generation Internet protocol
• Contains addressing information and control information for routing packets
• The primary network-layer protocol in the Internet protocol suite
• Along with TCP, IP represents the heart of the Internet protocols

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

IPv4 is unable to satisfy potential increases in the number of users, geographical

needs, and emerging applications because of its 32-bit addressing format. IPv4’s 32-
bit address format allows a maximum of nearly 4.3 billion available addresses.
IPv6 uses 128-bit address format that allows for
340,282,366,920,938,000,000,000,000,000,000,000,000 addresses.
With the emergence of the Internet of Things (IoT) where all devices are
interconnected, including TVs, cellular phones, household thermostats, refrigerators
and more, the need for more available addresses is essential.
As of September 2015, the American Registry for Internet Numbers (ARIN), the
organization responsible for allocating IP addresses in North America, has stated that
all of it’s IPv4 addresses have been exhausted. They can no longer allocate IPv4
addresses, only IPv6 addresses are available.

Revision 0218 Mod 3 - 23

RSP 100 Standards and Protocols

TCP/IP Four-Layer Model

• Protocol rules control communication

between processes that run at Data “Encapsulation”
User Data
corresponding layers
App
User Data Application
Header

• At each layer (except L1) communication TCP

Application Data Transport (TCP)
Header
takes the form of a message, called a TCP “segment”
Protocol Data Unit (PDU)1, IP Header
TCP
Application Data Internet (IP)
sent between devices Header
IP “datagram”

Ethernet TCP Ethernet

Header IP Header Application Data Link (Ethernet)
Header Trailer

• A new PDU is created at each layer 14 20 20

Ethernet “frame”
4

– Each contains the header information 46 to 1500 bytes

for that layer as well as the user data and

headers of the higher layers

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: A Protocol Data Unit (PDU) is an OSI term referring to the information
added during the encapsulation process by the Protocol Layer to next the layer above
it. For example, it might add a TCP or UDP port number to identify the application, a
network address to help with routing, a code to identify the type of data in the packet
such as an EtherType or IP data type, or error-checking information such as CRC. The
PDU contains the structured information that is passed to a matching protocol layer
further along on the data's journey that allows the layer to perform its intended
function or service. The matching layer decodes the data to extract the original data
unit, decide if it is error-free, and decide where to send it next.

Revision 0218 Mod 3 - 24

RSP 100 Standards and Protocols

TCP/IP Four-Layer Model (cont.)

• Although TCP/IP has its own model, the corresponding

OSI model layers are typically used when referencing TCP/IP
– Layer 4: TCP/UDP
– Layer 3: IP
• This course uses the mapped OSI layers OSI Model Layers TCP/IP Layers

rather than the TCP/IP layers Application Layer

Presentation Layer Application Layer

Session Layer

Transport Layer Transport Layer

Network Layer
Internet Layer

Data Link Layer

Link Layer
Physical Layer

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 25

RSP 100 Standards and Protocols

TCP/IP Model Layers and Protocols

• Link Layer
– Controls the hardware devices and media that make up the network TCP/IP Layers

– Each LAN can run their own Link Layer protocol

• Ethernet, Frame Relay Application Layer

Transport Layer

Internet Layer

Link Layer

Ethernet Frames Frame Relay Frames Ethernet Frames

Internet

Branch
Corp Router Router Web Server
Router

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Describe L2 languages across common media.

Add protocol numbers.
The Link Layer dictates the methods, media and communication format for devices
interconnected on the same LAN. Each individual LAN may use a different Link Layer
protocol. However, each device connected to the LAN must use the same protocol.
Communication between LAN segments is facilitated through the upper-level,
Internet Layer protocol.

Revision 0218 Mod 3 - 26

RSP 100 Standards and Protocols

TCP/IP Model Layers and Protocols (Cont.)

• Internet Layer
– Identifies a path through the network TCP/IP Layers

– End points run common Internet Layer protocols

• IPv4, IPv6 Application Layer

Transport Layer

Internet Layer

Link Layer

Router
Ethernet Frames Ethernet Frames Ethernet Frames
Internet
IP Datagrams
Web Server

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 27

RSP 100 Standards and Protocols

TCP/IP Model Layers and Protocols (Cont.)

• Transport Layer
– Supports communication between diverse devices across diverse networks TCP/IP Layers

• TCP (reliable), UDP (best effort)

Application Layer

Transport Layer

Internet Layer

Link Layer

Router
Ethernet Frames Ethernet Frames Ethernet Frames
Internet
IP Datagrams
Web Server
“Here is the data, did you get it? (TCP)”

“Yes, I got it. (TCP)”

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 28

RSP 100 Standards and Protocols

153_laptop.png

TCP/IP Model Layers and Protocols (Cont.)

• Application Layer
– Represents data to the user and controls dialogue TCP/IP Layers

• DNS, Telnet, SMTP, POP3, IMAP, DHCP, HTTP, FTP, SNMP

Application Layer

Transport Layer

Internet Layer

Link Layer

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 29

RSP 100 Standards and Protocols

The Encapsulation/Decapsulation Process

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 30

RSP 100 Standards and Protocols

Ethernet Frame

• The Ethernet frame header provides information about the source and destination
endpoints for the frame on the LAN
• EtherType is used to identify upper layer protocol

Ethernet
7 1 6 6 2 45-1500 4
S 4
Destination Source Ty
by
Preamble O Type
pe Data FCS
Address Address tes
F
FC
S
Layer 2 (MAC) Addresses
EtherType =
Upper Layer Protocol

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 31

RSP 100 Standards and Protocols

Ethernet Header

Ethernet EtherType
• Identifies the type of data encapsulated in an Ethernet frame

• Well-known EtherType values include:

– Internet Protocol (IP), EtherType 0x800: Provides a unique global address to computers for communicating
over the network
– Address Resolution Protocol (ARP), EtherType 0x806: Finds a host’s hardware address when only the IP
address is known

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 32

RSP 100 Standards and Protocols

IPv4 Packet

• The IPv4 packet header provides information for routing the packet and how to handle the
data it contains
• IP protocol number is used to identify upper layer protocol

Bit 0 Bit 15 Bit 16 Bit 31

Version Header Priority & Type Of
(4) Length (4) Service (8) Total Length (16)
Flags
Identification (16) (3) Fragment Offset (13)

Time to Live (8) Protocol (8) Header Checksum (16) 20 Bytes

Source IP Address (32)

Destination IP Address (32)

IP Options (0 or 32, if any)

Data (if any)

IP Protocol = Upper Layer Protocol

Layer 3 (IP) Addresses

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The format of the IPv4 header is shown in the figure. It includes information that
pertains to IP packet forwarding, handling, size, upper layer protocols, lifetime and
integrity.
To facilitate the routing of packets over a network, the TCP/IP protocol suite uses a
32-bit logical address known as an IP address. This address must be unique for each
device in the internetwork. The address is part of the IPv4 header. An IP packet is sent
from an L3 device to another L3 device; therefore, both the source and destination
device addresses must be included in the header.
The IP Protocol field is used to identify the upper-layer protocol that should be used
to interpret the data in the frame payload.

Revision 0218 Mod 3 - 33

RSP 100 Standards and Protocols

IP Protocol Numbers

• Identifies the protocol of data encapsulated in an IP packet

• Well-known protocol numbers values include:
– Transmission Control Protocol (TCP)
• IP Protocol Number 6
• Allows virtual connections between hosts on the network to provide reliable delivery of data
– User Datagram Protocol (UDP)
• IP Protocol Number 17
• Allows faster, unreliable delivery of data that is either lightweight or time-sensitive
– Internet Control Message Protocol (ICMP)
• IP Protocol Number 1
• Used to send error and control messages, including reachability to another host and availability of services

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 34

RSP 100 Standards and Protocols

TCP Segment

• TCP port number is used to identify upper layer protocol

• Client request to server
– Source port will be used identify server response
– Destination port to identify upper layer protocol to server
• Server swaps these fields in response to the client

Bit 0 8 16 24 Bit 32
Source Port Number Destination Port Number

Sequence Number

Acknowledgement Number

Data C E U A P P S F
Reserved W C R C S S Y I Window Size
Offset R E G K H T N N

Checksum Urgent Pointer

Options Padding

Port Number = Upper Layer Protocol

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

TCP Port Numbers

Source Port Number - If the source host is the client, the port number is likely to be
an ephemeral port number, usually a random number between 1024 and 65535.
If the source host is the server, the port number is likely to be a well-known port
number usually reserved for a specific protocol between 1 and 1023
Destination Port Number - If the client is the destination host, then the port number
will likely be an ephemeral port number.
If the destination host is the server, then the port number will likely be a well-known
port number

Revision 0218 Mod 3 - 35

RSP 100 Standards and Protocols

UDP Segment Header

UDP Port Numbers

• Like TCP, UDP port number is used to identify upper layer protocol
• Client request to server
– Source port will be used identify server response
– Destination port to identify upper layer protocol to server
• Server swaps these fields in response to the client

Bit 0 8 16 24 Bit 32
Source Port Number Destination Port Number

Length Checksum

Data

Port Number = Upper Layer Protocol

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

UDP Port Numbers

Source Port Number - If the source host is the client, the port number is likely to be
an ephemeral port number.
If the source host is the server, the port number is likely to be a well-known port
number
Destination Port Number - If the client is the destination host, then the port number
will likely be an ephemeral port number.
If the destination host is the server, then the port number will likely be a well-known
port number

Revision 0218 Mod 3 - 36

RSP 100 Standards and Protocols

Well-Known TCP/UDP Port Numbers

• Identifies the type of data encapsulated in a TCP or UDP segment

• Well-known TCP/UDP port values include:
– Domain Name System (DNS):
• TCP/UDP port 53
• Provides the IP address of a website or domain name so that a host can connect to it
– Telnet:
• TCP port 23
• Allows administrators to log in to a host from a remote location
– Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP3), and Internet Message Access Protocol
(IMAP):
• TCP port 25, 110 and 143, respectively
• Used to send email messages between clients and servers

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 37

RSP 100 Standards and Protocols

Well-Known TCP/UDP Port Numbers

• Dynamic Host Configuration Protocol (DHCP):

– UDP port 546 (client) and port 547 (server)
– Assigns IP addressing to requesting clients
• Hypertext Transfer Protocol (HTTP):
– TCP port 80
– Used to transfer information between web clients and web servers
• File Transfer Protocol (FTP):
– TCP port 21 (control) and port 20 (data)
– Allows the download and upload of files between an FTP client and FTP server
• Simple Network Management Protocol (SNMP):
– TCP/UDP port 161 and port 162 (trap)
– Used by network management systems to monitor devices attached to the network

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 38

RSP 100 Standards and Protocols

Data Encapsulation

• Data flows bi-directionally in the

OSI and TCP/IP models Data Application
– When data is transmitted TCP Data Transport
from a source node, it flows
IP TCP Data Internet
down the layers of the model
– When data is being received IP IP TCP Data LT Network Access

by a destination node, it flows Transmit Bits

up the layers of the model

• When data flows down the layers, each lower level adds a header or wrapper to the data
and encapsulates the data it receives from the layer above
• As data flows up the layers, the outside header is stripped from the data through
Decapsulation and the remaining data portion is passed up to the next level

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 39

RSP 100 Standards and Protocols

Encapsulation Walkthrough

Application Layer – Client

• Client browses to www.example.com
• Browser creates HTTP data package requesting the page
• HTTP data is passed to Transport Layer

HTTP
Application Layer Data

Transport Layer

Internet Layer

Link Layer

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 40

RSP 100 Standards and Protocols

Encapsulation Walkthrough (cont.)

Transport Layer – Client

• Transport Layer encapsulates HTTP data into a TCP datagram
• Datagram includes header indicating encapsulated data is HTTP using well-known TCP port
number 80
• TCP datagram is passed to Internet Layer

HTTP
Application Layer Data

TCP Header Transport

Transport Layer Data
Port 80 (HTTP) Layer

Internet Layer

Link Layer

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 41

RSP 100 Standards and Protocols

Encapsulation Walkthrough (cont.)

Internet Layer – Client

• Internet Layer encapsulates TCP data (including HTTP payload) into an IP packet
• Packet includes header indicating encapsulated data is TCP using well-known IP protocol
number 6
• IP packet is passed to Link Layer

HTTP
Application Layer Data

TCP Header Transport

Transport Layer Data
Port 80 (HTTP) Layer
IPv4 Header
Internet Layer Data
Protocol 6 (TCP)

Link Layer

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 42

RSP 100 Standards and Protocols

Encapsulation Walkthrough (cont.)

Link Layer – Client

• Link Layer encapsulates IP data (including TCP/HTTP payload) into an Ethernet frame
• Frame includes header indicating encapsulated data is IPv4 using well-known EtherType
0x800
• Ethernet frame is sent on the wire to destination

HTTP
Application Layer Data

TCP Header Transport

Transport Layer Data
Port 80 (HTTP) Layer
IPv4 Header
Internet Layer Data
Protocol 6 (TCP)
Ethernet Header
Link Layer Data
EtherType 0x800 (IP)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 43

RSP 100 Standards and Protocols

Encapsulation Walkthrough Summary

• Internet and Link Layers help to deliver the HTTP data to the destination web server
• Transport Layer is used by the end-points (client and server) to confirm receipt
• Application Layer carries data used by client and server

HTTP
Application Layer Data

TCP Header Transport

Transport Layer Data
Port 80 (HTTP) Layer
IPv4 Header
Internet Layer Data
Protocol 6 (TCP)
Ethernet Header
Link Layer Data
EtherType 0x800 (IP)

Internet

Router Web Server

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 44

RSP 100 Standards and Protocols

Decapsulation Walkthrough

Link Layer – Server

• The server uses the EtherType to determine which Internet Layer protocol to use to
process the data
– 0x800 = IPv4
• It strips off the Link Layer header and passes the IPv4 data to the Internet Layer

HTTP
Application Layer Data

Web Server TCP Header Transport

Transport Layer Data
Port 80 (HTTP) Layer
IPv4 Header
Internet Layer TCP Data
Protocol 6 (TCP)
Ethernet Header
Link Layer IPv4 Data
EtherType 0x800 (IP)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 45

RSP 100 Standards and Protocols

Decapsulation Walkthrough (cont.)

Internet Layer – Server

• The server uses the Protocol field in the IP header to determine which Transport Layer
protocol to use to process the data
– 6 = TCP
• It strips off the Internet Layer header and passes the TCP data to the Transport Layer

HTTP
Application Layer Data

Web Server TCP Header Transport

Transport Layer HTTP Data
Port 80 (HTTP) Layer
IPv4 Header
Internet Layer TCP Data
Protocol 6 (TCP)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 46

RSP 100 Standards and Protocols

Decapsulation Walkthrough (cont.)

Transport Layer – Server

• The server uses the Port field in the TCP header to determine which Application Layer
protocol to use to process the data
– 80 = HTTP
• It strips off the Transport Layer header and passes the HTTP data to the Application Layer
process; the web server

HTTP
Application Layer Data

Web Server TCP Header Transport

Transport Layer HTTP Data
Port 80 (HTTP) Layer

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 47

RSP 100 Standards and Protocols

Decapsulation Walkthrough (cont.)

Application Layer – Server

• The server’s web server application can read the information in the HTTP data and
respond to the client
• The same process repeats for the response:
– HTTP data -> TCP -> IP -> Ethernet
– Sent across the network
– Ethernet -> IP -> TCP -> HTTP

HTTP
Application Layer Data

Web Server

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 48

RSP 100 Standards and Protocols

Encapsulation and Decapsulation

Ethernet
Frame

IP
Packet

Decapsulation
Encapsulation
TCP
Segment

HTTP

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 49

RSP 100 Standards and Protocols

LAB EXERCISE

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 50

RSP 100 Standards and Protocols

End of Module 3
Standards and Protocols

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 3 - 51

RSP 100 Ethernet and Media Access Control

Module 4
Ethernet and Media Access Control

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 1

RSP 100 Ethernet and Media Access Control

Legal Disclaimer

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 2

RSP 100 Ethernet and Media Access Control

Objectives

• After completing this module, attendees will be able to:

– Describe physical layer connections
– Explain Power over Ethernet
– Discuss Ethernet framing composition and protocols
– Discuss Layer 2 forwarding

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 3

RSP 100 Ethernet and Media Access Control

The Physical Layer Connections

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 4

RSP 100 Ethernet and Media Access Control

Physical Layer Overview (cont.)

• There are currently three basic forms of network media used in modern networks:1
– Copper (category 5/6 unshielded twisted pair cable)
– Fiber (single mode/multi mode)
– Wireless (IEEE 802.11 common wireless standards b,a,g.n)

• The physical layer accepts the frames from the upper layers and places signals onto the
media in series as binary bits
– Provides encoding of data and control information
– Transmitter and receiver circuitry on the network devices

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Although other media such as coax (bus technology) and shielded
twisted pair have been used in the past modern network deployments incorporate
either or all of the above media types. There are however many different
termination/connection types used especially when it comes to fiber. These will be
discussed in the following slides.

Revision 0218 Mod 4 - 5

RSP 100 Ethernet and Media Access Control

Cable Types

• Twisted pair cable1

– Shielded (STP)
• Not common due to expense and termination difficulties
– Unshielded (UTP)
• Categorized providing faster speeds and Power over Ethernet (PoE) support 2
• Provides 8 wires that are twisted in pairs of two
Single-Mode Fiber
• Fiber optic cable3 Core Glass
– Single-mode
• Small diameter core allowing only one Cladding Glass
pathway for light to operate
• Allows signal to travel faster and further
Multi-Mode Fiber
– Multi-mode Core Glass
• Allows multiple light paths allowing
simultaneous forwarding for data
Cladding Glass
• Used for shorter distances

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Shielded twisted pair (STP) cabling adds a metal shielding over each pair
of copper wires. Aids in the shielding of external EMI. Unshielded twisted pair (UTP):
cabling has does not have and metal but Instead are twisted at different rates to
minimize crosstalk and help cancel electromagnetic interference
Footnote 2: Categories range from category 3 through category 7

Maximum Data Maximum

Category Cable Type
Transmission Speed Bandwidth

Category 3 UTP 10 Mbps 16 MHz

Category 5 UTP 10/100 Mbps 100 MHz

Category 5 e UTP 1000 Mbps 100 MHz

Category 6 UTP or STP 1000 Mbps 250 MHz

Category 6 a STP 10,000 Mbps 500 MHz

Category 7 SSTP 10,000 Mbps 600 MHz

Footnote 3: Most connections between network devices use fiber due to its higher
speeds and resistance to outside interference. Both can be used as long as the

Revision 0218 Mod 4 - 6

RSP 100 Ethernet and Media Access Control

correct optical connectors are used. Many times distance is the factor on which type to use.

Revision 0218 Mod 4 - 6

RSP 100 Ethernet and Media Access Control

Connectors

• RJ45 RJ45
Most common connecter used with copper
• MRJ21
High density for 1Gb/s connections1 MRJ21
• ST
Spring-loaded, Less commonly used in modern
networks standardized in TIA-604-2
ST
• SC
Snap-in connector providing excellent performance Duplex SC
Standardized in TIA-568-A2
• LC
Most commonly used in modern network due to is Duplex LC
small form factor connector half the size of the SC
standardized in TIA-604-103
• MT_RJ MT_RJ
Duplex connector with both fibers in a single polymer
ferrule - it uses pins for multimode only

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Mini-RJ21 connectors support six 1 GbE ports each. Options include:
• A cable connects from the MRJ-21 connector on the line card to 6 RJ-45 male
connectors
• A MRJ-to-MRJ cable providing connectivity to MRJ capable patch panel2
Footnote 2: Was used for its high quality connections and reliability however its size
became problematic as optic receivers became smaller and smaller due to size
constraints. SC was replaced with the thinner yet reliable LC connectors.
Footnote 3: Because of their compact size and reliability they widely used in
networks today.

Revision 0218 Mod 4 - 7

RSP 100 Ethernet and Media Access Control

Small form-factor pluggable transceiver (SFP)

Types
• SFPs provide flexibility and
adaptability allowing the choice
between media types and
distance requirements
– Allows the mixture of copper
and optical short range/long
range to be used within a single device
– SFP interface are hot swappable and
provides either multimode and
single-mode fiber via an LC connector

• Different versions of SFPs provide increased speed and lower power consumption
– SFP provides up to 4.25Gb/s
– SFP+ provides up to 10Gb/s and 1.5W of power

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: There were older transceivers that have now become obsolete such as
GBICs due to their cost, size and slower speeds. Small form-factor pluggable (SFP)
transceivers were specified for up to 4.25 Gb/s. SFP+ refers to transceivers that are
capable of up to 10 Gb/s data rate. SFP was modified to handle more power and the
higher 10Gb/s bit rate to become SFP+.
SFP+ has a slightly modified SFP cage for dissipating the additional heat that is
generated.

Revision 0218 Mod 4 - 8

RSP 100 Ethernet and Media Access Control

Quad Small Form-factor Pluggable (QSFP)

• QSFP/QSFP+ provides a compact, hot-pluggable transceiver providing higher transfer

speeds than SFP
– Allows for fiber optic or copper cable connections
– Provides single or multi-mode connectivity using an LC connector

• Consists of 4 x 10Gbits/s providing 40 Gbits/s of forwarding

– Port can also be divided into 4 x 10 Gbits/s ports providing higher density port connectivity1

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Special cables are used providing a QSFP on one end and 4 x 10Gbits/s
SFPs on the other.

Revision 0218 Mod 4 - 9

RSP 100 Ethernet and Media Access Control

C Form-factor Pluggable (CFP)

• Hot-pluggable optical transceiver supporting 40Gbit/s and 100Gbit/s using single or multi-
mode fiber
• The CFP was designed after the SFP transceiver interface, but is significantly larger to
support 100 Gb/s

• CFP2
• Uses less power than CFP (12w power)
• 10x10G, 4x25G or 8x25G lane options available
• Future plans to provide 400GE forwarding

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 10

RSP 100 Ethernet and Media Access Control

Example Media Output

device# show media ethernet 1/3/1

Port 1/3/1: Type : 40GE-SR4 100m (QSFP+)
Vendor: RUCKUS Version: A
Part# : 57-1000128-01 Serial#: LTA112251000543

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 11

RSP 100 Ethernet and Media Access Control

Power over Ethernet (PoE)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 12

RSP 100 Ethernet and Media Access Control

Power over Ethernet

• PoE technology passes electrical power along with data on Ethernet cabling

• Defined in IEEE 802.3af (PoE) and 802.3at (PoE+)1 specifications

• The standards for PoE requires Category 5 cable or higher for high power levels
– Can operate with Category 3 cable for low power levels

• Power is supplied in common mode over two or more of the differential pairs of wires
found in the Ethernet cables

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: The 802.3af specification defined the original standard for PoE and has
been superseded by the 802.3at (PoE+) standard. The 802.3at specification expands
the standards to support higher power levels for more demanding powered devices.
Except where noted, this document will use the term PoE to refer to both PoE and
PoE+
Power over Ethernet (PoE) is a method whereby power is transmitted to Ethernet-
connected equipment (VoIP telephones, WLAN transmitters, security cameras) from
the central switch. By using the existing CAT-5 cabling, the need for AC power (and
wiring costs) can be eliminated. The switch is also able to control power distribution
to the powered devices allowing sophisticated uninterruptible power management
for vital systems.
Devices labeled as PoE are compliant with the IEEE 802.3af standard.
Devices labeled as PoE+ are compliant with both the 802.3af and 802.3at standards.

Revision 0218 Mod 4 - 13

RSP 100 Ethernet and Media Access Control

IEEE 802.3af/802.3at PoE Standards

• Defines terminology to describe a port that acts as a power source to a powered device
• Defines how a powered device is detected
• Defines two methods of delivering PoE to the discovered device
– End-Point PSE — On a PoE-capable Ethernet port power may be delivered to a powered device using the
active data wires of an Ethernet port or the spare wires
• An end-point PSE, such as a PoE-capable Ethernet switch may implement either scheme
– Mid-span PSE — Can be used to deliver PoE if an existing non-PoE-capable Ethernet switch is used

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Note: Only one mechanism may be used at a time to deliver power to a powered
device.

Revision 0218 Mod 4 - 14

RSP 100 Ethernet and Media Access Control

PoE Terminology

• Power-Sourcing Equipment (PSE)

– The source of the power, or the device that integrates the power onto the network
– Power sourcing devices and equipment have embedded PoE technology

• Powered Device (PD) or power-consuming device

– The Ethernet device that requires power

PD PSE

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 15

RSP 100 Ethernet and Media Access Control

PoE Delivery Methods

• Two modes for delivering power:

– Mode A delivers power on the data pairs
Power and data signals travel along
Switch with Power over Ethernet IP Phone
the same pairs of wires at different
(PoE) ports
frequencies

– Mode B delivers power using the spare pairs

Intermediary IP Phone
Switch Device

IP
Power
Data

Power travels on unused spare pairs

while data travels on other wire pairs

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

All 802.3af and 802.3at compliant power consuming devices are required to support
both delivery modes defined in the specifications. With both modes, power is
transferred over four conductors between the two pairs. 802.3af and 802.3at
compliant PDs are able to accept power from either set of pairs.
Most PoE switches use the End span method, compliant with the 802.3af and 802.3at
standards.
Note: GbE networks have no spare pairs, as such, only Mode A power delivery can be
used in GbE environments.

Revision 0218 Mod 4 - 16

RSP 100 Ethernet and Media Access Control

Power Classes for PDs

• Power class: Determine the amount of power

a PD receives
– When a PD is detected, the POE switch Power from sourcing
performs power classification by inducing a Class Usage device (watts)
specific voltage and measuring the current
consumption of the PD Standard PoE PoE+
– Depending on the measured current, the POE
switch assigns the appropriate class to the PD 0 Default 15.4 30
– PDs that do not support classification are
assigned a class of 0 (zero)
1 Optional 4 4
2 Optional 7 7
3 Optional 15.4 15.4
4 Optional 15.4 30

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 17

RSP 100 Ethernet and Media Access Control

Supported IP Powered Devices

• PoE devices support a wide range of IP powered devices including the following:
– Voice over IP (VoIP) phones
– Wireless LAN access points
– IP surveillance cameras

Supported IP Powered Devices

IP Phone Wireless Access Point Security Camera

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

VoIP
Voice over IP (VoIP) is the convergence of traditional telephony networks with data
networks, utilizing the existing data network infrastructure as the transport system
for both services. Traditionally, voice is transported on a network that uses circuit-
switching technology, whereas data networks are built on packet-switching
technology. To achieve this convergence, technology has been developed to take a
voice signal, which originates as an analog signal, and transport it within a digital
medium. This is done by devices, such as VoIP telephones, which receive the
originating tones and place them in UDP packets, the size and frequency of which is
dependent on the coding / decoding (CODEC) technology that has been implemented
in the VoIP telephone or device. The VoIP control packets use the TCP/IP format.
IP surveillance cameras
IP surveillance technology provides digital streaming of video over Ethernet,
providing real-time, remote access to video feeds from cameras. The main benefit of
using IP surveillance cameras on the network is that you can view surveillance images
from any computer on the network. If you have access to the Internet, you can
securely connect from anywhere in the world to view a chosen facility or even a
single camera from your surveillance system. By using a Virtual Private Network (VPN)
or the company intranet, you can manage password-protected access to images from
the surveillance system. Similar to secure payment over the Internet, images and
information are kept secure and can be viewed only by approved personnel.

Revision 0218 Mod 4 - 18

RSP 100 Ethernet and Media Access Control

Ethernet

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 19

RSP 100 Ethernet and Media Access Control

Layer 2 Devices

• Communicate directly with each other within a LAN using physical and data link
specifications

• First standardized and the most popular L2 protocol used today is Ethernet1

• Able to encapsulate many different protocols received from upper layers of OSI

• Provide high throughput forwarding (wire speed)

– All connected LAN segments appear as one broadcast domain

• Are uniquely identified and forwarded by the use of the Media Access Control (MAC)
address2
– Filtering is limited on MAC addresses

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Although there are other layer 2 protocols Ethernet by far is the most
popular and supported layer 2 protocol today. As such all references made in this
course when referring to layer 2 will be in reference to Ethernet protocol.
Footnote 2: A MAC address is not a logical address; it is a physical address burned
into the network interface controller (NIC) at the factory. The MAC address is used to
uniquely identify each node on the Ethernet network

Revision 0218 Mod 4 - 20

RSP 100 Ethernet and Media Access Control

Ethernet Specifications

• 802.3 defines the IEEE standard for Ethernet

– Refers to a family of standards that together define the physical and data link layers of the LAN
technology1
– Improvements to Ethernet have allowed different media and speeds to be used increasing its usefulness
and function2

Ethernet
LLC Sub-layer
Layer 2

(10 Gigabit Ethernet over

Data Link Layer

802.3bz 2.5/5 Gigabit

(Gigabit Ethernet over

802.3an 10GBASE-T
(Gigabit Ethernet)
Ethernet

(Fast Ethernet)
MAC Sub-layer

IEEE 802.3ab
IEEE 802.3u

IEEE 802.3z
IEEE 802.3
(Ethernet)

Ethernet
Cropper)

Copper)
Layer 1 Layer 1
Physical Layer Physical Layer

OSI Layers LAN Specifications

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Ethernet separates the functions of the data link layer into two distinct
sublayers:
• Logical Link Control (LLC) sublayer—Defined in the 802.2 standard
• MAC sublayer—Defined in the 802.3 standard
Footnote 2: Many adaptations and enhancements have been applied to Ethernet
allowing it be to even more functional in modern networks. New features such as
VLAN tagging (802.1q), metro Ethernet, Provider Backbone Bridging (PBB),
Multiprotocol Label Switching (MPLS), Data Center Bridging (DCB) and many others
allow additional features and scalability. Many upper protocols have been adapted to
be forwarded by Ethernet due to its popularity and ease of use.

Revision 0218 Mod 4 - 21

RSP 100 Ethernet and Media Access Control

History of Ethernet Speeds and Conventions

• Ethernet has evolved over its 30-year history to accommodate faster bandwidth speeds
– 10BASE–T 10 Mbit/s 802.3i (half/full duplex) (cat 3 copper)
– 100BASE–TX 100 Mbit/s 802.3u (half/full duplex) (cat 5 copper)
– 1000BASE–SX 1000 Mbit/s 802.3z (fiber)1
– 1000BASE–T 1000 Mbit/s 802.3ab (copper cat 5e)
– 10GBASE-SR/LR 10 Gb/s 802.ae (fiber)2
– 10GBASE-T 10 Gb/s 802.3an (copper cat 6a)
– 40GBASE-SR4/LR4 40 Gb/s 802.3ba (Multi mode/Single mode fiber)
– 100GBASE-SR4 100 Gb/s 802.3bm (multi mode fiber)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Multimode fiber connections were considered as 1000BASE-SX and

single mode fiber connections were considered as 1000BASE-LX/EX. Both were
identified under the 802.3z standard. No auto negotiation was performed due to full
duplex function.
Footnote 2: Short reach uses multi mode fiber where the long reach uses single
mode fiber.
More details about cable types will be discussed later in this module.

Revision 0218 Mod 4 - 22

RSP 100 Ethernet and Media Access Control

802.3 Ethernet Frame Format

• Ethernet frames can encapsulate many upper layer protocols and forward it as payload in a
LAN (broadcast domain)
• Ethernet adds an additional header and footer to what it is forwarded

Frame (64 – 1518 Bytes)

S F E
O Header Payload C O
F S F

8 14 (min) 46 to 1500 (max) 4 1

Start of Frame Destination Source Length/ Data Field Frame Check End of Frame
Preamble
Delimiter Address Address EtherType Sequence Delimiter
(46-1500
(7 bytes)
(1 byte) (6 bytes) (6 bytes) (2 bytes) bytes) (4 bytes) (1 byte)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The above frame is for a standard 802.3 format.

Revision 0218 Mod 4 - 23

RSP 100 Ethernet and Media Access Control

Ethernet Frame Format (cont.)

• The Preamble (7 bytes) is followed by a Start of Frame Delimiter (1 byte) totaling a 64-bit
(8 byte) field

– The preamble contains a bit pattern used to establish synchronization

– After synchronization is established, the preamble is used to locate the first bit of the frame

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The above frame follows the 802.3 format.

The preamble is a set of alternating 1s and 0s, ending with the value 11, and
identifies the beginning of the frame.

Revision 0218 Mod 4 - 24

RSP 100 Ethernet and Media Access Control

Ethernet Frame Format (cont.)

• The Destination Address (DA) field is a 48-bit (6 byte) field that specifies the device to
which the packet should be sent
– Each station examines this field to determine whether it should accept the frame

• The Source Address (SA) field is a 48-bit (6 byte) field that contains the unique address of
the station that is transmitting the frame

• More information on the next slide

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The above frame follows the 802.3 format.

Revision 0218 Mod 4 - 25

RSP 100 Ethernet and Media Access Control

Ethernet Frame Format (cont.)

• The Destination Address (DA) and Source Address (SA) fields each contain a MAC address
• Media Access Control (MAC) Address is also known as:
– Ethernet Address
– Data Link Address
– IEEE Address
– Physical Address
– Hardware Address

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

A MAC address is not a logical address; it is a physical address burned into the
Network Interface Controller (NIC) at the factory. The MAC address is used to
uniquely identify each node on the Ethernet network

Revision 0218 Mod 4 - 26

RSP 100 Ethernet and Media Access Control

Media Access Control Address (MAC)

• Ethernet uses a 48-bit (6-byte) Media Access Control (MAC) address to uniquely identify
every physical device
• MAC address is typically represented in hexadecimal format
– e.g. C4:10:8A:6E:6B:21
• The first 24-bit section is an OUI (Organizational Unique Identifier); the last 24-bit section
is the unique serial number of the device which has been created by the manufacturer

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 27

RSP 100 Ethernet and Media Access Control

Ethernet Frame Format (cont.)

• Length / EtherType field is a 2-byte field used in two different ways:

– If the value in the field is less than or equal to 1500, then the field specifies the length of the data field
– If the field value is greater than or equal to 1536, then it identifies the upper-level protocol carried
(encapsulated) in the frame
• Examples:
– i. 0x8100 – Tagged frame
– ii. 0x88cc – LLDP
– iii. 0x9100 – Q in Q
– iv. 0x8870 – Jumbo Frame
– 1501 to 1535 are undefined

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 28

RSP 100 Ethernet and Media Access Control

Ethernet Frame Format (cont.)

• The Data Field contains 46 to 1500 bytes

– Each 8-bit octet contains any arbitrary sequence of values
– The data field is the information received from Layer 3 (Network Layer)
– Conventional Ethernet limits the size of this data field to a maximum of 1500 bytes for a standard frame
• The Frame Check Sequence (FCS) field is a 32-bit Cyclical Redundancy Check (CRC) error
check
– The CRC value is generated from the contents in the frame starting with the destination address field and
includes the data field

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 29

RSP 100 Ethernet and Media Access Control

Ethernet Frame Format (cont.)

• A standard Ethernet frame can contain a maximum of 1500 bytes of payload known as
Maximum Transmission Unit (MTU)

Destination Source Length/ Data Field Frame Check

Address Address EtherType Sequence
(46-1500
(6 bytes) (6 bytes) (2 bytes) bytes) (4 bytes)

• Jumbo Frames:
– The data field can be up to 9000 bytes in size
– Must be supported on all devices end-to-end in the network1

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Today, most network infrastructures are not configured for Jumbo
frames.

Revision 0218 Mod 4 - 30

RSP 100 Ethernet and Media Access Control

Switch Frame Forwarding Methods

Store-and-forward1 Cut-through
The switch will receive the The switch will receive only the
Store-and-Forward Cut-Through
complete frame into the switch Operation Operation destination MAC address, which
memory buffers and computes a is located in the first six bytes of
cyclic redundancy check the frame before it begins
(CRC) for errors before forwarding the frame to its
forwarding it on destination

A B
Switch Switch

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Store-and-forward switching provides a high level of reliability by

checking the frames integrity however it is considered the slower method of the two
options. In the past this method was preferred due to the less reliable networks these
frames were forwarded on. Many modern switches use the cut-through method
providing faster forwarding yet still provide a higher reliability due to the stable
networks deployed today.

Revision 0218 Mod 4 - 31

RSP 100 Ethernet and Media Access Control

Special MAC Addresses

• Broadcast:
– Used when a device is unaware of the MAC address of the destination device
– Forwarding a frame with all the destination address bits set to
FF FF FF FF FF FF is a BROADCAST and is received and processed by all devices within the broadcast
domain

• Multicast:
– MAC addresses with an odd value in the first octet
– IP multicast traffic maps to the first half of the IANA multicast MAC OUI – 01.00.5e
Example multicast MAC address: 01:00:5e:0a:00:01

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 32

RSP 100 Ethernet and Media Access Control

MAC Learning

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 33

RSP 100 Ethernet and Media Access Control

MAC Learning and Forwarding

• MAC address are used to forward frames in a layer 2 LAN

1. If the source device knows the destination MAC address it will apply it to the frame (dest MAC) and
place it on the media1 Frame 1
A
2. Layer 2 devices such as a Src: A
Dst: B
switch will record the source
address of the frame and place
it in its database (MAC address e3
table) and associate the port MAC Address
aaaa.aaa.aaaa
Port
e3
e2 B
it came in on2
Frame 1
3. The switch will then consult the
e1
database to identify the location of
Frame 1
the destination device and forward
the frame out the associated port C
– If the destination is not known it floods
the frame out all ports known as unknown unicast flooding3

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: If the sending device is unaware of the destinations MAC it will set the
MAC address to broadcast (FF FF FF FF FF FF).
Footnote 2: When the MAC is placed in the database it will record the source MAC
along with the port it came in on and start a timer which is known as dynamic MAC
learning. If new packets are received on that port from the same source device the
timer is restarted. If no more packets are received from the sending device after the
timer expires the MAC is flushed and removed from the database. The timer provides
maintenance of the database preventing it becoming too large or containing outdated
entries that no longer reside on the LAN. Static MAC addresses can be also configured
in the table causing them to remain until manually deleted.
Footnote 3: Devices will not flood the packet out the port the frame was received on
to avoid duplication of the frame on that link.

Revision 0218 Mod 4 - 34

RSP 100 Ethernet and Media Access Control

MAC Learning and Forwarding (cont.)

Returning traffic
1. The destination device return traffic by swapping the source and destination addresses and placing the
frame on the media
A
2. The switch receiving the frame
will record the source MAC and
its associated port in its database Frame 2

3. The switch will then look up the

MAC Address Port e3
destination MAC and place the aaaa.aaaa.aaaa e3 e2
frame on the port associated with bbbb.bbbb.bbbb e2 B
it in the database Frame 2
• As long as the port remains up and e1 Src: B
periotic frames come from that source Src: A
the MAC entry will remain in the database

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 35

RSP 100 Ethernet and Media Access Control

MAC Address Table

• MAC addresses are learned dynamically on each switch and maintains its own MAC
database

• Example output:

device# show mac-address

Total active entries from all ports = 3
Total static entries from all ports = 1
MAC-Address Port Type VLAN
0000.5e00.5324 1/1/15 Static 1
0000.5e00.5334 1/1/14 Dynamic 1
0000.5e00.53d2 1/1/13 Dynamic 1
0000.5e00.53f9 1/1/10 Dynamic 1

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 36

RSP 100 Ethernet and Media Access Control

LAB EXERCISE

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 37

RSP 100 Ethernet and Media Access Control

End of Module 4
Ethernet and Media Access Control

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 4 - 38

RSP 100 Virtual LANs

Module 5
Virtual LANs

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 5 - 1

RSP 100 Virtual LANs

Legal Disclaimer

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 5 - 2

RSP 100 Virtual LANs

Objectives

• After completing this module, attendees will be able to:

– Discuss the benefits of VLANS
– Describe VLAN types
– Describe VLAN tagging

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 5 - 3

RSP 100 Virtual LANs

Virtual LANs

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 5 - 4

RSP 100 Virtual LANs

Benefits of VLANs

• Implementing Virtual LANs on a switch provides:

– Association of users/hosts or a service together logically instead of by its physical location1

– Improved utilization of a switch and ports by breaking up a physical switch into segregated logical LANs
• Segmenting allows devices to be placed into smaller LANs shrinking broadcast domains

– Improved security by providing isolation of sensitive data into its own Virtual LAN
• Security policies can easily be implemented to traffic residing within a VLAN

– Separating time sensitive data such as IP voice traffic and video feeds from data traffic
• Allows the ability to provide preferred treatment (QoS) to time sensitive data 2

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Example: Companies these days provide internet connectivity to their

guests however they do not want customers to have access to their network which
could compromise their companies privacy. By placing customers connecting via Wi-
Fi into their own VLAN no only does it provide isolation of their traffic it also allows
an easy way to identify and manage guest access.
Footnote 2: Quality of Service for time sensitive traffic such as Voice over IP (VOIP)
and video feeds is critical especially with overprovisioned networks. Because the
traffic is isolated into its own VLAN it can be configured to allow for preferred
treatment and forward of this traffic. Quality of Service will be further discussed in
later modules.

Revision 0218 Mod 5 - 5

RSP 100 Virtual LANs

VLAN Types

• Port-based: A set of physical ports in an exclusive broadcast domain

• MAC-based: Incoming untagged packets assigned to a VLAN based on the source MAC
address of the packet

• Protocol-based: Subset of port-based VLANs sharing a common broadcast domain

classified by protocol

• Private VLANs: Provides further isolation between ports in the same broadcast domain

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 5 - 6

RSP 100 Virtual LANs

VLAN Properties

• A VLAN is:
– A subgroup within a LAN
– A separate broadcast domain
– A logical partitioning of a physical LAN into one or more VLANs
VLAN 10 VLAN 20

• Each VLAN has an ID

– VLAN IDs (VID) can range from 1 – 4095
• IDs greater than 4089 are reserved
– Generally the default VLAN is 1
• By default all interfaces belong to VLAN 1
– VLAN 1 should only be used as a container for unused ports

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 5 - 7

RSP 100 Virtual LANs

Port-based VLAN

• A port-based VLAN is a broadcast domain, composed of a subset of ports on a device

• Traffic is bridged within a port-based VLAN and unknown unicasts, broadcasts and
multicasts are flooded to all the ports within the VLAN, except the incoming port
• This is the most common type of VLAN

VLAN 10 VLAN 20

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

A port-based VLAN is a subset of ports on a device that constitutes a Layer 2

broadcast domain.
By default on most switches, all the ports on a are members of the Default VLAN
(VLAN 1). Thus, all the ports on the device constitute a single Layer 2 broadcast
domain.
When configuring a port-based VLAN, the device automatically removes the ports
added to the new VLAN from VLAN 1.
Layer 2 traffic is bridged within a port-based VLAN and Layer 2 broadcasts are sent to
all the ports within the VLAN.

Revision 0218 Mod 5 - 8

RSP 100 Virtual LANs

153_mac

MAC-Based VLANs (cont.)

• Devices attached to the same physical port can belong to different VLANs
• Very useful for virtualized servers

MAC address VLAN association

0000.5E00.5371 VLAN 20

0000.5E00.53B2 VLAN 30

0000.5E00.5398 VLAN 30
e10
0000.5E00.530F VLAN 40

e1 e4
Router

0000.5E00.5371 0000.5E00.5398

0000.5E00.53B2 0000.5E00.530F

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 5 - 9

RSP 100 Virtual LANs

Protocol Based VLANs

• Protocol-based VLANs provide

the ability to define separate
broadcast domains for several FESX Layer 3 Switch
e9
unique Layer 3 protocols within
a single Layer 2 broadcast IP-Subnet 1

domain IP-Subnet 2

IP-Subnet 3

IPX Net 1
• In this example there are five Appletalk Cable 100
separate VLANs e25
– Three based on IP Subnet FSX

– Two based on other L3

IP-Subnet 1 IP-Subnet 3
protocols
IP-Subnet 2
Ports e1-16 Ports e17-25
IPX Net 1 Appletalk Cable 100

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 5 - 10

RSP 100 Virtual LANs

Private VLANs

• A private VLAN is often used in hotels, hospitals, entertainment venues and many public
Wi-Fi networks
– Groups customers within the same VLAN however:
• Preserves the privacy of guests connecting to the public service the owner provides
• Policies can still be applied to the VLAN providing easy management

• VLANs can be configured to isolate its members not allowing them to discover or
communicate with other VLAN members
– Traffic is forwarded to the gateway of the VLAN allowing external communication

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: VLANs that are mapped to the primary port identifying it is to be

communicated with.

Revision 0218 Mod 5 - 11

RSP 100 Virtual LANs

Private VLANs (cont.)

• A private VLAN has the properties of standard Layer 2 port-based VLAN but also provides
additional control over the flooding packets on a VLAN
– Provides L2 isolation between ports within the same broadcast domain
• Types of private VLANs:
– Primary (Promiscuous)– Can communicate with all the isolated private VLAN and community private VLAN
ports in the isolated and community1
– Isolated – Broadcasts and unknown unicasts received on isolated ports are sent only to the primary port
• Not flooded to other ports in the isolated VLAN
– Community – Broadcasts and unknown unicasts received on community ports are sent to the primary
port as well as other ports in the community VLAN

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: VLANs that are mapped to the primary port identifying it is to be

communicated with. Isolated and community VLANs are sometimes identified as
secondary ports to the primary (promiscuous) port since it forwards its traffic up to
the primary VLAN.

Revision 0218 Mod 5 - 12

RSP 100 Virtual LANs

Private VLANs (cont.)

• The private VLAN secures traffic between hosts and the rest of the network using a firewall
– Ports (ports e5-6 and e9-10) rely on the firewall to secure
traffic between the hosts and the rest of the network
– Ports e5-6 are in a community private VLAN, and thus can communicate with one another as well as the
firewall
– Ports e9-10 are in an
isolated VLAN and thus
only communicate to
the firewall VLAN 7 VLAN 901.903 VLAN 902
• The two hosts are secured Primary Community Isolated

from communicating with

one another even though
they are in the same VLAN

e2 e5 e6 e9 e10

Firewall

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

By default, the private VLAN does not forward broadcast or unknown-unicast packets
from outside sources into the private VLAN. If needed, you can override this behavior
for broadcast packets, unknown-unicast packets, or both.

Private and Standard Port-based VLANs Comparison

Forwarding Behavior Private VLANs Standard VLANs

All ports within a VLAN constitute a common Layer broadcast domain No Yes
Broadcasts and unknown unicasts are forwarded to all the VLAN’s ports No (isolated VLAN) Yes
by default Yes (community VLAN)
Known unicasts Yes Yes

Revision 0218 Mod 5 - 13

RSP 100 Virtual LANs

VLAN Tagging

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 5 - 14

RSP 100 Virtual LANs

VLANs without 802.1Q Tagging

• Without VLAN tagging when multiple VLANs are configured on a switch:

• Each VLAN require dedicated uplinks for each VLAN between switches
• Bandwidth on the dedicated ports might not be fully utilized
• Higher cost due to port requirements
• Impossible if a high number of VLANs
are configured1 VLAN 10 VLAN 20

• Tagging provides effective

solution to overcome these issues

VLAN 10 VLAN 20

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Considering there is an ability to configure 4096 VLANS within a switch

there are not enough physical ports to support all VLAN forwarding between
switches.
It is possible for connected switches to send and receive packets with no tag. This is
only allowed, however, if the connecting interfaces are configured on the same native
VLAN and traffic associated with that particular VLAN is being forwarded. A packet in
a VLAN-aware portion of the network that does not contain a VLAN tag is assumed to
be flowing on the native VLAN. If a switch has multiple VLANs configured, the switch
needs to know the destination VLAN for an incoming untagged frame. Without
support for VLAN tagging, frames can be dropped if switches are separated by a
proxy that does not recognize VLAN-tagged frames.

Revision 0218 Mod 5 - 15

RSP 100 Virtual LANs

VLANs with 802.1Q Tagging

• Tagging extends a configured VLAN across the entire network

• VLAN tagging allows multiple VLANs to span switches over a single physical link
– Better utilization of bandwidth and port utilization

• VLAN tagging provides VLAN membership information within the frame when forwarded
to other devices
VLAN 10 VLAN 20

• Many VLANs can be forwarded on a single link e5

VLAN 10 VLAN 20

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

VLAN tagging is necessary when VLANs span multiple switches. When VLANs span
multiple switches, a trunk data link is required between the switches. Frames moving
between switches are tagged so that the next switch in the traffic flow path knows
the destination VLAN of the frame.
Network segments that are VLAN-aware include VLAN tags. The VLAN tag represents
the VLAN membership of the frame's port or the port/protocol combination,
depending on whether the network uses port-based or port-and-protocol-based
VLAN classification. The VLAN ID that is in the tag enables each device that receives
the frame to determine the VLAN the frame belongs to. Each frame must be
distinguishable as being within exactly one VLAN.
A port can belong to only one port-based VLAN, unless 802.1Q tagging is applied to
the port.

Revision 0218 Mod 5 - 16

RSP 100 Virtual LANs

Untagged and Tagged Frames (1 of 2)

• An 802.1Q tag adds four bytes to the frame

Untagged Frame Format

6 bytes 6 bytes 2 bytes
Up to 1500 bytes 4 bytes
Destination Source Type Ethernet II
Data Field FCS
Address Address Field

802.1Q Tagged Frame Format

6 bytes 6 bytes 4 bytes 2 bytes
Up to 1500 bytes 4 bytes Ethernet II
Destination Source 802.1Q Type
Data Field FCS with 802.1Q Tag
Address Address Tag Field

Octet 1 Octet 2 1 2 3 4 5 6 7 8 Octet 4

Tag Protocol ID (TPID) 802.1p VLAN ID (12 bits)
(3 bits)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

VLAN identifier (VLAN ID) — A 12-bit field specifies the VLAN to which the frame
belongs. The VLAN ID is determined by the VLAN on which the frame is being
forwarded.
VLAN 802.1Q tagging — The tag contains the tag value that identifies the data as a
tag. It also contains the VLAN ID of the VLAN from which the frame is sent.
Tag Protocol Identifier (TPID) — A 16-bit field is set to a value of 0x8100 in order to
identify the frame as an IEEE 802.1Q-tagged frame. This field is located at the same
position as the Ether Type/Size field in untagged frames, and is thus used to
distinguish the frame from untagged frames.
802.1p Priority Code Point (PCP) — This three-bit field refers to the IEEE 802.1p
priority. It indicates the frame priority level from 0 (lowest) to 7 (highest), which can
be used to prioritize different classes of traffic (voice, video, data, etc.) A value of 0
means that the frame does not belong to any VLAN. In this case, the 802.1Q tag
specifies only a priority and is referred to as a priority tag. The hexadecimal value of
0xFFF is reserved. All other values may be used as VLAN identifiers, allowing up to
4096 VLANs.

Revision 0218 Mod 5 - 17

RSP 100 Virtual LANs

Untagged and Tagged Frames (2 of 2)

• Because both sides of the link must be

configured for 802.1Q tagging, Ports 4 and Port 4 Port 5 Port 6 Port 7 Port 8 Port 9
14 are tagged so that they can be in untagged untagged

multiple VLANs1 Port 3

untagged
Port
10
untagged

• The switch looks at the VLAN ID to Port 2

Port
11

determine which VLAN gets the forwarded Port Port Port Port Port
frame Port 1
16 15 14
Tagged
13 12

802.1Q tagged
802.1Q tagged
• If a device is connected to a port in a Port 4 Port 5 Port 6
single VLAN only, the port is untagged untagged

Port 3 Port 7
untagged

Port 2 Port 1 Port 8

untagged

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Otherwise one side may interpret frames incorrectly (the 802.1Q tag
field gets treated incorrectly as a length/type field).
If tagging is used on multiple devices, each device must be configured for tagging and
must use the same tag value. In addition, the implementation of tagging must be
compatible on the devices.
• Untagged port - When a PC or other device is connected to a port in a single VLAN,
the port is untagged.
• Tagged ports - Tagging means that traffic from multiple VLANs can be forwarded
by a single switch port. The example in the slide illustrates tagged ports.
• Link Aggregation – The traffic of several VLANs combined on one link might
require more bandwidth than can be provisioned by a single physical link. It is
common to satisfy this need with link aggregation where several physical ports
group together to form one logical port for the inner switch link. Another name for
this logical port is a trunk.

Revision 0218 Mod 5 - 18

RSP 100 Virtual LANs

LAB EXERCISE

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 5 - 19

RSP 100 Virtual LANs

End of Module 5
Virtual LANs

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 5 - 20

RSP 100 Layer 2 Redundancy

Module 6
Layer 2 Redundancy

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 6 - 1

RSP 100 Layer 2 Redundancy

Legal Disclaimer

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 6 - 2

RSP 100 Layer 2 Redundancy

Objectives

• After completing this module, attendees will be able to:

– Explain how frames are forwarded at Layer 2
– Describe L2 protocols such as Spanning Tree Protocol (STP)
– Explain how to avoid loops in network designs

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 6 - 3

RSP 100 Layer 2 Redundancy

Layer 2 Design Challenges

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 6 - 4

RSP 100 Layer 2 Redundancy

Broadcast Domains

• A broadcast domain is a network segment in which broadcasts are forwarded at L2

– Computers connected to the same switch, or LAN segment, are a member of the same broadcast domain
– Ports on a router form boundaries
between broadcast domains
– Broadcast domains are only
divided by L3 network devices
such as routers or L3 switches

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

A broadcast domain is a section of a network in which a broadcast is forwarded at the

Data Link Layer (Layer 2). A broadcast domain can be within the same LAN segment
or it can be bridged to other LAN segments.

Revision 0218 Mod 6 - 5

RSP 100 Layer 2 Redundancy

Loops in Network Design

• A loop occurs in networks when there is Switch

AAA
more than one Layer 2 path between two
endpoints
Switch Switch
BBB CCC
• The loop creates broadcast storms as
broadcasts and multicasts are forwarded
out every port
– The switch will repeatedly rebroadcast the Switch Switch
DDD EEE
broadcast messages, flooding the network

PC 1 PC 2

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 6 - 6

RSP 100 Layer 2 Redundancy

Layer 2 Challenges—Loop Structure

• If loops are allowed to exist on an L2 Switch

AAA
network, the entire network can lock up
• Frames on Ethernet networks do not
include a Time To Live (TTL) field Switch Switch
– There is no end of life for a frame that forwards
BBB CCC

through a looped broadcast domain

Switch Switch
DDD EEE

PC 1 PC 2

Single broadcast
frame sent by PC 1

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The slide shows the replication of traffic if loops are allowed to exist on an L2
network. Each host NIC (for example, PC 1) that is attached to one of the switches
must process all of the traffic that passes through that LAN, regardless of the packet’s
destination MAC. This can result in a broadcast storm, which leads to contention of
available bandwidth and resources. As a result, a lock up of the entire network
broadcast domain occurs.

Revision 0218 Mod 6 - 7

RSP 100 Layer 2 Redundancy

Solution: Tree Structure

• In this tree structure, the loops are broken Switch

AAA
and only one path exists between any two
points in the network
Switch Switch
BBB CCC
• Physically disconnecting links can
accomplish this, but is inefficient in the
event that an active link goes down
Switch Switch
DDD EEE

PC 1 PC 2

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The slide graphic shows that the loops have been broken and there is only one path
between any two points in the network. In this slide, the network interface cards
(NICs) are not overloaded with broadcasts, so they are free to process their own
traffic.

Revision 0218 Mod 6 - 8

RSP 100 Layer 2 Redundancy

Layer 2 Loop Avoidance Protocols

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 6 - 9

RSP 100 Layer 2 Redundancy

Spanning Tree Protocols Summary

• The variations of the Spanning Tree Protocol have all been rolled into the 802.1Q
specifications1

• They were originally defined by the following specifications:

– 802.1D — Spanning Tree Protocol
– 802.1w — Rapid Spanning Tree (RSTP)
– 802.1s — Multiple Spanning Tree (MSTP)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: 802.1D, 802.1w and 802.1s are all incorporated in the current 802.1Q-
2014 specification. The original specifications are still commonly used when
comparing the functionality of one version against another.

Revision 0218 Mod 6 - 10

RSP 100 Layer 2 Redundancy

Spanning Tree Protocol Overview

• Originally defined in IEEE 802.1D Switch

32K | AAA
• The Spanning Tree Protocol (STP)
algorithm ensures a loop free topology by
enabling a single path through any Switch Switch
physical arrangement of switches 32K |BBB 32K |CCC

• STP does the following:

– Detects redundant links
– Blocks redundant links Switch Switch
32K | DDD 32K | EEE
– Allows for failover to redundant links
• Creates loop free topology without
disconnecting or disabling interfaces
PC 1 PC 2

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

If multiple paths exist between different nodes in the Ethernet network, then STP will
place those redundant paths in standby mode (blocked).

Note: The titles on the switch icons are a shorthand representation of a STP/RSTP
Bridge ID. For example: 32K|AAA = 32,768 | AA-AA-AA-AA-AA-AA where the first two
bytes are the bridge priority, in decimal format, and the last six bytes are the bridge’s
MAC address, in hex format.

Revision 0218 Mod 6 - 11

RSP 100 Layer 2 Redundancy

Rapid Spanning Tree Protocol Overview

• Originally defined in IEEE 802.1w Switch

32K | AAA

• An evolution of the IEEE 802.1D standard

Switch Switch
32K |BBB 32K |CCC

• Provides rapid convergence and takes

advantage of Spanning Tree’s point-to-
point wiring configuration Switch Switch
32K | DDD 32K | EEE

• Backward compatible with IEEE 802.1D

PC 1 PC 2

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

RSTP provides rapid convergence and leverages the point-to-point wiring topology of
modern networks. Failure in one forwarding path does not affect other forwarding
paths. RSTP improves the operation of the spanning tree while maintaining backward
compatibility.
Rapid Spanning Tree Protocol (RSTP; IEEE 802.1w) is an enhancement of the 802.1D
standard designed to incorporate changes in network structure and devices after
802.1D was written. The This left IEEE 802.1D terminology primarily the same. Most
parameters device IDs and priorities have been left unchanged so that users familiar
with 802.1D can easily configure the new protocol.
IEEE 802.1w is backward compatible to IEEE 802.1D in order to interoperate with
legacy bridges on a per-port basis. When this happens, this drops the benefits that
RSTP introduces.
The latest revision of the 802.1D standard, IEEE 802.1D-2004, incorporates IEEE
802.1t-2001 and IEEE 802.1w standards.

Revision 0218 Mod 6 - 12

RSP 100 Layer 2 Redundancy

Spanning Tree Terminology

Root Bridge (Switch)
• Root bridge Switch
32K | AAA
– The switch used as a reference point by all other
switches in the network
– Using single reference point helps in eliminating
loops and determining when an alternate path Switch
32K |BBB
Switch
32K |CCC
is required due to a topology change

Switch Switch
32K | DDD 32K | EEE

PC 1 PC 2

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The root bridge is the one with the numerically lowest bridge ID. Each bridge has a
unique identifier (MAC address) and a configurable priority number; the bridge ID the
combination of both of these values used for Spanning Tree elections of root bridges
and designated bridges, the bridge IDs are compared. If two bridges have equal
priority you still have a winner in the election since the MAC address portion of the
MAC is globally unique. For example, if switches AAA (MAC=AA:AA:AA:AA:AA:AA)
and BBB (MAC=BB:BB:BB:BB:BB:BB) both have the default priority of 32,768, then
AAA will be selected as the root bridge because its MAC address is lower. If the
network administrator would like BBB to become the root bridge, its priority must be
set to a number less than 32,768.

Revision 0218 Mod 6 - 13

RSP 100 Layer 2 Redundancy

Spanning Tree Terminology (cont.)

Root Switch
• Root port Switch
32K | AAA
– The port on a non-root bridge that will be used
to reach the root bridge
RP RP
– If there is more than one port headed toward
the root bridge, the one with the lowest path Switch
32K |BBB
Switch
32K |CCC
cost is selected

RP RP

Switch Switch
32K | DDD 32K | EEE

PC 1 PC 2

RP = Root Port

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 6 - 14

RSP 100 Layer 2 Redundancy

Spanning Tree Terminology (cont.)

Root Switch
• Designated port Switch
32K | AAA
– The port connecting this bridge to the network segment DP DP
• All ports on the root bridge are designated ports
RP RP

Switch DP DP Switch
32K |BBB 32K |CCC
• Non-designated port DP DP
– The ports that lose the election for designated port
• These are blocked by STP RP RP NDP

Switch Switch
NDP
32K | DDD 32K | EEE

DP DP

PC 1 PC 2

DP = Designated Port
NDP = Non-Designated Port

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The ports that are neither root ports nor designated ports are blocked by STP so they
cannot forward user traffic.

Revision 0218 Mod 6 - 15

RSP 100 Layer 2 Redundancy

Bridge Protocol Data Unit (BPDU)

• BPDU
– Messages exchanged between switches on a LAN segment used to form and maintain a loop-free
topology
– Contain information about switches, ports, addresses, priorities, and costs
• STP uses two types of BPDUs:
– Configuration
• Generated only by the root bridge and sent to non-root bridges
– Topology Change Notification (TCN)
• Generated by the designated bridge of a LAN segment and sent toward the root bridge when the designated port
goes down
• RSTP uses a single BPDU type (RSTP BPDU)
– Flags field is used to denote the purpose of the BPDU

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

A BPDU exchange results in the following:

• One switch is elected as the root switch.
• The shortest distance to the root switch is calculated for each switch.
• A designated switch is selected. This is the switch closest to the root switch
through which frames will be forwarded to the root.
• A port for each switch is selected. This is the port providing the best path from
the switch to the root switch.
• Ports included in the STP are selected.
If all switches are enabled with default settings, the switch with the lowest MAC
address in the network becomes the root switch. The network assumes that
Switch 1 has the lowest MAC address and is therefore the root switch. However,
due to traffic patterns, number of forwarding ports, or line types, Switch 1 might
not be the ideal root switch. By increasing the priority (lowering the priority
number) of the ideal switch so that it becomes the root switch, you force an STP
recalculation to form a new, stable topology.
There are two types of BPDUs:
• Configuration BPDUs are generated only by the root bridge and sent to non-root
bridges, providing a method of sending election information across the L2 domain
and controlling reconvergence after a link has been broken.
• Topology Change Notification BPDUs are generated by non-root bridges and sent
to the root bridge to indicate that one of the data forwarding interfaces has been
broken and a new forwarding path needs to be provided.

Revision 0218 Mod 6 - 16

RSP 100 Layer 2 Redundancy

103_RSTP_BPDU_frameFormat.png

RSTP (802.1w) BPDU Frame Format

• RSTP BPDUs are 36 bytes in length

• The Protocol Version and BPDU type fields are used to differentiate between STP and RSTP
BPDUs
• The remainder of this course will concentrate on RSTP BPDUs

1-2 3 4 5 6-13 14-17 18-25 26-27 28-29 30-31 32-33 34-35 36

Protocol Identifier

Protocol Version

BPDU Type

Flags

Root Identifier

Root Path Cost

Bridge Identifier

Port Identifier

Message Age

Max Age

Hello Time

Forward Delay

Version 1 Length
Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Protocol Identifier — Defines the various protocols supported by the 802.1D and
802.1w standards.
Protocol Version — Defines the version of the Spanning Tree protocol being used, for
RSTP this value will be 2.
BPDU Type — Defines the type of BPDU being transmitted, RSTP BPDUs are type 2.
Flags — In RSTP this is used to define the type of BPDU as well as the current or
proposed port state.
Root Identifier — Who the sending device thinks is the root bridge.
Root Path Cost — The sum of all path costs between this bridge and the root bridge.
Bridge Identifier — The sending bridge’s bridge ID.
Port Identifier — The senders port ID.
Message Age — Number of bridges this BPDU has traversed.
Max Age — The maximum number of bridges a BPDU is allowed to traverse.
Hello Time — The configured hello interval value.
Forward Delay — The configured forward delay value.
Version 1 Length — For RSTP this value is 0. Required for potential future versions of
the protocol that can carry additional values.

Revision 0218 Mod 6 - 17

RSP 100 Layer 2 Redundancy

BPDU Fields – Type

• RSTP uses a value of 0x02 in the Type field for all BPDUs

Type = 0x02

• STP defines two types of BPDUs:

– Type = 0x00; Configuration BPDU
– Type = 0x80; Topology Change BPDU
– RSTP will use these types for backwards compatibility with 802.1D

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Here is the description of the RSTP BPDU type that differentiates it from the STP
BPDU types.

Revision 0218 Mod 6 - 18

RSP 100 Layer 2 Redundancy

BPDU Fields — Flags

• RSTP has added several flags used to communicate the role and state of a port that sends a
BPDU
– Proposal
– Port Role (2 bits) Topology Change 0
• 00 (0x0) – Unknown
Proposal 1
• 01 (0x1) – Alternate/Backup
• 10 (0x2) – Root Port Role 2
• 11 (0x3) – Designated 3
– Learning
Learning 4
– Forwarding
Forwarding 5
– Agreement
Agreement 6
• Only two flags are defined in STP
Topology Change ACK 7
– Topology Change and Topology Change ACK

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Only two flags, Topology Change (TC) and TC Acknowledgment (TCA), are defined in
STP. However, RSTP uses all eight bits of the flag field in order to:
• Encode the role and state of the port that originates the BPDU
• Handle the proposal/agreement mechanism
• Note: The proposal and agreement processes will be discussed later in this
module.

Revision 0218 Mod 6 - 19

RSP 100 Layer 2 Redundancy

BPDU Fields – Root Bridge ID

• The bridge ID is the combination of the bridge priority and the bridge’s MAC address
• Lowest Bridge ID wins Root election
• Bridge Priority value can range (0 – 65535)
– Default is 0x8000 (32,768 decimal)
• Example of a Bridge ID you might see on an ICX switch:
0x800000e080547900

Root Bridge ID

2 Byte
Bridge 6 Byte MAC
Priority Address

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

A switches bridge ID is comprised of a combination of the bridge’s priority and its

MAC address, as show below:

Bridge Bridge
Priority MAC Address
2 Bytes 6 Bytes
80-00 00-e0-80-54-79-00
We can see that the bridge priority (0x8000) converts to 32,768 decimal.

Revision 0218 Mod 6 - 20

RSP 100 Layer 2 Redundancy

BPDU Fields — Root Path Cost

• Root path cost is defined differently for RSTP than for STP
– These are the recommended default path costs defined in the IEEE standards

Link Speed Default 802.1w Path Cost Default 802.1D Path Cost
10 Mbps 2,000,000 100
100 Mbps 200,000 19
1 Gbps 20,000 4
10 Gbps 2,000 2
100 Gbps 200
1 Tbps 20
10 Tbps 2

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

This slide shows a side-by-side comparison of the defaults used by many vendor
switches for both STP and RSTP path costs. The STP protocol only has path costs
defined up to link speeds of 10 Gbps while RSTP defines path costs up through 10
Tbps links. This is just one example of the overall scalability of RSTP vs STP.
Note: The original STP and RSTP specifications recommends these ranges of values
for path costs but the ultimate decision is left to the equipment vendor. As a result
different vendors may use different default values. This should be kept in mind when
configuring switches to operate in heterogeneous environments.

Revision 0218 Mod 6 - 21

RSP 100 Layer 2 Redundancy

153_bpdu

BPDU Fields – Root Path Cost (cont.)

• The summation of port costs from Root Bridge to the bridge sending the BPDU
• Root path cost is applied at the ingress port

Looking out port e2

Root Path Cost = 22,000
Cost = 2,000
32K | CCC e2 e2 32K | BBB

e1 e1
Root Path Cost
Looking out port e1 Looking out port e1
Root Path Cost = 2,000 e1 Root Path Cost = 2,000

32K | AAA Cost = 0

1 Gig Ethernet, port cost = 20,000

10 Gig Ethernet, port cost = 2,000

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The root path cost is the summation of port costs between the bridge sending the
BPDU and the Root Bridge. The individual port costs are added to the total listed in
the Root Path Cost field of the BPDU when the BPDU goes out another port on that
switch.
For example: In the above diagram a BPDU is sent from the Root Bridge with a Root
Path Cost of zero. When it goes out port e2 of BBB a Port Cost of 2,000 is added to
the Root Path Cost. The BPDU is received by port e2 of CCC with a cost of 2,000; CCC
will add the cost of the 1 Gbps link (20,000) and compute a total Root Path Cost of
22,000.

Revision 0218 Mod 6 - 22

RSP 100 Layer 2 Redundancy

153_bpdu

BPDU Fields – Sender Bridge ID

• The Bridge ID of the device that sent this BPDU whose LAN segment is attached to the
receiving port

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The above slide shows a configuration BPDU being transmitted from the Root Bridge
through a chain on non-Root Bridges. Each time a BPDU is forwarded, the sender's
Bridge ID and the sender's Port ID is changed.

Revision 0218 Mod 6 - 23

RSP 100 Layer 2 Redundancy

BPDU Fields – Port ID

• The Port ID is Port Priority followed by Port Address

• Port Priority value can range (0 – 255)
– The default is 128 decimal or 0x80
• If the ports priorities are set to default values, then ports e1 and e3 would be: e1 =
0x8001, e3 = 0x8003
• When comparing two ports on the same bridge, the lowest numerical Port ID wins

Port ID

4 Bits 12 Bits
Priority Port Number

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Comparing port IDs is the last step in the Device Election Process. After the Root ID,
the election compares: the path cost, sender bridge ID, and finally the port ID. If the
path cost and sender bridge ID result in a tie, the election tie breaker compares port
ID’s. If the ports priorities are set to default values, then ports e1 and e3 would be:
e1 = 0x8001, e3 = 0x8003.
If you reduced the port priority of e3 from 128 to 112, then port e3 would win over
e1.
Port Priority has to be in increments of 16 (0 – 255), the default is 128.
Note: The port ID is associated with the port of the sending bridge, not necessarily a
port on the root bridge. For a BPDU passing though a series of bridges,
beginning with the root bridge, the “port ID” value in the BPDU changes to reflect the
ID of the port that last transmitted the BPDU.

Revision 0218 Mod 6 - 24

RSP 100 Layer 2 Redundancy

STP Port States

Port initialization

Non-designated ports:
• Port is blocked
Blocking state • MAC table remains empty

Port role is established as:

• Root port
Listening state • Designated port
• Non-designated (15 sec)

Root and designated ports:

• Port receives data traffic
Learning state • Populates its MAC table (15 sec)

Root and designated ports:

Forwarding state • Send and receive data traffic

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

In the STP algorithm, a port transitions through the following states to determine if it
will either forward data traffic or block data traffic:
• Listening—This state blocks traffic, listens for BPDUs, and builds the STP tree
topology to ensure there are no loops in the network. Creation of the STP
topology, within a particular VLAN, involves election of the root bridge and a
designated bridge for each LAN segment inside of the VLAN. If the port is classified
as either a root port or designated port, it will move to the learning state when the
forwarding timer expires. If the port has no designation, then it moves to the
blocking state.
• Learning—In the Learning state, root ports and designated ports continue to block
data traffic as the switches learn MAC addresses and build their MAC tables.
• Forwarding—The second expiration of the forwarding timer moves root ports and
designated ports to the forwarding state to start forwarding traffic.
• Blocking—Data traffic is blocked for a non-designated port, but BPDUs are allowed
to circulate. The bridge priority, port priority, and path cost can be changed so that
a pre-determined outcome occurs in the election process (Learning state).

Revision 0218 Mod 6 - 25

RSP 100 Layer 2 Redundancy

STP and RSTP Port Roles and States

• In RSTP there are two steady port states: forwarding and discarding1
• Additional port roles have been added to facilitate rapid convergence through the tree

Final Port
STP State RSTP

Root Port Root Port

Forwarding
Designated Port Designated Port

Forwarding
Alternate Port
No Role

Discarding
Blocking
Backup Port

Disabled

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: RSTP ports, while progressing towards a forwarding state will briefly
enter a Learning state. This corresponds to the Learning state in STP. In this state the
port is building a MAC table, but not forwarding traffic yet
Forwarding Ports
Root Port — Port having the best path to the root switch.
Designated Port — On a given link, it is the port having the superior BPDU.
Edge Port — A special type of designated port. It is a port that has been identified
as being at the edge of the network, and hence, comes up immediately as a
designated port. This is similar to the proprietary fast port span in 802.1D.
Point-to-Point Port — A special type of designated port that has been identified via
manual configuration as linking two bridges together.
Note: The port state can be disabled if RSTP (or STP) is removed from the
configuration. No RSTP (or STP) algorithm/calculations are being done on the port,
but the port is still up and forwarding user traffic.
Discarding Ports
Alternate Port — A port that is not a root port, and can not be a designated port,
because it is receiving a superior BPDU from another switch on the same LAN
segment.
Backup Port — A port that is not a root port, and can not be a designated port,
because it is receiving a superior BPDU from another port on the same switch.
Disabled Port — A port not controlled by RSTP either because it is down,

Revision 0218 Mod 6 - 26

RSP 100 Layer 2 Redundancy

administratively down, or administratively removed from RSTP.

Revision 0218 Mod 6 - 26

RSP 100 Layer 2 Redundancy

RSTP Port Types

• Edge Port — This is a similar concept to Fast Port Span in STP

– There's no timer change but you've defined this port as a dead end (e.g., a workstation, a server, etc.)
• Point-to-Point — Allows for rapid reconvergance of switch-to-switch links

Designated / Root /
Forwarding Forwarding
Root Bridge
e2/1/4 e1/3/1 e1/3/2
End Station

e2/3/1 e2/3/2
Edge Port Point-to-Point
Designated / Alternate /
Forwarding Discarding

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Edge and point-to-point ports were defined in the RSTP standard in order to give
administrators more control over the behavior of Spanning Tree.

Revision 0218 Mod 6 - 27

RSP 100 Layer 2 Redundancy

STP/RSTP Path Selection Process

BDPU

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

When multiple devices are in competition for any of the titles—root bridge, root port,
designated bridge, and designated port—they must exchange BPDUs. Inside each of
these packets is a report from the sending bridge about what it considers to be:
• Root bridge ID
• Root path cost
• Sender bridge ID (its own ID)
• Port ID (the port that the BPDU was sent from)
These are compared until there are two unequal values.

Revision 0218 Mod 6 - 28

RSP 100 Layer 2 Redundancy

Electing a Root Bridge

BPDU from switch AAA

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

In the above diagram Bridge AAA wins in step 1a of the Device Title Election Process
since MAC portion of its Bridge ID is lowest (32K|AAA < 32K| BBB) between Bridge
AAA & Bridge BBB.

32K|AAA <32K|BBB
is elected Root Bridge

Election Ends

Revision 0218 Mod 6 - 29

RSP 100 Layer 2 Redundancy

Electing a Root Bridge (cont.)

Switch
32K | AAA
BPDU from switch AAA thru BBB to DDD
Root BID 32K|AAA
Root Path Cost 2,000
Sender BID 32K | AAA Switch
32K | BBB
Port ID 0x8005

1 Gbps Link
Winner! BPDU from switch DDD to BBB
Root BID 32K|DDD
(AAA < DDD) Root Path Cost 0
Switch
32K | DDD Sender BID 32K | DDD
Port ID 0x8008

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Bridge AAA wins again in step 1b of the Device Title Election Process since the MAC
portion of its Bridge ID is lowest (32K|AAA < 32K|BBB < 32K|DDD).

Revision 0218 Mod 6 - 30

RSP 100 Layer 2 Redundancy

Determining Root Port for DDD

• A 10Gbps link is added between switches

Root Bridge
BBB and DDD
Switch
• BPDUs received on both ports have same 32K | AAA

advertised Root Path Cost - 2,000 Adv Cost = 0

• The cost of the ingress port is added to

determine root port
• Port 2 becomes the Root Port Switch
32K | BBB
– 4,000 < 22,000
Adv Cost = 2,000

Port Cost = 20,000 Port Cost = 2,000

Path Cost = 22,000 Path Cost = 4,000
e1 e2

Switch
10 Gbps Link 32K | DDD
1 Gbps Link

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Step 2 Determine one Root Port per non-Root Bridge

On each LAN segment, the ports are exchanging BPDUs with equal values in the
Root BID field. The root port on each bridge is elected based on Step 2 of the
Device Title Election Process.
Ports e1 and e2 on switch DDD compete for the role of Root Port. Since the Root
BID’s are equal, they go to Step 2 and compare Path Costs. In this case port 2
becomes the Root port.
Note that each port cost is added for the ingress port only starting from the switch
that is directly attached to Root and ending on the switch that uses the Path Cost
information.
Note: Port roles are determined through a handshake process directly between
adjacent bridges. This handshake process will be described shortly.

Revision 0218 Mod 6 - 31

RSP 100 Layer 2 Redundancy

Determining Root Port for EEE

• Bridge BBB & CCC: Path Costs are equal & Sender BID breaks tie
– 32K|BBB < 32K|CCC Root Bridge
Switch
32K | AAA

Adv Cost = 0 Adv Cost = 0

Switch Switch
32K | BBB 32K | CCC
Adv Cost = 2,000 Adv Cost = 2,000

Port Cost = 2,000 Port Cost = 2,000

Path Cost = 4,000 Path Cost = 4,000
e1 e2

10 Gbps Link Switch

1 Gbps Link 32K | EEE

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Bridge EEE is determining if port e1 or e2 will be its Root Port. But, steps 1 and 2 in
the election result in a tie. In step 3 the Sender BID’s are compared. Sender BID
received on port e1, 32K|BBB wins over the Sender BID received on port e2, which is
32K|CCC (because 32K|BBB < 32K|CCC). Port e1 becomes switch EEE’s Root Port..

Port 1 on switch EEE is

elected as a root port. It has
the lowest sender ID of
32K|BBB

Election Ends

Revision 0218 Mod 6 - 33

RSP 100 Layer 2 Redundancy

Determine Alternate Ports on Each LAN

• Ports that provide redundancy in the event of a

root or designated port failure are Alternate ports Root Bridge
Switch
32K | AAA

• With all bridge priorities and port costs are

default values, the topology shown will Switch Switch
resolve with the labeled ports operating as Alternates1 32K | BBB 32K | CCC

Alt. Alt. Alt. Alt.

Switch Switch
32K | DDD 32K | EEE

PC 1 PC 2

10 Gbps Link
1 Gbps Link

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Note that an additional 10 Gbps link has been added to between
switches CCC and EEE. This link will be used in upcoming slides to reflect switch
behavior in the event of a topology change.
Step 3 Determine which ports will be in Alternate ports, while blocking loops
DDD: The 1 Gbps port connecting to BBB will become an Alternate port because
the cost of the port is higher than the alternative 10 Gbps port.
DDD: The 10 Gbps port connecting to CCC will become an Alternate port because,
while the path cost is equal, the sender Bridge ID of CCC is higher than the
alternative.
EEE: Both ports connecting EEE to CCC will be Alternate ports because, while they
are equal cost to the root, the Bridge ID for switch BBB is lower that switch CCC.
Step 4 Discard on all non-designated ports
Non-designated (Alternate/Backup) ports are on non-designated bridges and are
not Root Ports. The ports are blocked to create a loop-free topology. The only non-
designated Bridges on the network are CCC and DDD.

Revision 0218 Mod 6 - 34

RSP 100 Layer 2 Redundancy

RSTP Handshaking

• Handshaking is used between ports in RSTP in order to facilitate rapid convergence

• The basic handshake process is as follows: Proposing > Proposed > Sync > Synced > Agreed
• It is this handshake process that
allows RSTP to converge rapidly when
a failure occurs Topology Change 0
Proposal 1
Port Role 2
3
Learning 4
Forwarding 5
Agreement 6
Topology Change ACK 7

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The handshake process is used by RSTP bridges to establish port roles and to
communicate those roles to neighboring bridges. This handshake process, in addition
to the addition of the alternate/backup, port roles is what allows RSTP to perform
rapid reconvergance in the event of a failure.
Note: This is a highly simplified view of the handshake process. There are actually two
separate handshake processes, which one is used depends on if a root port has been
elected on the bridge. These examples show the process for a bridge that does not
have an existing root port. For more information on the election process consult the
IEEE 802.1w standard or the configuration guide for your switch.

Revision 0218 Mod 6 - 35

RSP 100 Layer 2 Redundancy

RSTP Handshake — Proposing and Proposed

• Designated port on the root bridge (AAA) sends a BPDU with the Proposal flag set

• The Proposal flag indicates that the designated port is ready to transition to a forwarding
state

Root Bridge
Switch Switch
Switch
32K | BBB 32K | CCC
32K | AAA

Proposing Proposed

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The handshake process starts with the root bridge and works its way through the rest
of the tree. A BPDU is sent by the root bridge (AAA) with the proposal flag set, this
indicates that the designated port is ready to start forwarding traffic. Bridge BBB
receives the proposal and uses it to determine which of its ports will be root ports
and which will be alternate ports.
Note: That if the admin-pt2pt-mac is not enabled on the port the RSTP handshake
will be ignored for newly added links.

Revision 0218 Mod 6 - 36

RSP 100 Layer 2 Redundancy

153_handshake

RSTP Handshake — Agreed

• Once the Root port on bridge BBB is determined the remaining ports are instructed to sync
• The Root port then sends back a BPDU with the Agreed flag set
• At this point the handshake between AAA and BBB is complete

Root Port
Root Bridge Forwarding Synched Switch Switch
Switch
32K | BBB 32K | CCC
32K | AAA Designated Port Discarding
Forwarding Synched

Agreed

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

During the agreement stage of the handshake process the agreeing switch will sync
it’s remaining ports (the ports that have not received the RSTP BPDU) and send an
agreed RSTP BPDU back to the originating bridge. In order to sync its ports bridge BBB
transitions them all to a discarding state then flushes the MAC tables.
The sync and synced processes are performed internal to the switch and thus are not
detailed here. It should be noted that the sync process occurs prior to the agreed flag
being sent from the root port.

Revision 0218 Mod 6 - 37

RSP 100 Layer 2 Redundancy

RSTP Handshake — Remaining Switches

• At this point the ports between AAA and BBB are in a Forwarding state
• The handshake process continues in the same fashion between BBB and CCC

Root Port Root Port

Root Bridge Forwarding Synched Forwarding Synched
Switch Switch
Switch
32K | BBB 32K | CCC
32K | AAA Designated Port Designated Port
Forwarding Forwarding

Proposing Proposed
Agreed

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Once the handshake process has completed between the root bridge and the
adjacent bridges the same process will continue through the tree. This propagates
the topology outwards from the root until all nodes have been touched.

Revision 0218 Mod 6 - 38

RSP 100 Layer 2 Redundancy

STP/RSTP Convergence

• If the link between BBB and EEE goes down with STP enabled:
CCC Port# Port ID
e1 0x8001

– EEE learns its new path to the root bridge Route Bridge
e2 0x8002

from BPDUs exchanged with CCC1 Switch

Route Bridge
Switch
32K | AAA

Switch Switch
32K | BBB 32K | CCC
e1 e2

Switch Switch
32K | DDD 32K | EEE

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: BPDUs are constantly exchanged between STP and RSTP switches, even
on ports that are Alternate ports. This is critical to for expedient resolution of a loop
free topology after a network change or event.

Port 1 on switch EEE is

elected as a root port. It
received a lower Port ID from
CCC’s port 1 than port 2

Election Ends

Revision 0218 Mod 6 - 39

RSP 100 Layer 2 Redundancy

STP/RSTP Convergence (cont.)

• When the link is restored:

– EEE detects a better path to the root bridge from Route Bridge
BPDUs received on the port connected to BBB Switch
32K | AAA

Switch Switch
– CCC and EEE will exchange BPDUs to determine 32K | BBB 32K | CCC
which port will go into blocking/alternate state e1 e2

Switch e1 Switch
32K | DDD 32K | EEE

Switch
32K | AAA

Switch Switch
32K | BBB 32K | CCC
e1 e2

e1
Switch Switch
32K | DDD 32K | EEE

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 6 - 40

RSP 100 Layer 2 Redundancy

Per-VLAN Spanning Tree

• PVST maintains an STP instance for each VLAN configured

in the network
Switch 1

• Has the ability to load balance traffic (at Layer 2)

VLAN
by forwarding some VLANs on one trunk and VLAN 2
33

other VLANs on another trunk without

causing a Spanning Tree loop

• PVST treats each VLAN as a separate network VLAN 2

VLAN
33

Switch 2

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

In large switched networks, receipt of BPDUs is often delayed. This delay can cause
issues such as convergence time problems. Per-VLAN Spanning Tree (PVST) is a
solution for these problems.
PVST maintains a spanning tree instance for each VLAN configured in the network. It
uses Inter-Switch Link (ISL) trunking and enables a VLAN trunk to be forwarded for
some VLANs but blocks other VLANs. Because PVST treats each VLAN as a separate
network, it can load balance L2 traffic by forwarding some VLANs on one trunk and
other VLANs on another trunk without causing a Spanning Tree loop.

Revision 0218 Mod 6 - 41

RSP 100 Layer 2 Redundancy

Per-VLAN Spanning Tree (cont.)

• PVST can be used to load share L2 traffic by sending traffic from different VLANs onto
different physical links

• Traffic from one VLAN can be forwarded over another VLAN without causing a loop

Switch 1 e1 BLK 100 Switch 2 Switch 1 e1 BLK 201 Switch 2

e1 e1
e2 e2
VLAN 100 e2 VLAN 100 e2
e3 e3 e3 e3

BLK 201
FWD 201 BLK 201
FWD 100 FWD 100
BLK 100
e3 e2 e3 e3 e2 e3
e2 e2 FWD 201
Switch 3 e1 Switch 4 Switch 3 e1 e1 Switch 4

e1 FWD 100

Root Bridge for Root Bridge for Root Bridge for Root Bridge for
VLAN 201 VLAN 100 VLAN 201 VLAN 100

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 6 - 42

RSP 100 Layer 2 Redundancy

Multiple Spanning Tree Protocol (MSTP)

• Multiple Spanning Tree Protocol (MSTP) was originally defined in IEEE 802.1s
– This was later incorporated into the 802.1Q standard
• It allows multiple VLANs to be managed by a single STP instance
– This protocol configures a separate spanning tree instance for each group of VLANs and blocks all but one
of the possible paths
• MSTP isolates failures within an MST instance, thus reducing the impact of a link failure
• VLAN 4092 is reserved for instance 0, the Internal Spanning Tree (IST)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 6 - 43

RSP 100 Layer 2 Redundancy

MSTP Common Spanning Tree

• Common Spanning Tree (CST)

– Assumes one spanning-tree instance for the entire bridged network regardless of the number of VLANs
– In MSTP, a region appears as a virtual bridge that runs CST

Non-MSTP Device Non-MSTP Device

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Common Spanning (CST) – Defined as one spanning-tree instance for the entire
bridged network regardless of the number of VLANs. In MSTP, an MSTP region
appears as a virtual bridge that runs CST.

Revision 0218 Mod 6 - 44

RSP 100 Layer 2 Redundancy

MSTP Internal Spanning Tree

• Internal Spanning Tree (IST)

– An MSTP bridge must handle at least these two instances:
• One IST (instance 0)
• One or more MSTIs (Multiple Spanning Tree Instances)
– Instance 0 is a special instance which extends CST inside the MST region
– IST always exists if the
switch runs MSTP

IST Instance 0

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Internal Spanning Tree (IST) – IST is a new terminology introduced in MST. An MSTP
bridge must handle at least these two instances: one IST and one or more MSTIs
(Multiple Spanning Tree Instances). Within each MST region, the MSTP maintains
multiple spanning-tree instances. Instance 0 is a special instance known as IST, which
extends CST inside the MST region. IST always exists if the switch runs MSTP. Besides
IST, this implementation supports up to 15 MSTIs, numbered from 1 to 4094.
An older switch that only supports 802.1D may be added as a part of the CST but not
inside a region; RSTP must be run within a region.

Revision 0218 Mod 6 - 45

RSP 100 Layer 2 Redundancy

MSTP Internal Spanning Tree (cont.)

• Internal Spanning Tree (IST)

– Within each MST region, MSTP maintains multiple spanning-tree instances
– All switches in that region must run RSTP

MSTI 1 (Logical) MSTI 2 (Logical)

VLANs 101-150 VLANs 201-250

Non-MST Device Non-MST Device

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 6 - 46

RSP 100 Layer 2 Redundancy

MSTP Instances

• Multiple Spanning Tree Instance (MSTI)

– The MSTI is identified by an identifier (MSTid) value
between 1 and 4094

• Common and Internal Spanning Trees (CIST)

– CIST is a collection of the ISTs in each MSTP region,
and the CST that interconnects the MSTP regions
and single spanning trees

CST
Non-MST Device

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Multiple Spanning Tree Instance (MSTI) – The MSTI is identified by an MST identifier
(MSTid) value between 1 and 4094.
Common and Internal Spanning Trees (CIST) – CIST is a collection of the ISTs in each
MST region and the CST that interconnects the MST regions and single spanning
trees.
Note: One or more VLANs can be mapped to one MSTP instance (IST or MSTI), but a
VLAN cannot be mapped to multiple MSTP instances.

Revision 0218 Mod 6 - 47

RSP 100 Layer 2 Redundancy

MSTP Regions

• MSTP Regions
– Clusters of bridges that run multiple instances
of the MSTP protocol
– Multiple bridges detect that they are in the same region
by exchanging their configuration information
– One or more VLANs can be mapped to one MSTP
instance, but a VLAN cannot be mapped
to multiple MSTP instances

MSTI 1
VLANs 101-150

Non-MSTP Device

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

MSTP Region – These are clusters of bridges that run multiple instances of the MSTP
protocol. Multiple bridges detect that they are in the same region by exchanging their
configuration (instance to VLAN mapping), name, and revision-level. Therefore, if you
need to have two bridges in the same region, the two bridges must have identical
configurations, names, and revision-levels. Also, one or more VLANs can be mapped
to one MSTP instance (IST or MSTI), but a VLAN cannot be mapped to multiple MSTP
instances.
Note: One or more VLANs can be mapped to one MSTP instance (IST or MSTI), but a
VLAN cannot be mapped to multiple MSTP instances.

Revision 0218 Mod 6 - 48

RSP 100 Layer 2 Redundancy

Multiple Spanning Tree Regions

Common Spanning
Tree (CST)
CIST Instance
(Instance 0)

Region 1 Region 2
SW1 MST
SW2
MST MSTid3 = VLAN 11-15
MSTid3 = VLAN 11-15 MSTid4 = VLAN 16-20
MSTid4 = VLAN 16-20
e2
SW4 SW5
SW3
IST IST
(Instance 0) (Instance 0) e2

SW6 SW7 SW8

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Using MSTP, the entire network runs a common instance of RSTP. Within that
common instance, one or more VLANs can be individually configured into distinct
regions. The entire network runs the CST instance and the regions run a local instance
(IST). The CST treats each instance of IST as a single bridge. Consequently, ports are
blocked to prevent loops that might occur within an IST and also throughout the CST.
With the exception of the provisions for multiple instances, MSTP operates exactly
like RSTP.
For example, the network in the diagram above is configured with two regions:
Region1 and Region2. The entire network is running an instance of CST. Each of the
regions is running an instance of IST. In addition, this network contains Switch1
running MSTP that is not configured in a region and is running in the CIST instance. In
this configuration, the regions are each regarded as a single bridge to the rest of the
network, as is Switch1. The CST prevents loops from occurring across the network. As
a result, port e2 is blocked on switch6. Additionally, loops must be prevented in each
of the IST instances. Within IST Region1, port e2 on switch4 is blocked to prevent a
loop in that region. Within IST Region2, port e2 on switch3 is blocked to prevent a
loop in that region.
After the system is configured for MSTP, CIST is created and all existing VLANs inside
the MSTP scope are controlled by CIST. In addition, whenever a new VLAN is created
inside the MSTP scope, it is put under CIST control by default. CIST always controls all
ports in the system. (Configure the no spanning tree command under the specified
interface configuration to keep a specific port from running MSTP.)

Revision 0218 Mod 6 - 49

RSP 100 Layer 2 Redundancy

LAB EXERCISE

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 6 - 50

RSP 100 Layer 2 Redundancy

End of Module 6
Layer 2 Redundancy

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 6 - 51

RSP 100 Link Aggregation & L2 Discovery

Module 7
Link Aggregation & Layer 2 Discovery

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 7 - 1

RSP 100 Link Aggregation & L2 Discovery

Legal Disclaimer

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 7 - 2

RSP 100 Link Aggregation & L2 Discovery

Objectives

• After completing this module, attendees will be able to:

– Explain Link Aggregation
– Discuss the advantages of LAGs
– Describe static and dynamic formation of LAGs (LACP)
– Discuss specific limitations of LAGs
– Describe the purpose and benefits of Neighbor Discovery Protocols (LLDP)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 7 - 3

RSP 100 Link Aggregation & L2 Discovery

Link Aggregation Groups

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 7 - 4

RSP 100 Link Aggregation & L2 Discovery

Link Aggregation Groups (LAG)

• A LAG is a method of interconnecting networking devices with two or more physical links,
which are combined to function as a single logical link
• LAGs are sometimes referred to as PortChannels or trunks1
• LAG requirements may vary for different platforms, such as the number of links in the LAG,
specific port boundaries, etc.
– Always check what is supported at each ends

e10 e4

e11 e5
Switch 1 Switch 2

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: A link aggregation group (LAG) is a way to provide more than one link
between two switches. By aggregating links together in a group, the MAC client treats
it as a single link. The larger virtual link can carry increased bandwidth. A LAG is also
referred to as:
• Ethernet trunk
• NIC Teaming
• Port Channel
• Port Teaming
• Port Trunking
• Link Bundling
• EtherChannel
• Multi-Link Trunking (MLT), Distributed Multi-Link Trunking (DMLT) , Split Multi-
Link Trunking (SMLT) , Distributed Split Multi-Link Trunking (DSMLT), and
Routed-SMLT (R-SMLT)
• NIC bonding
• Network Fault Tolerance (NFT)
• Fast EtherChannel

Revision 0218 Mod 7 - 5

RSP 100 Link Aggregation & L2 Discovery

LAG Advantages

• Load sharing

• Additional bandwidth

• Redundancy
– LAGs provide redundant, active alternate paths for traffic if any of the segments fail

• Reconvergence avoidance

• Reduce number of ports blocked by spanning tree

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Compared with a connection using a single cable, link aggregation enables faster
transmission speed and better availability. You can create a LAG for multiple Ethernet
ports with load-shared Layer 2 (L2) bridging traffic across the member links of this
group. This configuration provides redundancy and addresses traffic congestion
concerns as well.
A conventional port-to-cable-to-port connection presents three single points of
failure: the cable or the ports can fail. To work around this issue, you could make
multiple physical connections, but many high-level protocols are not designed for
seamless failover. As a component of high availability planning, a LAG reduces single
points of failure.

Revision 0218 Mod 7 – 6

RSP 100 Link Aggregation & L2 Discovery

LAG General Guidelines

• Rules for LAGs are heavily dependent on the hardware type and code version in use

• All interface parameters in a LAG must typically match, including:

– Port tag type (tagged/untagged)
– Configured port speed1 and duplex
– QoS priority

• Single switch = Single point of failure2

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Each port in the LAG will operate at the speed of the slowest link. For
example if one LAG is created with 2 ports and one is running at 10 Gbps and the
other is running at 1 Gbps; the 10Gbps link must be configured to operate at 1Gbps
speed in order for the LAG to form on both links.
Footnote 2: All physical links in the LAG must connect to the same adjacent switch,
which can be stackable switches. This typically results in a single point of failure if the
physical switch to which both links are connected goes offline.

Revision 0218 Mod 7 – 7

RSP 100 Link Aggregation & L2 Discovery

Link Aggregation Control Protocol (LACP)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 7 – 8

RSP 100 Link Aggregation & L2 Discovery

Link Aggregation Control Protocol

• Link Aggregation Control Protocol (LACP) is the protocol used to control the bundling of
several physical ports together to form a single logical link

• Defined in IEEE standard 802.3ad1

• LACP allows a network device to negotiate an automatic bundling of links by sending Link
Aggregation Control Protocol Data Units (LACPDUs) to a directly connected device
– Both devices must be configured to use LACP

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: The IEEE 802.3ad standard describes Link Aggregation Control Protocol
(LACP), which is a method of automating the configuration and maintenance of the
LAG. LACP allows ports on both sides of a redundant link to form a trunk (aggregate
link) without the need for manual configuration of the ports into trunk groups. When
LACP is enabled on a group of switch ports, the ports can negotiate with the ports at
the remote ends of the links to establish LAGs.

Revision 0218 Mod 7 – 9

RSP 100 Link Aggregation & L2 Discovery

LACP Modes of Operation

• LACP packets are exchanged between ports in these modes:

– Active—Places a port into an active negotiating state, in which the port initiates negotiations with remote
ports by sending LACP packets
– Passive—Places a port into a passive negotiating state, in which the port responds to LACP packets it
receives but does not initiate LACP negotiation

SW1 SW2

e1 e1
e2 e2

Switch 2

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

You can specify the mode in which LACP packets are exchanged:
• Active mode – An LACPDU is automatically transmitted to the peer on the other
side of the link as soon as the link is online
• Passive mode – An LACPDU will only be transmitted if one has been received from
the peer on the other side of the link

Revision 0218 Mod 7 – 10

RSP 100 Link Aggregation & L2 Discovery

LACP Link Keys

• Every 802.3ad-enabled port has a key

• The key identifies the ports that belong to the same LAG
– Ports with the same key are called a Key Group

SW1 SW2

e1 e1
e2 e2
Key 20 Key 20
e3 e3
e4 e4
e5 e5
e6 e6
Key 10 Key 40
e7 e7
e8 e8

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

As illustrated in the diagram, on SW1, because each four-port group has a different
key, ports 1 to 4 and 5 to 8 will not be in the same link aggregation group; neither will
ports 1 to 4 and ports 5 to 8 on SW2.
Keys on partner devices on the opposite side do not have to match.
NOTE: In conformance with the 802.3ad specification, the default key assigned to an
aggregate link is based on the port type (1 Gbps port or 10 Gbps port).
LACP message parameters include:
• Local system identifier (priority and system MAC)
• Local port identifier (priority and port number)
• Key assigned to the port
• Local state flags

Revision 0218 Mod 7 – 11

RSP 100 Link Aggregation & L2 Discovery

LACP System Priority

• Is used when devices encounter a conflict when forming a LAG

– The lower the system priority value, the higher the priority
– The system with the higher priority becomes the controlling system
– If both switches have the same LACP system priority value, the switch with the lowest LACP system ID has
priority
• The LACP system ID is the LACP system priority value plus the MAC address of the device

• Is configured on each device running LACP, either automatically or through the CLI

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The LACP system priority is used whenever devices encounter a conflict when
forming a LAG. For example, a conflict can occur if two devices are both configured
with the default setting of 127. The system priority value is assigned to resolve the
conflict - the lower the number, the higher the priority. The system with the lower
number (higher priority) becomes the controlling system. If both switches have the
same LACP system priority value, the switch with the lowest LACP system ID has
priority. The LACP system ID is the combination of the two-octet binary LACP system
priority value and the MAC address of the router.
A LACP system priority value is configured on each device running LACP, either
automatically or through a CLI.

Revision 0218 Mod 7 – 12

RSP 100 Link Aggregation & L2 Discovery

LACP Port Priority

• Port priority determines which ports should be put in standby mode if a hardware
limitation prevents all compatible ports from aggregating.

• LACP uses the port priority field with the port number to form the port identifier

• Port priority range is 0 to 65,535

– A default value is set on most network devices

• Ports are selected and assigned for aggregation starting with the highest priority port of
the highest priority system

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

When you enable LACP, you can configure the port priority automatically or through
the CLI. The port priority determines which ports should be put in standby mode if a
hardware limitation prevents all compatible ports from aggregating. Ports are
selected and assigned for aggregation starting with the highest priority port of the
highest priority system.
LACP uses the port priority field with the port number to form the port identifier. The
port priority value is the two most-significant octets of the LACP port ID; the port
number is the two least-significant octets. The port priority range is from 0 to 65,535.

Revision 0218 Mod 7 – 13

RSP 100 Link Aggregation & L2 Discovery

LACP Timers and Flags

Timers Flags
• Define the rate at which devices exchange • Communicate port state between systems
LACPDUs • If a unidirectional link failure occurs, link
• Short is one second transitions to LACP blocked state1
• Long is 30 seconds • The receiving system responds to the loss
• Allow LACP to keep the LAG active and of three consecutive LACPDUs by:
– Clearing its Synchronization, Collecting, and
forward traffic
Distributing flags
• Corresponding timeouts are 3 seconds or – Setting its Expired flag
90 seconds • The sending system responds by:
• You can configure the use of short or long – Clearing its Synchronization, Collecting, and
timeout values instead of following the Distributing flags
standard of short then long

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: LACP (and LLDP) PDUs will continue to be transmitted/received.

LACP uses a periodic transmission timer to define the rate at which inter-connected
devices exchange LACPDUs. The 802.1AX standard defines two values for the timer:
• Short is one second.
• Long is 30 seconds.
Timers allow LACP to keep the LAG active and forward traffic. By default, LACP
packets are exchanged every second to ensure the health of the interfaces. The
corresponding timeouts are 3 seconds or 90 seconds.
Note: You cannot independently configure how often a switch will send LACPDUs;
you can only configure a switch to expect to receive LACPDUs with this frequency
from its partner on the other side of logical channel.

Revision 0218 Mod 7 - 14

RSP 100 Link Aggregation & L2 Discovery

Static LAGs

• Static configuration is used to connect an Ethernet switch to another switch or device that
does not support LACP
– Ports are manually added to a LAG

• When using a static configuration, a cabling or configuration mistake at either end of the
LAG could go undetected and cause undesirable network behavior

• Both dynamic and static use the same load-balancing forwarding methods.

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 7 – 15

RSP 100 Link Aggregation & L2 Discovery

LAG Load Sharing

• Because there is no sequencing method in Ethernet, frames must arrive in order at the
destination

• On egress, LAGs select one link for each conversation to ensure ordered delivery

• Hash-based load sharing is used to determine which link

• Hashing algorithms include:

– Source/destination MAC addresses
– Source/destination IP addresses
– Source/destination TCP/UDP ports

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

LAGs use algorithms to determine how to distribute the traffic on the links. When a
LAG is configured to use a hashing algorithm, it uses frame or packet attributes to
determine the outgoing physical port. Hashing decisions are most commonly made
based on values in the frame/packet fields. The hashing algorithm attempts to
manage bandwidth by evenly load-balancing egress traffic among the physical ports
of the LAG.

Revision 0218 Mod 7 – 16

RSP 100 Link Aggregation & L2 Discovery

Neighbor Discovery Protocols

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 7 – 17

RSP 100 Link Aggregation & L2 Discovery

Neighbor Discovery Protocols

• Device discovery protocols run over the Data Link Layer (Layer 2) to allows network devices
to learn about other devices that are connected to the network

• Using standard management tools makes physical topology information available and
helps network administrators detect and correct network malfunctions and inconsistencies
in configuration

• Link Layer Discovery Protocol (LLDP), standardized by the IEEE as part of 802.1AB, enables
standardized discovery of nodes

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 7 – 18

RSP 100 Link Aggregation & L2 Discovery

Link Layer Discovery Protocol (LLDP)

• LLDP1 is an L2 network discovery protocol supported on Layer 2 interfaces

– Defines a set of common advertisement messages, a protocol for transmitting the advertisements and a
method for storing the information contained in received advertisements
– Allows a station to advertise its capabilities to and learn the capabilities of other stations in the Ethernet
LAN, including:
• System name
• System description
• System capabilities
• Management Address
– Information distributed by LLDP is stored by the receiving device in a management information base
(MIB)2
• Can be viewed by a network management system or from a CLI

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: LLDP is a vendor-neutral link layer protocol that is described in the IEEE
802.1AB standard.
Footnote 2: A MIB is a tree structured set of data values used in protocols such as
SNMP and LLDP

Revision 0218 Mod 7 – 19

RSP 100 Link Aggregation & L2 Discovery

Link Layer Discovery Protocol (cont.)

• Sends and receives information on active

and enabled interface1 Port Device Info
e1 Switch xxxx
e5 IP-Phone xxxx

“I’m an IP “I’m a
Phone.” PC.”

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: LLDP operates unidirectionally, only in an advertising mode. It does not

solicit information or monitor state changes between LLDP nodes, but sends
advertisements out and receives information on every active and enabled interface.
This process enables a device in a network to learn about the devices to which it is
connected.
Information that devices can receive includes:
• System name and description
• Port name and description
• VLAN name
• IP management address
• System capabilities (switching, routing, etc.)
• MAC/PHY information
Applications that use this information include:
• VLAN assignment
• Network topology discovery
• Emergency services
• Inventory management

Revision 0218 Mod 7 – 20

RSP 100 Module Name

• Inline power supplies

Revision 0218 <Mod #> - 20

RSP 100 Link Aggregation & L2 Discovery

LLDP Benefits

• Network management
– Enables discovery of accurate physical network topologies such as which devices are neighbors and the
ports through which they connect
– Enables discovery of stations in multi-vendor environments
• Network inventory data
– Supports optional system name, system description, system capabilities, and management address
– Provides device capability, such as switch, router, or WLAN access port
• Network troubleshooting
– Detects speed and duplex mismatches, VLAN mismatches, and IP misconfigurations
– Accurate topologies simplify troubleshooting in enterprise networks

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 7 – 21

RSP 100 Link Aggregation & L2 Discovery

LLDP Data Units (LLDPDUs)

• Are packets sent by LLDP agents with information about a sending device/port
• Consist of an untagged Ethernet header and a sequence of type, length, and value (TLV)
fields
– Type – Identifies the kind of information being sent
– Length – Indicates the length (in octets) of the information string
– Value – Is the actual information being sent
• Two types of LLDP TLVs are specified in the IEEE 802.3AB standard:
– Basic management TLVs consist of both optional general system information TLVs as well as mandatory
TLVs
– Mandatory TLVs are the first three TLVs in the LLDPDU and are part of the packet header

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

LLDP agents transmit information about a sending device/port in packets called LLDP
data units (LLDPDUs). All the LLDP information to be communicated by a device is
contained within a single 1500-byte packet.
Each LLDPDU consists of an untagged Ethernet header and a sequence of short,
variable length information elements known as TLVs. TLVs have type, length, and
value fields:
• Type identifies the kind of information being sent
• Length indicates the length (in octets) of the information string
• Value is the actual information being sent (for example, a binary bit map or an
alpha-numeric string containing one or more fields).
There are two types of LLDP TLVs, as specified in the IEEE 802.3AB standard:
• Basic management TLVs consist of both optional general system information TLVs
as well as mandatory TLVs.
• Mandatory TLVs cannot be manually configured. They are always the first three
TLVs in the LLDPDU and are part of the packet header.

Revision 0218 Mod 7 – 22

RSP 100 Link Aggregation & L2 Discovery

LLDP TLVs

• Organizationally specific TLVs are optional in LLDP implementations

– Defined and encoded by individual organizations or vendors.

• Al LLDP devices must support mandatory basic management TLVs

• Other basic management TLVs are optional1

• Examples of organizationally specific TLVs:

– 802.1 organizationally specific TLVs
• Port VLAN ID
• VLAN name TLV
– 802.3 organizationally specific TLVs
• MAC/PHY configuration/status
• Power through MDI
• Link aggregation
• Maximum frame size

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: General system information TLVs are optional in LLDP implementations

and are defined by the network administrator. Most devices support the following
basic management TLVs:
• Chassis ID (mandatory)
• Port ID (mandatory)
• Time to Live (mandatory)
• Port description
• System name
• System description
• System capabilities
• Management address

Revision 0218 Mod 7 – 23

RSP 100 Link Aggregation & L2 Discovery

LAB EXERCISE

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 7 – 24

RSP 100 Link Aggregation & L2 Discovery

End of Module 7
Link Aggregation & Layer 2 Discovery

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 7 – 25

RSP 100 IP Addressing

Module 8
IP Addressing

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 8 - 1

RSP 100 IP Addressing

Legal Disclaimer

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 8 - 2

RSP 100 IP Addressing

Objectives

• After completing this module, attendees will be able to:

– Explain the basics of Internet Protocol (IP), including IP addressing
– Describe the differences between IPv4 and IPv6 addressing and format
– Explain how subnetting, supernetting and Classless Inter-Domain Routing (CIDR) are used
– Explain basic IPv6 addressing

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 8 - 3

RSP 100 IP Addressing

IP Basics

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 8 - 4

RSP 100 IP Addressing

IP Addressing

• Introduction
• An IP address is a numerical identification (logical address) that is assigned to a device in
a network using IP for communication with other devices1
– Provides effective scalability due to its hierarchical design
– Provides the optimal forwarding of packets between networks

• The IP address is divided into two parts:2

– The network portion is common to all nodes on one network and is defined by the subnet mask
– The host identifier (ID) portion is unique to each device on that network

• IP addresses used to forward traffic across the Internet require a public, routable
address3

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: IP addresses provide the ability to route traffic from one LAN to another.
It also provides a scalable way to allow many different devices and networks to be
accessible to each other. Layer 3 addressing can be deployed allowing hierarchical
design providing summarization or grouping of networks simplifying the routing table
within a device.
Footnote 2: A router can gather information either statically or dynamically from
neighbor routers allowing it to choose the best path for forwarding packets from LAN
to another. Identification of the destination IP address of a packet is then compared
to this gathered information and sent out an interface towards the optimal path.
Footnote 3: Devices that access to the Internet are represented by a public IP address
allowing it to be uniquely identified on the network. Devices that are associated with
a unique public IP address can have packets sent/received from that address.
Addresses can either be public or private depending on their what network they are
directly connected to. Private and public IP addresses will be discussed in more detail
later in this module.

Revision 0218 Mod 8 - 5

RSP 100 IP Addressing

Layer 3 - Network Layer Addresses

• Though a LAN is created using L1 and L2 hardware, such as an L2 switch, the LAN is
identified by its L3 network address

• The following are varies IP Address

149.49.193.13
names for Layer 3 Internet
addresses:
– IP address
Network 10 IP Address IP Address Network 20
– Layer 3 address 10.1.1.1 20.1.1.1
L2 Switch L2 Switch
– Logical address
– Network address
– Software address IP Address
Router
IP Address
10.1.1.15 20.1.1.40

IP Address IP Address
10.1.1.5 20.1.1.3

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 8 - 6

RSP 100 IP Addressing

Layer 3 – IP Versions

• Current IP versions in use today1

– IPv4: First version to be widely deployed

• Documented in Request For Comment (RFC) 791
• Supports 4 billion, (4.3×109) addresses
• IP addresses are 32-bits and represented as four octets with decimal values
Example: 192.168.1.1

– IPv6: The next generation Internet protocol

• Designed to replace IPv4
• Documented in Request For Comment (RFC) 2460
• Supports 340 undecillion (3.4×1038) addresses
• IP addresses are 128-bits represented as 8 groups of four hexadecimal digits2
Example: 2001:0000:130F:0000:0000:00C0:876A:12EB

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: The Internet Protocol is the key element that defines the Internet.
Although IPv4 is the dominant protocol used in networks today it will eventually be
replaced by IPv6 protocol. Currently public IPv4 address have been exhausted
therefore any new public addresses issued by IANA are IPv6. Not only does IPv6 use
a 128 bit hexadecimal address it provides an extremely large number of unique
addresses. It not only overcomes some limitations of IPv4 such as neighbor discovery
by broadcast, it provides many enhancements.
Footnote 2: Each of the 8 groups within the IPv6 address represents 16 bits (two
octets). Each group is separated by colons and can be abbreviated which will be
further discussed later in this module.

Revision 0218 Mod 8 - 7

RSP 100 IP Addressing

IP (L3) and MAC (L2) Addressing

Analogy
• The difference between an L2 MAC address and an L3 IP address is similar to the
difference between a persons name and street address

– The L2 MAC address is like a person’s name

• It is given to a person at birth and typically does not change

– The L3 IP address is like a home street address

• Represents a person while they currently reside there but changes if a choose to move 1

• Although the address of the physical location is permanent it will represent the occupant
while they reside there

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: As your device (laptop) moves from your home to the coffee shop the L3
address assigned will change however your L2 (MAC) will remain the same.

Revision 0218 Mod 8 - 8

RSP 100 IP Addressing

IPv4 Header

• Fields and their Function

IP Header DSCP / Prioritization

Length
Bit 0 Bit 15 Bit 16 Bit 31
Header Priority & Type Of
Version (4)
Length (4) Service (8) Total Length (16)
Flags
Identification (16) (3) Fragment Offset (13) Fragmentation

20 bytes
Lifetime >=1 Time to Live (8) Protocol (8) Header Checksum (16) Integrity Check

IP Protocol – upper layer Source IP Address (32)

Layer 3 Addresses
Destination IP Address (32)

Packet Handling Options IP Options (0 or 32, if any)

Data (if any)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The format of the IPv4 header is shown in the figure. It includes information that
pertains to IP packet forwarding, handling, size, upper layer protocols, lifetime and
integrity. An IP address must be unique value for each member device on the
network. The IPv4 header is used to route the traffic towards its destination. The
header contains the source and destination IPv4 addresses allowing both sender and
receiver to be identified. Additional information such as the encapsulated upper layer
protocol as well as its priority and time to live values are also included in the IP
header.
Header Fields:
Version: 4 bits The Version field indicates the format of the internet header. This
document describes version 4.
IHL: 4 bits Internet Header Length is the length of the internet header in 32 bit words,
and thus points to the beginning of the data. Note that the minimum value for a
correct header is 5.
Type of Service: Although replaced with Differentiated Services Code Point this field
is used to set the priority and effects the handling of the packet as it moves onto its
destination. More details on the DSCP will be discussed in later modules.
Total Length: 16 bits Total Length is the length of the datagram, measured in octets,
including internet header and data. This field allows the length of a datagram to be up
to 65,535 octets. Such long datagrams are impractical for most hosts and networks.
All hosts must be prepared to accept datagrams of up to 576 octets (whether they

Revision 0218 Mod 8 - 9

RSP 100 IP Addressing

arrive whole or in fragments).

Identification: 16 bits An identifying value assigned by the sender to aid in assembling the
fragments of a datagram.
Flags: 3 bits Various Control Flags. Bit 0: reserved, must be zero Bit 1: (DF) 0 = May Fragment,
1 = Don't Fragment. Bit 2: (MF) 0 = Last Fragment, 1 = More Fragments.
Fragment Offset: 13 bits This field indicates where in the datagram this fragment belongs.
The fragment offset is measured in units of 8 octets (64 bits). First fragment has offset zero.
Time to Live: 8 bits This field indicates the maximum time the datagram is allowed to remain
in the internet system. If this field contains the value zero, then the datagram must be
destroyed. This field is modified in internet header processing. The time is measured in units
of seconds, but since every module that processes a datagram must decrease the TTL by at
least one even if it process the datagram in less than a second, the TTL must be thought of
only as an upper bound on the time a datagram may exist. The intention is to cause
undeliverable datagrams to be discarded, and to bound the maximum datagram lifetime.
Protocol: 8 bits This field indicates the next level protocol used in the data portion of the
internet datagram. The values for various protocols are specified in "Assigned Numbers"
Header Checksum: 16 bits A checksum on the header only. Since some header fields change
(e.g., time to live), this is recomputed and verified at each point that the internet header is
processed.
Source Address: 32 bits Destination Address: 32 bits
Options: variable The options may appear or not in datagrams. They must be implemented
by all IP modules (host and gateways). What is optional is their transmission in any particular
datagram, not their implementation.

Revision 0218 Mod 8 - 9

RSP 100 IP Addressing

IPv4 Addressing

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 8 - 10

RSP 100 IP Addressing

IP Packet Types 153_IP-packetTypes.png

• Transmission Types
• Network device transmission types based on Layer 3 (L3) forwarding:
– Unicast1—One-to-one communication
– Multicast2 —One-to-a (logical) grouping of devices or clients
– Broadcast3 —One-to-all communication

Unicast Multicast Broadcast

Switch Switch Switch

Server Nodes Server Server Nodes Server Server Nodes Server

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Unicast traffic describes point to point communication where there is

just one sender forwarding to one known receiver. Can be bidirectional forwarding
between the two devices often occur and accounts for the largest type of traffic on
LANs and within the Internet.
Footnote 2: Multicast traffic is a unidirectional one to many connection where a
sender will forward to a group of recipients. Provides an effective way to forward
traffic to a group of receivers while minimizing bandwidth usage. Instead of each
receiving having their own unicast connection to the sender they simply subscribe to
the single flow coming from the sender.
Footnote 3: Broadcast traffic being sent and processed by all devices on the local
LAN. Because the destination is set to the broadcast address all devices that reside on
the LAN are required to accept and process the data and can discard once it is
identified that it is not addressed to them. Common broadcast forwarding example of
this is the Address Resolution Protocol (ARP), which uses a broadcast to send an
address resolution query to all devices on a LAN segment attempting to discover the
physical Media Access Control (MAC) address of the owner of an IP address. Once it
binds the known IP address to the discovered MAC address it can forward unicast
traffic to the destination.

Revision 0218 Mod 8 - 11

RSP 100 IP Addressing

IP Address Format (IPv4)

• IP address is a 32-bit binary number

11000000 10101000 01100100 00001010

• For readability purposes, it is split into four eight-bit octets

11000000 . 10101000 . 01100100 . 00001010

• This is still hard to read, so each octet is converted to its equivalent decimal number
– This format is called the dotted-decimal-notation or
dotted quad notation
192.168.100.10

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Generally L3 addresses are designated by the network administrator who through

careful planning distributes them to create a hierarchy on the network. If L3
addresses are deployed using a hierarchy structure many networks can be
represented by a single network entry representing many IP networks. This process is
similar to mail delivery where the further away from the destination the less
descriptive portion of the address is used. Example: a letter headed to London,
England from Tokyo, Japan will only require the country to be identified when sorted
in Tokyo. Only when it gets closer to its destination will the more significant portions
of the address be used for forwarding. Therefore the bin that the letter is placed in
Tokyo is labeled England instead of the street address.

Revision 0218 Mod 8 - 12

RSP 100 IP Addressing

Converting Binary to Decimal Notation

• Binary conversion example of the first octet

Insert 0 and 1’s 1 1 0 0 0 0 0 0 128 + 64 = 192

Binary Positional
128 64 32 16 8 4 2 1
Values
Base-2 27 26 25 24 23 22 21 20

Most significant bit Least significant bit

Full conversion of binary address = 192.168.100.10

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The binary numeral system, or Base-2 number system, represents numeric values
using two symbols of 0 and 1.
Bits on the far right of each octet is considered the lest significant bit therefore it is
the beginning of the binary chart. Each octet are visually independent when it comes
to its binary value but when these values are combined they collectively identify a
unique IPv4 address. To convert the binary address you must add up all the bits set
to 1 within each octet in order to produce the corresponding decimal based IP
address notation.

Revision 0218 Mod 8 - 13

RSP 100 IP Addressing

Converting Decimal to Binary Notation

• Decimal conversion example of the second octet
192 . 168 . 100 . 10

Bits set to 1 and 0 1 0 1 0 1 0 0 0 128 + 32 + 8 =168

Binary Positional
128 64 32 16 8 4 2 1
Values
Base-2 27 26 25 24 23 22 21 20

Most significant bit Least significant bit

Full conversion = 11000000 10101000 01100100 00001010

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 8 - 14

RSP 100 IP Addressing

Subnet Mask

• IP addresses consist of two portions:

– The most significant part is the network address which identifies a whole network or subnet
– The least significant portion is the host identifier, which specifies a particular address assigned to a host
interface on that network

Network Portion/ Identifier Host Identifier

192.168.200 .100
255.255.255 .0
Subnet Mask

• A subnet mask determines how the IP address is divided

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 8 - 15

RSP 100 IP Addressing

IPv4 Address Classes And Structure

• RFC 791 categorizes a range of numbers used by network devices into classes
Class 1st Octet From To Subnet Mask CIDR1
Class A 0xxxxxxx 1.0.0.0 126.255.255.255 255.0.0.0 /8
Class B 10xxxxxx 128.0.0.0 191.255.255.255 255.255.0.0 /16
Class C 110xxxxx 192.0.0.0 223.255.255.255 255.255.255.0 /24
Class D 1110xxxx 224.0.0.0 239.255.255.255 Multicast (No mask)
Class E 1111xxxx 240.0.0.0 255.255.255.255 Reserved (No mask)

• An IP address accompanied by a subnet mask defines the network portion and host
portion of a subnet
– Class-based subnet masks use 8-bit blocks to note network address boundaries

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Classless Inter-domain Routing (CIDR) is a numerical value that identifies

the number of bits that represent the network portion of the IP address similar to the
subnet mask. Often can be used instead of the actual mask since both represent the
same value.

Revision 0218 Mod 8 - 16

RSP 100 IP Addressing

Address Blocks

• An address block is a range of available addresses within a network

– Within all networks 2 addresses are reserved to identify the network and provide a broadcast address
• The first available address is used for the network address
• The last available address is used for broadcast traffic 1
– The remaining addresses are used for host IDs

Network ID Host ID From Host ID To Broadcast Address

10.0.0.0
10.0.0.1 10.255.255.254 10.255.255.255
255.0.0.0
172.168.0.0
172.168.0.1 172.168.255.254 172.168.255.255
255.255.0.0
192.168.200.0
192.168.200.1 192.168.200.254 192.168.200.255
255.255.255.0

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Any traffic that is needing to be sent to all devices residing within the
subnet will have its destination address set to this broadcast address. All devices
within the subnet will process packets with this destination address. Many networks
block any broadcast messaging that did not originate on the local subnet also referred
to as “targeted broadcast”

Revision 0218 Mod 8 - 17

RSP 100 IP Addressing

Private IP Addresses

• The public IPv4 address space has been depleted (as of October 2015)
• To allow for the continued allocation of IPv4 addresses, a range of addresses was identified
for use on private networks
• RFC 1918, “Address Allocation for Private Internets,” reserved the following address ranges
for use:
– Class A: 10.0.0.0/8 (10.0.0.0–10.255.255.255)
– Class B: 172.16.0.0/12 (172.16.0.0–172.31.255.255)
– Class C: 192.168.0.0/16 (192.168.0.0–192.168.255.255)
• These private addresses must remain in the LAN and will not be routed on the internet
– Traffic destined to the internet with a source address that is private will be translated to a public address
at the edge of the LAN before it is forwarded1

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: As traffic leaves the private network the source address (private address)
will be translated to a public address. Any traffic that is returned and destined to the
private source then the destination IP address is translated back to the original
private address. This process of translating the private address to a public is a
common practice and is called Network Address Translation (NAT) or Port address
Translation (PAT). Both of these processes will be discussed further in later modules.

Revision 0218 Mod 8 - 18

RSP 100 IP Addressing

Subnetting and Supernetting

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 8 - 19

RSP 100 IP Addressing

Network Address Designs

Network
Address

Network
Network Address Network
Address
Network Address
Address

Network
Address
Network Sub-Networks VLSM

Supernet

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Supernet: the aggregation of networks into a single larger network address space
(the opposite of subnetting) and typically is used for route summarization to reduce
the size of routing tables.
Network: A classful network ( A, B, C) has a fixed-size host addressing space.
Sub-Networks: Subnetting provides the ability to segment or create multiple equal
size subnetworks from a network. Typically these subnetworks are shielded from the
external world and only the original network address is exposed.
VLSM: VLSM allows for subnets to be defined with different subnetwork sizes as
needed under a single network ID, thereby minimizing, if not eliminating, wasted
addresses.

Revision 0218 Mod 8 - 20

RSP 100 IP Addressing

Subnetting Overview

• Classful network addressing is inefficient and causes many IP addresses to go unused

– Class A and B networks also have very large broadcast domains causing diminished network performance1

• Subnetting enables a classful address to be segmented or subdivided into multiple smaller

networks2
– This allows administrators to organize devices into logical groups to improve network security and
performance

• Local LAN devices use the subnet mask to interpret the device’s subnetting information
– This identification allows hosts to identify other devices that reside within the same subnet3

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Because a single subnet defines a broadcast domain large classful

networks (class A and B) become ineffective. It is best to limit the size of the
broadcast domain to provide effective network performance.
Footnote 2: Subnetting partitions the host ID section of the IP address in order to
create smaller subnetworks or subnets. This process takes additional bits from the
host portion of the IP address and uses it for the network portion. This results in a
subnet mask that does not line up with classful partitions.
Footnote 3: If a device wanted to send a packet it first looks at the destination IP
address and with its subnet mask can identify if the destination resides within its own
subnet. If it is identified that the destination address is not local the device will send
the packet to its default gateway for forwarding to the correct subnet.

Revision 0218 Mod 8 - 21

RSP 100 IP Addressing

IP Subnetting Benefits

• Subnetting provides the following benefits:

– Improves IP address utilization
– Improves security
– It improves organization of resources
– Improves network performance Internet
– Fault isolation
L2 Switch Router L2 Switch

40 Devices 40 Devices
• Considerations
when subnetting
– How many subnets L2 Switch L2 Switch

are needed?
– How many hosts
40 Devices 40 Devices
per subnet are needed?

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Subnetting provides the following benefits:

• Improves IP address utilization – Each LAN segments that do not require host
addresses that are associated with a classful network will go unused. Point-to-
point links which are simply a link between routers only require 2 host IP
addresses and thus are the biggest offenders of IP address waste.
• Improves Security– Because security measures such as access lists and the
blocking of traffic can be applied to subnets, more control of malicious
connections can be achieved by dividing up networks into smaller subnetworks.
Sensitive departments within a company such as HR or accounting can be placed in
their own subnet which then can have additional security measures applied to that
subnet.
• Improves organization of resources – Careful planning of address space within a
network allows an easy identification of the packets source. Allocating IP
addresses by either location, departments or device purpose (Web servers,
database server, Security appliance) the packets origination or destination can be
quickly identified Example: AN IP packet with a source address of 192.168.200.1
can be quickly identified as a IP surveillance camera because that is a network
address allocated to them.
• Improves network performance – Dividing up a network shrinks broadcast
domains within a network. Because of the nature of broadcasts which sends a
frame to all devices within the subnet resources are used on each device to
process the frame regardless if it is directed to it. Limiting the size of the broadcast

Revision 0218 Mod 8 - 22

RSP 100 IP Addressing

domain causes less broadcasts to be sent to a device allowing its resources to be used to
process meaningful frames.
• Fault isolation – If a local device malfunctions and starts sending meaningless traffic (such
as a broadcast storm) on the local network only the local devices will be effected. This
isolates the problem and provides better stability for the network as a whole.

Revision 0218 Mod 8 - 22

RSP 100 IP Addressing

Classless Subnetting

• When subnetting additional bits originally allocated to the host portion of the address are
borrowed for additional network IDs
– This is termed classless inter-domain routing (CIDR) which causes less bits to be used for host addresses1
– This divides the host IDs of the classful network between the newly created subnets2
• Each subnet will now have its own network ID and broadcast address
– These acquired bits used for the network portion are now network IDs identifying subnets within a
classful address range3

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: When bits are taken from the host portion of an address additional
subnetworks are created however less host addresses are allocated to each subnet.
Footnote 2: Each bit taken from the host ID portion for the subnet ID doubles the
number of subnets that are possible in the network however it will cause less than
half the number of hosts that are within each subnet on the network.
Footnote 3: Each subnet ID will now have its own host range of addresses. Each
network ID is identified by each unique value the borrowed bits can create. Example:
If 2 bits are borrowed from the host portion then 4 unique network IDs can be
created and used. (22 = 4)

Revision 0218 Mod 8 - 23

RSP 100 IP Addressing

Classless Subnetting (cont.)

• IPv4 address host bits may be assigned to subnets

– As more bits are used for the network portion of the address less hosts addresses per subnet are available
– It is important to learn specific subnet mask bit patterns
– The table represents the last octet in an IPv4 address

Class C Host Bits

CIDR 128 64 32 16 8 4 2 1 Number of Subnets Address Block Size
/24 0 0 0 0 0 0 0 0 1 256
/25 1 0 0 0 0 0 0 0 2 128
/26 1 1 0 0 0 0 0 0 4 64
/27 1 1 1 0 0 0 0 0 8 32
/28 1 1 1 1 0 0 0 0 16 16
/29 1 1 1 1 1 0 0 0 32 8
/30 1 1 1 1 1 1 0 0 64 4
/31 1 1 1 1 1 1 1 0 128 2
/32 1 1 1 1 1 1 1 1 256 1

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 8 - 24

RSP 100 IP Addressing

IP Subnets – Non-Subnetted Network Example

• Pairing an IP address with its classful subnet mask does not result in additional
subnetworks1
– Example of the IP address (e.g. 192.168.1.2) paired with a subnet mask (e.g. 255.255.255.0)
• The pairing of an IP address with a default subnet mask is not considered subnetting because there is no creation
of additional subnetworks2

Single Network Example

Router
192.168.1.1 192.168.1.2 192.168.1.3 192.168.1.4
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Logical Ethernet Segment

192.168.1.5 192.168.1.6 192.168.1.7

255.255.255.0 255.255.255.128 255.255.255.0

Unique Host IDs on single classful network 192.168.1.0

Host ID Range: 192.168.1.1-254

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Classful A, B, C IP addresses only produce a single network address

space.
Footnote 2: See RFC 1812 for technical definitions of subnetting. Using a non-classful
value for a subnet mask indicates you are subnetting.
Subnets is a short notation for “subnetworks”.
• Address — The unique number ID assigned to one host or interface in a network.
• Subnet — A portion of a network sharing a particular subnet address.
• Subnet mask — A 32-bit combination used to describe which portion of an address
refers to the subnet and which part refers to the host.
• Interface — A network connection.

Revision 0218 Mod 8 - 25

RSP 100 IP Addressing

IP Subnets – Subnetted Network Example

• Subnetting creates smaller sub-networks (subnets) by using a non-classful subnet mask value
– Example: To divide a Class C network, use a 255.255.255.128 (/25) value instead of the default subnet mask of
255.255.255.0)1
• Routers are used to manage traffic and constitute borders between subnets (used to route between subnets)

Multi-Network Example

Network 1 Network 2
Router Router
192.168.1.1 192.168.1.2 192.168.1.129 192.168.1.131
255.255.255.128 255.255.255.128 255.255.255.128 255.255.255.128

192.168.1.130
255.255.255.128 192.168.1.132
192.168.1.3 192.168.1.6
255.255.255.128
255.255.255.128 255.255.255.128

Network 1 Host ID Range: 192.168.1.1-126

Network 2 Host ID Range: 192.168.1.129-254

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: In this example a second network was created and the mechanics how
will be discussed in upcoming slides. But because there are now two distinct
networks notice that it requires a router or routing mechanism to be able to
communicate between networks. In this example the default Class C subnet mask
was changed from 255.255.255.0 to 255.255.255.128 which indicates that a single bit
was set to 1 in the 4th octet of the subnet mask. If you remember from a previous
slide the first bit or the most significant bit in a binary format has the fixed value of
128. This leaves seven bits for the host ID portion of the IP address which leaves us
with 128-2 (for the network and broadcast addresses) hosts in each network.

Revision 0218 Mod 8 - 26

RSP 100 IP Addressing

IP Subnets – Applying the Subnet Mask

• With a class C network of 192.168.1.100 and a subnet mask of 255.255.255.192 (/26)

answer the questions below
– The chart below shows the decimal and binary values
Field Decimal value Network ID Network ID Network ID Host ID
Octet 1 Octet 2 Octet 3 Octet 4
IP Address 192.168.1.100 1100 0000 1010 1000 0000 0001 0110 0100

Default 255.255.255.0 1111 1111 1111 1111 1111 1111 0000 0000
Subnet Mask
Subnet Mask 255.255.255.192 1111 1111 1111 1111 1111 1111 1100 0000

– Some key questions from the subnet mask fields of this table
• How many additional subnets have been created using this subnet mask? 1
• How many host IDs are available per subnet?2
• What is the network ID and broadcast address for the IP address 3

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

You can apply the subnet mask to an IP address to be able to determine the
following:
• Number of subnets (subnetworks) created
• How many hosts per subnet
• The exact network and broadcast addresses for each subnet
• How to determine the subnetwork of a specified IP address
Footnote 1: Because 2 bits were taken from the host portion of the classful C address
the 2 bits taken can create 4 unique IDs 22=4. Therefore we have created 4 subnets
out of this class C network.
Footnote 2: Because there are 6 bits left for host IDs each subnet will have 64 unique
values (62=64). Each subnet however requires to have a network ID and a broadcast
address therefore each subnet will have 62 usable host addresses (IDs) 64-2=62.
Footnote 3: The simple way to identify the network ID and broadcast address is to
multiply the host ID bit value. We identified above each subnet has 6 bits providing
64 unique values (62=64). Starting with the classful network ID address which is
192.168.1.0 we will use 64 as our multiplier:
192.168.1.0+64 provides us the 2nd subnet network ID and provides the address
range of the 1st subnet (host range 192.168.1.1-62). Because the broadcast address is
the last address within a subnet we can identify the network address of the 1st
subnet (192.168.1.0) and the broadcast address which will be 192.168.1.63.
Subnet 1 ID 192.168.1.0 broadcast address 192.168.1.63

Revision 0218 Mod 8 - 27

RSP 100 IP Addressing

The second subnets network ID is 192.168.1.64 to identify its broadcast address and host ID
range we add 64 to the second subnets network id (192.168.1.64) resulting in the 3rd
subnets Network ID 192.168.1.64+64=128. Subtracting 1 from the value we can identify the
broadcast address of the 2nd subnet and can identify the unique host ids it provides
Subnet 2 ID 192.168.1.64 broadcast address 192.168.1.127
To identify the 4th subnet network ID we will add 64 to the 3rd subnet network ID
192.168.1.128+64=192. Subtracting 1 to identify the broadcast address for subnet 3 we now
can complete the subnet 3 range
Subnet 3 ID 192.168.1.128 broadcast address 192.168.1.191
Lastly we can identify the broadcast address of the 4th subnet by adding 64 to the 3rd
subnet network ID and subtracting 1. 192.168.1.192+64=256-1=255
Subnet 4 ID 192.168.1.192 broadcast address 192.168.1.255
As a result we can see that the address on the slide (192.168.1.100) falls in subnet 2 host
range.

Revision 0218 Mod 8 - 27

RSP 100 IP Addressing

IP Subnets – Applying the Subnet Mask (cont.)

Field Decimal value Network ID Network ID Network ID Subnet | Host ID

Octet 1 Octet 2 Octet 3 Octet 4
IP Address 192.168.1.100 1100 0000 1010 1000 0000 0001 0110 0100
Subnet Mask 255.255.255.192 1111 1111 1111 1111 1111 1111 1100 0000

1. To determine the number of possible (sub) networks take 2 to the power of the number
of subnet bits
– In this case 22 = 4 possible (sub) networks1

2. To determine the number of possible host addresses per subnetwork, take 2 to the
power of the number of host ID bits and then subtract 2 for the network and broadcast
address for the subnetwork2
– In this 26 -2 = 62 possible host addresses per subnetwork

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Remember there is only one possible network with the default subnet
mask of 255.255.255.0.
Footnote 2: It is important to note when subnetting each subnetwork created has an
identical number of host ID space created. In this example we can use up to four
subnetworks and each subnetwork has 62 unique host addresses that can be
deployed.

Revision 0218 Mod 8 - 28

RSP 100 IP Addressing

IP Subnets – Applying the Subnet Mask (cont.)

3. This chart illustrates the calculation of the 4 network and broadcast addresses

Binary Positional
128 64 32 16 8 4 2 1 Last Octet
Values (2 x).
Subnet Mask 1 1 0 0 0 0 0 0
Network ID Subnet ID Host ID1

0 0 0 0 0 0 0 0 0 Network
192.168.1.
63 0 0 1 1 1 1 1 1 Broadcast

64 0 1 0 0 0 0 0 0 Network
192.168.1.
127 0 1 1 1 1 1 1 1 Broadcast

128 1 0 0 0 0 0 0 0 Network
192.168.1.
191 1 0 1 1 1 1 1 1 Broadcast

192 1 1 0 0 0 0 0 0 Network
192.168.1.
255 1 1 1 1 1 1 1 1 Broadcast

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: All host ID bits are set to zero so they do not factor into the equation.
The first rule to note is that when subnetting the traditional network ID (leftmost
table column) bits remain in place and only from the traditional classful host ID
address field comes the additional subnetwork addresses. Therefore the four subnet
network (and broadcast) addresses follow the format 192.168.1.x .
The network addresses are determined by looking at the subnet ID field and figure
out all the possible combinations using the binary positional values and place a 0
value in each host ID field. The four networks addresses are 192.168.1.0,
192.168.1.64, 192.168.1.128, 192.168.1.192.
The broadcast address requires the known subnet ID field to be added to the
combination of host ID fields which have been set to 1. Therefore the first broadcast
address of 192.168.1.63 is summation of the subnet ID value of zero + the host ID
value of 63. ( 32 + 16 + 8 + 4 + 2 + 1=63) The next broadcast address for the second
subnetwork of 192.168.1.127 is summation of subnet ID of 64 + the host ID value of
63.

Revision 0218 Mod 8 - 29

RSP 100 IP Addressing

IP Subnets – Applying the Subnet Mask (cont.)

4. To determine which subnetwork 192.168.1.100/26 belongs to:

– Boolean logic is used to compare the IP address and its subnet mask1

1st Octet 2nd Octet 3rd Octet 128 64 32 16 8 4 2 1

192.168.1.100 1100 0000 1010 1000 0000 0001 0 1 1 0 0 1 0 0
255.255.255.192 1111 1111 1111 1111 1111 1111 1 1 0 0 0 0 0 0
ANDing operation
192.168.1.64 1100 0000 1010 1000 0000 0001 0 1 0 0 0 0 0 0

– Router performs the ANDing operation to determine the subnetwork address of the IP address2

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: By applying the subnet mask to the IP address through the use of
Boolean logic it is possible to determine the subnetwork for a particular IP address.
Boolean logic provides a true or false result allowing for the identification of the
subnet. When comparing the subnet mask using the Boolean AND function to the IP
address the network ID can be obtained. Boolean indicates that the result is 1 only
when both the address bit and the subnet bit have values of 1. If both bits do not
match this value then they will be set to 0.
Footnote 2: A router that performs this function is left with the address of the
subnetwork. Because it knows from the class of the network (due to the high order
bits) what part is the network ID, it also knows what subnet the address is on.

Revision 0218 Mod 8 - 30

RSP 100 IP Addressing

Supernetting

• Supernetting combines classful networks together to create a larger network

– This is the opposite of subnetting where a classful network is broken into smaller subnets
– Often used to combine class C subnets to provide more hosts within a subnet1
– Variable length subnet masks (VLSM) provides the ability to allocate address space based on the
organizational needs and not along classful boundries2

Class C Networks Hosts Network ID Network ID Network ID Subnet | Host ID

available Octet 1 Octet 2 Octet 3 Octet 4
192.168.100.0/24 254 1100 0000 1010 1000 0110 0100 0000 0000

192.168.101.0/24 254 1111 1111 1111 1111 0110 0101 0000 0000

192.168.100.0/23 510 1111 1111 1111 1111 0110 0100 0000 0000

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Often in modern networks were switches are deployed allowing for
improved forwarding of frames larger amount of hosts can reside within a network.
Because a Class C is limited to 254 hosts two class C networks can be combined to
provide a larger network.
Footnote 2: Variable length subnet masks provides the ability to divide networks up
with un-proportional sizes. Instead on dividing classful networks into subnets with the
same host size we can divide subnets into different sizes. VLSM will be discussed later
in this module.

Revision 0218 Mod 8 - 31

RSP 100 IP Addressing

Variable Length Subnet Mask (VLSM)

• IP address space is divided into a hierarchical set of subnets of different sizes

– Unlike traditional subnetting where each created subnet has the same subnet mask
– VLSM allows each subnet the ability to have its own unique subnet mask and host size
– Commonly used with point-to-point router connections (2 host addresses needed) providing efficient use
of IP addresses1
– Allows to maximize host allocation of public IPv4 assigned addresses

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: When public IPv4 addresses are used for point-to-point links it is critical
to save as many addresses as possible. If a small company has only a public class C
address assigned to them they want to maximize its use allowing for smaller subnets
for its point-to-points and a larger host size for its server banks etc.

Revision 0218 Mod 8 - 32

RSP 100 IP Addressing

VLSM Subnetting Example

• Each block represents a /30 network (2 hosts, Network ID, Broadcast address)1
– Larger subnets with different masks can be created by combining blocks in hierarchical order

= 192.168.1.0/25 126 Hosts

= 192.168.1.128/26 62 Hosts

= 192.168.1.192/27 30 Hosts
= 192.168.1.248/30
2 Hosts
= 192.168.1.252/30
= 192.168.1.224/28 14 Hosts = 192.168.1.240/29 6 Hosts

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: As more /30 subnets are combined together the subnet mask (CIDR)
changes. Because bits can represent 2 unique values (0-1) blocks have to be chosen
by pairs. Each can be of different size as long as they are in hierarchical order and do
not overlap other subnets.

Revision 0218 Mod 8 - 33

RSP 100 IP Addressing

Network Examples

Customer A’s Internal Network

192.172.0.0/24
Customer A
192.172.0.0/23 192.172.1.0/25

192.172.1.128/25

Customer B
ISP 2 ISP 1 192.172.2.0/23
Internet

Summary Route Customer C

192.172.0.0/20 192.172.4.0/22

Customer D
192.172.8.0/21

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

In this scenario there is single route (route aggregation or supernet) advertised by the
ISP 2 for the multiple backend customer networks behind ISP 1.
There are two examples of VLSM occurring as:
• ISP 2 will typically divide a much larger address block and allocate a portion to ISP
1 who then can carve it up further up and allocate network address space to the
individual customers. Customer A has a traditional looking Class C IP address but
with a /23 mask indicating 9 bits for the host address space or 512 possible
devices.
• Then within Customer A’ s internal network, the VLSM technique can be applied to
create variable length subnetworks based on the needs of the organization.
Details include:
• Address block used: 192.172.0.0/23
• Number of IP addresses needed: 400
• Available IP addresses in block: 512
• IP addresses left in block: 110
• Amount of hosts per network address/mask
• 200 / 192.172.0.0/24
• 100 / 192.172.1.0/25
• 100 /192.172.1.128/25

Revision 0218 Mod 8 - 34

RSP 100 IP Addressing

IPv6 Addressing

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 8 - 35

RSP 100 IP Addressing

IPv6 Addressing

• The next generation Internet Protocol

• Designed to replace IPv4, which has address limitations

• Documented in Request For Comment (RFC) 2460

• Supports 340 undecillion (3.4×1038) addresses

• IP addresses are 128-bit represented in hexadecimal format

Example: 2001:0000:130F:0000:0000:00C0:876A:12EB

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The successor to IPv4 is IPv6. IPv4 uses 32-bit addresses (4 billion, or 4.3×109,
addresses) while IPv6 uses 128-bit addresses (340 undecillion, or 3.4×1038
addresses).

Revision 0218 Mod 8 - 36

RSP 100 IP Addressing

IPv6 Header

• Basic IPv6 forwarding uses the IPv6 header

• IPv6 packet handling, security options, and many other functions are represented by fields
in IPv6 extension headers
• IPv6 addresses are 128 bits long, are represented in hexadecimal form and use colon-
separated fields of 16 bits, e.g. 1234:5678:DEF0:1234:5678:9ABC:DEF0

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 8 - 37

RSP 100 IP Addressing

IPv6 Address Classes

• Unicast: Single interface addressing with three types1:

– Global unicast: Publicly routable addresses (Same as IPv4 unicast)
– Unique local: Not publicly routable but can be routed within a private network (similar to IPv4 private
addresses)
– Link-local: Not routable at all, packets stay on the local link, like a loopback address
• Multicast2: Identifies a group of interfaces (same as IPv4)
• Anycast: Identifies a group of interfaces on different nodes
– The same anycast address is assigned to multiple nodes
– Packets that are sent to the anycast address go to the closest node interface configured with the anycast
address

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: IPv6 defines three unicast address types:

• Global unicast identifies a single interface. A packet sent to a unicast address is
delivered to the interface identified by that address. It can be link-local scope,
unique local scope, or global scope. Global unicast addresses are globally routable
public IP addresses.
• Unique local addresses are designed to be used for addressing within a private
network, similar to how IPv4 private address are used. Unique local addresses
replaced site-local addresses (which are deprecated) in RFC 4193.
• Link-local provides an address used on a single link and is required on each
physical interface. Link-local addresses are used for addressing on a single link
providing automatic address configuration, neighbor discovery. Link-local address
are not advertised by routing protocols and is used for communication between
directly connected devices.
Note: Site-local unicast addresses where deprecated as of RFC 4291.
Footnote 2: There are no broadcast addresses in IPv6. Multicast addresses have
superseded this function.

Revision 0218 Mod 8 - 38

RSP 100 IP Addressing

IPv6 Address Representation

• Two options are defined to shorten IPv6 address expressions

– Leading zeros in each 16-bit field are optional
Standard Expression Shortened Expression
2001:0000:130F:0000:0000:00C0:876A:12EB 2001:0:130F:0:0:00C0:876A:12EB

– The double colons ( :: ) represent two or more consecutive fields of zeros

• The double colon may be used only once in an address
Standard Expression Shortened Expression
2001:0:130F:0:0:C0:876A:12EB 2001:0:130F::C0:876A:12EB
2001:0:0:0:0:0:0:1 2001::1
0:0:0:0:0:0:0:1 ::1
0:0:0:0:0:0:0:0 ::
2001:0:130F:0:0:C0:876A:12EB 2001::0:130F::C0:876A:12EB
Example of incorrect use

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 8 - 39

RSP 100 IP Addressing

IPv6 Global Unicast Address Format

• Uses 128-bit address format composed of eight fields of 16-bit hexadecimal values,
separated by colons (:)
• Network prefix: The first four 16-bit fields denote the network prefix
– Global routing prefix: The first three fields (48 bits) are the global routing prefix which is the value
assigned to a site
– Subnet ID: The fourth field (16 bits) is the subnet ID, used to identify links within a site
• CIDR notation is used to define networks
• Interface ID: The last four 16-bit fields denote the host IDs

Network Prefix Interface ID Mask

2001:0000:130F:0000 : 0000:00C0:876A:12E/64
Global Routing Prefix Subnet ID

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 8 - 40

RSP 100 IP Addressing

Unique Supporting Protocols for IPv6

• Neighbor Discovery Protocol

• Operates at the link layer
• Is responsible for:
– Address auto configuration of nodes
– Discovery of other nodes on the link
– Determining the link layer addresses of other nodes
– Duplicate address detection
– Finding available routers and Domain Name System (DNS) servers
– Address prefix discovery
– Maintaining reachability information about the paths to other active neighbor nodes

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

IPv6 nodes on the same link use the Neighbor Discovery Protocol (NDP) to discover
each other's presence, to determine each other's link-layer addresses, to find routers,
and to maintain reachability information about the paths to active neighbors.
NDP performs functions for IPv6 similar to the tasks performed by Address Resolution
Protocol (ARP) and Internet Control Message Protocol (ICMP) for IPv4. However, NDP
was designed specifically for IPv6 and provides many enhancements, such as
formalizing the processes of router discovery and address resolution. It also includes
Neighbor Unreachability Detection (NUD), which improves the ability for packets to
be delivered if routers or links fail.
ICMPv6 packet types:
• Router solicitation
• Router advertisement
• Neighbor solicitation
• Neighbor advertisement
• Redirect

Revision 0218 Mod 8 - 41

RSP 100 IP Addressing

LAB EXERCISE

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 8 - 42

RSP 100 IP Addressing

End of Module 8
IP Addressing

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 8 - 43

RSP 100 IP Routing Fundamentals

Module 9
IP Routing Fundamentals

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 1

RSP 100 IP Routing Fundamentals

Legal Disclaimer

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 2

RSP 100 IP Routing Fundamentals

Objectives

• After completing this module, attendees will be able to:

– Explain packet forwarding end-to-end process and flow
– Describe Address Resolution Protocol (ARP)
– Describe IP routing tables and routing types
– Explain route metrics and their effects
– Describe Equal-Cost Multi-Path (ECMP) routing
– Describe static and dynamic routing methods

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 3

RSP 100 IP Routing Fundamentals

IP Routing

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 4

RSP 100 IP Routing Fundamentals

Introduction to IP Routing

• IP routing is the process of selecting paths in a network along which to send network
traffic
– Data is routed across networks through a series of routers
– A set of IP routing protocols1 determine the path that data follows across networks from source to
destination
– The routing protocols enable routers to build up a forwarding or routing table that correlates destination
networks with next hop addresses

Network Routing Protocol

20.0.0.0/8

Network
Network 30.0.0.0/8
60.0.0.0/8

Network Network
50.0.0.0/8 40.0.0.0/8

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Common protocols include:

• Exterior gateway protocols
• Border Gateway Protocol (BGP )
• Interior gateway protocols
• Open Shortest Path First (OSPF)
• Routing Information Protocol (RIP)
• Intermediate system-to-intermediate system (IS-IS)

Revision 0218 Mod 9 - 5

RSP 100 IP Routing Fundamentals

Data Forwarding Decisions

• Directly connected network

– If the destination IP address of the packet belongs to a device on a network directly connected to one of
the router’s interfaces, that packet is forwarded directly to that device
• This means that the destination IP address of the packet is a host address on the same network as this router’s
interface
• Remote network
– If the destination IP address of the packet belongs to a remote network, the packet is forwarded to
another router
• No route determined
– If the destination IP address of the packet does not belong to either a connected or known remote
network and the router does not have a default route1, the packet is discarded
– The router sends an Internet Control Message Protocol (ICMP) Network Unreachable message to the
source IP address of the packet

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: The default route, sometimes referred to as gateway of last resort, is a

method of identifying a path to unknown remote networks. It is used to prevent the
discarding packets destined for unknown destinations. Ideally, the forwarding path
leads to a router with more knowledge of the network.

Revision 0218 Mod 9 - 6

RSP 100 IP Routing Fundamentals

Routing Tables

• A router uses its routing table to determine the next hop for the packet's destination and
forwards the packet appropriately
– The next router repeats this process using its own routing table until the packet reaches its destination
– At each stage, the IP address in the packet header is used to determine the next hop
– If either a destination network or a default route are not in the routing table, the packet is dropped

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 7

RSP 100 IP Routing Fundamentals

Routing Tables (cont.)

Network Routing Protocol

20.0.0.0/8 Router C

Network
Network 30.0.0.0/8
Router E 60.0.0.0/8

Network Network
Router D 50.0.0.0/8 Router B 40.0.0.0/8 Router A

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 8

RSP 100 IP Routing Fundamentals

Routing Tables (cont.)

• Destination and NetMask — The destination network and network mask of the route
• Gateway — The next-hop router
• Port — The local router port used to send packets to the destination route
• Cost — The route's cost or metric1
• Type — The source of the learned route

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: The cost in the output provided displays two values, the administrative
distance and the cost of each route. The cost value is used for comparison within a
single route source, while the administrative distance is a comparative value between
route sources. In the example, the route identified as Connected (D) has an
administrative distance of 1 and a cost of 1. The routes identified as OSPF (O) have
costs ranging between 2-3 and an administrative distance of 110. The topic of
administrative distance will be covered more thoroughly in upcoming slides.

Revision 0218 Mod 9 - 9

RSP 100 IP Routing Fundamentals

Learning IP Routes

• Routing tables are populated by:

– Directly connected routes — The networks that are directly connected to the router are always known
and added to the routing table
• A router knows a network is reachable because it has an interface in the address range
– Static routes — Manually configured on the router
• Network Administrator instructs a router to send packets for remote network to another neighboring router
– Dynamic routes — A routing protocol populates routes it has learned from other routers
• A router learns of remote networks from a neighboring router

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 10

RSP 100 IP Routing Fundamentals

IP Routing Packet Walk

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 11

RSP 100 IP Routing Fundamentals

IP Routing Packet Walk – Overview

• Host A wants to send a packet to Host B

• Host A and Host B are different IP subnets, separated by routers A and B
• Host A creates and IP Packet, but must encapsulate it in an Ethernet Frame for forwarding

PC Router Router PC
“Host A” “Router A” “Router B” “Host B”
10.1.200.0/24 If 1 If 2 172.16.1.0/30 If 1 If 2 192.168.18.0/24

.100 .1 .1 .2 .1 .100

SRC MAC DST MAC SRC IP DST IP

HostA ??? 10.1.200.100 192.168.18.100

• How does Host A learn the MAC address of Host B?

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 12

RSP 100 IP Routing Fundamentals

Address Resolution Protocol (ARP)

• If an IP packet is to be delivered, the destination MAC address must be known on the

destination LAN

• For IP packets destined for remote networks, the Gateway router MAC address must be
known

• ARP is a Layer 2 (L2) protocol used to determine a MAC address when only an L3 IP address
is known
– Each device caches any discovered MAC addresses in a table
• The table is a mapping of IP addresses to MAC addresses
• Addresses are typically cached for 300 seconds by default
– ARP is defined in RFC 826

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

If a host wants to send a message to some other device on the LAN and knows its
destination IP address, the host must discover the Ethernet MAC address of the
target. This requirement occurs because Ethernet hardware does not understand IP
protocols or IP addresses. The destination IP address is associated with a MAC
address belonging to the target, and is present on the LAN.
Before sending an IP packet, the host must send a broadcast message onto the LAN
using ARP to discover the MAC address of its intended target. The switch or router
that has that MAC address in its tables can now send its IP packet to the destination.
The host’s operating system also stores the newly discovered MAC address in a table
(the result is cached). This table of mappings from IP addresses to MAC addresses is
retained and consulted multiple times, so the ARP discovery procedure only has to be
performed if the ARP cache does not have an entry.
A timer is set when information is entered into the ARP cache. Mappings occur when
the timer expires (five minutes by default for most devices).

Revision 0218 Mod 9 - 13

RSP 100 IP Routing Fundamentals

ARP in Routed Networks

• The sending device checks to see if the destination is in the same IP subnet
– If yes, source will ARP for the destination MAC address
– If no, source will ARP for the default gateway MAC address
• Routers ARP for the MAC address of the next hop router on each LAN until the destination
subnet is reached
• The router on the destination LAN will ARP for the destination MAC address

PC Router Router PC
“Host A” “Router A” “Router B” “Host B”
If 2 If 2

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 14

RSP 100 IP Routing Fundamentals

IP Routing Packet Walk – Step 1

• Assume there are no ARP entries in the Host A MAC table

• Host A knows Host B is in a different IP subnet
• Host A sends ARP request for MAC address of 10.1.200.1
• RouterA responds providing the interface 1 (if 1) MAC address
• Host A creates an Ethernet Frame

PC Router Router PC
“Host A” “Router A” “Router B” “Host B”
10.1.200.0/24 If 1 If 2 172.16.1.0/30 If 1 If 2 192.168.18.0/24

.100 .1 .1 .2 .1 .100

SRC MAC DST MAC SRC IP DST IP

HostA RouterA-if1 10.1.200.100 192.168.18.100

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

If the destination host’s network was the same as the source host’s, then the
destination host would be considered local and on the same subnet.
Host A takes its own IP address and subnet mask and determines its own network
address and then doing the same operation with the destination IP and destination’s
subnet mask and comparing the results.
If they are the same then destination Host B would be considered local; otherwise
the packets will be forwarded to the default gateway in order to be sent to a remote
host.
In this example the destination Host B’s Network ID of 192.168.18.0 is different from
the source Host A’s Network ID of 10.1.200.0 and therefore the packets will need to
be routed to the destination Host B.
The source, Host A, must check its own Local Route Table for its default gateway (this
is the general behavior unless a special route has been defined).
The default gateway IP is the IP of the routing interface for that subnet.
In this example it is 10.1.200.1 which is the IP of RouterA Interface 1.
Since this is an Ethernet LAN, Host A will need to encapsulate the frame in order to
send it to the RouterA interface 1 and to do so it needs to know the MAC address of
the router interface.
If it is not in its local cache, an ARP broadcast will need to be initiated in order to send
the encapsulated frames to the routing interface: if1 on RouterA.

Revision 0218 Mod 9 - 15

RSP 100 IP Routing Fundamentals

IP Routing Packet Walk – Step 2

• RouterA receives packet and examines destination IP address

• RouterA checks routing table for remote network
– Known through RouterB
• RouterA creates new Ethernet Frame
– IP payload does not change

PC Router Router PC
“Host A” “Router A” “Router B” “Host B”
10.1.200.0/24 If 1 If 2 172.16.1.0/30 If 1 If 2 192.168.18.0/24

.100 .1 .1 .2 .1 .100

SRC MAC DST MAC SRC IP DST IP

RouterA-if2 RouterB-if1 10.1.200.100 192.168.18.100

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Once Interface 1 on RouterA receives the Ethernet frame it looks at the destination
MAC address of the frame to check it if matches his own in order to determine if he is
the recipient of the frame.
In this case RouterA interface 1 is the default gateway of Host A and therefore the
intended recipient.
RouterA checks the frame’s Type field of 0x800 which indicates that there is an IP
packet in the data portion of the Ethernet frame.
RouterA then proceeds to decapsulate the Ethernet frame in order to analyze the
destination IP of the packet.
The Router must then consult its routing table to determine what to do with the
packet:
In general terms it looks to identify network routes in its table which would include
the destination IP address as a host address on that network.
After viewing RouterA’s routing table it finds that the network address of
192.168.18.0 is the destination network where these packets need to be routed.
It also learns that the next hop IP of 172.16.1.2 which represents the next stop for
the packets on its way to the 192.168.18.0 network and this can be reached
through local interface 2.
In order for RouterA to do the frame encapsulation process it needs to know the MAC
address of the 172.16.1.2 interface. It must check its local ARP cache and again if the
MAC address is not found, it must send an ARP broadcast to request the MAC

Revision 0218 Mod 9 - 16

RSP 100 IP Routing Fundamentals

address.
Also note that it also will decrement the Time to Live field of the packet (in the IP header) by
1. The packet is then sent on the wire.

Revision 0218 Mod 9 - 16

RSP 100 IP Routing Fundamentals

IP Routing Packet Walk – Step 3

• RouterB receives packet and examines destination IP address

• Destination IP address is on a local, directly connected network
• RouterB creates new Ethernet Frame
– IP payload does not change

PC Router Router PC
“Host A” “Router A” “Router B” “Host B”
10.1.200.0/24 If 1 If 2 172.16.1.0/30 If 1 If 2 192.168.18.0/24

.100 .1 .1 .2 .1 .100

SRC MAC DST MAC SRC IP DST IP

RouterB-if2 HostB 10.1.200.100 192.168.18.100

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Once Interface 1 on RouterB receives the Ethernet frame, it looks at the destination
MAC address of the frame to check it if matches its own in order to determine if it is
the recipient of the frame.
In this case, RouterB interface 1 is the next hop IP of RouterA and therefore the
intended recipient.
RouterB checks the frame’s Type field of 0x800 which indicates that there is an IP
packet in the data portion of the Ethernet Frame.
RouterB then proceeds to decapsulate the Ethernet frame in order to analyze the
destination IP of the packet.
RouterB must then consult its routing table and finds that the Network Address of
192.168.18.0 is the destination network where these packets need to be forwarded
and this is a directly connected route in its table through interface 2
In order for RouterB to do the frame encapsulation process it needs to know the MAC
address of the final destination host B with the IP 192.168.18.100.
RouterB will check its local ARP cache again and if the MAC address is not found it
must issue an ARP broadcast to resolve the IP Address to a matching physical MAC
address.
Notice that only the source and destination MAC addresses are all that change. Now
the frame(s) are sent on the wire.

Revision 0218 Mod 9 - 17

RSP 100 IP Routing Fundamentals

Routing Metrics

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 18

RSP 100 IP Routing Fundamentals

Routing Metrics

• Metrics assign value to routes that allow for comparison

• Metric comparison lead to best route selection

• A router chooses the gateway with the lowest metric

• Metric values
– Hop count – Routing Information Protocol (RIP)
– Aggregated path cost – Open Shortest Path First (OSPF)
– Path length – Border Gateway Protocol (BGP)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

In order to determine the optimal path among the available path in the network, a
router uses a routing metric. Routing metrics contain many different parameters and
other factors that are used by the router to determine points for comparisons among
the available paths. It is typically one of many fields in a routing table. For each path,
a cost is calculated; the cost varies depending on the routing protocol used.
The cost calculation takes into account bandwidth, path reliability, and hop count.

Revision 0218 Mod 9 - 19

RSP 100 IP Routing Fundamentals

Route Selection Priority

• A Routing Table Manager (RTM) determines which routes are added to the IP route table

• Each routing protocol selects it’s best discovered path based on metrics

• The best path from each protocol is submitted to the RTM

• If multiple routes to the same destination network are submitted by multiple, different
routing protocols, the RTM will select the route submitted by the routing source with the
most favorable Administrative Distance

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

A routing metric is specific to a certain routing protocol. As a result, multi-protocol

routers must use some external rule to select among routes learned from different
routing protocols. Different protocols are used for different applications (for example,
protocols such as Open Shortest Path First are generally used for routing packets
between subnetworks within an organization’s network, and protocols such as Border
Gateway Protocol are used for routing outside of them).

Revision 0218 Mod 9 - 20

RSP 100 IP Routing Fundamentals

Administrative Distance

• Used to select the best path when two or

Default
more routes from two different routing Protocol Administrative
sources exist Distance
– Each routing source is prioritized in order of Directly connected
0
preference route
– Uses an administrative distance value1 Static route to a local
0
– A lower numerical value is preferred interface
– Common default values are shown and are Static route to next hop
1
configurable address
External BGP 20
OSPF 110
IS-IS 115
RIP 120
Internal BGP 200
Unknown 255

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: An administrative distance of 255 will cause the router to ignore the
route entirely and not use it.
Path selection involves applying a routing metric to multiple routes, in order to select
(or predict) the best route.
In the case of computer networking, the metric is computed by a routing algorithm,
and can cover such information as bandwidth, network delay, hop count, path cost,
load, MTU, reliability, and communication cost . The routing table stores only the best
possible routes.
Because a routing metric is specific to a given routing protocol, multi-protocol routers
must use some external weighting in order to select between routes learned from
different routing protocols.
Administrative distance is the measure used to select the best path when there are
two or more different routes to the same destination from two different routing
protocols. Administrative distance defines the reliability of a routing protocol. Each
routing protocol is prioritized in order of most to least reliable using an administrative
distance value. A lower numerical value is preferred, e.g. an OSPF route with an
administrative distance of 110 will be chosen over a RIP route with an administrative
distance of 120.

Revision 0218 Mod 9 - 21

RSP 100 IP Routing Fundamentals

Equal-Cost Multi-Path (ECMP)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 22

RSP 100 IP Routing Fundamentals

Equal-Cost Multi-Path (ECMP) Routing

• Routing strategy using distributing data across paths of equal cost towards a destination
– RTM installs multiple paths of equal cost into the routing table
– Distribution algorithms attempt to leverage each path equally
• Different packet flows will follow different paths

Core Router
Core 1
Router Router
Edge A Core Router Edge B
Packet Flow 1 Core 2
Packet Flow 2
Packet Flow 3 Core Router
Packet Flow 4 Core 3
Core Router
Core 4

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 23

RSP 100 IP Routing Fundamentals

Benefits of ECMP

• Splitting traffic over multiple paths avoids congestion and provides additional bandwidth

• Minimizes delay when link failure occurs on single path

– Alternate paths are already installed in routing table
– No new route calculations are needed

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 24

RSP 100 IP Routing Fundamentals

Routing Methods

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 25

RSP 100 IP Routing Fundamentals

Static Routes

• A static route is created manually by a network administrator1 and is locally significant2

• Each router in a data path needs a next-hop route to reach the destination

Router A Router B Router C

10.1.2.2/30 10.1.1.2/30

192.168.1.0/24 10.1.2.1/30 10.1.1.1/30 172.16.1.0/24

Generic Configuration Example

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: A static route is a route manually created by a network administrator to

instruct a router how to reach a particular remote network. A local next-hop IP
address or a local outgoing interface number can be used in the static route
configuration.
Footnote 2: Static routes (when no routing protocols are employed) are only
applicable to the router they are configured on. This means that static routes are
likely required on all routers in a data path to allow end-to-end communications.
Routing is needed when data needs to reach a remote network that is not directly
connected to the local router.
Static routes can be pulled from the route table if: next-hop interface is down or next-
hop itself is down.
The example in the slide above shows how static routes are configured for the routers
to allow connectivity between the two hosts on the remote networks. However, this
does not mean that all devices in the data path can reach each other. With only the
configuration information provided, Router A is incapable of communicating directly
with Router C. For Router A to communicate with Router C, Router A would require a
static route to the 10.1.1.0/30 network and Router C would require a static route to
10.1.2.0/30.

Revision 0218 Mod 9 - 26

RSP 100 IP Routing Fundamentals

Static Routes (cont.) 153_staticRoutes.png

Router A Router B Router C

10.1.2.2/30 10.1.1.2/30

192.168.1.0/24 10.1.2.1/30 10.1.1.1/30 172.16.1.0/24

Generic Output Example

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 27

RSP 100 IP Routing Fundamentals

Default Routes

• A default route is a routing table entry used to route packets when an explicit route to a
destination network is not in the routing table1
– Last resort in the order of execution of the routing table

• Most routers support explicit default routes:

– IPv4 default route is entered as all zero-bit address with all zero-bit subnet mask
• Dotted decimal notation: 0.0.0.0 0.0.0.0
• CIDR notation: 0.0.0.0/0
– Can be a static route or learned dynamically by a routing protocol such as OSPF

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: A default route, also known as the gateway of last resort, is the network
route used by a router when no other known route exists for a given IP packet's
destination address. All the packets for destinations not known by the router's
routing table are sent to the default route. This route generally leads to another
router, which treats the packet the same way: If the route is known, the packet will
get forwarded to the known route. If not, the packet is forwarded to the default-route
of that router which generally leads to another router. And so on.
The default route in IPv4 (in CIDR notation) is 0.0.0.0/0, often called the quad-zero
route. Since the subnet mask given is /0, it effectively specifies no network, and is the
"shortest" match possible. A route lookup that doesn't match anything will naturally
fall back onto this route. Similarly, in IPv6 the default address is given by ::/0.
Routers in an organization generally point the default route towards the router that
has a connection to a network service provider. This way, packets with destinations
outside the organization (typically to the Internet, WAN, or VPN) will be forwarded by
the router with the connection to that provider.

Revision 0218 Mod 9 - 28

RSP 100 IP Routing Fundamentals

Default Routes (cont.)

ISP 1 ISP 2
Router A Router B Router C
156.10.20.21/30 156.10.20.22/30 10.1.2.2/30 10.1.1.2/30 199.28.12.14/30 199.28.12.13/30

192.168.1.0/24 10.1.2.1/30 10.1.1.1/30 172.16.1.0/24

Generic Configuration Example

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The configuration example above is adding two static default routes on Router_A.
One static route points to ISP 1 with a default metric of 1. The second command adds
another static default route pointing to ISP 2, however this route has a metric of 5. In
this scenario, the ISP 1 route would be added to the routing table and the ISP 2 route
would only be used in the event of a failure on the link connecting to ISP 1.

Revision 0218 Mod 9 - 29

RSP 100 IP Routing Fundamentals

Default Routes (cont.)

Generic Output Example

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The example output shows a default route that has been statically configured on
Router_A.

Revision 0218 Mod 9 - 30

RSP 100 IP Routing Fundamentals

Routing Protocol Types

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 31

RSP 100 IP Routing Fundamentals

Autonomous System (AS)

• A group of routers under mutual administration that share the same routing methodology1
• An enterprise network or ISP network are examples of an individual AS
• Exchange routing information using Interior Gateway Protocols

Autonomous System (AS)

Routing Protocol
Router A Router B

Router C Router D Router E

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: The Internet, for the purpose of routing, is divided into Autonomous
Systems. An AS is a group of routers that are under the control of a single
administration and exchange routing information using a common routing protocol.
For example, a corporate enterprise network or an ISP network can usually be
regarded as an individual AS.

Revision 0218 Mod 9 - 32

RSP 100 IP Routing Fundamentals

Interior Gateway Protocol

• An Interior Gateway Protocol (IGP) is a routing protocol used within a single AS1
– Calculates and exchanges route information within a single AS
– Common IGP protocols include:
• Routing Information Protocol (RIP)
• Open Shortest Path First (OSPF)
• Intermediate System-to-Intermediate System (IS-IS)

Autonomous System (AS)

Routing Protocol
Router A Router B

Router C Router D Router E

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: An Interior Gateway Protocol (IGP) calculates routes within a single AS.
The IGP enables nodes on different networks within an AS to send data to one
another. The IGP also enables data to be forwarded across an AS from ingress to
egress, when the AS is providing transit services.

Revision 0218 Mod 9 - 33

RSP 100 IP Routing Fundamentals

Interior Gateway Protocol (cont.)

• RIP is a distance-vector routing protocol

– Uses hop count as its routing metric
– Exchanges routing table with neighbor routers
– Only knows directly attached routes
• Learns routes from neighbor router
– Neighbors directly connected networks
– Networks the neighbor learned from other routers

RIP
Router A Network 1 Router B
Hops 3

Network 2 Network 4 Router E’s Routing Table

Hops 3 Hops 2 Network 5, Next hop router E, Cost 1
Network 4, Next hop router D, Cost 2
Network 3, Next hop router D, Cost 2
Network 3 Network 5 Network 2, Next hop router D, Cost 3
Router C Hops 2 Router D Hops 1 Router E Network 1, Next hop router D, Cost 3

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 34

RSP 100 IP Routing Fundamentals

Interior Gateway Protocol (cont.)

• OSPF and IS-IS are link-state routing protocols OSPF

Router A Router B
– They gather link state information from other routers
– They build a topology map from link state information
• The map is used to calculate the lowest cost path to destination
networks
– Lowest cost route is placed in the routing table
– Converges topology quickly Router C Router D Router E
– Provides a loop-free routing structure Topology Map
Router A Network 1 Router B
Cost 10

Network 2 Network 4
Cost 1 Cost 10

Router D

Network 3 Network 5
Router C Cost 1 Cost 1 Router E

Net 110+10=20 or 1+1+10=12

Net 210+1=11 or 1+1=2
Routing Table
Network 1 next hop router C Cost 12
Network 2 next hop router C Cost 2

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 35

RSP 100 IP Routing Fundamentals

153_exteriorGatewayProtocols.png

Exterior Gateway Protocol

• An Exterior Gateway Protocol (EGP) is a routing protocol used between autonomous

systems
– Calculates and exchanges route information between autonomous systems
– The EGP used by the Internet is the Border Gateway Protocol (BGP)
– The Internet is a partial mesh of autonomous systems interconnected using BGPv4

BGP BGP

BGP

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 36

RSP 100 IP Routing Fundamentals

LAB EXERCISE

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 37

RSP 100 IP Routing Fundamentals

End of Module 9
IP Routing Fundamentals

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 9 - 38

RSP 100 Dynamic IP Routing Protocols

Module 10
Dynamic IP Routing Protocols

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 10 - 1

RSP 100 Dynamic IP Routing Protocols

Legal Disclaimer

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 10 - 2

RSP 100 Dynamic IP Routing Protocols

Objectives

• After completing this module, attendees will be able to:

– Describe OSPF protocol, packet types, area types, and link state advertisement (LSA) types
– Describe the adjacency process, including OSPF area types
– Describe BGP
– Compare Internal BGP (IBGP) and External BGP (EBGP)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 10 - 3

RSP 100 Dynamic IP Routing Protocols

Router ID and Loopback Interfaces

• Router ID
– Layer 3 devices generally use the same identifier for the routing protocols it supports known as a Router
ID
– Simplifies troubleshooting by providing a single value to identify network devices regardless of what
protocol is being used
– Many devices support either manually configured (recommended) or dynamic router id configuration
• Loopback Interface
– Is a virtual interface within a router that emulates many characteristics of a physical interface
– Is always available and can be reached from any incoming physical interface by default1
– Often the Layer 3 address assigned to a loopback is also used as a Router ID

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Because it is not dependent on the health of a physical interface it is

always available providing a stable address or ID to use when communicating to other
network devices. Many times a loopback address is used as the router id ensuring its
accessibility. If physical interfaces fail traffic headed to the loopback can simply be
received on the remaining healthy interfaces and delivered to the loopback for
processing. Other benefits for loopbacks include DHCP relay source, various tunnel
protocols (can be tied to a loopback address) and can be used as a source address for
network monitoring.

Revision 0218 Mod 10 - 4

RSP 100 Dynamic IP Routing Protocols

Open Shortest Path First

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 10 - 5

RSP 100 Dynamic IP Routing Protocols

OSPF Overview

• OSPF is a robust Interior Gateway Protocol (IGP) for medium to large networks
• Route table (topology) is created based on Shortest Path First (SPF) algorithm—Dijkstra’s
algorithm
– Shortest path to a destination network
• Link state routing protocol
– After its initial adjacency process it monitors for changes in the network and sends updates
– No periodic table exchange1
– Link state information is exchanged between neighbors
• Convergence time reduced and increases scalability over distance vector protocols like
Routing Information Protocol (RIP)
• Route metric is based on aggregated link cost

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Unlike older routing protocols like RIP where the whole table is
advertised periodically, OSPF only advertises all routes at its initial adjacency and
partial exchange happens when changes occur. If no changes are detected it will
provide periodic updates every 30 minutes however is only a summarized list of
known routes.
OSPF terminology includes:
• SPF algorithm (shortest path first): Used to calculate the best path to a given
destination.
• Link state routing protocol: Sends LSAs rather than whole routing table.
• LSA: Rather than send the entire routing table, OSPF sends just the state (up or
down) of each link to other routers using LSAs.
• Variable length subnet masking (VLSM): Supported by OSPF because subnet mask
information is associated with each destination address.
• Cost: The OSPF metric based as an integer in the range of 1–65535. The higher the
bandwidth, the lower the cost. The ip ospf cost command is used to set cost on an
interface.
• Areas: To reduce the protocol’s impact on CPU and memory, an OSPF area contains
the flow of routing protocol traffic and makes possible the construction of
hierarchical internetwork topologies.
• Multicast: OSPF uses a reserved multicast address to reduce the impact on non-

Revision 0218 Mod 10 - 6

RSP 100 Dynamic IP Routing Protocols

OSPF speaking devices.

• No periodic updates: After LSA flooding to discover the topology, updates will be sent only
when there are changes.
• CPU and memory intensive: As more routers are added to an area, flooding becomes
more and more resource intensive.
• OSPF-related RFCs: RFC 2328 (OSPF v2) and RFC 1587 not-so-stubby area [NSSA])

Revision 0218 Mod 10 - 6

RSP 100 Dynamic IP Routing Protocols

OSPF Overview (cont.)

• Supports Classless Inter-Domain Routing (CIDR) and VLSM

• Hierarchy based using OSPF areas1
– Decreases routing overhead
– Speeds up convergence
– Provides scalability and reliability by confining network instability to a single area of the network

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: OSPF areas can also have different characteristics such as stubby and no
so stubby. More details on areas will be explained later in this module.

Revision 0218 Mod 10 - 7

RSP 100 Dynamic IP Routing Protocols

153_link
OSPF Terminology

• Link: A router interface is considered a link by OSPF

• Link-state: A link has state information associated with it, for example
– Interface IP address and mask
– Whether the link is up or down
– Link cost
• Link State Database (LSDB): A collection of all LSAs received which is then used to generate a best-path tree
structure

Area 0
Collection of all the link
Link State Database states in a single area
Router A

Router B Router C SPF Algorithm Determines the best path

Cost = 1 Cost = 10
100 Mbps Neighbors 10 Mbps

Cost = 10 Determines the overhead

10 Mbps
OSPF Cost for a given interface

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Link state – or state of a link describes an interface and its relationship to neighboring
routers; includes: IP address of the interface, mask, type of network connected to,
routers connected to that network and so on.
Link state database – collection of all the link states in a single area.

Revision 0218 Mod 10 - 8

RSP 100 Dynamic IP Routing Protocols

OSPF Terminology (cont.)

• Shortest Path First algorithm (SPF): Each router uses the SPF algorithm (Dijkstra algorithm) to build
its own SPF tree, with itself as the root, using the information in the Link State Database
– The SPF tree is used to calculate the shortest path to each destination subnet
– Each router has its own view of the topology as all routers build their own SPF tree

Area 0
Collection of all the link
Link State Database states in a single area
Router A

Router B Router C SPF Algorithm Determines the best path

Cost = 1 Cost = 10
100 Mbps Neighbors 10 Mbps

Cost = 10 Determines the overhead

10 Mbps
OSPF Cost for a given interface

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The Shortest Path First algorithm (SPF) - places each router at the root of a tree and
calculates the shortest path to each destination; each router has its own view of the
topology as all routers build their own SPF tree.
OSPF routes in the routing table - based on the cumulative cost required to reach
that destination following the SPF tree, each router decides which routes to put in
the routing table.

Revision 0218 Mod 10 - 9

RSP 100 Dynamic IP Routing Protocols

OSPF Terminology (cont.)

• Cost (metric): Indicates the overhead required to send a packet across an interface
– Default cost is calculated by dividing reference-bandwidth, 100 Mbps by default, by the link speed1
• 10 Mbps = 10
• 100 Mbps = 1
• 1 Gbps = 1

– Most routers Area 0

Collection of all the link
Link State Database
allow the Router A
states in a single area

reference
bandwidth Router B Router C SPF Algorithm Determines the best path
to be Cost = 1
Neighbors
Cost = 10
100 Mbps 10 Mbps
modified2
Cost = 10 Determines the overhead
10 Mbps
OSPF Cost for a given interface

_Reference-Bandwidth_
Link Cost =
Link Speed (Mbps)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: The default cost is calculated by dividing reference-bandwidth (100

Mbps) by the link speed rounded up to a whole number:
• For 10 Mbps links: 100 Mbps / 10 = 10
• For 100 Mbps links: 100 Mbps / 100 = 1
• For 1000 Mbps links: 100 Mbps / 1000 = 0.1 = 1 (must be rounded up to a whole
number)
• For 10,000 Mbps links: 100 Mbps / 10000 = 0.01 = 1 (must be rounded up to a
whole number)
Example:
If reference bandwidth is set to 10,000 (10 Gig)
A ISDN 128K would have a cost of 78125
A T1 1.444 meg would have a cost of 6476
A 10 Mbps would have a cost of 1000
If reference was set to 100,000 (100 Gig)
A T1 would have a cost of 64766
Footnote 2: When the default reference bandwidth is adjusted it is important to
maintain the same values on all routers in the network.
Link Cost: Unlike the Spanning Tree Protocol, OSPF does not specify how costs are
assigned to links. Assignment of an individual link cost is left to the network
administrator. In one OSPF AS, link costs may reflect the delay of the links. In another

Revision 0218 Mod 10 - 10

RSP 100 Dynamic IP Routing Protocols

AS, monetary costs may be used. For the sake of OSPF link cost is a dimensionless number
ranging 1 to 65,535.
Cost is per Interface - A single Link in OSPF can have 2 costs. One at each end of the link, or
in other words each of the two interfaces on the two different routers the link joins together.
Cost (or metric) of an interface in OSPF is an indication of the overhead required to send
packets across a certain interface. The cost of an interface is usually configured to be
inversely proportional to the bandwidth of that interface. A higher bandwidth indicates a
lower cost.

Revision 0218 Mod 10 - 10

RSP 100 Dynamic IP Routing Protocols

153_link
OSPF Terminology (cont.)

• Area: A grouping of OSPF routers identified by an area ID

– Since a router can be a member of more than one area, an area ID is assigned to each router interface

– In multi-area environments
all other areas need a direct New York

connection to area 0, also LS Database Area 3

Area 3
known as the backbone area

Los Angeles

San Jose

Area 2
Area 0
Backbone
LS Database Area 0

LS Database Area 2
Link State Advertisements

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 10 - 11

RSP 100 Dynamic IP Routing Protocols

94_linkStateBehavior.png
OSPF Terminology (cont.)

• Area IDs can be configured as:1

– A decimal value of 0 - 2,147,483,647
– A quad-dotted-decimal notation similar to an IP address, for example:
• 0.0.0.0
• 0.0.1.15

• Both methods are equivalent:

– area 0 and area 0.0.0.0
– area 16 and area 0.0.0.16
– 271 and area 0.0.1.15

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: It is best practice to select one or the other method to define OSPF areas
within your environment rather than mix both methods in the same environment.

Revision 0218 Mod 10 - 12

RSP 100 Dynamic IP Routing Protocols

153_multi

OSPF Terminology (cont.)

• OSPF Autonomous System (AS)

– The entire OSPF routing domain

Internet
BGP
Area 0
Backbone

Area 2

Area 3

Internal RIP
Routers

OSPF Autonomous
System

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

OSPF Autonomous System (AS) – the entire OSPF routing domain. An OSPF AS can be
divided into multiple areas.

Revision 0218 Mod 10 - 13

RSP 100 Dynamic IP Routing Protocols

OSPF Terminology (cont.)

• Area Border Router (ABR): A router that connects one or more areas to the backbone
– Considered a member of all areas it is connected to
– Each ABR maintains a separate topological database for each area the router is in
Internet
• Autonomous System BGP
Boundary Router (ASBR): Area 0
Backbone
A router that is sharing IP
information from a source ASBR
ABR
other than OSPF with ABR
routers inside the OSPF
Area 2
autonomous system ASBR

Area 3
Internal
Routers
RIP

OSPF Autonomous
System

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The following discussion is useful for understanding metric values in the OSPF lab for
routes originating from External Subnets. Although the details are beyond the scope
of this course, the information is here for completeness.
OSPF’s Four Level Routing Hierarchy
Level Description
1 Intra-area routing
2 Inter-area routing
3 External Type 1 Metrics
4 External Type 2 Metrics
If there are two routing paths to choose from, paths that are internal to an OSPF
routing domain are preferred over external routes. External routes can be imported
into the OSPF domain at two separate levels, one that has Type 1 Metrics and the
other Type 2 Metrics. The use of Type 1 metrics assumes that in the path from the
OSPF router to the destination, the internal OSPF AS component (path to the ASBR
advertising the AS-external-LSA) and external component are of the same
importance. In Type 2 metrics, it is assumed that the external component is more
significant than the internal component.
In the OSPF labs that involve routes to destinations outside of the OSPF autonomous
system, the metric is set to 10. The aggregate cost to these external destinations
does not change when viewed from different routers, since the internal costs are not
important. But the cost of Intra-area and Inter-area destinations does change
depending on which router the cost is observed.

Revision 0218 Mod 10 - 14

RSP 100 Dynamic IP Routing Protocols

153_link
OSPF Link State Behavior

• Link State Advertisement: An LSA is an OSPF advertisement containing link-state and

routing information that is shared between adjacent routers

• OSPF Link State process: New York

LS Database Area 3
– Link State Advertisements Area 3

exchanged between routers

– Topology Database is built
– Router runs Shortest Path First Los Angeles

(SPF) algorithm to calculate the

best path San Jose

– SPF tree is generated

Area 2
– Best routes are selected from SPF tree, and Area 0
submitted to the route table manager, Backbone
LS Database Area 0
based on cost to individual networks
LS Database Area 2
Link State Advertisements

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Creating a Data Base - Each router receiving an LSA from a neighbor records the LSA
in its Link State Database, and sends a copy of the LSA to all of its other neighbors
(this is called flooding LSAs).
LSA flooding - By flooding LSAs throughout an area, all routers will build identical link
state databases.
SPF tree - When the databases are complete, each router uses the SPF algorithm to
calculate a loop free graph describing the shortest (lowest cost) path to every known
destination, with itself as the root. This graph is the SPF tree.
Routes are placed into the route table - Each router builds its route table from the
SPF tree based on the cost to each network.

Revision 0218 Mod 10 - 15

RSP 100 Dynamic IP Routing Protocols

OSPF Packets

• OSPF packets uses a specific IP protocol number 89

– Not TCP or User Datagram Protocol (UDP)

• Sent as multicast packets on broadcast networks

– All OSPF multicast packets are sent with a time to live (TTL) of 11

• Two multicast group addresses are reserved for OSPF packets

– 224.0.0.5—The AllSPFRouters multicast group is listened to by all OSPF routers
– 224.0.0.6—The AllDRouters multicast group is listened to by all Designated Routers (DRs) and Backup
Designated Routers (BDRs)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: Two distinct IP multicast addresses are used. Packets sent to these
multicast addresses should never be forwarded; they are meant to travel a single hop
only. To ensure that these packets stay within the broadcast domain and are only
seen by neighbors in the same subnet, the IP TTL is set to 1.
OSPF runs directly over the IP's network layer. OSPF packets are therefore
encapsulated solely by IP and local data-link headers. OSPF is IP number 89.
OSPF multicast addresses include:
• AllSPFRouters: This multicast address has been assigned the value 224.0.0.5. All
routers running OSPF should be prepared to receive packets sent to this address.
Hello packets are always sent to this destination.
• AllDRouters: This multicast address has been assigned the value 224.0.0.6. Both
the DR and BDR must be prepared to receive packets destined to this address.

Revision 0218 Mod 10 - 16

RSP 100 Dynamic IP Routing Protocols

OSPF Packet Types

• Type 1—Hello
– Discovers neighbors and builds adjacencies between them
– Facilitates election of DR and BDR
• Type 2—Database Description (DBD)
– Checks for database synchronization between routers
• Type 3—Link State Request (LSR)
– Requests specific link-state records from router to router
• Type 4—Link State Update (LSU)
– Sends specifically requested link-state records
• Type 5—Link State Acknowledgement (LSAck)
– Acknowledges the receipt of LSAs

Note: OSPF packets will only be sent between neighboring routers; they do not leave their
directly connected networks

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 10 - 17

RSP 100 Dynamic IP Routing Protocols

Hello Packet (Type 1)

The Hello packet initializes and maintains 0 1 2 3

router adjacencies 01234567890123456789012345678901
Version # 1 Packet Length

Router ID

Adjacency depends on the agreement Area ID

of key parameters Hello

Checksum AuType

Authentication

Network Mask

Hello Interval Options Rtr Pri

RouterDeadInterval

Designated Router

Backup Designated Router

Are we neighbors? Neighbor

RTR 1 RTR 2

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Hello Packet terminology includes:

• Version #: The version of OSPF that is being used by the sending router (version 1
and 2); version 1 is obsolete.
• Type: Includes packet types 1 through 5.
• Packet length: The length of header and payload.
• Router ID: Specifies the router ID of the sending router.
• Area ID: This field specifies the area ID of the sending router.
• Checksum: A two-byte checksum field is used to check the message for errors.
Good packets are retained and corrupted packets are dropped.
• Authentication Type and Authentication Data: Routers with unequal
authentication fields will not accept OSPF information from each other.
• Network Mask: A 32-bit field that carries the network mask of the interface of the
sending router. If this mask does not match the mask of the interface on which
the packet is received, the packet will be dropped.
• Hello Interval: The number of seconds that the sending router will wait before
sending the next Hello Packet. If the sending and receiving routers do not have
the same number for this parameter, they will not become neighbors.
• Dead Interval: The number of seconds that the sending router will wait before it
declares a neighbor attached to the interface to be down. If the sending and
receiving routers do not have the same number for this parameter, they will not
become neighbors.
• Router Priority: The priority of this router when selecting a DR and BDR. The

Revision 0218 Mod 10 - 18

RSP 100 Dynamic IP Routing Protocols

default priority is 1.
• Designated Router: The router ID of the DR if known by the sending router. During an
election process, this parameter may be the same as the sending router ID. By default, it
will assume that it is DR until it loses an election.
• Backup Designated Router: The router ID of the BDR if known by the sending router..
• Neighbor Router ID: If the sending router has received a valid Hello from any neighbor
within its Dead Interval, that neighbor’s router ID is included here.

Revision 0218 Mod 10 - 18

RSP 100 Dynamic IP Routing Protocols

Database Description Packet (Type 2)

The Database Description packet summarizes 0 1 2 3

the LSAs contained in the originating 01234567890123456789012345678901
router’s database Version # 2 Packet Length
Router ID
Area ID
DBD
Checksum AuType
Authentication
Hey neighbors, this is Authentication
my current database.
M
Interface MTU Options 00 0 0 0I M
S

DD Sequence Number
RTR 1

An LSA Header

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

DBD packet terminology includes:

Interface maximum transmission unit (MTU): This field contains the size of the largest
IP packet that can be sent to the originator’s interface without fragmentation.
Options: Receiving routers will learn what features are supported by the sending
router. Based on this field, the receiving router chooses which LSAs to send
depending on the other router’s features.
Initial bit (I-bit): The I-bit is set to 1 when the packet is the first packet in a series of
Database Description (DD) packets.
More bit (M-bit): The M-Bit is used to indicate that there are additional DBD packets
to follow. The DBD exchange is complete when the M-bit equals 0.
Master/Slave bit (MS-bit): The MS-bit is set to 1 to indicate that the originator is the
master or controller of the exchange process. The slave will have MS-bit set to 0.
DD sequence number: Ensures that the full sequence of DD packets are received in
the database synchronization process. The master will set this sequence number to a
unique value in the first DD packet of the series, and increment the number as the
exchange progresses.
LSA Headers: List some or all of the headers of the LSAs in the originating router’s
Link State Database. The LSA Headers are strictly for reference between the
neighboring routers.

Revision 0218 Mod 10 - 19

RSP 100 Dynamic IP Routing Protocols

Link State Request Packet (Type 3)

• The Link State Request packet requests

specific LSAs contained in the receiving router’s database

0 1 2 3
01234567890123456789012345678901
Version # 3 Packet Length

Router ID

Area ID
LSR
Checksum AuType
I’ve seen your
database now please Authentication
give me the details of Authentication
these LSAs.
LS Mask

Link State ID
RTR 2
Advertising Router

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

LSR packet terminology includes:

• Link State Type: This is the Link State Type number. It identifies the LSA as a Router
LSA, Network LSA, and so on.
• Link State ID: This is typically the IP address of an interface on a router. The LSA
with this ID will contain the state information about that interface.
• Advertising Router: This is the router ID of the originating router.

Revision 0218 Mod 10 - 20

RSP 100 Dynamic IP Routing Protocols

Link State Update Packet (Type 4)

• The Link State Update packet contains specific LSAs

in response to requests in the LSR packet or
LSAs indicating a change in topology
0 1 2 3
01234567890123456789012345678901
Version # 4 Packet Length

Router ID

Area ID
LSR
Checksum AuType

Authentication
Here are the LSAs that Authentication
you requested.
Number of LSAs

RTR 1 LSAs

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

LSU packet terminology includes:

• Number of LSAs: Indicates the number of LSAs in this packet.
• LSAs: The full description of each Link State is included in this portion of data.

Revision 0218 Mod 10 - 21

RSP 100 Dynamic IP Routing Protocols

Link State Acknowledgement Packet (Type 5)

• The Link State Acknowledgement packet is used to make flooding reliable

0 1 2 3
01234567890123456789012345678901
Version # 5 Packet Length

Router ID

Area ID
LSAck
Checksum AuType

Authentication
Thanks neighbor, I just
received the LSAs. Authentication

Link State ID
RTR 2 An LSA Header
Advertising Router

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The LSAck packet indicates which LSAs have been received. The router responding to
an LSR packet will continue to propagate the requested LSAs until it receives the
corresponding LSA headers in an LSAck packet.
The LSA Headers are strictly for reference between the neighboring routers.

Revision 0218 Mod 10 - 22

RSP 100 Dynamic IP Routing Protocols

Adjacency Process

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 10 - 23

RSP 100 Dynamic IP Routing Protocols

153_helloNeighbors.png

Neighbor Adjacency Process

• Each router discovers neighbors using the Hello packet

In order to become neighbors,

must match
must be unique

Subnet Mask
Router ID
Hello/Dead Intervals
Neighbors
Area-ID
Router Priority
DR Router ID
BDR Router ID
On a broadcast multi-access network such as Ethernet, Auth. Password
Hellos are sent by every router on the subnet to the “ all Stub Area Flag
SFP Routers” multicast group 224.0.0.5.

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 10 - 24

RSP 100 Dynamic IP Routing Protocols

153_buildingAdjacencies.png
Building Adjacencies

• On broadcast/multi-access networks, such as Ethernet, each router forms an adjacency

with the DR and BDR

• DR and BDR: To minimize the amount of information exchanged on a segment, OSPF elects
one router to be a DR and another router to be a BDR on each multi-access segment
– Creates a central
point of contact for
information exchange

BDR Adjacencies DR

RouterA

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 10 - 25

RSP 100 Dynamic IP Routing Protocols

153_routerElection.png

Designated Router Election

• Hello packets are sent

• Highest interface priority wins
– If the neighbors share the same priority, the router with the highest router ID is elected to be the DR
• Priority 0 excludes a router from participating in the election process

Priority 0 Priority 1 Priority 1

BDR DR

Priority 30 Priority 40

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Revision 0218 Mod 10 - 26

RSP 100 Dynamic IP Routing Protocols

Neighbor Adjacency Process (cont.)

10.10.10.1 10.10.10.2

Hello
My router ID = 10.10.10.1
Area ID = 0.0.0.2
Network mask = 255.255.255.0
Hello Int = 10 s, Dead Intl = 40 s
Router ID =

INIT STATE
Hello
My router ID = 10.10.10.2
Area ID = 0.0.0.2
Network mask = 255.255.255.0
Hello Int = 10 s, Dead Intl = 40 s
Router ID = 10.10.10.1
2-WAY
ExStart (Exchange Start)
DBD
My router ID = 10.10.10.2
Area ID = 0.0.0.2
Network mask = 255.255.255.0
Hello Int = 10 s, Dead Intl = 40 s
M/S = 1 (Master)

Exchange
DBD
My router ID = 10.10.10.1
Area ID = 0.0.0.2
Network mask = 255.255.255.0
Hello Int = 10 s, Dead Intl = 40 s
M/S = 0 (Slave)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

There are several states within the neighborhood adjacency process, including:
• Down State: The OSPF router has not exchanged any information.
• Init State: When OSPF is enabled, a router enters the Init State and starts to send
Hello packets at regular intervals to the “AllSPFRouters” multicast address. When a
router receives its first Hello, it enters the Init state.
• 2-Way State: As soon as a router recognizes its router ID in the neighbor’s Hello
packet, it transitions to the 2-Way State.
• Exchange Start: The two neighbors negotiate which is the master of the database
exchange. The router with highest router ID becomes the master.

Revision 0218 Mod 10 - 27

RSP 100 Dynamic IP Routing Protocols

153_NAP2.png

Neighbor Adjacency Process (cont.)

10.10.10.1 10.10.10.2

DBD DBD

10.10.10.1 sends an item list 10.10.10.2 sends an item list

of LSAs in its Database of LSAs in its Database
LOADING
LSR
LSR LS Type Link ID Age
10.10.10.3 Rtr 10.10.10.3 0
10.10.10.4 Rtr 10.10.10.4 20
10.10.10.5 Rtr 10.10.10.5 18

10.10.10.1 sends an item list 10.10.10.2 sends back the

of missing LSAs requested LSAs
LSACK
10.10.10.3
10.10.10.4
10.10.10.5

10.10.10.1 sends an acknowledgement

that it has received the LSAs.
Full ADJACENCY

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

There are several states within the neighborhood adjacency process, including:
• Exchange State: The two OSPF neighbors exchange information that describes
what is located in their databases. This is performed using DD packets. A DBD lists
link states by their Link State type (LSType).
• Loading State: When a router sees a difference between Link States in its own
database and what is advertised in the neighbor’s DD packets, it sends out an LSR for
the Link States it is missing. It continues until it has exactly the same database as its
neighbor.
• Full Adjacency: Now that the two neighbors have synchronized databases, they can
execute the SPF algorithm and have consistent routes in their tables, because the
routing tables have been generated from the exact same database.

Revision 0218 Mod 10 - 28

RSP 100 Dynamic IP Routing Protocols

Debug of Neighbor Adjacency Process

SaltLake# debug ip ospf packet detail
OSPF: send to:224.0.0.5 Intf:e 3
Hello L:48 Auth:0 ID:10.2.2.1 DR:0.0.0.0 BDR:0.0.0.0 Init State
OSPF: recv from:192.168.10.1 to 224.0.0.5 Intf:e 3 192.168.10.2 San Diego
Salt Lake
Hello L:48 Auth:0 ID:10.2.0.1 DR:192.168.10.2 BDR:192.168.10.1 Two-way Area 3 192.168.10.1 Area 0
OSPF: send to:192.168.10.1 Intf:e 3
DD L:32 Auth:0 ID:10.2.2.1 0207 seq=000005d2, Cnt:0 Exchange Start
OSPF: recv from:192.168.10.1 to 192.168.10.2 Intf:e 3
DD L:192 Auth:0 ID:10.2.0.1 0200 seq=000005d2, Cnt:3 Exchange
1 Router(1), LSID:10.2.0.1 Adv:10.2.0.1, age=41, len=36, seq=80000003
2 Summary(3), LSID:10.0.0.1 Adv:10.2.0.1, age=36, len=28, seq=80000001
3 Summary(3), LSID:10.0.3.1 Adv:10.2.0.1, age=36, len=28, seq=80000001
OSPF: send to:192.168.10.1 Intf:e 3
LS-Req L:120 Auth:0 ID:10.2.2.1Cnt:3 Loading
1 Router(1), LSID:10.2.0.1 Adv:10.2.0.1
2 Summary(3), LSID:10.0.0.1 Adv:10.2.0.1
3 Summary(3), LSID:10.0.3.1 Adv:10.2.0.1
OSPF: recv from:192.168.10.1 to 192.168.10.2 Intf:e 3
LS-Upd L:260 Auth:0 ID:10.2.0.1 Cnt:8
1 Router(1) Age:42 ID:10.2.0.1 Adv:10.2.0.1 seq:80000003 len:36 Opt:0100 Lk#: 1
2 Summary(3) Age:37 ID:10.0.0.1 Adv:10.2.0.1 seq:80000001 len:28
3 Summary(3) Age:37 ID:10.0.3.1 Adv:10.2.0.1 seq:80000001 len:28
OSPF: send to:224.0.0.5 Intf:e 3
LS-Ack L:184 Auth:0 ID:10.2.2.1
1 Router(1), LSID:10.2.0.1 Adv:10.2.0.1, age=42, len=36, seq=80000003
2 Summary(3), LSID:10.0.0.1 Adv:10.2.0.1, age=37, len=28, seq=80000001
3 Summary(3), LSID:10.0.3.1 Adv:10.2.0.1, age=37, len=28, seq=80000001
Full

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

In the above slide, debug ip ospf packet is enabled on Salt Lake. The link between Salt
Lake and San Diego is down. When the link is connected, the subsequent adjacency
states are revealed by the packets that are transferred.
Note that contents of the packet types are indented under the packet title.
In the “Exchange” block, San Diego has advertised its Database contents. Note that
Salt Lake will recognize its own LSA and LSAs that are from Area 0.
The states that a router passes through during the adjacency process: Init, 2-way,
ExStart(Exchange Start), Exchange, Loading, and Full.
Note: Debug should not remain on after troubleshooting is complete due to its
possible load on the router CPU.

Revision 0218 Mod 10 - 29

RSP 100 Dynamic IP Routing Protocols

Standard OSPF LSAs

Type1 Name Description

Each router generates Type 1 LSAs that list all active OSPF
1 Router LSA
links and their associated costs

Generated by designated routers to announce adjacent

2 Network LSA
routers on a network segment
Generated by ABRs and sent between areas, listing the IP
3 Summary LSA
prefixes available in a neighboring area
4 ASBR Summary LSA Generated by an ABR to advertise the presence of an ASBR

5 AS External LSA Generated by an ASBR to advertise routes external to OSPF

Generated by an ASBR in an NSSA to advertise routes

7 NSSA External LSA
external to OSPF

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Basic LSAs supporting IPv4 networks are described in RFCs 2328 and 3101:
• Type 1: Router LSA
• Type 2: Network LSA
• Type 3: Summary LSA
• Type 4: ASBR Summary LSA
• Type 5: AS External LSA
• Type 7: NSSA External LSA
Footnote 1: OSPFv2 also defines LSAs 9, 10, and 11 for use in Multiprotocol Label
Switching (MPLS) environments. These LSAs are beyond the scope of this class and
will not be discussed further. Types 6 and 8 were experimental LSAs for multicast
OSPF routing and passing BGP attributes through an OSPF network, these LSA types
never passed the experimental stage and were not widely adopted.

Revision 0218 Mod 10 - 30

RSP 100 Dynamic IP Routing Protocols

LSA Header
Link State Update (LSU)
0 1 2 3
01234567890123456789012345678901

• All LSAs (Types 1-5, and 7) utilize Version # 4 Packet Length

the same header information Router ID

Area ID

• Describes advertising router, Checksum AuType

Authentication
sequence number and Authentication

age of the LSA Number of LSAs

• Sequence numbers ensure

LSAs

the most current LSA …

information 0 1 2 3
01234567890123456789012345678901
LS Age Options LS Type

Link-State ID

Advertising Router
LSA Header
LS Sequence Number

LS Checksum Length

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

The LSA Header:

• The first three fields: Age, Sequence Number, and Checksum uniquely identify the
most recent instance of this LSA.
• Link State ID – Identifies the portion of the OSPF domain being described by the
LSA
• Advertising Router – Is always the router that originated the LSA
• Sequence Number – Is incremented each time a new instance of the LSA is
generated. Receiving routers use this to identify the most recent LSA
• Checksum – Is the Fletcher check sum of the LSA contents
• Length – Is the number of octets the LSA occupies, including the header

Revision 0218 Mod 10 - 31

RSP 100 Dynamic IP Routing Protocols

LSA Type 1 – Router LSA 153_LSA-type1.png

• Produced by every OSPF router

• Lists all OSPF interfaces with
associated link costs
• Flooded within the originating area

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

In the graphic above, Router A sends Type 1 LSAs to its neighbor (Router C) describing
its OSPF interfaces, their costs, and states.
In this topology, a broadcast network, Router A sends the Type 1 LSA to the
AllDRouters multicast address (224.0.0.6). The only routers that listen to this
multicast group address are the Designated Router (DR) and Backup Designated
Router (BDR). After being received by the DR, the DR will then re-send the LSA to the
AllSPFRouters multicast address (224.0.0.5) so all non-designated routers can
populate their LSDB.

Revision 0218 Mod 10 - 32

RSP 100 Dynamic IP Routing Protocols

LSA Type 1 – Router LSA Payload

• Number of Links
0 1 2 3
– The total number of different 01234567890123456789012345678901
links advertised in this LSA LS Age Options LS Type

• Link ID Link-State ID

– Identifies the advertised object

Advertising Router

LS Sequence Number
– Dependent on the Link Type field
LS Checksum Length
• Link Data 0 0 Number of Links
V E B
– Cost and state of interface Link ID

• Link Type Link Data

– Describes connection type Link Type Number of TOS Metric

• Point-to-point (1) – OSPF …
neighbor on point-to-point link
TOS 0 TOS Metric
• Connects to transit (2) – OSPF
neighbor on multi-access link Link ID

• Stub network (3) – OSPF interface Link Data

with no OSPF neighbor …
• Virtual link (4)

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

• Router LSA Payload:

• The router LSA is produced by every OSPF router. It lists the routers interfaces,
along with the cost of each link. Router LSAs are only flooded within the OSPF area
in which they were generated.
• The list below describes the fields in the Router LSA packet:.
• V – Is the Virtual Endpoint bit, is set to 1 when the originating router is an end
point of a virtual link
• E – Is the External Bit, is set to 1 when the LSA originates from an Autonomous
System Boarder Router
• B – Is the Boarder Bit, is set to 1 when the LSA originates from an Area Boarder
Router
• Number of Links – Specifies the number of links that this LSA describes
• Link Type – Describes the type of connection that the link provides - 1 is Point-to-
point, 2 is Connection to a transit, 3 is connection to a stub, 4 is a virtual link
• Link ID – Identifies the object to which the link connects
• Link Data – Specifies the cost and state of a router interface

Revision 0218 Mod 10 - 33

RSP 100 Dynamic IP Routing Protocols

LSA Type 2 – Network LSA 153_LSA-type2.png

• Produced by the Designated Router (DR)

• Lists all attached routers (by router ID),
including the DR, on a broadcast
segment to other segments
• Are flooded within the originating area

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

A DR represents itself, and all other routers attached to a multi-access network, to

other networks with Network LSAs. By “other networks”, we mean all other networks
within the OSPF area. Network LSAs do not pass through ABRs into other areas.
In the graphic above, Router C (the DR) sends Type 2 LSAs to neighbors on the
10.10.10.0 network and lists all routers on the 10.10.20.0 network.

Revision 0218 Mod 10 - 34

RSP 100 Dynamic IP Routing Protocols

LSA Type 2 – Network LSA Payload

• Produced by the DR to advertise a multi-access

network and all OSPF routers attached to the network
0 1 2 3
01234567890123456789012345678901

• Notable Fields: LS Age Options LS Type

Link-State ID
– Network Mask
Advertising Router
• Subnet mask of attached LAN segment
– Attached Router ID LS Sequence Number

• The router ID of each OSPF router on the attached network LS Checksum Length

Network Mask

Attached Router ID

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Network LSA Payload:

• Network Mask – This the subnet mask for the network
• Attached Router – This lists the router IDs of all the routers on the network that
are fully adjacent to the DR. It also includes the router ID of the designated router
Note: With the exception of the LSA header, the receiving router does not know the
identity of the DR from the LSA payload.

Revision 0218 Mod 10 - 35

RSP 100 Dynamic IP Routing Protocols

LSA Type 3 – Summary LSA

• Produced by the ABR

• Sent into an area to advertise TYPE 3 LSA
outer-area destinations Link State ID (Network) = 172.16.10.0

• Advertises only the best path to Mask = 255.255.255.0

Area 2
172.16.19.0/24
outer-area routers Metric = 110
LSU
J

ABR
OSPF Area O A B C
LSU

BDR DR 10.10.10.2 10.10.10.1

G F D E TYPE 3 LSA
10.10.20.4 10.10.20.5
10.10.20.2 10.10.20.1 10.10.30.2 Link State ID (Network) = 10.10.10.0
H I Low Speed Mask = 255.255.255.0
10.10.30.1 WAN
Metric = 110
Link State ID (Network) = 10.10.10.0
Mask = 255.255.255.0
Metric = 120

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Type 3 LSAs are produced only by the ABR. They tell routers outside of an area what
destinations are available to the ABR. Note that the above diagram only shows half
the flow of Type 3 LSAs for this two area system. Also, there is the Summary LSAs sent
from the ABR into Area 0 that describe destinations within area 2.
In the above topology, the ABR receives information regarding two paths to the
10.10.20.0 network. One path through router D has a cost metric of 120. The
alternative path through the “Low Speed WAN” is not advertised in the Summary LSA
due to it’s higher cost.
After the ABR has run the SPF algorithm, the alternate path is eliminated and only
forwards the best route to router “J”.

Revision 0218 Mod 10 - 36

RSP 100 Dynamic IP Routing Protocols

LSA Type 3 – Summary LSA Payload

• Produced by the ABR to

advertise networks from
one area into another area
0 1 2 3
01234567890123456789012345678901
LS Age Options LS Type
• Notable Fields: Link-State ID

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Footnote 1: LSA Types 3 and 4 use the same payload format. There are two key
differences in the LSA:
• The Network Mask field for a Type 3 LSA is the network mask for the advertised
network. This field in a Type 4 LSA must be 0.0.0.0
• The Link-state ID field in a Type 3 LSA header is the network number being
advertised. This field in a Type 4 LSA header is the router ID of the ASBR
Summary LSA Payload:
Network Mask – This the subnet mask for the remote-area network.
Metric – This is the cost of the advertised network.
TOS/TOS Metric – These fields are normally set to 0.

Revision 0218 Mod 10 - 37

RSP 100 Dynamic IP Routing Protocols

LSA Type 4 – ASBR Summary LSA

• Originated by the ABR

• Sent into areas that are not connected to the ASBR
• Advertises only the router ID of the ASBR

External Network
TYPE 4 LSA 10.10.60.0/24
10.10.4.0.1
Mask = 0.0.0.0 ASBR
J
Metric = 70 Area
LSU
2 10.10.40.1

ABR 10.10.40.2
A B C
OSPF Area 0 10.10.10.5 Normal
10.10.10.1 Area

Copyright 2018 – ARRIS Enterprises, LLC. All rights reserved

Type 4 LSAs are produced only by the ABR. They inform routers outside of an area of
the presence of an ASBR in an adjoining area.
In order for an OSPF router to utilize external routing information, an LSA for the
originating router advertising external information must be known throughout the
AS. For that reason, the Type 4 LSA identifying these AS boundary routers are
summarized by the ABR.
In the graphic above, the ABR (router C) originates the Type 4 LSA allowing routers in
the adjoining area (area 0) to maintain an LSA identifying the router originating
external routes. This LSA is required for routers in an adjacent area to accept the Type
5 External LSAs advertised by the ASBR.

Revision 0218 Mod 10 - 38

RSP 100 Dynamic IP Routing Protocols

LSA Type 4 – ASBR Summary LSA Payload

• Produced by the ABR to

advertise an ASBR into a
neighboring area 0 1 2 3
01234567890123456789012345678901
LS Age Options LS Type

Link-State ID
• Notable Fields:
Advertising Router
– Link-state ID1
LS Sequence Number
• The router ID of the ASBR
LS Checksum Length
– Network Mask
Network Mask
• Always set to 0.0.0.0
0 Metric
– Metric
TOS TOS Metric
• The ABRs cost to reach the
…
ASBR

ASBR Summary LSA Payload:

Network Mask – Must always be 0.0.0.0
Metric – This is the ABRs cost to reach the ASBR
TOS/TOS Metric – These fields are normally set to 0
Footnote 1: LSA Types 3 and 4 use the same payload format. There are two key
differences in the LSA:
• The Network Mask field for a Type 3 LSA is the network mask for the advertised
network. This field in a Type 4 LSA must be 0.0.0.0
• The Link-state ID field in a Type 3 LSA header is the network number being
advertised. This field in a Type 4 LSA header is the router ID of the ASBR

Revision 0218 Mod 10 - 39

RSP 100 Dynamic IP Routing Protocols

LSA Type 5 – AS External LSA

• Originated by the ASBR

• Advertises an external destination or default route
• Produced in normal areas only

TYPE 5 LSA
10.10.60.0
External Network
Mask = 255.255.255.0 10.10.60.0/24
Metric = 80
Forwarding Address: LSU ASBR
0.0.0.0
J
Area 2
LSU 10.10.40.1
ABR 10.10.40.2
A B C
OSPF Area 0 Normal Area
10.10.10.5
10.10.10.1

Type 5 LSAs, or External LSAs, are originated by ASBRs and advertise either a
destination external to the OSPF system, or default routes external to the OSPF
autonomous system. This type of LSA is not associated with any particular normal
area, and is flooded throughout all normal areas within the OSPF autonomous
system.
In the graphic above, Router A, in OSPF area 0, uses Type 4 and 5 LSAs together to
determine how to access the 10.10.60.0 network, or any network outside the OSPF
autonomous system

Revision 0218 Mod 10 - 40

RSP 100 Dynamic IP Routing Protocols

LSA Type 5 – AS External LSA Payload

• Produced by the ASBR

to advertise external 0 1 2 3
01234567890123456789012345678901
destinations or default route LS Age Options LS Type

Link-State ID

Advertising Router
• Notable Fields: LS Sequence Number
– Link-state ID LS Checksum Length
• The external network address
Network Mask
– Network Mask E 0 Metric
• The subnet mask of the
Forwarding Address
external network
– Forwarding address
External Route Tag

E TOS TOS Metric

• Either 0.0.0.0 or the next-hop
address from the ASBR Forwarding Address

External Route Tag

AS External LSA Payload:

Link-state ID – The external network number being advertised.
Network Mask – This the subnet mask for the external network.
E – A bit that specifies the external metric type (Type 1 or Type 2).
Metric – This is the ASBR’s cost to reach the external network.
Forwarding Address – This value indicates where to send the traffic for the external
network. If the value is 0.0.0.0, traffic is to be sent to the ASBR. The value may be the
next-hop address from the ASBR if:
• OSPF is enabled on the ASBRs next-hop interface
• The ASBRs next-hop interface is not passive
• The ASBRs next-hop interface is not a point-to-point interface
External Route Tag – This field is not used.
TOS/TOS Metric – These fields are normally set to 0.

Revision 0218 Mod 10 - 41

RSP 100 Dynamic IP Routing Protocols

153_LSA

LSA Type 7: NSSA

• Originated by the ASBR

• Advertises an external destination or default route
• Flooded only within the NSSA
• ABR converts a Type 7 LSA to a Type 5 LSA

TYPE 5 LSA
10.10.60.0 External Network
10.10.60.0/24 TYPE 7 LSA
Mask = 255.255.255.0
10.10.60.0
Metric = 80
NSSA Area 2 ASBR Mask = 255.255.255.0
Forwarding Address:
10.10.40.1 Metric = 80
LSA 5 10.10.40.1
Forwarding Address:
ABR 10.10.40.2 10.10.40.1
A B C
OSPF Area 0 10.10.10.5
10.10.10.1 LSA 7

Type 7 NSSA LSAs are originated by ASBRs and advertise either a destination external
to the OSPF system or a default route.
In OSPF area 0, Router A uses Type 4 and 5 LSAs together to determine how to access
the 10.10.60.0 network or any network outside the OSPF AS. Therefore, the ABR
converts the Type 7 NSSA LSAs to Type 5 LSAs.

Revision 0218 Mod 10 - 42

RSP 100 Dynamic IP Routing Protocols

LSA Type 7: NSSA LSA Payload

• Produced by the ASBR to advertise external destinations or default route inside NSSA
• ABR translates it to a Type 5 LSA before forwarding to the backbone area
• Notable fields: 0 1 2 3
01234567890123456789012345678901
– Link State ID
LS Age Options LS Type
– Network mask
Link-State ID
– Forwarding address
Advertising Router
• Either next-hop address from the ASBR or if this is not
LS Sequence Number
a native OSPF route then any forwarding IP on the ASBR
LS Checksum Length

Network Mask

E TOS TOS Metric

Forwarding Address

External Route Tag

NSSA LSA terminology includes:

• Link State ID: The external network number being advertised.
• Network Mask: The subnet mask for the external network.
• E: A bit that is identical to the Type 5 E field.
• Metric: This is the ASBR’s cost to reach the external network.
• Forwarding Address: If the network between the NSSA AS boundary router and the
adjacent AS is advertised into OSPF as an internal OSPF route, the forwarding
address should be the next-hop address. However, if the intervening network is
not advertised into OSPF as an internal OSPF route, the forwarding address should
be any one of the router's active OSPF interface addresses.
• External Route Tag: This field is not used.
• TOS/TOS Metric: These fields are normally set to 0.

Revision 0218 Mod 10 - 43

RSP 100 Dynamic IP Routing Protocols

Examining the Link State Database

• The LSDB maintains all LSAs received and sent from the router
• Example output:
Router# show ip ospf database link-state
Link States
Index Area ID Type LS ID Adv Rtr Seq(Hex) Age Cksum
1 0 Rtr 10.0.0.1 10.0.0.1 800000fe 1083 0x9c75
2 0 Rtr 10.0.3.1 10.0.3.1 800000ff 1639 0x13dc
3 0 Rtr 10.2.0.1 10.2.0.1 80000102 1004 0x52c0
4 0 Net 192.168.20.1 10.2.0.1 800000fc 1079 0x5a64
5 0 Net 192.168.30.2 10.0.3.1 800000fc 1081 0xeac2
6 0 Summ 192.168.10.0 10.2.0.1 800000fb 1000 0xdc07
7 0 Summ 10.2.2.1 10.2.0.1 800000fb 949 0x54f0
8 2 Rtr 10.2.0.1 10.2.0.1 800000fe 964 0x9798
9 2 Rtr 10.2.2.1 10.2.2.1 800000ef 1783 0x63d8
10 2 Net 192.168.10.2 10.2.2.1 800000eb 1753 0xede3
11 2 Summ 10.0.0.1 10.2.0.1 800000fb 1000 0xe658

Index – ID of the entry.

Area ID – ID of the OSPF area.
Type – Link state type of the route.
LS ID – The ID of the link-state advertisement from which the router learned this
route.
Adv Rtr – ID of the advertised route.
Seq(Hex) – The sequence number of the LSA. The OSPF neighbor that sent the LSA
stamps the LSA with a sequence number. This number enables the device and other
OSPF routers to determine which LSA for a given route is the most recent.
Age – The age of the LSA in seconds.
Chksum – The checksum for the LSA packet. The checksum is based on all the fields in
the packet except the age field. The device uses the checksum to verify that the
packet is not corrupted.

Revision 0218 Mod 10 - 44

RSP 100 Dynamic IP Routing Protocols

OSPF Area Types (ABR Filtering)

• Normal: Passes LSA types 3, 4, and 5

• Stub: Passes type 3, does not pass 4 and 5
• NSSA: Like stub, except passes external LSAs out
• Totally Stubby: ABR blocks all LSAs entering area1
ASBR
ABR Area 2 10.10.60.1
Area 0 NSSA
A B C
EBGP Normal
Peer ASBR RIP
BDR DR 10.10.20.2 10.10.20.1
G
ISP F D E
10.10.20.4 10.10.20.5
10.10.30.2
10.10.20.2 10.10.20.1
H
I

Area 5 Area 4 Area 3

Totally Stubby Normal Stubby

Footnote 1: In a totally stubby area, no LSAs from the adjoining area are passed into
the area as Type 3 LSAs. The only Type 3 LSA seen in a totally stubby area is a default
route that is generated by the ABR.
The types of OSPF areas include:
• Normal: OSPF routers within a normal area can send and receive Type 3 Summary
LSAs, Type 4 Autonomous System Border Router (ASBR) Summary LSAs, and Type 5
external LSAs.
• Stub: OSPF routers within a stub area cannot send or receive external LSAs. In
addition, OSPF routers in a stub area must use a default route to the area’s Area
Border Router (ABR) or ASBR to send traffic out of the area.
• NSSA: The ASBR of an NSSA can import external route information into the area.
ASBRs advertise external routes into the NSSA as Type 7 LSAs. Type 7 external LSAs
are a special type of LSA generated only by ASBRs within an NSSA; they are flooded
to all the routers within the NSSA. ABRs translate Type 7 LSAs into Type 5 external
LSAs, which can then be flooded throughout the AS. You can configure address
ranges on the ABR of an NSSA so that the ABR converts multiple Type 7 LSAs into
one AS external LSA.
• Totally stubby: By default, the Layer 3 switch sends summary LSAs (Type 3 LSAs)
into stub areas. You can further reduce the number of LSAs sent into a stub area by
configuring the Layer 3 switch to stop sending summary LSAs into the area.

Revision 0218 Mod 10 - 45

RSP 100 Dynamic IP Routing Protocols

OSPF Authentication

• Authentication can be used to secure the OSPF network

– It prevents the connecting of an unknown router into the AS
• Authentication parameters are carried in every OSPF packet
• Some supported methods of authenticating OSPF packets from neighbors are:
– Simple text password
– MD5 authentication
– No authentication
• Wait timers are used to ensure all OSPF routers are properly configured for authentication
before activating the security policy

Revision 0218 Mod 10 - 46

RSP 100 Dynamic IP Routing Protocols

OSPF Virtual Links

• OSPF requires all non-backbone areas to be directly connected to the backbone area (Area 0)

• Virtual links create a virtual connection through a non-backbone area

• Virtual links are created between ABRs

• To create a virtual link: Area 2

– Both routers must share a common area
– The transit area cannot be a stub area Router A
RID: 10.10.10.1
Router E
RID: 209.157.22.1
– One of the ABRs must be connected to Virtual Link
Area 0

Area 0 Area 5

OSPF virtual links allow administrators to work around the requirement that all other
areas must connect directly to the backbone. If the new area cannot connect directly
to the backbone area, two ABRs are set up to “bridge” the gap and recreate the
connectivity.
The configuration commands pass area information between ABRs in the
intermediary area. From the viewpoint of OSPF, each ABR has a direct connection to
three areas (Area 0, the outlying area, and the area traversed).

Revision 0218 Mod 10 - 47

RSP 100 Dynamic IP Routing Protocols

OSPFv2 vs OSPFv3

• OSPFv2 provides support for IPv4

• OSPFv3 provides support for IPv6

– OSPFv3 adds two LSA types: Link LSA and Intra-Area Prefix LSA

• OSPFv3 is defined in RFC 5340

– Both OSPFv2 and v3 have to be run concurrently to provide dynamic routing for both IPv4 and IPv6 on the
same router (Dual Stacking)

Revision 0218 Mod 10 - 48

RSP 100 Dynamic IP Routing Protocols

Border Gateway Protocol

Revision 0218 Mod 10 - 49

RSP 100 Dynamic IP Routing Protocols

BGP – Border Gateway Protocol Overview

• BGP4 is standard Exterior Gateway Protocol (EGP) used on the Internet today for inter-
domain AS routing

• RFC 4271 (obsoletes RFC 1771) – BGP4 specification

• A path-vector routing protocol

• Two connection types of BGP:

– External BGP (eBGP)
– Internal BGP (iBGP)

• BGP peers only exchange full routing tables at initial connection

Revision 0218 Mod 10 - 50

RSP 100 Dynamic IP Routing Protocols

94_glue_of_internet.png
The "Glue of the Internet"

• BGP is used to link customer sites to ISPs and ISPs to each other in order to create the
Internet

BGP
Customer ISP

BGP

Customer ISP
BGP

Revision 0218 Mod 10 - 51

RSP 100 Dynamic IP Routing Protocols

BGP—General Operation

• BGP rides on top of TCP port 179

– Connection-oriented between neighbors
– TCP ensures reliable delivery
• BGP session consists of two routers which exchange prefixes
• Prefixes are placed in BGP database, where the best path to each prefix is chosen and
submitted to the routing table manager
– BGP validates prefixes received for viable next hop
– If BGP peer is dropped, routes are withdrawn
• No routes are advertised by default
– A network statement or redistribution advertises a route

Revision 0218 Mod 10 - 52

RSP 100 Dynamic IP Routing Protocols

153_EBGP_vs_IBGP.png
EBGP vs. IBGP

• EBGP: Connecting between different Autonomous Systems

– Peers are generally directly connected (IP TTL is set to 11)
– Only best routes are advertised to eBGP neighbors
IBGP: A connection within the same AS
– IBGP peers do not advertise other iBGP learned routes
• Therefore a full mesh to all IBGP peers is required 2
– All feasible prefixes are advertised to iBGP peers

EBGP IBGP Mesh

AS 20

AS 10
AS 10 AS 30

Footnote 1: Multi-hop eBGP connections can be accomplished through additional

configuration.
Footnote 2: This restriction is established due to the loop detection process in BGP.
EBGP peers add their local AS number to the prefix advertisement as an as-path
attribute. If the eBGP neighbor identifies his own AS in the as-path attribute he will
drop the prefix due to loop detection. When a prefix is advertised to an IBGP peer,
the local AS numbers are not added therefore loop detection cannot be detected. To
avoid this a few rules that are different for iBGP peers and eBGP peers:
1. Routes learned from eBGP peer will be advertised to other peers (BGP or IBGP);
however, routes learned from IBGP peer will not be advertised to other IBGP
peers.
2. EBGP routes have administrative distance of 20, whereas IBGP has 200.
3. Next hop remains unchanged when route is advertised to IBGP peer; however, it
is changed when it is advertised to EBGP peer by default.

Revision 0218 Mod 10 - 53

RSP 100 Dynamic IP Routing Protocols

Why Use IBGP?

• IBGP is like a tunnel through an AS from one EBGP router to another EBGP router

• Shields IGP (ie. OSPF) internal routers from the load of external routing updates (Internet
routing table)

• IBGP allows you to use policies to choose exit and entrance points for your data traffic

Note: IGP is used to establish required reachability. IBGP peers will never become
established unless there is IP connectivity between the two peers.

IBGP benefits include:

• Superior traffic control: IBGP traffic control is superior to OSPF or other IGPs. IBGP
allows you to use BGP routing policies to control entrance and exit traffic.
• Also, IBGP is usually run on routers that border the AS (border routers) that are
already running EBGP and already maintain a BGP routing table. Because IBGP
will use the same BGP routing table that is already used for external routes, you
do not have to duplicate your external routes in the OSPF routing table.
• Shields IGP routers: IGPs (like OSPF) are not used to handle hundreds of thousands
of routes. With IBGP running, the IGP does not have to pass BGP routes.
• Redistributes routes: Redistributing routes from BGP into a local IGP will result in
major overhead on the internal routers.
Additional IBGP terminology includes:
• IBGP session: Occurs between two BGP routers in the same AS.
• Routing policy: The IBGP session coordinates the BGP routing policy within an AS.
• IGP reachability: IBGP neighbors may be located anywhere in the AS, even several
hops away from one another if reachable via local IGP.

Revision 0218 Mod 10 - 54

RSP 100 Dynamic IP Routing Protocols

IBGP—Loopbacks

• IBGP peers use loopbacks

• EBGP peers typically do not use loopbacks
• Using the loopback interface for iBGP unties it from relying on the availability of a
particular interface for making peering connections

ISO
Customer 1 AS 100
AS 200

EBGP IBGP Customer 2

Lo1
AS 300
Lo1

EBGP

Update source loopback terminology for IBGP includes:

• EBGP peers: EBGP peers do not use loopbacks. If a link between Autonomous
Systems goes down, administrators of those systems would want the EBGP session
to go down.
• IBGP peers: IBGP peers use loopbacks because IBGP requires a full mesh.
Therefore, there can be another path from the TCP connection to the peer.
• The update-source command: Specifies the interface to be used as the source IP
address when sending BGP packets to the neighbor. (generally the loopback is
identified). By default, BGP will use the IP address of the physical interface as the
source IP in the packets sent to the peer. If the physical interface goes down, even
though there is another path to the peer, the packets cannot be sent.

Revision 0218 Mod 10 - 55

RSP 100 Dynamic IP Routing Protocols

BGP AS Numbers

• Routing domain is a collection of routers with a unique IANA AS number

• For example, the set of routers contained inside an ISP, company, or university
• Each AS has a unique number assigned by the Internet Assigned Numbers Authority (IANA)
• IANA only gives out AS numbers,
typically, to service providers
or multi-homed customers
• AS can span the globe—routers
in Los Angeles can be in the
same AS in London AS 200 ASP 300
IGP IGP

BGP BGP

IGP
AS 100

Revision 0218 Mod 10 - 56

RSP 100 Dynamic IP Routing Protocols

BGP Message Types

1. Open: Used to establish a BGP connection

2. Update: Used to exchange network reachability prefixes
3. Notification: Used to notify when an error condition is detected
– The BGP peering session and the TCP link between systems is terminated
4. Keepalive: Used to determine whether a link or host has failed or is no longer available;
exchanged at regular intervals so that the hold timer does not expire1
5. Route-Refresh: Used to communicate with BGP peers
– Two functions for this message type: ask for BGP route updates from peers (inbound) or dispatch route
updates to BGP peers (outbound)

Footnote 1: Hold timers are negotiated during the adjacency process.

Revision 0218 Mod 10 - 57

RSP 100 Dynamic IP Routing Protocols

BGP Header (for all BGP messages)

Header

Marker Length Type

Five types of messages :

1 – OPEN
2 – UPDATE
3 – NOTIFICATION
4 – KEEPALIVE (Header only with Type = 4) 1
5 – ROUTE-REFRESH

Footnote 1: The KEEPALIVE message is a 19-byte BGP message header with no data
following it.

Revision 0218 Mod 10 - 58

RSP 100 Dynamic IP Routing Protocols

OPEN Message

Header OPEN

Opt Parameter
BGP Identifier Length Optional
Version My AS Hold Time Parameters

Router ID

• The OPEN message is exchanged between peering BGP routers during the OpenSent and
OpenConfirm BGP session states.

Revision 0218 Mod 10 - 59

RSP 100 Dynamic IP Routing Protocols

UPDATE Message

• BGP update messages are comprised of a BGP header and the five additional fields:

Header UPDATE

Network Layer
Unfeasible Withdrawn Total Path Reachability
Routes Length Routes Attribute Length Path Attributes
Information (NLRI)

A BGP update message packet include the following five fields:

Unfeasible Routes Length —Indicates the total length of the withdrawn routes field or
that the field is not present.
Withdrawn Routes —Contains a list of IP address prefixes for routes being withdrawn
from service.
Total Path Attribute Length —Indicates the total length of the path attributes field or
that the field is not present.
Path Attributes —Describes the characteristics of the advertised path. The following
are possible attributes for a path: AS-Path, MED, LOCAL_PREF, COMMUNITY etc.
Network Layer Reachability Information (NLRI) —is exchanged between BGP routers
and is composed of a LENGTH and a PREFIX. The length is a network mask in CIDR
notation specifying the number of network bits, and the prefix is the Network
address for that subnet. The NLRI is unique to BGP version 4 and allows BGP to carry
supernetting information, as well as perform aggregation.
Only one NLRI is included in an UPDATE Message, although there may be multiple
AS-paths and AS-path attributes.

Note: BGP 4, is classless. The routes include both a network and a mask. These
routes are called NLRI - “Network-Layer Reachability Information”. If, in the list of
prefixes, there appears a prefix that was sent earlier, the earlier prefix is assumed to

Revision 0218 Mod 10 - 60

RSP 100 Dynamic IP Routing Protocols

be implicitly withdrawn, and replaced by the new advertisement.

Upon receiving an update message packet, routers will be able to add or delete specific
entries from their routing tables to ensure accuracy.

Revision 0218 Mod 10 - 60

RSP 100 Dynamic IP Routing Protocols

NOTIFICATION Message

Header Notification

Error Error Subcode DATA

Errors: 1 = Header error

2 = OPEN message error
3 = UPDATE Error
4 = Hold Time Expired
5 = BGP finite state machine error
6 = Cease – all other fatal errors

A notification is sent when there is some problem with the session. Examples include
a corrupted update, incorrect AS, or invalid attribute. The session is always closed
upon receiving a notification. Note that sending and receiving notifications is a
normal part of the “capability negotiation” process. BGP sends NOTIFICATION
messages when errors occur. The associated BGP session is always closed down. The
Error code indicates the type of Error. Error sub-code provides more specific
information about the nature of the error, and the Data field contains data relevant to
the error (such as a bad header or illegal AS number).
Error Codes Error subcodes

1 - Header Error 1 - Connection Not Synchronized

2 - Bad Message Length
3 - Bad Message Type
2 - OPEN message Error 1 - Unsupported Version Number
2 - Bad Peer AS
3 - Bad BGP Identifier
4 - Unsupported Optional Parameter
5 - Authentication Failure
6 - Unacceptable Hold Time

Revision 0218 Mod 10 - 61

RSP 100 Dynamic IP Routing Protocols

BGP Session States

• Idle: Indicates that a BGP session is starting; searches for and certifies route to neighbor; new (or
incoming) BGP connections are not permitted
• Connect: The session enters this state while the router is waiting for the TCP connection to
complete
• OpenSent: After a successful TCP connection, the BGP sends an open message and waits for one in
return
• Active: The session enters this state if the TCP connection is unsuccessful, and then returns to the
Connect state
• OpenConfirm: The session enters this state when an open message is returned in the OpenSent
state
• Established: The session enters this state when peers send update messages to exchange
information about each route being advertised1

Footnote 1: Although many of these states sound good the established state is the
only state that indicates a stable peer adjacency.

Revision 0218 Mod 10 - 62

RSP 100 Dynamic IP Routing Protocols

Advertising a Network

Several methods can be used to insert a network into a BGP route advertisement:1
• Network command
– Define specific networks
• Redistributing connected networks
– All networks directly connected to the BGP speaker
• Redistributing static routes
– All static routes in the BGP speaker’s routing table
• Redistributing IGP routes
– All dynamically learned routes in the BGP speaker’s routing table
Note: Each eBGP speaker advertises (to its peers) routes to prefixes that it can reach

Footnote 1: By default there are no routes advertised to eBGP neighbors.

Revision 0218 Mod 10 - 63

RSP 100 Dynamic IP Routing Protocols

Introduction to BGP Path Attributes

• Characteristics of an advertised BGP route

– The BGP routing policy is set and communicated using the path attributes
• Well known attributes
– Mandatory attribute: Must be included and carried in BGP update messages to peers; the BGP
implementation has to recognize the attribute, accept it, and advertise it to its peers
– Discretionary attribute: Recognized by the BGP implementation but may not be sent in a specific update
message
• Optional attributes
– Transitive: BGP process has to accept the path in which it is included and must pass it on to peers even if
the attribute is not supported
– Non-Transitive: If the BGP process does not recognize the attribute, then it can ignore the update and not
advertise the path to its peers

Path Attributes are categorized as:

Well-known, mandatory
This attribute MUST appear in every UPDATE message. It must be supported by all
BGP software implementations. If a well-known, mandatory attribute is missing
from an UPDATE message, a NOTIFICATION message must be sent to the peer.
Well-known, mandatory path attributes are:
• AS_PATH
• ORIGIN
• NEXT_HOP
Well-known, discretionary
This attribute may or may not appear in an UPDATE message, but it MUST be
supported by any BGP software implementation.
Example:
• LOCAL_PREF
Optional, Transitive
These attributes may or may not be supported in all BGP implementations. If it is
sent in an UPDATE message, but not recognized by the receiver, it should be
passed on to the next AS.
Example:
• COMMUNITY

Revision 0218 Mod 10 - 64

RSP 100 Dynamic IP Routing Protocols

Optional, Non-transitive
May or may not be supported, but if received, it is not required that the router pass it on.
It may safely and quietly ignore the optional attribute.
Examples:
• MULTI_EXIT_DISC (MED)

Revision 0218 Mod 10 - 64

RSP 100 Dynamic IP Routing Protocols

BGP Path Attributes

BGP chooses a route to a network based on the attributes of its path

• Weight: Not actually an attribute but can influence path descisions 1

• Local Preference Attribute: Used to select the pathway out of the local AS

• Multi-Exit Discriminator (MED): When there are multiple links to an AS, this is used to steer
incoming traffic from another AS in the preferred direction

• Origin: Indicates how BGP learned about a particular route

• AS_path: When a route advertisement passes through an AS, the AS number is added to an
ordered list of AS numbers that the route advertisement has traversed

• Next-Hop: The IP address used to reach the advertising router

• Community: Provides a way of grouping destinations, called communities, to which routing

decisions can be applied

Footnote 1: Weight is not an attribute because its value is not carried in the update
message. It can however be configured locally on routers to override all BGP
attributes thus it can be confused as an attribute.

Revision 0218 Mod 10 - 65

RSP 100 Dynamic IP Routing Protocols

How BGP4 Selects Best Route Path

Attributes are key to BGP best-path route decision process:

0th NEXT_HOP must be in ip route table
1st Highest WEIGHT [not a BGP attribute]
2nd Highest LOCAL PREFERENCE
3rd Prefer route that was locally originated
4th Shortest AS-PATH
5th Lowest ORIGIN (IGP<EGP<incomplete)
6th Lowest MED
7th Received through eBGP
8th Received through iBGP No Attribute
9th Lowest IGP Metric to next-hop Configuration
Required
10th Neighbor with lowest Router_ID

When multiple paths for the same route are known to a BGP4 router, the router uses
the following algorithm to weigh the paths and determine the optimal path for the
route.
The optimal path depends on various modifiable parameters:
0th Is the next hop accessible though an IGP route? If not, list the route as invalid.
Note: The device does not use the default route to resolve BGP4 next hop.
1st Use the path with the largest weight.
2nd If the weights are the same, prefer the route with the largest local preference.
Note: Weight – not advertised in BGP, not a BGP attribute, not in BGP
RFC, Cisco’s creation.
3rd If the routes have the same local preference, prefer the route that was
originated locally (by this BGP4 Layer 3 Switch).
4th If the local preferences are the same, prefer the route with the shortest AS-
path. An AS-SET counts as 1. A confederation path length, if present, is not
counted as part of the path length.
5th If AS-path lengths are the same, prefer route with the lowest origin type. From
low to high, route origin types are valued as:
• IGP is lowest
• EGP is higher than IGP but lower than INCOMPLETE
• INCOMPLETE is highest
6th If the routes have the same origin type, prefer the route with the lowest MED.
7th Routes received through eBGP from a BGP4 neighbor

Revision 0218 Mod 10 - 66

RSP 100 Dynamic IP Routing Protocols

LAB EXERCISE

Revision 0218 Mod 10 - 67

RSP 100 Dynamic IP Routing Protocols

End of Module 10
Advanced IP Routing

Revision 0218 Mod 10 - 68

RSP 100 Multicast Routing

Module 11
Multicast Routing

Revision 0218 Mod 11 - 1

RSP 100 Multicast Routing

Legal Disclaimer

Revision 0218 Mod 11 - 2

RSP 100 Multicast Routing

Objectives

• After completing this module, attendees will be able to:

– Identify multicast traffic at Layer 2 and Layer 3
– Describe IGMP versions and capabilities
– Explain IGMP snooping and pruning
– Explain PIM multicast routing
– Differentiate between PIM sparse and dense modes

Revision 0218 Mod 11 - 3

RSP 100 Multicast Routing

Multicast Routing

• Multicast is a process in which one source sends a stream of data to many recipients over a
network

• Only one copy of data is sent, which helps to decrease traffic

• Applications include real-time video streaming, teleconferencing, datacasting, system

imaging/patching, and stock tickers

• The primary difference between broadcast and multicast:

– Broadcast directs messages to all hosts
– Multicast targets messages to a select group of hosts that elected to join the multicast stream

Revision 0218 Mod 11 - 4

RSP 100 Multicast Routing

L2 and L3 Multicast Addresses

• Multicast has a fixed set of L2 and L3 addresses

– L3:
• Uses Class D address range of 224.0.0.0 to 239.255.255.255
• Assigns specific scope for different sets of addresses (for example, internal-only or public packets)
• Can be leveraged at the Internet layer in IPv4
– L2:
• Can be leveraged at the link layer (over Ethernet)
• For example, Ethernet uses the Organizationally Unique Identifier (OUI) MAC address range of 01:00:5E:00:00:00
to 01:00:5E:7F:FF:FF
• L2 addresses are not as straightforward because they are partially based on the L3 addresses being used

Revision 0218 Mod 11 - 5

RSP 100 Multicast Routing

Multicast MAC/IP Address Overlap

• Multicast addresses are recognizable to Layer-2 devices because each one is mapped to a
MAC address
• The first 24 bits of that MAC address are a specific OUI - 0100.5e, and the 25th bit is always
0
• The lower 23 bits are copied from the lower 23 bits of the multicast IP address
• This creates the situation where there are 32 multicast IP addresses for each multicast
MAC address

5 bits lost
XXXX X
32-bit IPv4 Address 1110XXXX X XXX XXXX XXXX XXXX XXXX XXXX
… 23 bits …
mapped

48-bit MAC Address 0000 0001 0000 0000 0101 1110 0 XXX XXXX XXXX XXXX XXXX XXXX

25-bit MAC Address Prefix

Because 5 bits are lost in the address translation, MAC addresses could match 32
different multicast IP addresses. Therefore, the hosts inspect multicast frame that has
the MAC address of the multicast source of the group it has joined, regardless of
which IP address the frame is traveling toward. The host then inspects the destination
IP address to verify that the IP multicast address is intended for a joined multicast
group. If not, the packet is discarded.
Convert Multicast MAC address to a Multicast IP address
Example MAC address: 01:00:5e:0a:00:01
Convert the hexadecimal MAC address 01:00:5e:0a:00:01 to binary:
0000 0001 : 0000 0000 : 0101 1110 : 0000 1010 : 0000 0000 : 0000 0001
Isolate the 23 low-order binary bits from the converted MAC address:
0000 0001 : 0000 0000 : 0101 1110 : 0000 1010 : 0000 0000 : 0000 0001
Take the low order 23 bits and apply it into the low-order 23 bits of the IP address (do
this in binary):
1110 xxxx : x000 1010 : 0000 0000 : 0000 0001
1110 - First 4 high-order bits of the IP address for the multicast
address space (224.x.x.x)
xxxx x - 5 remaining bits after the 23 bits of the IP address is mapped to the MAC
address plus the 4 high order bits 1110
This is equal to 32 total IP addresses (See next page for IP addresses)

Revision 0218 Mod 11 - 6

RSP 100 Multicast Routing

Internet Group Management Protocol

Revision 0218 Mod 11 - 7

RSP 100 Multicast Routing

IGMP Overview

• IGMP is a communications protocol used by hosts and adjacent routers on IP networks to

establish multicast groups
• There are currently three versions of IGMP:
– IGMP v1 is defined in RFC 1112
– IGMP v2 is defined in RFC 2236
– IGMP v3 is defined in RFC 3376

Revision 0218 Mod 11 - 8

RSP 100 Multicast Routing

IGMP Version Comparisons

IGMP Message Types Features New features over previous

Version version
IGMP V1 1. Membership Query Host membership Requests -
2. Membership Report Router Queries

IGMP V2 1. Membership Query Group-specific router query 1. Queries to specific group

2. Membership 2. Max Response Time (query)
Reportv11 3. Host leave request
3. Membership 4. Querier election mechanism2
Reportv2
4. Leave group

IGMPv3 1. Version 3 Host source request 1. Host source filtering4

membership query New multicat (All IGMPv3 2. Response Interval for report
2. Version 3 Routers) address 224.0.0.223 management
membership report
3. Membership tracking and fast leave

Footnote 1: for backwards compatibility to IGMPv1

Footnote 2: Allows for the election of only one router in a redundant LAN segment to
be selected to send queries to that segment
Footnote 3: All IGMPv3 Hosts send reports to 224.0.0.22 “All IGMPv3 Routers”
instead of the target group address as in IGMPv1/v2
All version 3 routers listen to this address
Hosts do not listen to this address
They can’t hear responses from other hosts - No Response Suppression
All hosts on the segment respond to queries
Response Interval created to allow administrators to manage the frequency of
response reports.
Footnote 4: The host can supply a list of IP addresses representing multicast sources
from which it will accept traffic (called the include list)
The host can also supply a list of IP addresses representing multicast sources from
which it will not accept traffic (called the exclude list)

Revision 0218 Mod 11 - 9

RSP 100 Multicast Routing

IGMP v1

• Hosts must join a multicast group identified by a multicast IP address

– Otherwise, they do not receive multicast traffic
• To be added to the group, the host sends a membership report IGMP message to its local
router1 with the multicast address (group) it wants to join
• The multicast address becomes the destination IP address, which is the group address
listed in the message
• IGMP v1 does not have a process for specific hosts to discontinue membership to a group
– If no membership reports are received for three consecutive one-minute query intervals (three minutes),
the receiver is aged out of the group

Footnote 1: If the multicast listener and source are on the same subnet, IGMP
operates directly between the endpoints without router involvement.
Multicast routers must inspect all IGMP messages looking for membership reports to
add hosts to the correct groups.
In intervals of one minute, a router (the querier) on each network segment sends a
query to the all-hosts address (224.0.0.1) and waits for a response from at least one
host remaining in the multicast group. Member hosts respond with a membership
report according to the response suppression mechanism:
• When a host receives the query, it starts a countdown timer for each multicast
group of which it is a member. The countdown timers are each initialized to a
random count within a given time range. (IGMP v1 has a fixed range of 10 seconds.
Therefore, the countdown timers were randomly set to some value between 0 and
10 seconds.)
• When a countdown timer expires, the host sends a membership report for the
group associated with the timer to notify the router that it is still active.
• If a host receives a membership report before its associated countdown timer
expires, it cancels its own countdown timer associated with the multicast group,
thereby suppressing its own report.
All multicast-capable hosts are inherently a member of multicast group 224.0.0.1,
and no formal IGMP exchange is necessary for group membership.

Revision 0218 Mod 11 - 10

RSP 100 Multicast Routing

Routers do not keep a complete membership list for each active multicast group. They simply
maintain which multicast groups are active on which interfaces. Regardless of the number of
members in a group, the router sends only one copy of a multicast packet onto that segment
and needs to receive only one report in response to remain active.

Revision 0218 Mod 11 - 10

RSP 100 Multicast Routing

IGMP v1 (cont.)

• IGMP v1 uses general queries on configured intervals to the all-hosts multicast address
(224.0.0.1)
– One minute by default
• There is no “query router” selection process within IGMP v1
– Depends on the underlying multicast protocol (for example PIM) to determine which router is queried1
• At least one host in the active group responds with a membership report using response
suppression
– These reports only have local significance; therefore, the time to live (TTL) 2 is set to 1

Footnote 1: PIM employs a selection process to ensure only one PIM router on a
single LAN segment become the designated IGMP querier for the segment.
Footnote 2: RFC 791: The TTL is an indication of an upper bound on the lifetime of an
Internet datagram. It is set by the sender of the datagram and reduced at the points
along the route where it is processed. If the TTL reaches zero before the Internet
datagram reaches its destination, the datagram is destroyed. The TTL can be thought
of as a self-destruct time limit.

Revision 0218 Mod 11 - 11

RSP 100 Multicast Routing

IGMP v2

• IGMP v2 includes group-specific queries

– Only sent to members of a specific group
• Hosts can leave a group simply by sending a leave group message to the all-routers
address of 224.0.0.2
– The querier then sends a group-specific message asking if other hosts are still interested in receiving the
group
– Interested hosts respond with a membership report
– If no membership reports are received, the querier assumes there is no interest and stops forwarding the
group on that segment

Revision 0218 Mod 11 - 12

RSP 100 Multicast Routing

IGMP v2 (cont.)

• Querier election has been added

– All routers start out as queriers
– The router with the lowest IP address becomes the querier for the network segment
• A query-interval response time is now available
– Queries contain a field that lets members know how long they can take to respond
• To operate with routers running older versions of IGMP, the v2 routers must step down to
v1

Members may join a multicast group at any time by sending an unsolicited report to
the desired multicast address. Attached routers simply track whether there is at least
one client interested in a group.

Revision 0218 Mod 11 - 13

RSP 100 Multicast Routing

IGMP v3

• Adds support for multicast source filtering

– The host can supply a list of IP addresses representing multicast sources from which it will accept traffic
(called the include list)
– The host can also supply a list of IP addresses representing multicast sources from which it will not accept
traffic (called the exclude list)
• This enables hosts to listen to or ignore the specified/configured IP addresses

• To operate with routers running older versions of IGMP, the v3 routers must step down to
the highest common version of IGMP in each group

Revision 0218 Mod 11 - 14

RSP 100 Multicast Routing

IGMP v3 (cont.)

• New “All IGMPv3 Routers” link—local multicast group address of 224.0.0.22

– All IGMP v3 hosts send reports to this address instead of the
target group address as with IGMP v1 and v2
• All v3 routers listen to this address
– Hosts do not listen to this address
• They cannot hear responses from other hosts, so there is no response suppression
• All hosts on the segment respond to queries1
– A response interval is created to allow administrators to manage the frequency of response reports

Footnote 1: IGMP v3 routers maintain a database of listeners on a segment. This

allows tracking of group memberships and the ability to perform fast leaves. When
the last listener on a segment sends a leave request, the router can immediately send
prune messages upstream to stop the multicast flow.

Revision 0218 Mod 11 - 15

RSP 100 Multicast Routing

IGMP v2—Joining a Group

• In order to join group 224.1.1.1, host H3 sends a report to the 224.0.0.2 address

Report

H1 H2 H3
192.168.1.111 192.168.1.112 224.0.0.2 192.168.1.113

192.168.1.11 Router 1

Hosts that wish to join a group can join asynchronously. They do not have to wait for
a query to join; they can send an unsolicited report. This decreases the time required
to join if no other members are present.

Revision 0218 Mod 11 - 16

RSP 100 Multicast Routing

IGMP v2—Joining a Group (cont.)

• IGMP status in Router1

Router1# show ip igmp group

IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter
224.1.1.1 Ethernet0 4d17h 00:01:32 192.168.1.113

H1 H2 H3
192.168.1.111 192.168.1.112 192.168.1.113

192.168.1.11 Router 1

Group 224.1.1.1 is active on Ethernet 0 and:

• Has been active on this interface for four days and 17 hours.
• Will expire and be deleted in one minute and 32 seconds if an IGMP host
membership report for this group is not heard during that time.
• The last host to report membership was 192.168.1.113 (H3).

Revision 0218 Mod 11 - 17

RSP 100 Multicast Routing

IGMP v3—Joining a Group

• Host H2 sends a report to the 224.0.0.22 address to join group 224.1.1.1 with an empty
include and exclude list
• Will accept any source traffic to 224.1.1.1

v3 Report
(224.0.0.22)
H1 Group: 224.1.1.1. H2 H3
192.168.1.111 Exclude: <empty> 192.168.1.112 192.168.1.113

192.168.1.11 Router 1

Revision 0218 Mod 11 - 18

RSP 100 Multicast Routing

IGMP v3—Joining Specific Sources

• Include list contains accepted sources

• A host only joins the group if the source address is defined in the include list

v3 Report
(224.0.0.22)
Group: 224.1.1.1.
H1 H2 H3
Include: 10.10.10.10
192.168.1.111 192.168.1.112 192.168.1.113

192.168.1.11 Router 1

When joining groups using an include list, hosts dictate to receive traffic only from a
specific set of sources sending to the group. When the include list is used, only the
specific sources listed in the include list are joined.
In the graphic:
• Host 2 is joining multicast group 224.1.1.1 and only wants to receive flows from
source 10.10.10.10 sending to the group.
• The router only forwards traffic from included sources. The graphic shows
10.10.10.10 destined to the 224.1.1.1 group.
From RFC 5186: If the source address in the multicast packet exists in the database
for the specified multicast group and is either in an include list or not listed in an
exclude list, the multicast routing protocol should add the interface to the list of
downstream interfaces. Otherwise, it should not be added based on local group
membership.

Revision 0218 Mod 11 - 19

RSP 100 Multicast Routing

IGMP v3—Excluding Specific Sources

• Exclude list contains blocked sources

• All sources except excluded sources are joined

v3 Report
(224.0.0.22)
Group: 224.1.1.1.
H1 H2 H3
Exclude: 20.20.20.20
192.168.1.111 192.168.1.112 192.168.1.113

192.168.1.11 Router 1

When joining only specific sources, hosts dictate to receive any traffic sent to the
group except if it is from a specific set of sources. When an exclude list is used, all
sources in the group are joined except the sources listed.
In this graphic:
• Host 2 is joining multicast group 224.1.1.1 and requests to receive multicast traffic
from any source in the group except source 20.20.20.20.

Revision 0218 Mod 11 - 20

RSP 100 Multicast Routing

IGMP v1 and IGMP v2—General Queries

• Router periodically sends general queries to 224.0.0.1 to determine memberships

H1 H2 H3

General Query
to 224.0.0.1 Multicast
Router

General queries go to the all-hosts multicast address (224.0.0.1). At least one

member from each group on the segment must respond with a report. General
queries are sent out periodically based on the query-interval setting. (The
default setting is 60 seconds).

Revision 0218 Mod 11 - 21

RSP 100 Multicast Routing

IGMP v3—Maintaining State

• Router sends periodic queries

• All IGMP v3 members respond
– Reports contain multiple group state records

v3 Report H1 v3 Report H2 v3 Report H3

(224.0.0.22) 192.168.1.111 (224.0.0.22) 192.168.1.112 (224.0.0.22) 192.168.1.113
Query

192.168.1.11 Router 1

The router multicasts periodic membership queries to the all-hosts group address
(224.0.0.1). All hosts on the wire respond with a membership report that contains
their complete IGMP group state for the interface.

Revision 0218 Mod 11 - 22

RSP 100 Multicast Routing

Layer 2 Multicast Frame Switching

• By default Layer 2 switches flood the frame as though it was a broadcast

• Rules can be applied statically to only forward multicast traffic to a specific set of ports

R1 SW1
Multicast Traffic

Revision 0218 Mod 11 - 23

RSP 100 Multicast Routing

IGMP Snooping

• IGMP snooping allows a Layer 2 switch to maintain a table of host receivers of multicast
traffic
• Ensures the switch only forwards multicast traffic to ports that have requested to join a
multicast group
– Eliminates the default “flooding” behavior

Multicast Multicast
Receiver Receiver

Multicast Traffic

IGMP snooping allows a switch to identify hosts that request multicast traffic and
limit forwarding of multicast addresses to specific ports

Revision 0218 Mod 11 - 24

RSP 100 Multicast Routing

IGMP Snooping (cont.)

• The IGMP v1 or v2 switch examines contents of every IGMP message to determine which
ports to forward the traffic toward
– Can negatively impact performance
• IGMP v3 switch examines only 224.0.0.22 group messages, not general IGMP data traffic
– Minimizes CPU utilization

Revision 0218 Mod 11 - 25

RSP 100 Multicast Routing

Protocol Independent Multicast (PIM)

Revision 0218 Mod 11 - 26

RSP 100 Multicast Routing

Protocol Independent Multicast (PIM)

• PIM is a routing protocol used for forwarding multicast traffic between IP subnets or
network segments
• PIM works independently of any particular routing protocol
– PIM does not create or maintain a multicast routing table
– It uses the unicast routing table, which is also protocol independent, because it can be populated by more
than one protocol
• There are two operating modes for PIM:
– Dense mode
– Sparse mode

Revision 0218 Mod 11 - 27

RSP 100 Multicast Routing

Reverse Path Forwarding (RPF)

• Ensures loop-free forwarding of multicast packets

• Uses unicast routing table to compare against source of the multicast stream
– Multicast flow is reviewed on ingress
– The port and source address are compared against the unicast routing table
• If the source of the stream matches a routing table entry and the port associated with the route entry, the RPF
check passes and the stream is forwarded out other multicast interfaces
• If it does not match, the stream is dropped 1

Footnote 1: Depending on the multicast routing protocol being used, this may also
result in a “prune” message being sent to the forwarding router. Some multicast
routing protocols use prune messages to instruct the sending router to cease sending
multicast traffic from that source.

Revision 0218 Mod 11 - 28

RSP 100 Multicast Routing

PIM Dense Mode (PIM-DM)

• This mode works on the premise that there are multicast stream listeners throughout the
entire network
• PIM-DM builds its multicast tree by flooding traffic from the source to all dense mode
routers in the network
– This will propagate unnecessary traffic for a short time
• Each router checks to see if it has active group members waiting for the data
– If so, the router remains quiet and lets the traffic flow
– If no hosts have registered for that group, the router sends a prune message toward the source, and that
branch of the tree is “pruned” off to stop unnecessary traffic flow
• Trees built with this flood and prune method are called source trees1
• Reverse path forwarding (RPF) checks are used to ensure loop-free topology

Footnote 1: A source tree is method of establishing a branching path throughout the

domain with the source of a multicast stream as the root. As multicast streams flow
from the root, it may branch our from each router until a path to all receivers is
established. To maintain the source tree, each PIM-DM router will maintain a source,
group (S,G) table. Entries in this table track the IP address of the multicast source (S)
and the multicast group address (G). A multicast group may be generated by multiple
sources, in this case there may be multiple (S,G) entries for the group.

Revision 0218 Mod 11 - 29

RSP 100 Multicast Routing

PIM-DM Overview

Initial flooding
• Multicast traffic that passes
RPF check continues to be
flooded through the entire
domain
Each router creates its own
Source. Group (S.G) state

• Interfaces where RPF check Source

fails discard packets in the

multicast stream

• Each router creates Source,

Receiver

Group (S,G) state

Multicast Packets

Multicast traffic sent by the source is flooded throughout the entire network. RPF
ensures proper traffic flow by avoiding loops. RPF is applied to every multicast packet
received by all routers.
As each router receives the multicast traffic via its RPF interface (the interface in the
direction of the source), it forwards the multicast traffic to all of its PIM-DM
neighbors. This causes traffic to arrive at some routers multiple times via a non-RPF
interface. This is normal for the initial flooding of data and are corrected by the
normal PIM-DM pruning mechanism.

Revision 0218 Mod 11 - 30

RSP 100 Multicast Routing

PIM-DM Overview (cont.)

Pruning unwanted traffic

• Prune messages are sent to instruct
the sender to stop forwarding the stream

• Prunes are sent from: Each router creates its own

Source. Group (S.G) state
– Routers with no receivers attached
– Router interfaces where RPF check fails Source

Receiver

Multicast Packets
Prune Messages

In the diagram, two of the routers receive multicast traffic on a non-RPF interface
from a neighboring router, which results in a prune messages sent between them.
The routers with no receivers attached also send prune messages toward the source,
via the RPF interface.
PIM-DM prunes are sent to neighbor routers toward the source on the RPF interface
to stop the flow of unwanted traffic:
• Prunes are sent when the router has no downstream members that need the
multicast traffic.
• Prunes are also sent to shut off the flow of multicast traffic that is received on the
wrong interface (non-RPF interfaces).
• For equal cost paths, router vendors each define their own proprietary method of
pruning down to a single path. Possible methods could be hash-based, source-
based, based on the IP address of the next-hop routers, or the IP addresses of the
receiving interfaces.

Revision 0218 Mod 11 - 31

RSP 100 Multicast Routing

PIM-DM Overview (cont.)

Results after pruning

(S.G) state remains in every router

Source

Receiver

Multicast Packets

After multicast traffic has been pruned off unnecessary links, this results in a Shortest
Path Tree (SPT) being built from the source to the receiver. At this point, multicast
traffic is no longer flowing to all routers in the network. However, the (S, G) state still
remains in all routers. This (S, G) state will remain until the source stops transmitting.
In PIM-DM, a prune state expires after three minutes. A refresh state message is then
sent up the tree to verify if the source is still active. If it does not receive a response,
the (S, G) entry times out and is dropped.

Revision 0218 Mod 11 - 32

RSP 100 Multicast Routing

PIM Sparse Mode (PIM-SM)

• Sparse mode works on the premise that multicast receivers are not positioned in all areas
of the network
• One router is designated as the Rendezvous Point (RP) and is usually located close to the
source in the network
– Receiver routers send join messages to the RP to identify which multicast groups they are interested in
– Source routers send register messages to the RP to identify which groups they are sending
– Multicast traffic from all source routers is sent to the RP for redistribution to the receivers
– This mode is referred to as a shared tree, because all source traffic flows through the RP

Footnote 1: A shared tree is somewhat similar to the source tree, except that instead
of being rooted from the source and growing towards the receivers, it is rooted at a
common point, the Rendezvous Point (RP). Because the source is not necessarily
known to receivers, a (*,G) notation is used to maintain the multicast table between
receivers and the RP. A source tree is maintained only between the multicast source
and the RP.
The tree from the RP to the group members is a subset of the main tree. When
members join a group, the local router forwards the membership report toward the
RP. Each router along the way adds that branch to the shared tree.
Pruning is performed when a group member is removed from the group. Only routers
with active group members join the tree.

Revision 0218 Mod 11 - 33

RSP 100 Multicast Routing

PIM-SM Terms

• Rendezvous Point (RP):

– The RP is the meeting point for PIM-SM sources and receivers
– A PIM Sparse domain can have multiple RPs, but each multicast group address can have only one active
RP
– PIM-SM routers learn the addresses of RPs and the groups for which they are responsible from messages
that the Bootstrap Router (BSR) sends to each of the PIM Sparse switches
• Bootstrap Router (BSR):
– The BSR distributes RP information to the other PIM-SM routers within the domain
– Each PIM-SM domain has one active BSR
• For redundancy, you can configure ports on multiple routers as candidate BSRs
• The PIM-SM protocol uses an election process to select one of the candidate BSRs as the BSR for the domain

Revision 0218 Mod 11 - 34

RSP 100 Multicast Routing

Joining the Shared Tree

PIM Sparse Mode

• The active receiver joins multicast group G
• Its local router has learned the IP address RP

of the RP for group G from the BSR

• It sends a (*,G) join packet for
this group toward the RP
Source

Receiver

(*.G Joins)

Revision 0218 Mod 11 - 35

RSP 100 Multicast Routing

Joining the Shared Tree (cont.)

• This (*, G) join packet travels to the RP, building a branch of the shared tree1 at each router along the way—
extends from the RP to the last router directly connected to the receiver
• Now group G traffic can flow down the shared tree to
the receiver RP

(*.G) state created only within the

shared tree
Source

Receiver

Shared Tree

Revision 0218 Mod 11 - 36

RSP 100 Multicast Routing

Sender Registration

• The router local to the source is responsible for registering the source with the RP and building a tree
between them
• A register message is sent from the
source router to the RP RP

– It encapsulates the multicast

data and is unicast to the RP

Source

Receiver

Revision 0218 Mod 11 - 37

RSP 100 Multicast Routing

Sender Registration (cont.)

• When the RP receives the register message, it de-encapsulates the multicast data packet
• The RP sends an (S, G) join back toward the source network
• This (S, G) state is created in all RP
the routers along the Shortest
Path Tree, including the RP

Source

Receiver

Shared Tree
Traffic Flow
(S, G) Joins

When the RP receives the register message, it does two things:

• It de-encapsulates the multicast data packet inside of the register message and
forwards it down the shared tree.
• The RP sends an (S, G) join back toward the source network S to create a branch of
an (S, G) SPT. This creates an (S, G) state in all the routers along the SPT, including
the RP.

Revision 0218 Mod 11 - 38

RSP 100 Multicast Routing

Sender Registration (cont.)

• The source tree and shared tree are joined at the RP

(S.G) state created only within the

Source tree
Source

Receiver

Source Tree
Shared Tree

Revision 0218 Mod 11 - 39

RSP 100 Multicast Routing

Sender Registration (cont.)

• Traffic flows through the newly created tree to the member receivers

Source

Receiver

Traffic Flow

Revision 0218 Mod 11 - 40

RSP 100 Multicast Routing

Sender Registration (cont.)

• When the SPT is built from the source router to the RP, multicast traffic begins to flow natively from
source S to the RP
• The RP then sends a register-stop message to the source’s local router to stop sending the unicast
register messages
RP

RP sends a Register-Stop
back to the first router

Source

(S.G) Register-Stop Receiver

(Unicast)
Traffic Flow

Revision 0218 Mod 11 - 41

RSP 100 Multicast Routing

Sender Registration (cont.)

• Multicast traffic from the source now flows along the source tree to the RP and down the
shared tree to the receiver
RP

The source traffic flow changes from the

Source Tree to the Shared Tree at the RP

Source

Receiver

Shared Tree
Source Tree
Traffic Flow

Revision 0218 Mod 11 - 42

RSP 100 Multicast Routing

LAB EXERCISE

Revision 0218 Mod 11 - 43

RSP 100 Multicast Routing

End of Module 11
Multicast Routing

Revision 0218 Mod 11 - 44

RSP 100 Common Applications and Protocols

Module 12
Common Applications and Protocols

Revision 0218 Mod 12 – 1

RSP 100 Common Applications and Protocols

Legal Disclaimer

Revision 0218 Mod 12 - 2

RSP 100 Common Applications and Protocols

Objectives

• After completing this module, attendees will be able to:

– Describe management protocols
• Simple Network Management Protocol (SNMP)
• Network Time Protocol (NTP) and Simple Network Time Protocol (SNTP)
– Discuss network protocols
• Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP)
• Internet Control Message Protocol (ICMP)
– Discuss several common applications
• FTP
• TFTP
• Telnet
• SSH
• HTTP

Revision 0218 Mod 12 – 3

RSP 100 Common Applications and Protocols

Management Protocols

Revision 0218 Mod 12 – 4

RSP 100 Common Applications and Protocols

Simple Network Management Protocol (SNMP)

• Protocol for managing devices on IP networks

• Widely used to monitor network-attached devices
• Operates at application layer 7 of the Open System Interconnection (OSI) model
• Includes a set of standards for network management, which consists of a database
schema, an application layer protocol, and a set of data objects
• SNMP collects management data in the form of variables on the managed systems
• Variables can be queried and sometimes set by managing applications

Revision 0218 Mod 12 – 5

RSP 100 Common Applications and Protocols

SNMP (cont.)

Components
• The SNMP framework includes three key components:
– SNMP Manager
• The system used to control and monitor the activities of network hosts
• The most common managing system is called a Network Management System (NMS)
– SNMP Agent
• The software component within the managed device that maintains the data for the device and reports this data,
as needed, to managing systems
– MIB
• The Management Information Base (MIB) is a virtual information storage database which has a hierarchical
structure with its entries addressed by an object identifier (OID)

Getting and setting MIB variables

Sending responses and traps

SNMP Manager SNMP Agent (MIB)

Revision 0218 Mod 12 – 6

RSP 100 Common Applications and Protocols

SNMP (cont.)

• SNMP gets/sets on MIB variables use User Datagram Protocol (UDP) port 1611
– Within the MIB, there are collections of related objects defined in MIB modules
– MIB modules are written in the SNMP MIB module language, as defined in RFC 2578-2580, RFC 3411 and RFC 3418

• SNMP traps are received on UDP port 162

– Traps are messages alerting the SNMP manager to a condition on the network. Including improper user
authentication, restarts, the closing of a connection, loss of connection to a neighbor router, or other significant
events

Get
getNext
getResponse
Alert(Trap)
SNMP Manager SNMP Agent (MIB)

Footnote 1: Although UDP is the common protocol used for transport, TCP can be
used utilizing the same port as well.

SNMP is an asynchronous request/response protocol that uses four main operations

to manage networks:
• GET—Managing station request to read the value of a managed object (a
device/setting/reading within a group of related managed objects)
• GET-NEXT—Managing station request to read the value of the next managed
object in a MIB tree
• SET—Managing station request to change the value of a managed object
• TRAP—Managed system (agent) notification to managing station that an “unusual
event” occurred

Revision 0218 Mod 12 – 7

RSP 100 Common Applications and Protocols

SNMP (cont.)

• SNMP includes the following protocol data unit (PDU) type/values:1

– GetRequest—Requests information for one or many parameters by including the MIB objects of the
values the application wants to retrieve

– SetRequest—Determines specific data for one or many parameters specified by the administer to be set
on a device

– Trap—Alerts the NMS regarding unplanned events or abnormal conditions using agent-generated
messages and their associated OID values

Footnote 1: Other common SNMP communication types

• GetNextRequest—Finds subsequent values in a sequence
• Response—Responds to other PDU requests and facilitates communication
between PDU types
• GetBulkRequest—Retrieves many GetNextRequest operations, especially for large
volumes of data, in an efficient manner
• InformRequest—Alerts remote managers when important Trap notifications are
received
• Report—Internal SNMP communication for error information and other messages

Revision 0218 Mod 12 – 8

RSP 100 Common Applications and Protocols

SNMP Versions

• SNMPv1
– A Full Internet Standard, as defined in RFC 1157
• RFC 1157 replaces earlier versions that were published as RFC 1067 and RFC 1098
– Authentication of clients is performed in clear text using a "community string" (password)
• SNMPv2c1
– Uses a community-string approach and serves as the administrative framework for SNMPv2—the “c” means
“community”
– Internet protocol defined in RFC 3416, RFC3417, and RFC 3418
– Advances the features, operations, and data types of SNMPv2p (SNMPv2 Classic)
– Uses the SNMPv1 community-based security approach
– Offered GetBulkRequest, which is used for retrieving large amounts of management data in a single request

Footnote 1: Version 2c is still the most common deployment of SNMP in networks

today.

Revision 0218 Mod 12 – 9

RSP 100 Common Applications and Protocols

SNMP Versions (cont.)

• SNMPv3
– Protocol defined in RFCs 3411 to 34151
– Strengthens security of SNMPv1 and SNMPv2c
– Provides secure access to devices by authenticating and encrypting packets over the network
– The security features provided in SNMPv3 include:
• Encryption of protocol data units (PDUs)
• Authentication of the user who sent the PDU
• Specify users access to tables in a read-only, read-write, or notify role
• The creation of views and associating user groups to various views
• Communication with both authentication and encryption

Footnote 1: Other RFCs pertaining to SNMPv3 are:

3411 An Architecture for Describing SNMP Management Frameworks
3412 Message Processing and Dispatching for the Simple Network Management
Protocol (SNMP)
3413 SNMPv3 Applications
3414 User-Based Security Model for SNMPv3
3415 View-Based Access Control Model (VACM) for SNMP

Revision 0218 Mod 12 – 10

RSP 100 Common Applications and Protocols

Management Information Base (MIB)

• A MIB is a database of network management information

– The information is a combination of switch settings, hardware configuration, status, and statistical data
(information about the device)
• MIBs can be compiled in the management station
• All data referring to managed objects are organized in a hierarchical MIB tree
• MIBs are written in ASN.1 notation standard maintained by ISO
• Every branch within the tree carries a unique name and identifier
– The root is composed of “node” ISO(1)

Revision 0218 Mod 12 – 11

RSP 100 Common Applications and Protocols

MIBs (cont.)

• The object ID (OID) is formed by connecting the branch numbers separated by periods
• Object IDs are unique in the SNMP world
• Object ID numbers are registered with the Internet Assigned Numbers Authority (IANA)
• Private organizations can request OIDs containing
information specific to their equipment 1 MIB Objects IDs

iso (1)

org (3)
.1.3.6.1.4.1.25053.2
dod (6)

internet (1)

directory mgmt (2) experimental (3) private (4)

mib-2 (1) fibreChannel (42) enterprise (1)

system (1) interface (2) fcFe (1) bcsi (25053)

sysObjectID (2) sysDescr (42) fcFabric (42) commDev (2)

Footnote 1: Private Enterprise Number starts at the following prefix:

iso.org.dod.internet.private.enterprise (1.3.6.1.4.1). Example: Ruckus Networks
registered OID value is 1.3.6.1.4.1.25053.

Each associate OID also has an object name. They are formed by linking the textual
name of the branch and leaf. Many SNMP management programs allow either the
OID or object name to be entered. There are two different ways to reference the
same MIB object: numerically (as shown in the graphic) or using the textual name
(such as Iso.org.dod.internet.private.enterprise).

Revision 0218 Mod 12 – 12

RSP 100 Common Applications and Protocols

Network Time Protocol (NTP)

• A networking protocol for clock synchronization that uses UDP port 123 between
master/server and end devices (clients)
• Intended to synchronize all participating systems to within a few milliseconds of
Coordinated Universal Time (UTC)
– Regulates time within tens of milliseconds over the public Internet1
• Time stamps required to maintain accurate logging and support troubleshooting
• NTP server and client can communicate using IPv4 or IPv6 addresses
• Simple Network Time Protocol (SNTP) is a less complex implementation of NTP
– Used in some embedded devices and in applications that do not require highly accurate timing

Footnote 1: In addition to NTP, Precision Time Protocol (PTP) can provide clock
accuracy to the sub-microsecond range and is often used for measurement and
control. Defined originally in the IEEE 1588-2002 standard however was revised in
2008 as a revised standard IEEE 1588-2008 (PTP Version 2). Version 2 provides
improves accuracy, precision however is not backwards compatible with the original
standard.

Revision 0218 Mod 12 – 13

RSP 100 Common Applications and Protocols

NTP Basic Features

• NTP is a fault-tolerant protocol that will automatically select the best of several available
time sources to use for synchronization
• NTP is highly scalable; a synchronization network may consist of several reference clocks
that can exchange time information either bidirectionally or unidirectionally
• NTP can select the best candidates to build its estimate of the current time
• Common roles for NTP service:
– Server—Receives time from a verified source (such as a local clock or radio clock) and disseminates that
timestamp to clients when requested
– Peer—Gets time from and provides time to a specific server, when needed
• This establishes a two-way relationship

Client—Receives time from either a primary or secondary time server, but does not
provide time in return to that server
Includes servers that receive time from a server of a lower-numbered stratum
• Broadcaster—Provides time to the specified remote host or to the broadcast
address on a LAN
Broadcasters often provide time to workstation clients on a LAN
• Broadcast client —Listens for time broadcasts from an NTP server and
synchronizes with that time
Includes time server clients on a LAN
NTP uses the concept of a stratum to describe how many NTP hops away a machine
is from an authoritative time source
For example:
• A stratum 1 time server has a radio or atomic clock directly attached to it
• It then sends its time to a stratum 2 time server through NTP, and so on
• A machine running NTP automatically chooses the machine with the lowest
stratum number that it is configured to communicate with using NTP as its
time source

Revision 0218 Mod 12 – 14

RSP 100 Common Applications and Protocols

NTP Authentication

• NTP is used to ensure accurate log file timestamp information and can pose a security risk
– Attackers can make a rogue host appear as a valid NTP server and promote false time into the network
• NTP optionally implements an authentication mechanism to prevent this
– NTP authentication verifies the time source rather than the user or recipient
• An MD5 hash of a symmetric key is used
– The authentication can be enabled using the authenticate command, and the set of symmetric keys and
key strings are specified using the authentication-key command
• If authentication is enabled, NTP packets that do not have a valid Media Access Control
address are dropped

Revision 0218 Mod 12 – 15

RSP 100 Common Applications and Protocols

Network Protocols

Revision 0218 Mod 12 – 16

RSP 100 Common Applications and Protocols

Domain Name System (DNS)

• DNS servers are authoritative resources for the mapping of memorable alphanumeric
names (hostnames) to IP addresses
– For example, www.google.com maps to 173.194.39.78
• Hierarchical authoritative structure organized into zones
– Servers become authoritative over zones and the domain name records it contains
– If a name server is queried for a domain that is not in its database, it might recursively query name servers
higher up in the hierarchy1
• Devices make queries for name resolution to DNS servers via UDP port 53 2
• DNS servers are often provided by Internet service providers (ISPs)

Footnote 1: Depending on the configuration of the server it may only respond to

queries it is the authoritative server over a zone or can be configured to cache DNS
records for other zones.
Footnote 2: Queries can also be sent using TCP over port 53 however UDP is most
commonly used.

Revision 0218 Mod 12 – 17

RSP 100 Common Applications and Protocols

DNS Terminology

• DNS Resource Record— A mapping file with information which associates an IP address or
additional DNS record to a domain name
• DNS Database—A repository of resource records for domain names1
– Common types of resource records include:
• IP addresses (A)
• Pointers for reverse DNS lookups (PTR)
• Domain name aliases (CNAME)

• Domain Name Space—A tree structure for domain names, with each leaf having zero or
multiple resource records
– Tree sub-divides into DNS zones
• DNS Zone—May consist of only one domain or many domains/sub-domains managed by
an authoritative name server

Footnote 1: An A is an address record which returns a 32-bit (IPv4) address

commonly used for hostname resolution. A Pointer record (PTR) provides reverse
DNS where an IP address is submitted requesting the domain name associated with
it. A Canonical Name record (CNAME) is a record that is an alias (points) to another
domain. Often used for subdomains and always points to another domain name and
not to an actual IP address. A CNAME allows multiple domain names (aliases) to point
to the same IP address thus allowing an administrator to resolve multiple systems to
one address without having to assigning an A record to each host name. If the server
IP happens to change, a change to the one A record’s IP address will cause all the
related CNAME records to point to the new IP address as well. AAAA records are used
to return 128-bit (IPv6) addresses.

Revision 0218 Mod 12 – 18

RSP 100 Common Applications and Protocols

Resolving an IP address

• Domain Name Servers provide IP address resolution as described below:

1. If the local DNS server cannot find the requested domain name in its database, it forwards the request
to a root server on the network1

2. The root server sends the IP address of the local DNS server that is responsible for the target resource to
the local DNS server that sent the request

3. The local DNS server of the requester directly queries the local DNS server responsible for the target

Footnote 1: The resolution process is transparent to the requesting user. From the
user’s perspective, the response appears to come directly from the local DNS server.

Revision 0218 Mod 12 – 19

RSP 100 Common Applications and Protocols

Resolving an IP address (cont.)

5. The target’s local DNS server then returns the IP address of the actual resource to the local DNS server
of the requesting browser

6. The local DNS server caches the address1

7. The local DNS server sends the target’s IP address to the requester

8. The requesting device uses the resolved IP address to contact the target web server, and also caches the
address

Footnote 1: Caching the address saves time if the target resource is requested again.

Revision 0218 Mod 12 – 20

RSP 100 Common Applications and Protocols

Dynamic Host Configuration Protocol (DHCP)

• A protocol used to assign dynamic IP addresses to devices connecting to a network

• With dynamic IP addressing, a device can have a different address each time it connects to
the network
• Dynamic addressing simplifies network administration because static IP address host
configuration is not required1
• A new device can be added to a network without manually assigning it a unique IP address
• Many ISPs use dynamic IP addressing for their subscribers

Note: Important devices such as servers, routers, and switches generally use static IP
addresses

Footnote 1: For devices to function on a network they require an IP address. As more

devices join the network, IP assignment without DHCP becomes overwhelming. Also
if users move from one location to another it is usually required to change their IP
and gateway settings to match the new subnet.

Revision 0218 Mod 12 – 21

RSP 100 Common Applications and Protocols

DHCP (cont.)

• Operates based on a client (UDP port 68)/server (UDP port 67) model
• When a device connects to the network, the DHCP software sends a broadcast query
(DHCPDISCOVER message)
• Any DHCP server on the network may then reserve an IP address for the client and make a
lease offer (DHCPOFFER)
• In response, the client replies with a DHCP request, broadcast to the server, requesting the
offered address (DHCPREQUEST)
• The DHCP server sends a packet to the client that includes the lease duration and any
other configuration information that the client might have requested (DHCPACK)
• DHCP is used for both IPv4 and IPv61

Footnote 1: One of the key features to IPv6 is its auto configuration capabilities
(Stateless Address Auto-configuration (SLAAC)) eliminating the need for a DHCP
server however IPv6 addresses can be DHCP assigned when administrators providing
benefits such as:
Provide logging for an organization that wants accounting of edge devices connecting
to their network.
Dynamically assigning DNS server addresses to clients in environments without IPv6
stateless DNS discovery
Assigning other DHCP option provisioned settings such as VLAN and QoS values to a
VOIP phone

Revision 0218 Mod 12 – 22

RSP 100 Common Applications and Protocols

DHCP Request Fields

• The DHCPACK sent from the DHCP server provides the standard information:
– IP address assignment and subnet mask
– Default Gateway address
– Lease time
– DNS servers
– Domain name

• Many other options can be sent within the DHCPACK message such as:
– Time servers info (NTP)
– Log server
– Host name

Revision 0218 Mod 12 – 23

RSP 100 Common Applications and Protocols

DHCP Option 82

• Also known as DHCP relay agent1 information option and provides increased security when
DHCP is used

• Allows DHCP relay agent devices to be verified preventing DHCP client requests from
untrusted sources

• When DHCP option 82 is included in DHCP packets, additional information about the
clients’ identity is included

• DHCP option 82 contains two sub-options2

– sub-option 1 (circuit ID)
– sub-option 2 (remote ID)

Footnote 1: Relay agent feature allows for the centralization of a DHCP server instead
of one present in each subnet. Because the request is being forwarded beyond the
broadcast domain and forwarded to the DHCP server additional information such as
the subnet the request came in on needs to be forwarded to the server. This allows
the server to respond with the correct IP address that corresponds the subnet the
new device is connecting to.
Footnote 2: Agent Circuit ID Sub-option encodes an agent-local identifier of the
circuit from which a DHCP client-to-server packet was received. It is intended for use
by agents in relaying DHCP responses back to the proper circuit. This generally is used
to identify the IP subnet the request is received on by the relay agent. Agent Remote
ID Sub-option sub-option MAY be added by DHCP relay agents which terminate
switched or permanent circuits and have mechanisms to identify the remote host end
of the circuit.

Revision 0218 Mod 12 – 24

RSP 100 Common Applications and Protocols

Internet Control Message Protocol (ICMP)

RFC 792
• Mechanism used to verify connectivity and send error and control messages about network
problems that are preventing packet delivery
• Located just above Layer 3 (IP) so that it can be routed over the Internet
– ICMP uses IP protocol 1
• Ping and traceroute are common uses of ICMP

Revision 0218 Mod 12 – 25

RSP 100 Common Applications and Protocols

ICMP Message Types

• ICMP messages are sent using the basic IP header

• Echo or Echo Reply Message1
– These message types are used to verify connectivity to a destination

• Other message types are used to communicate to the source device of any problems or
failures which can be sent by gateways or destination devices
– Destination Unreachable Message
• Codes are to identify the possible cause of the failed attempt 2
– Time Exceeded Message
• Used when the TTL field is zero
– Parameter Problem Message
• Used when a problem is identified with the header parameters 3

Footnote 1: This message may be sent with the source network in the IP header
source and destination address fields zero (which means "this" network). The replying
IP module should send the reply with the addresses fully specified. This message is a
way for a host to find out the number of the network it is on. Addresses The address
of the source in an echo message will be the destination of the echo reply message.
To form an echo reply message, the source and destination addresses are simply
reversed, the type code changed to 0, and the checksum recomputed. IP Fields: Type
8 for echo message; 0 for echo reply message.
Footnote 2: Destination unreachable messages include codes identifying the reason
for delivery failure. These codes include: 0 = net unreachable; 1 = host unreachable; 2
= protocol unreachable; 3 = port unreachable; 4 = fragmentation needed and DF set;
5 = source route failed.
If, in the destination host, the IP module cannot deliver the datagram because the
indicated protocol module or process port is not active, the destination host may
send a destination unreachable message to the source host. Another case is when a
datagram must be fragmented to be forwarded by a gateway yet the Don't Fragment
flag is on. In this case the gateway must discard the datagram and may return a
destination unreachable message. Codes 0, 1, 4, and 5 may be received from a
gateway. Codes 2 and 3 may be received from a host.
Footnote 3: If the gateway or host processing a datagram finds a problem with the
header parameters such that it cannot complete processing the datagram it must
discard the datagram. One potential source of such a problem is with incorrect
arguments in an option. The gateway or host may also notify the source host via the

Revision 0218 Mod 12 – 26

RSP 100 Common Applications and Protocols

parameter problem message. This message is only sent if the error caused the datagram to
be discarded.

Revision 0218 <Mod 12> - 26

RSP 100 Common Applications and Protocols

Common Applications

Revision 0218 Mod 12 – 27

RSP 100 Common Applications and Protocols

File Transfer Protocol (FTP)

RFC 959
• Standard network protocol used to transfer files between hosts using TCP

• Built as a client-server connection using separate control and data connections1

• Authentication is often used but supports anonymous connection depending on server

configuration

• FTP was not designed as a secure protocol and has many security weaknesses
– Can be secured with Secure Sockets Layer (SSL)/Transport Layer Security (TLS) as FTP Secure (FTPS)

Footnote 1: control connection provides a communication path between the USER-PI

and SERVER-PI for the exchange of commands and replies. This connection follows
the Telnet Protocol. The data connection provides a full duplex connection over which
data is transferred, in a specified mode and type. The data transferred may be a part
of a file, an entire file or a number of files. The path may be between a server-DTP
and a user-DTP, or between two server-DTPs.

Revision 0218 Mod 12 – 28

RSP 100 Common Applications and Protocols

FTP (cont.)

• FTP servers listen to control requests on port 21

• FTP establishment can function in active or passive mode
– Active mode, the client establishes the control channel and the server establishes the data channel to
client port Y, where Y has been supplied by the client1
– In passive mode, the client establishes both channels. In that case, the server tells the client which port
should be used for the data channel2
• FTP provides support for different data types ensuring correct formatting of transferred
data3
– Two most common data types are:
• ASCII Type - intended primarily for the transfer of text files
• IMAGE Type - data are sent as contiguous bits which, for transfer, are packed into the 8-bit transfer bytes4

Footnote 1: Active connections are usually initiated from client port X to server port
21. Data ports established from the server generally use port 20 to client port Z
(client Z port has been supplied by the client).
Footnote 2: Passive mode is often used when the FTP server cannot establish the
data channel. This is common when network firewalls are in the path. While there
might be a firewall rule allowing the establishment of FTP connections outward the
data channel back through your firewall cannot be established. Passive mode solves
this because both channels (control/data) are initiated from the client side.
Footnote 3: Moving text files from one platform to another using regular FTP, the
data will be moved exactly in the format it was in. Programs would not correctly
recognize end of line markers etc. if a text file was moved from UNIX system to a PC.
FTP incorporates some intelligence to handle these different file formatting. The FTP
standard allows the specification of certain details about the file's internal
representation prior to transfer.
Footnote 4: The Image type is generally used for generic binary files (graphical
images/ZIP files) as well as other data that are represented in a universal manner
(standard). It is also often called binary type as well.

Revision 0218 Mod 12 – 29

RSP 100 Common Applications and Protocols

FTP Connections

Control Connection
Port 21 Port A

Data Connection (ACTV)

Port 20 TCP SYN -> Port B
Client
Server Data Connection (PASV)
Port C <- TCP SYN Port D

Revision 0218 Mod 12 – 30

RSP 100 Common Applications and Protocols

Trivial File Transfer Protocol (TFTP)

• TFTP allows a client to retrieve files from or place files on a remote host
• Initially standardized in 1981; RFC 1350 contains the current specification
• Simple design makes it the primary protocol for initial stages from network booting
strategies
• Often used to transfer firmware images and configuration files to network devices
like routers, firewalls, and IP phones
• Rarely used for Internet transfers
• Uses UDP port 69 as its transfer protocol making it quicker however less reliable than FTP

Revision 0218 Mod 12 – 31

RSP 100 Common Applications and Protocols

Telnet

RFC 854
• Provides reliable connectivity to devices where command line interfaces (CLI) are needed 1

• An application layer protocol that runs over TCP port 23

• A reliable client-server communications application that is used predominantly for remote

device access for administration purposes

• Generally authentication is performed during connection and all data is transferred in clear
text
– SSH with its security enhancements is quickly replacing telnet for CLI connectivity

Footnote 1: The purpose of the TELNET Protocol is to provide a fairly general, bi-
directional, eight-bit byte oriented communications facility. Its primary goal is to
allow a standard method of interfacing terminal devices and terminal-oriented
processes to each other.

Revision 0218 Mod 12 – 32

RSP 100 Common Applications and Protocols

Secure Shell (SSH)

RFC 4253
• The Secure Shell (SSH) is a protocol for secure remote login and other secure network
services over an insecure network

• An encrypted network protocol running over TCP port 22

• Provides strong encryption, server authentication, and integrity protection with a key
based cryptography1

• Supports tunneling and forwarding TCP ports

• Designed to replace terminal connection protocols like telnet because they send
information (notably passwords) in plaintext, rendering them susceptible to interception

Footnote 1: SSH has been designed to operate with almost any public key format,
encoding, and algorithm (signature and/or encryption).

Revision 0218 Mod 12 – 33

RSP 100 Common Applications and Protocols

SSH Connections

Client request SSH connection

TCP Port 22
Handshake determines protocol version

Key exchange and algorithm negotiation

Secure session setup

Client
Server
Session traffic protected by SSH tunnel

SSH protocol, version 1 SSH protocol, version 2

Separate transport, authentication, and
Single monolithic protocol
connection protocols
Weak CRC-32 integrity check Strong integrity check with cryptographic
susceptible to insertion attacks Message Authentication Codes (MACs)
Does not support password
Supports password changing
changing
One session channel per
Any number of session channels per connection
connection
Negotiates modular cryptographic and
Negotiates only the bulk cipher; compression algorithms, including bulk
all others are fixed encryption, MAC, and public key or digital
certificates
Encryption, MAC, and compression are
The same algorithms and keys
negotiated separately for each direction, with
are used in both directions
independent keys

Revision 0218 Mod 12 – 34

RSP 100 Common Applications and Protocols

Hypertext Transfer Protocol (HTTP)

RFC 2616
• Underlying protocol of the World Wide Web
– Uses TCP port 80
– Secure version—HTTPS uses TCP port 4431

• Defines message format and transmission

• Specifies the actions web servers and browsers should take in response to various
commands
– Entering a URL into a browser sends an HTTP command directing the web server to fetch and transmit the
requested web page; Request-Reply model

Footnote 1: Uses secure socket layer (SSL) encryption to provide secure transmission
of data. Standard HTTP is sent in clear text.

Revision 0218 Mod 12 – 35

RSP 100 Common Applications and Protocols

HTTP Methods

Indicate actions to be performed on resources

• GET—Requests information from a specified resource

• POST—Submits information to a specified resource to be processed

• PUT—Replaces all current representations of the target resource with the uploaded
content

• DELETE— Requests that the origin server delete the resource identified by the Request-
Uniform Resource Identifier (URI)1

Footnote 1: URIs have been known by many names: WWW addresses, Universal
Document Identifiers, Universal Resource Identifiers, and finally the combination of
Uniform Resource Locators (URL) and Names (URN). As far as HTTP is concerned,
Uniform Resource Identifiers are simply formatted strings which identify--via name,
location, or any other characteristic--a resource.
• DELETE—Requests all current representations of the target resource be removed
• OPTIONS—Requests information about the communication options available with
the target resource
• CONNECT—Requests that a proxy establish a tunnel connection to the target
resource. It converts the connection to a transparent TCP/IP tunnel, often to
facilitate HTTPS

Revision 0218 Mod 12 – 36

RSP 100 Common Applications and Protocols

LAB EXERCISE

Revision 0218 Mod 12 – 37

RSP 100 Common Applications and Protocols

End of Module 12
Common Applications and Protocols

Revision 0218 Mod 12 – 38

RSP 100 Resiliency and Performance

Module 13
Resiliency and Performance

Revision 0218 Mod 13 - 1

RSP 100 Resiliency and Performance

Legal Disclaimer

Revision 0218 Mod 13 - 2

RSP 100 Resiliency and Performance

Objectives

• After completing this module, attendees will be able to:

– Describe the purpose of Quality of Service (QoS) and its functions and application
– Explain how sampled flow (sFlow) provides statistics and data
– Discuss how OpenFlow 1.3 delivers dynamic traffic control capabilities
– Compare and contrast functions of different link failure detection protocols
– Describe the features of Virtual Router Redundancy Protocol (VRRP)

Revision 0218 Mod 13 - 3

RSP 100 Resiliency and Performance

Quality of Service

Revision 0218 Mod 13 - 4

RSP 100 Resiliency and Performance

What Is Quality of Service?

• Optimizes bandwidth utilization and enforces service-level agreements (SLAs) for different
services and applications
• Helps maintain network availability in the event of denial-of-service (DoS)/worm attacks
– Assigns control/management traffic with high priorities and puts in separate queues

Here are some example QoS targets:

• Voice—No dropped calls or static
• (Latency <150 ms, jitter <30 ms, loss <1%)
• Video—High-quality, smooth video
• (Latency <150 ms, jitter <50 ms, loss <0.05%)
• Data—Different SLAs for business users/applications
• Control delay, jitter, and packet loss

Revision 0218 Mod 13 - 5

RSP 100 Resiliency and Performance

QoS Elements

• Classification
– Traffic is differentiated and handled based on prioritization1
• Policing
– Manages traffic congestion by determining whether packets are conforming to administratively defined
traffic rates and takes action accordingly (passing, remarking, or dropping a packet)2
• Queuing
– QoS values are mapped to various “lanes” on outbound ports
– Segregation of outbound traffic providing opportunity of preferential treatment of forwarding
– Queue congestion avoidance is can be controlled by algorithms such as Random Early Detection (RED) or
Weighted Random Early Detection (WRED)

Footnote 1: This prioritization can be derived by different factors including honoring

or forcing a value. Further details to follow.
Footnote 2: Policing allows for the identification of priority traffic and can allocate
appropriate resources to that traffic. Lower priority traffic is handled according to its
drop precedence and other factors. Policing is beyond the scope of this course
however further details can be obtained in the traffic management guides of your
appropriate switch.

Revision 0218 Mod 13 - 6

RSP 100 Resiliency and Performance

QoS Elements (cont.)

• Scheduling
– Scheduling determines how the frames or packets in the queues are served
– Examples include weighted round robin (WRR) scheduling algorithm, strict priority scheduling algorithm,
or hybrid of each
• Remarking
– Remarking is typically the last phase of the QoS process
– The remarking engine has the option of rewriting the QoS value of a packet before it is put out onto the
wire
– The QoS values that can be remarked include 802.1p and IP precedence with Differentiated Services Code
Point (DSCP) bits

Revision 0218 Mod 13 - 7

RSP 100 Resiliency and Performance

Layer 2 QoS Classification

• Layer 2 class of service (CoS) is a subcategory of QoS

• 3-bit prioritization field in the 802.1Q header that categorizes network traffic based on
importance

• Uses eight classifications (0 through 7)

– Higher numerical value = higher precedence

• CoS benefits include:

– Can be interpreted by other QoS tagging methods
– Regulates incoming and outgoing traffic

In tagged Ethernet frames, IEEE 802.1Q uses CoS, a subcategory of QoS. CoS is a 3-bit
prioritization field used to categorize network traffic based on importance. Also
referred to as tagging, CoS uses eight categories (0 through 7) to influence traffic. The
most important information is categorized as 7 and the least important is 0. The
lower the priority, the more likely the packet is to be dropped.
CoS ultimately prevents important traffic from being discarded. CoS is leveraged
exclusively on Layer 2. Alternative QoS categorization methods can function on Layer
3, such as IP precedence or DSCP. CoS maintains relatively steady network traffic, but
it does not perform as well as QoS and switches do not always support the use of
CoS.
CoS benefits include:
• The CoS scale can be interpreted by other QoS tagging methods (used by
routers, switches, and other devices).
• This method regulates incoming and outgoing traffic.
• CoS supersedes predetermined priorities or values of frames if needed.

Revision 0218 Mod 13 - 8

RSP 100 Resiliency and Performance

Layer 2 QoS Classification (cont.)

• 802.1p functions at Layer 2 as part of the 802.1Q VLAN marking, sharing a portion of the
16-bit field
• 3-bit Class of Service (CoS) value in 802.1Q header allows for eight levels of QoS

Revision 0218 Mod 13 - 9

RSP 100 Resiliency and Performance

Layer 3 QoS Classification

• Differentiated Services Code Point (DSCP)

• DSCP is a 6-bit field in an IP header that enables different levels of service to be assigned
to network traffic
• Differentiated services (DiffServ) specifies a mechanism for classifying and managing
network traffic and providing QoS
– Each data packet is placed into 1 of 64 different traffic classes1
– Routers perform packet classification and policing at the network edge
• They mark packets to receive a specific type of per-hop behavior

• Combines IP precedence with type of service (ToS) fields

• Defined in RFC 2474

Footnote 1: Routing and switching devices use up to eight hardware queues that
provide varying levels of service. Internal mappings within the devices will classify
packets by these traffic classes and assign them to a queue for servicing.

Revision 0218 Mod 13 - 10

RSP 100 Resiliency and Performance

DSCP and IP Precedence Values Within an IP Header

Version ToS
Len ID Offset TTL Proto FCS IP SA IP DA Data
Length Byte

7 6 5 4 3 2 1 0
Standard IPv4
IP Precedence Unused
DSCP IP ECN DiffServ Extensions

Class Class Drop

TOS Delay TOS TOS DSCP DSCP Class/PHB Name DSCP Selector Precedence
Throughput Reliability Binary Default 000 000 0
1 1 0 101 EF AF11 001 010 1 Low
110 AF12 001 100 1 Medium
AF13 001 110 1 High

• DSCP value is decoded in two parts:

AF21 010 010 2 Low
AF22 010 100 2 Medium

– 3-bit priority (0-7) AF23 010 110 2 High

AF31 011 010 3 Low
• Can be mapped directly to 802.1p AF32 011 100 3 Medium
– 2-bit drop precedence (0-3) AF33 011 110 3 High
AF41 100 010 4 Low
AF42 100 100 4 Medium
AF43 100 110 4 High
EF 101 110 5

A default DSCP decode table is used to derive a 3-bit priority value and a 2-bit drop
precedence value for incoming packets.
The input and outputs are:
The input to this table is a DSCP value.
The outputs of this table are a priority value (0 to 7) and a drop precedence value
(0 to 3) for the packet.
The user can also define a decode DSCP policy map that takes precedence over the
default DSCP decode table.
Note: Explicit Congestion Notification (ECN) occupies the least-significant 2 bits of the
IPv4 ToS field and IPv6 traffic class field.
When a device receives a packet, it has several options about how to treat that
packet. Based on the properties of each packet, the router can decide to:
• Honor the Layer 2 or Layer 3 markings and transmit normally
• Ignore the priority labels and drop the packet
• Change the IP precedence of the packet, depending on the administrator’s
preference

Revision 0218 Mod 13 - 11

RSP 100 Resiliency and Performance

Statistics and Data

Revision 0218 Mod 13 - 12

RSP 100 Resiliency and Performance

sFlow

• Industry standard system for collecting information about traffic flow patterns and
quantities for a set of devices

• Designed to be embedded in any network device

• Provides continuous statistics on any protocol, so all network traffic can be monitored

• Applications include troubleshooting, traffic congestion control, route profiling, network

usage trending, network design, and capacity planning

Some applications of sFlow include:

Network outages—sFlow can monitor thousands of ports in a network to
accurately pinpoint reasons for network outages or why traffic on a server is slow.
Traffic monitoring—sFlow provides real-time statistics of traffic on the network,
including bandwidth used, protocols, connections, and so on.
Network planning—Historic traffic usage trends can be used to determine
network capacities for planning purposes.
Intrusion detection—sFlow can help recognize network-based attacks.
Profiling routes—Traffic flow rates for each route can be determined.
Accounting and billing—For billing purposes, sFlow can provide detailed statistics
about applications in use on the network.

Revision 0218 Mod 13 - 13

RSP 100 Resiliency and Performance

sFlow (cont.)

• sFlow Agent — Software process embedded in devices that combines interface counters
and flow samples into sFlow datagrams sent via UDP port 6343 to the IP address of a
collector
• sFlow Collector — Centralized software process that analyzes sFlow datagrams to produce
a network-wide view of traffic flows

sFlow
sFlow Collector
sFlow

sFlow

sFlow Agents

Revision 0218 Mod 13 - 14

RSP 100 Resiliency and Performance

sFlow (cont.)

• sFlow samples packets, but performs traffic analysis on a separate machine (typically a
server)—this allows for real-time responsiveness
• The sampling rate is the ratio of the number of packets incoming on an sFlow-enabled port
to the number of flow samples taken from those packets
• The sample data is collected from inbound traffic on ports enabled for sFlow, but both
traffic directions are counted for byte and packet counter statistics, which are then sent to
the collector
• Configuration considerations:
– The sampled sFlow data sent to the collectors includes an agent_address field, which identifies the router-
id of the device that sent the data

Traditional technologies focus on analyzing each packet and embedding traffic

monitoring inside routers. This methodology impacts the performance of the router
(especially at high traffic speeds) and leads to inaccurate results. sFlow samples
packets, but separates traffic analysis from traffic sampling. While the sampling logic
is embedded inside the network element (for example, the router or switch), traffic
analysis is actually performed on a separate machine (typically a server). This allows
for both larger-scale traffic and real-time responsiveness.
The sampling rate is the ratio of the number of packets incoming on an sFlow-
enabled port to the number of flow samples taken from those packets. sFlow
sampling requires high management CPU usage, which can affect performance in
some configurations, especially if a high sampling rate is configured.
The sample data is collected from inbound traffic on ports enabled for sFlow.
However, both traffic directions are counted for byte and packet counter statistics,
which are then sent to the collector.
Configuration considerations include:
• The sampled sFlow data sent to the collectors includes an agent_address field.
This field identifies the IP address of the device that sent the data.
• sFlow looks for an IP address in the following order, and uses the first address
found:
• The explicitly configured router ID
• The first IP address on the lowest-numbered loopback interface
• The first IP address on the lowest-numbered virtual interface

Revision 0218 Mod 13 - 15

RSP 100 Resiliency and Performance

• The first IP address on any interface

Revision 0218 <Mod 13> - 15

RSP 100 Resiliency and Performance

Dynamic Traffic Control

Revision 0218 Mod 13 - 16

RSP 100 Resiliency and Performance

OpenFlow 1.3

• Protocol that allows network controllers to determine the path of network packets
• Separates control plane from data plane to provide more sophisticated traffic management
• Packets that do not match a flow table entry may be sent to the controller or dropped
– Controller then determines whether to change existing flow table rules or to generate new rules
• Enabler of software-defined networking (SDN)
• OpenFlow is layered on top of TCP and can use Transport Layer Security (TLS)

OpenFlow is an industry-standard SDN protocol that facilitates communication

between the forwarding plane of a network switch or router and the controller that
enables network-wide flow control. It provides far greater programmatic control of
the network than is possible with traditional network architectures, enabling new
network applications to be developed for virtualized environments.
OpenFlow 1.3 delivers a rich feature set required for commercial and enterprise
networks to address complex network behavior and optimize performance for
dynamic SDN applications. These features include Quality of Service (QoS), Q-in-Q,
Group Tables, Active-Standby Controller, IPv6 and more.

Revision 0218 Mod 13 - 17

RSP 100 Resiliency and Performance

Link Failure Detection Protocols

Revision 0218 Mod 13 - 18

RSP 100 Resiliency and Performance

Bidirectional Forwarding Detection (BFD)

• A protocol that very rapidly detects faults between two adjacent routers connected by a link
• Must be enabled at the interface and routing protocol levels
• Two modes:
– Asynchronous—Both routers periodically send hello packets to each other; if a number of packets are not
received, the session is considered down
– Demand—Hello packets are not sent and the routers have another way to verify connectivity
• With Echo function, one router sends a stream of Echo packets that the other router returns via its data plane
• If a fault is detected, an action is triggered within a routing protocol (severing a session or adjacency)
• BFD has low overhead because it runs on the data plane (not the control plane)
• The BFD protocol is defined in RFC 5880

BFD provides a rapid forwarding path failure detection service to a routing protocol.
BFD provides rapid detection of the failure of a forwarding path by checking that the
next-hop device is alive. Without BFD enabled it can take from 3 to 30 seconds (based
on typical routing protocol dead timers) to detect that a neighboring device is not
operational, causing packet loss due to incorrect routing information at a level
unacceptable for real-time applications such as VOIP and video over IP.
Using BFD, you can detect a forwarding path failure in 300 milliseconds or less,
depending on your configuration.

Revision 0218 Mod 13 - 19

RSP 100 Resiliency and Performance

Remote Fault Notification (RFN)

• Allows a transmit port to notify the remote port when light is no longer being received
– Transmit LEDs on both ends are disabled when a fault is detected
– Only supported on 1 Gb/s Ethernet fiber ports1

No Signal

Rx 1 Gbps Fiber Link Tx

Tx Rx
Link down Disable LED

Footnote 1: This feature is part of the IEEE 802.3 auto-negotiation specification for
Gigabit Ethernet.

Revision 0218 Mod 13 - 20

RSP 100 Resiliency and Performance

device# show interface ethernet 1/1/10 10GigabitEthernet1/1/10 is down (remote fault), line protocol is down Hardware is 10GigabitEthernet, address is 0000.0027.79d8 (bia 0000.0027.79d8) Configured speed 10Gbit, actual unknown, configured duplex f

Link Fault Signaling (LFS)

• A protocol that enables1 communication between two 10 Gb/s (or higher) Ethernet devices
– When configured, the port can detect and report fault conditions on transmit and receive ports
LFS has detected a link fault
on the remote side
device# show interface ethernet 1/1/10
10GigabitEthernet1/1/10 is down (remote fault), line protocol is down
Hardware is 10GigabitEthernet, address is 0000.0027.79d8 (bia 0000.0027.79d8)
Configured speed 10Gbit, actual unknown, configured duplex fdx, actual unknown
Member of L2 VLAN ID 1, port is untagged, port state is BLOCKING
BPDU guard is Disabled, ROOT protect is Disabled
Link Fault Signaling is Enabled, Link Error Dampening is Disabled
STP configured to ON, priority is level0
Flow Control is disabled
mirror disabled, monitor disabled
<Truncated for brevity...>

Footnote 1: When LFS is enabled on an interface, syslog messages or alerts may be

generated in two instances:
• When the link goes up or down
• When the transmit or receive fiber is removed from one or both sides of the link
that has LFS enabled
Example syslog messages are:
Interface ethernet1/1/1, state down - link down
Interface ethernet1/1/1, state up

Revision 0218 Mod 13 - 21

RSP 100 Resiliency and Performance

Virtual Router Redundancy Protocol

Revision 0218 Mod 13 - 22

RSP 100 Resiliency and Performance

Virtual Router Redundancy Protocol

• Provides redundancy to default gateways servicing hosts on the same subnet (RFC 5798)
– Allows an alternate router path for a host without changing the IP address or MAC address of its gateway
– Reliability is achieved by advertising a virtual router as the default gateway
– Two or more physical routers are configured to host a virtual router, with only one doing the actual routing at any
given time

Virtual Router
VRRP Router Virtual IP 192.53.5.1 VRRP Router
Master Virtual MAC 00-00-5E-00-01-01 Backup

WAN WAN

Host 1
Default Gateway
192.53.51

Revision 0218 Mod 13 - 23

RSP 100 Resiliency and Performance

VRRP Terminology

• Virtual router: An object managed by VRRP that acts as a default gateway for hosts on a
shared LAN and consists of:
– Virtual Router Identifier
– Virtual IP address (VIP)
– Virtual MAC address
• VRRP router: A router running the Virtual Router Redundancy Protocol
– May be a participant in one or more virtual router instances1
• Virtual Router Identifier (VRID): Used to identify each virtual router in the subnet
– Supported decimal range is 1 to 255
– There is no default

Footnote 1: A VRRP router can host more than one virtual router and thus backs up
the VRID and VIP associated with each virtual router.

Revision 0218 Mod 13 - 24

RSP 100 Resiliency and Performance

VRRP Terminology (cont.)

• Virtual MAC: The first five octets are a multicast standard MAC prefix for VRRP and the last
octet is the VRID1

• VIP: The IP address used by the virtual router

• IP address owner: The VRRP router that has the same real interface IP address as the
virtual router's IP address
– When healthy, this router always becomes the master

Footnote 1: The first five octets of the address are the standard multicast MAC prefix
for VRRP packets, as described in RFC 2338. The last octet is the VRID. The VRID
number becomes the final octet in the virtual MAC address associated with the
virtual router.
When you configure a VRID, the software automatically assigns its MAC address.
When a VRID becomes active, the master router broadcasts a gratuitous Address
Resolution Protocol (ARP) request containing the virtual router MAC address for each
IP address associated with the virtual router.
In this figure, the switch sends a gratuitous ARP with MAC address 00-00-5E-00-01-01
and IP address 192.53.5.1. Hosts send the virtual router’s MAC address in routed
traffic to their default IP gateway (in this example, 192.53.5.1).

Revision 0218 Mod 13 - 25

RSP 100 Resiliency and Performance

VRRP Terminology (cont.)

• Master: The VRRP router responsible for forwarding packets for the VIP associated with
the virtual router
– Creates and responds to ARP requests for the VIP
• Backup: The set of VRRP routers available to assume forwarding responsibility for a virtual
router should the current master fail
• VRRP priority: Each router has a priority set for each VRID it hosts to determine which
router becomes the master
– 255 is reserved for the IP address owner to guarantee it always becomes the master
– Priority can be set from 3 to 254 (255 is the highest priority)
– Priorities from 3 to 254 are used for backups (default value for backups is 100)
– Priorities 1 and 2 are reserved for track port failure

Revision 0218 Mod 13 - 26

RSP 100 Resiliency and Performance

VRRP Master Selection

• All VRRP routers send multicast VRRP advertisements called hellos to determine the master
– Owner: The router with an interface IP address that matches the VIP address; the default priority is 255,
which causes the owner to become the default master
– Master: Sends hellos as a keepalive and responds to ARP and ICMP requests (such as ping)

VRRP Router Virtual Router VRRP Router

VRID 1 Master Virtual IP 192.53.5.1 VRID 1 Backup
Priority 255 Virtual MAC 00-00-5E-00-01-01 Priority 100

WAN WAN

IP: 192.53.5.1 IP: 192.53.5.2

Owner Hello

Ping

Host 1
Default Gateway
192.53.51

Revision 0218 Mod 13 - 27

RSP 100 Resiliency and Performance

VRRP Failover

• Master sends hellos based on the hello interval

– Backup routers use the dead interval to track the last hello from the master

– If the dead interval expires before the hello is received, the backup router with the highest priority
becomes the master

– New master sends gratuitous ARP (GARP) to update MAC tables in the LAN

Revision 0218 Mod 13 - 28

NIP 200 Resiliency and Performance

VRRP Track Port

• A track port is one or more egress interface(s) on the router that is configured to be
monitored
– The track priority value is set to a lower value than the VRRP priority
• The default track priority for the IP address owner is 2
• The default track priority for backup routers is 1

Revision 1215 13 – 29
RSP 100 Resiliency and Performance

LAB EXERCISE

Revision 0218 Mod 13 - 30

RSP 100 Resiliency and Performance

End of Module 13
Resiliency and Performance

Revision 0218 Mod 13 - 31

RSP 100 Security Features and Protocols

Module 14
Security Features and Protocols

Revision 0218 Mod 14 – 1

RSP 100 Security Features and Protocols

Legal Disclaimer

Revision 0218 Mod 7 - 2

RSP 100 Security Features and Protocols

Objectives

• After completing this module, attendees will be able to:

– Describe authentication protocols, including network security and authorization features
– Discuss the purpose of access control lists (ACLs), including configuration details
– Explain how address translation protocols help manage IP addresses on local area networks

Revision 0218 Mod 14 – 3

RSP 100 Security Features and Protocols

Authentication Protocols

Revision 0218 Mod 14 – 4

RSP 100 Security Features and Protocols

Port Based Network Access Control (802.1X)

• Designed to regulate access to a network using authentication as set by the IEEE 802.1
working group

• Client-server-based type of access control and authentication which restricts unauthorized

clients from connecting to the LAN1

• Uses the Extensible Authentication Protocol (EAP) (RFC 2284) to support centrally
administered authentication and defines EAP encapsulation of LANs (EAPOL)

• Allows MAC-based or username/password authentication

Footnote 1: Supplicant devices (end devices) must be running 802.1x client software
providing the communication and authentication processes.

Revision 0218 Mod 14 – 5

RSP 100 Security Features and Protocols

802.1X (cont.)

• Provides the ability for dynamically applying VLAN and IP ACL or MAC address filtering to a
port, based on information received from the Authentication Server
– If client is not authorized options to drop traffic from the client, or to place the port in a “restricted” VLAN
are available

• Provides authentication for multiple devices connecting to a single port such as a Wireless
LAN (WLAN)

• Controlled and uncontrolled ports1

• Message exchange during authentication

Footnote 1: A physical port on the device used with 802.1X port security has two
virtual access points: a controlled port and an uncontrolled port. The controlled port
provides full access to the network. The uncontrolled port provides access only for
EAPOL traffic between the Client and the Authentication Server. When a Client is
successfully authenticated, the controlled port is opened to the Client.
Before a Client is authenticated, only the uncontrolled port on the Authenticator is
open. The uncontrolled port allows only EAPOL frames to be exchanged between the
Client and the
Authentication Server. The controlled port is in the unauthorized state and allows no
traffic to pass through.
During authentication, EAPOL messages are exchanged between the Supplicant PAE
and the Authenticator PAE, and RADIUS messages are exchanged between the
Authenticator PAE and the Authentication Server. If the Client is successfully
authenticated, the controlled port becomes authorized, and traffic from the Client
can flow through the port normally.

Revision 0218 Mod 14 – 6

RSP 100 Security Features and Protocols

802.1X (cont.)

• Authentication Server
– Accepts and responds to authentication requests
• Authenticator Port Access Entity (PAE)
– Acts as a RADIUS client
• Supplicant PAE
– Supplies client information to Authenticator PAE
– Can initiate authentication procedure
• EAPOL messages are passed between the PAEs
802.1X-enabled
Supplicant
Device
Authenticator
RADIUS EAPOL
Messages Messages
Authenticator Supplicant
PAE PAE

Authentication Server

802.1x Device Roles & How They Communicate

EAP – Extensible Authentication Protocol (RFC 2284) is used
For communication between the devices, 802.1X port security uses the Extensible
Authentication Protocol (EAP), defined in RFC 2284. The 802.1X standard specifies a
method for encapsulating EAP messages so that they can be carried over a LAN. This
encapsulated form of EAP is known as EAP over LAN (EAPOL). The standard also
specifies a means of transferring the EAPOL information between the
Client/Supplicant, Authenticator, and Authentication Server.
EAPOL messages are passed between the Port Access Entity (PAE) on the Supplicant
and the Authenticator.
• When the Client responds, it is prompted for a username (255 characters maximum) and
password. The Authenticator passes this information to the Authentication Server, which
determines whether the Client can access services provided by the Authenticator. When
the Client is successfully authenticated by the RADIUS server, the port is authorized. When
the Client logs off, the port becomes unauthorized again.
• Many 802.1X implementations support dynamic VLAN assignment. If one of the attributes
in the Access- Accept message sent by the RADIUS server specifies a VLAN identifier, and
this VLAN is available on the switching device, the client’s port is moved from its default
VLAN to the specified VLAN. When the client disconnects from the network, the port is
placed back in its default VLAN.
• If a Client does not support 802.1X, authentication cannot take place. The authenticator
device sends EAP-Request/ Identity frames to the Client, but the Client does not respond

Revision 0218 Mod 14 – 7

RSP 100 Module Name

to them.
• When a Client that supports 802.1X attempts to gain access through a non-802.1X-enabled port, it
sends an EAP start frame to the authenticator PAE device. When the device does not respond, the
Client considers the port to be authorized, and starts sending normal traffic.

Revision 0218 <Mod #> - 7

RSP 100 Security Features and Protocols

Authentication, Authorization, Accounting (AAA)

• RFC 6733
• Framework for granular control of access to resources, enforcing policies, auditing usage,
and providing a record
– Authentication: Identifying the user
– Authorization: Verifying that the user is allowed to take a requested action
– Accounting: Maintains records showing that an action has occurred, time spent, resource consumption
which can be used for capacity and trend analysis and possibly billing
• Combined these processes provide effective network management and security
• Protocols used for authentication and collection of services:
– RADIUS
– Terminal Access Controller Access Control System Plus (TACACS+)

Revision 0218 Mod 14 – 8

RSP 100 Security Features and Protocols

TACACS+

• TACACS is an older authentication protocol common to UNIX networks (defined in RFC

1492)
• TACACS+ is an entirely new protocol that handles AAA services and is not compatible with
TACACS
• TACACS+ uses Transmission Control Protocol (TCP) port 49
• TCP is a connection-oriented protocol, so TACACS+ does not have to implement
transmission control
• TACACS+ can separate authentication, authorization, and accounting into separate
functions
• Often used for device administration
– Manages permission regarding who can access a network device console, telnet session, or Secure Shell
(SSH) session

Revision 0218 Mod 14 – 9

RSP 100 Security Features and Protocols

Remote Authentication Dial-In User Service

• RFC 2865/2866

• RADIUS provides centralized AAA management for users connect and use a network
service via a client/server model

• User Datagram Protocol (UDP) port 1812/1645 for authentication/authorization (these are
bundled together)

• UDP port 1813 (1646 for accounting)

• Network access devices usually contain a RADIUS client component that communicates
with the RADIUS server

Revision 0218 Mod 14 – 10

RSP 100 Security Features and Protocols

RADIUS Authentication and Authorization Process

1. The user or resource sends a request for access to the Network Access Server (NAS) with
their credentials

2. NAS sends a RADIUS Access-Request message to the RADIUS server

3. The RADIUS server checks that the information is correct

– Access-Reject: User is unconditionally denied access to all requested network resources
– Access-Challenge: Additional information (secondary password, PIN, token, or card) is requested from
the user
– Access-Accept: The user is granted access

Revision 0218 Mod 14 – 11

RSP 100 Security Features and Protocols

Access Control Lists

Revision 0218 Mod 14 – 12

RSP 100 Security Features and Protocols

Access Control Lists

• ACLs provide a method of classifying or identifying traffic allowing control as well as

permitting or denying incoming frames from passing
• Each ACL is a collection of permit and deny statements (rules) that apply to frames
– IP ACLs have an implicit deny at the end
• A switch compares the fields in the frame against any ACLs applied to the interface
verifying that the frame has the required permissions to be received or forwarded
• The switch sequentially compares the frame against each rule in the ACL and either
forwards, drops or manipulates1
– The order of the rules in an ACL is critical
– The first rule that matches the traffic stops further processing of the frame

Footnote 1: ACLs in their simplest form can be used for security or traffic
management. They can also however be used to identify unique traffic allowing it to
be manipulated or adapted based on the admins preference. Often they are used in
route maps and prefix lists which are topics beyond the scope of this class.

Revision 0218 Mod 14 – 13

RSP 100 Security Features and Protocols

Access Control Lists (cont.)

• Primary benefits of ACLs:

– Provide a measure of security
– Save network resources by reducing traffic
– Block unwanted traffic or users
– Reduce the chance of denial-of-service (DoS) attacks
– Classify traffic providing the ability to manipulate its behavior, treatment or attributes

• Types of ACLs:1
– Standard ACLs filter packets based on source addressing
– Extended ACLs filter packets based on source and destination data2

Footnote 1: Often you can give a name to an ACL instead of a number

Footnote 2: This includes IP/TCP ports and protocols.

Revision 0218 Mod 14 – 14

RSP 100 Security Features and Protocols

Standard ACL Example

ACL Example:
access-list 1 deny host 209.157.22.26 log
access-list 1 deny host 209.157.29.12 log
access-list 1 deny host 209.157.29.72 log
access-list 1 permit any

• Generally the number range for standard ACLs is 1 to 99

209.157.29.72
209.157.29.12

Denied Packets
209.157.22.26 209.157.22.26
Internet 209.157.29.12
209.157.29.72

Standard ACL configuration details include:

• The host command is used in the syntax as a substitute for the subnet mask.
• The first time an ACL entry permits or denies a packet, the software immediately
generates a syslog entry and Simple Network Management Protocol (SNMP) trap.
The software also starts a five-minute timer. The timer keeps track of all packets
explicitly denied by the ACL entries. After five minutes, the software generates a
single syslog entry for each ACL entry that has denied a packet. The message
indicates the number of packets denied by the ACL entry during the previous five
minutes.

Revision 0218 Mod 14 – 15

RSP 100 Security Features and Protocols

Configuring Extended ACLs

• Extended ACLs let you filter packets based on:

– IP protocol
– Source/destination IP address or hostname
– Source/destination TCP or UDP port
• The port number can be any TCP/UDP port or any IP protocol number from 0 to 255

Protocol CLI Protocol Acronym Number

Internet Control Message Protocol ICMP 1
(ICMP) (echo/echo reply)
Internet Group Management IGMP 2
Protocol (IGMP)
Open Shortest Path First (OSPF) OSPF 89
Transmission Control Protocol TCP 6
User Datagram Protocol UDP 17

Revision 0218 Mod 14 – 16

RSP 100 Security Features and Protocols

Extended ACL Example

• Deny ping and let other ICMP packets through

• Stop PC with hostname “jrsmith” from viewing multicast streams

• Example: allow all traffic not specifically denied to pass

Router_A(config)# access-list 102 deny icmp any any echo
Router_A(config)# access-list 102 deny igmp host jrsmith.example.com any log
Router_A(config)# access-list 102 permit ip any any
Router_A(config)# interface ethernet 1/1/1
Router_A(config-if-1/1/1)# ip access-group 102 in

• Note: Generally the number range for extended ACLs is 100 to 199

In this example, the first and second entries deny ICMP pings, and the third entry
permits all other ICMP traffic (such as redirects and destination unreachable
messages from hosts in the 209.157.22. x network to hosts in the 209.157.21. x
network). The fourth entry denies IGMP traffic from the host device named
“jrsmith.example.com” to any network. This stops the user from running multicast
and generates syslog entries for denied traffic. The fifth entry permits all packets that
are not explicitly denied by the other entries. Without this entry, the ACL denies all
traffic not explicitly permitted. After the ACL 102 has been created, it is applied to
interface Ethernet 1/1/1.

Revision 0218 Mod 14 – 17

RSP 100 Security Features and Protocols

General Guidelines for Using ACLs

• ACLs are executed sequentially, from top to bottom

• There is an implicit “deny” statement at the end of each ACL

– Specific statements should be before general statements
– All traffic not specifically permitted will be automatically denied

Revision 0218 Mod 14 – 18

RSP 100 Security Features and Protocols

Address Translation Protocols

Revision 0218 Mod 14 – 19

RSP 100 Security Features and Protocols

Network Address Translation (NAT)

• Allows a single device, such as a router, to act as an agent between the Internet (a public
network) and a local (or private) network
• Maps private IP addresses to global (public) addresses that are routable across the Internet

Source: Source:
10.11.100.1030 144.49.210.99:16891

NAT Destination:
Destination: 144.49.210.99:16891
10.11.100/8 10.11.100.1030
Server
Source: Source:
10.11.200.1031 144.49.210.99:16411
Intranet Internet 63.96.4.55
Destination
Destination: 144.49.210.99:16411
10.11.200/8 10.11.200.1031
NAPT Table
Packet from Host A to Server Way Before NAT After NAT
Packet from Server to Host A Outbound 10.11.100.1030 144.49.210.99.16891
Packet from Host B to Server
Packet from Server to Host B Inbound 144.49.210.99.16891 10.11.100.1030
Outbound 10.11.200.1031 144.49.210.99:16411
Inbound 144.49.210.99:16411 10.11.200.1031

Revision 0218 Mod 14 – 20

RSP 100 Security Features and Protocols

NAT (cont.)

• NATs can be static 1:1 mappings

– Bidirectional connections are useful for servers that must be accessible from the outside (public space)
• Dynamic NAT global address are generally allocated from a pool
– Translations are created as the inside (private) devices require access through the NAT gateway
– Connections that are initiated from the inside are unidirectional because they do not exist permanently
• NAT is described in RFC 1631
• NAT private addresses are often defined as per RFC 1918
– 10.0.0.0–10.255.255.255
– 172.16.0.0–172.31.255.255
– 192.168.0.0–192.168.255.255

Revision 0218 Mod 14 – 21

RSP 100 Security Features and Protocols

Port Address Translation (PAT)

• Enables many private IP addresses to map to a single global IP address

• Each connection is uniquely identified by an assigned port number (above 1024)

• Most home networks use PAT

– ISP assigns a single IP address to the home network’s router
– Every connection to the Internet, the router assigns it a port number, which is appended to the internal IP
address

• PATs may be static or dynamic for bidirectional or unidirectional connectivity, respectively

Revision 0218 Mod 14 – 22

RSP 100 Security Features and Protocols

LAB EXERCISE

Revision 0218 Mod 14 – 23

RSP 100 Security Features and Protocols

End of Module 14
Security Features and Protocols

Revision 0218 Mod 14 – 24

ICX200 REV0919 SG L PDF
100% (1)
ICX200 REV0919 SG L PDF
640 pages
CCNP ENCOR v8 Chapter & Final Exam Design Documents
No ratings yet
CCNP ENCOR v8 Chapter & Final Exam Design Documents
19 pages
RCNA Study Guide
No ratings yet
RCNA Study Guide
10 pages
Enterprise Network 1
No ratings yet
Enterprise Network 1
2 pages
HCT407
No ratings yet
HCT407
4 pages
Ccie Rs Written
No ratings yet
Ccie Rs Written
500 pages
MLNP182-01 Network+ Preparation Learning Manual - V1.01 Feb 2018 PDF
No ratings yet
MLNP182-01 Network+ Preparation Learning Manual - V1.01 Feb 2018 PDF
642 pages
Junos Service Provider Switching (JSPX) 1of2
100% (1)
Junos Service Provider Switching (JSPX) 1of2
208 pages
Networking Course Module
No ratings yet
Networking Course Module
10 pages
Ccna
No ratings yet
Ccna
17 pages
Ccna Topics
No ratings yet
Ccna Topics
5 pages
Key Components of Network Infrastructure
0% (1)
Key Components of Network Infrastructure
42 pages
Juniper Docs
No ratings yet
Juniper Docs
274 pages
CCNA Routing and Switching: Cisco Networking Academy
No ratings yet
CCNA Routing and Switching: Cisco Networking Academy
2 pages
CCNA Routing and Switching: Cisco Networking Academy
100% (1)
CCNA Routing and Switching: Cisco Networking Academy
2 pages
1 Introduction+to+CCNA
No ratings yet
1 Introduction+to+CCNA
16 pages
Ezxprt CCNA 200-301 CONTENT
No ratings yet
Ezxprt CCNA 200-301 CONTENT
14 pages
Network+ (N10-007) Student Workbook
No ratings yet
Network+ (N10-007) Student Workbook
89 pages
HCIP-Datacom-Core Technology V1.0 TrainingMaterial
No ratings yet
HCIP-Datacom-Core Technology V1.0 TrainingMaterial
1,419 pages
CCNA 200 301 v1 (OwnLatest)
No ratings yet
CCNA 200 301 v1 (OwnLatest)
3 pages
CN Chaptr 1,2,3
No ratings yet
CN Chaptr 1,2,3
239 pages
CCNA 7.0 Syllabus
No ratings yet
CCNA 7.0 Syllabus
3 pages
Certification Exam Objectives Network Pro
No ratings yet
Certification Exam Objectives Network Pro
4 pages
Advanced Networking: Course Objectives Course Description
No ratings yet
Advanced Networking: Course Objectives Course Description
1 page
Computer Networking Basics Guide
No ratings yet
Computer Networking Basics Guide
43 pages
Networking Roadmap (ASTRIV)
No ratings yet
Networking Roadmap (ASTRIV)
10 pages
CCNA 200 301 Course Outline
No ratings yet
CCNA 200 301 Course Outline
3 pages
Network Plus
No ratings yet
Network Plus
7 pages
Networking and Configuration Basics
No ratings yet
Networking and Configuration Basics
3 pages
CCNA Demo) Class
No ratings yet
CCNA Demo) Class
95 pages
VLAN and Trunk Links
No ratings yet
VLAN and Trunk Links
52 pages
Exam Topics Need To KN 2. Videos 3. Revision: 1.0 Network Fundamentals 20%
No ratings yet
Exam Topics Need To KN 2. Videos 3. Revision: 1.0 Network Fundamentals 20%
4 pages
CCNA Exploration Scope Sequence v4 0
No ratings yet
CCNA Exploration Scope Sequence v4 0
15 pages
CCNA 200-301 Exam Syllabus Overview
0% (1)
CCNA 200-301 Exam Syllabus Overview
7 pages
Network Plus
No ratings yet
Network Plus
6 pages
Comptia Network Course Notes
92% (13)
Comptia Network Course Notes
821 pages
Bmapako@science Uz Ac ZW
No ratings yet
Bmapako@science Uz Ac ZW
4 pages
Course Outline
No ratings yet
Course Outline
5 pages
CompTIA Network Guide 1749899991
No ratings yet
CompTIA Network Guide 1749899991
71 pages
2.lecture Chapter1 PartII 8thed
No ratings yet
2.lecture Chapter1 PartII 8thed
48 pages
Cisco CCNA 1 Course Overview
No ratings yet
Cisco CCNA 1 Course Overview
7 pages
Internet Protocols and Network Switching
No ratings yet
Internet Protocols and Network Switching
60 pages
2024 Ccna v11 200 301
No ratings yet
2024 Ccna v11 200 301
16 pages
CIS 192 - Module 11 - Build A Small Network
No ratings yet
CIS 192 - Module 11 - Build A Small Network
25 pages
640-822 Icnd1 Topicsfsdsfsd
No ratings yet
640-822 Icnd1 Topicsfsdsfsd
4 pages
Cisco Networking CCNA Training Syllabus
No ratings yet
Cisco Networking CCNA Training Syllabus
7 pages
SSVVP Exam Details
No ratings yet
SSVVP Exam Details
10 pages
Implementing and Administering Cisco Solutions (CCNA) v1.0: What You'll Learn in This Course
No ratings yet
Implementing and Administering Cisco Solutions (CCNA) v1.0: What You'll Learn in This Course
6 pages
InfiniBand Architecture Overview
No ratings yet
InfiniBand Architecture Overview
39 pages
Module 1
No ratings yet
Module 1
160 pages
One Way Trip To The CCNA Routing & Switching Certification
No ratings yet
One Way Trip To The CCNA Routing & Switching Certification
575 pages
Understanding The Network-A Practical Guide To Internetworking PDF
100% (1)
Understanding The Network-A Practical Guide To Internetworking PDF
588 pages
Interconnecting Cisco Network Devices Part 1, Version 1.1 (ICND1)
100% (1)
Interconnecting Cisco Network Devices Part 1, Version 1.1 (ICND1)
3 pages
Data Communications and Networks Overview
No ratings yet
Data Communications and Networks Overview
56 pages
EG Ym Bolum4-1
No ratings yet
EG Ym Bolum4-1
59 pages
Networking Basics for Beginners
No ratings yet
Networking Basics for Beginners
28 pages
Characteristics of Single Area OSPF
No ratings yet
Characteristics of Single Area OSPF
9 pages
CCNA Network Engineer Resume Overview
No ratings yet
CCNA Network Engineer Resume Overview
4 pages
Technology and Standards of Digital Television Terrestrial Multimedia Broadcasting
No ratings yet
Technology and Standards of Digital Television Terrestrial Multimedia Broadcasting
28 pages
Jace-202-Xpr-24: Ax Ax Ax
No ratings yet
Jace-202-Xpr-24: Ax Ax Ax
4 pages
Computer Basics for Older Adults
No ratings yet
Computer Basics for Older Adults
9 pages
Load Runner Reading Steps
No ratings yet
Load Runner Reading Steps
3 pages
SMY 133 Power Analyser Manual
No ratings yet
SMY 133 Power Analyser Manual
41 pages
LTE 7100 Digital Radio Test Set Overview
No ratings yet
LTE 7100 Digital Radio Test Set Overview
12 pages
Azure Networking Fundamentals Overview
No ratings yet
Azure Networking Fundamentals Overview
46 pages
Overview of Pi Connectors 3-26-2022
No ratings yet
Overview of Pi Connectors 3-26-2022
19 pages
2015 - 12 - 01 - Xtera's Differentiators For SNEL Power Grid Project in DRC - For The Attention of Airtel
No ratings yet
2015 - 12 - 01 - Xtera's Differentiators For SNEL Power Grid Project in DRC - For The Attention of Airtel
12 pages
SKYTRAXX FANET+ Module Overview
No ratings yet
SKYTRAXX FANET+ Module Overview
6 pages
ACTE Module 3 Resource
No ratings yet
ACTE Module 3 Resource
25 pages
Ar9002wb 1NGCD
No ratings yet
Ar9002wb 1NGCD
2 pages
Alleluia - Praetorius
No ratings yet
Alleluia - Praetorius
4 pages
Saa-C03 5
No ratings yet
Saa-C03 5
25 pages
Sixnet Industrial Modem VT-Modem User Manual
No ratings yet
Sixnet Industrial Modem VT-Modem User Manual
30 pages
Cybersecurity Exam Prep Guide
No ratings yet
Cybersecurity Exam Prep Guide
3 pages
Airmax 900 MHZ airMAX 2x2 MIMO PTP/PTMP YAGI Antenna
No ratings yet
Airmax 900 MHZ airMAX 2x2 MIMO PTP/PTMP YAGI Antenna
6 pages
How To Upgrade Huawei S5328C
No ratings yet
How To Upgrade Huawei S5328C
5 pages
ECE 4450:427/527 - Computer Networks Spring 2015: Dr. Nghi Tran Department of Electrical & Computer Engineering
No ratings yet
ECE 4450:427/527 - Computer Networks Spring 2015: Dr. Nghi Tran Department of Electrical & Computer Engineering
36 pages
Nokia Siemens HiT 7300 Brochure
No ratings yet
Nokia Siemens HiT 7300 Brochure
2 pages
Lab Manual
No ratings yet
Lab Manual
4 pages
Huawei Smart Retailing Solution Presentation
No ratings yet
Huawei Smart Retailing Solution Presentation
25 pages
Aardvark Acquisition Strategy Overview
No ratings yet
Aardvark Acquisition Strategy Overview
22 pages
Product Data Sheet Deltav Opc Ua Servers Clients en 3583458
No ratings yet
Product Data Sheet Deltav Opc Ua Servers Clients en 3583458
7 pages
Computer Network Notes Unit 1 Part 2
No ratings yet
Computer Network Notes Unit 1 Part 2
36 pages
Implementation of A 4G5G Base Station
No ratings yet
Implementation of A 4G5G Base Station
11 pages
NetWorker 8.2 SP1 Performance Optimization Planning Guide
No ratings yet
NetWorker 8.2 SP1 Performance Optimization Planning Guide
70 pages
Printer Bidi Schema Request Handling
No ratings yet
Printer Bidi Schema Request Handling
33 pages