Academia.eduAcademia.edu

Figure 27 – uploaded by RaviShankar Reddy

See full PDFdownloadDownload figure
The users in this network require access to the Internet's content for marketing purposes. This requires that TCP/IP sessions be permitted to flow in both directions through the connection to the Internet. Th users are concerned, however, about exposing their internal hosts to attack from the Intermet. Therefor access control lists can be used to exclude UDP access to ports EO and E1 from SO either universally c per application type. In this example, anyone attempting to access these ports from the SO port using tl UDP protocol will be denied access. No such restrictions are placed on ports EO and E1. The cumulati access control lists (one per port) would resemble the contents of Table 4-1.

Table 4 The users in this network require access to the Internet's content for marketing purposes. This requires that TCP/IP sessions be permitted to flow in both directions through the connection to the Internet. Th users are concerned, however, about exposing their internal hosts to attack from the Intermet. Therefor access control lists can be used to exclude UDP access to ports EO and E1 from SO either universally c per application type. In this example, anyone attempting to access these ports from the SO port using tl UDP protocol will be denied access. No such restrictions are placed on ports EO and E1. The cumulati access control lists (one per port) would resemble the contents of Table 4-1.

Related Figures (119)

Layer 5: The Session Layer
Layer 5: The Session Layer
\s is evident in Figure 1-6, although communications flow vertically through each protocol stack, each Figure 1-6: Actual versus logical flow of layered communications.
\s is evident in Figure 1-6, although communications flow vertically through each protocol stack, each Figure 1-6: Actual versus logical flow of layered communications.
Given that Layer 3/4 protocol stacks must rely on a Layer 2 and Layer 1 LAN architecture to actually deliver their data, they must have some standardized means of passing data to these layers. The techniqu that is used is called wrapping. The following sections present a highly simplified overview of the way that data is passed between layers in a typical TCP/IP over Ethernet session. Given that routers operate a the first three or four layers (depending on the actual protocol) of the OSI reference model, understanding this process will also provide a glimpse into some of the internal mechanics of a router.
Given that Layer 3/4 protocol stacks must rely on a Layer 2 and Layer 1 LAN architecture to actually deliver their data, they must have some standardized means of passing data to these layers. The techniqu that is used is called wrapping. The following sections present a highly simplified overview of the way that data is passed between layers in a typical TCP/IP over Ethernet session. Given that routers operate a the first three or four layers (depending on the actual protocol) of the OSI reference model, understanding this process will also provide a glimpse into some of the internal mechanics of a router.
In Figure 1-8, there are two LANs. The first one uses the IP address range 193.1.3.0 through 193.1.3.5. The second network uses the IP address range 193.1.2.0 through 193.1.2.5. In thi: axample, User 4 (source IP address 193.1.2.5) on Network 2 needs to communicate with the server on Network 1 (destination IP address 193.1.3.1). This user's IP protocol stack recognizes that the lestination address is inconsistent with the addresses of other local machines, so it passes the data to the NIC along with instructions to deliver it to the router's E1 port. The NIC wraps an Ethernet frame arounc this IP packet, including source and destination MAC addresses, and transmits the frame.
In Figure 1-8, there are two LANs. The first one uses the IP address range 193.1.3.0 through 193.1.3.5. The second network uses the IP address range 193.1.2.0 through 193.1.2.5. In thi: axample, User 4 (source IP address 193.1.2.5) on Network 2 needs to communicate with the server on Network 1 (destination IP address 193.1.3.1). This user's IP protocol stack recognizes that the lestination address is inconsistent with the addresses of other local machines, so it passes the data to the NIC along with instructions to deliver it to the router's E1 port. The NIC wraps an Ethernet frame arounc this IP packet, including source and destination MAC addresses, and transmits the frame.
AYO ULLLOL LULUACIIICIIUGILY LLOTT LUULLS LIL LWO doVoUbs. e Bridges are relatively unintelligent devices. e Bridges operate only at the physical and data link layers. They possess no capacity for netwc layer packet forwarding.
AYO ULLLOL LULUACIIICIIUGILY LLOTT LUULLS LIL LWO doVoUbs. e Bridges are relatively unintelligent devices. e Bridges operate only at the physical and data link layers. They possess no capacity for netwc layer packet forwarding.
In such circumstances, where the destination is not directly reachable, the router can communicate witt other routers to learn of the existence of any networks that are not directly connected to it. In the exam] presented in Figure 1-10, User 1 on a network connected to Router A must access files stored on Serve! 2. Unfortunately, that server is located on a network that is not directly connected to Network A. This server is two router hops away on the network connected to Router C. Figure 1-10: Routers can calculate routes through other networks.
In such circumstances, where the destination is not directly reachable, the router can communicate witt other routers to learn of the existence of any networks that are not directly connected to it. In the exam] presented in Figure 1-10, User 1 on a network connected to Router A must access files stored on Serve! 2. Unfortunately, that server is located on a network that is not directly connected to Network A. This server is two router hops away on the network connected to Router C. Figure 1-10: Routers can calculate routes through other networks.
‘he Internet's simple---but powerful and extensible---architecture served its user community well.
‘he Internet's simple---but powerful and extensible---architecture served its user community well.
One answer was to give each logical network, or subnetwork, its own IP address range. This would work but would be a tremendously inefficient use of the IP address space. It wouldn't take very long for this approach to threaten to completely consume the remaining, unassigned IP address ranges. More immediate impact would be the expansion of routing tables in the Internet's routers. Each network would require its own routing table entry. Clearly, a better approach needed to be found.
One answer was to give each logical network, or subnetwork, its own IP address range. This would work but would be a tremendously inefficient use of the IP address space. It wouldn't take very long for this approach to threaten to completely consume the remaining, unassigned IP address ranges. More immediate impact would be the expansion of routing tables in the Internet's routers. Each network would require its own routing table entry. Clearly, a better approach needed to be found.
Although Table 2-5 and Table 2-6 demonstrate the tradeoffs between the numbers of possible subnets pet mask and hosts per subnet, they fall short of actually demonstrating how subnetting works. The best way fo demonstrate subnetting is to actually subnet an IP address, which is done in the next section. A Subnetting Example Obviously, the more bits that are allocated to identifying a subnet number, the fewer remain for host identification and vice versa. Subnetting is perhaps the most difficult aspect of the IP address architecture to comprehend. This is largely because it only really makes sense when viewed in binary numbers, which isn't very intuitive. Y ou need to subnet the Class C address 193.168.125.0, for example. This is your base address; th one that the Internet would calculate routes to. Y ou need to carve this into six subnets. Y ou would neet at least three of the eight host bits to create a unique extended network prefix for each of the six subnet These addresses would be 001, 010, 011, 100, 101, and 110. The last octet is split: three bits are added the network number to form the extended network prefix, and the remaining five are used to identify hosts. Table 2-7 demonstrates how subnetworks are formed.
Although Table 2-5 and Table 2-6 demonstrate the tradeoffs between the numbers of possible subnets pet mask and hosts per subnet, they fall short of actually demonstrating how subnetting works. The best way fo demonstrate subnetting is to actually subnet an IP address, which is done in the next section. A Subnetting Example Obviously, the more bits that are allocated to identifying a subnet number, the fewer remain for host identification and vice versa. Subnetting is perhaps the most difficult aspect of the IP address architecture to comprehend. This is largely because it only really makes sense when viewed in binary numbers, which isn't very intuitive. Y ou need to subnet the Class C address 193.168.125.0, for example. This is your base address; th one that the Internet would calculate routes to. Y ou need to carve this into six subnets. Y ou would neet at least three of the eight host bits to create a unique extended network prefix for each of the six subnet These addresses would be 001, 010, 011, 100, 101, and 110. The last octet is split: three bits are added the network number to form the extended network prefix, and the remaining five are used to identify hosts. Table 2-7 demonstrates how subnetworks are formed.
If a given work environment were to install a second Ethernet hub for a second workgroup, it would have two separate Ethernet LANs. That is, each LAN would be completely autonomous and define its own media access and MAC broadcast domains. Figure 3-2 illustrates this.
If a given work environment were to install a second Ethernet hub for a second workgroup, it would have two separate Ethernet LANs. That is, each LAN would be completely autonomous and define its own media access and MAC broadcast domains. Figure 3-2 illustrates this.
Figure 3-3: Making one LAN from the original two. Other forms of LAN expansion and LA N-to-LAN interconnection are possible but require addition: hardware. This hardware can include LAN switches, bridges, and routers. These devices, however, decrease the size of the media access domain, the MAC broadcast domain, or both. Therefore, they enable the overall size of a LAN to increase without a commensurate increase in the size of its med: access or MAC broadcast domains. Such asymmetric expandability is the key to a LAN's scalability These concepts are examined throughout the remainder of this chapter.
Figure 3-3: Making one LAN from the original two. Other forms of LAN expansion and LA N-to-LAN interconnection are possible but require addition: hardware. This hardware can include LAN switches, bridges, and routers. These devices, however, decrease the size of the media access domain, the MAC broadcast domain, or both. Therefore, they enable the overall size of a LAN to increase without a commensurate increase in the size of its med: access or MAC broadcast domains. Such asymmetric expandability is the key to a LAN's scalability These concepts are examined throughout the remainder of this chapter.
Interconnecting these LA Ns in the manner demonstrated in Figure 3-3 results in a single, but larger, MAC broadcast domain. Figure 3-6 illustrates this new broadcast domain.
Interconnecting these LA Ns in the manner demonstrated in Figure 3-3 results in a single, but larger, MAC broadcast domain. Figure 3-6 illustrates this new broadcast domain.
In a port-switched LAN, each port on the switching hub is connected to a single device. The switching port and the device it connects to become their own self-contained media access domain. All devices in the network remain part of the same MAC broadcast domain, however. This is illustrated in Figure 3-12. Figure 3-11: Media access and MAC broadcast domains in a segment-switched LAN.
In a port-switched LAN, each port on the switching hub is connected to a single device. The switching port and the device it connects to become their own self-contained media access domain. All devices in the network remain part of the same MAC broadcast domain, however. This is illustrated in Figure 3-12. Figure 3-11: Media access and MAC broadcast domains in a segment-switched LAN.
5 witching Contention-Based Networks
5 witching Contention-Based Networks
An important consideration in collapsed backbone topologies is that user communities are seldom conveniently distributed throughout a building. Instead, the users are scattered far and wide, which means that there is a good chance that they will be found on different LA Ns interconnected via a collapsed backbone router. Subsequently, simple network tasks among the members of a workgroup a likely to traverse the router. As fast as routers may be, they are still software driven. Therefore, in comparison to purely hardware devices, such as hubs and switches, routers are slow. Consequently, collapsed backbones might actually introduce a performance penalty not present with Layer 2-only LA backbone solutions.
An important consideration in collapsed backbone topologies is that user communities are seldom conveniently distributed throughout a building. Instead, the users are scattered far and wide, which means that there is a good chance that they will be found on different LA Ns interconnected via a collapsed backbone router. Subsequently, simple network tasks among the members of a workgroup a likely to traverse the router. As fast as routers may be, they are still software driven. Therefore, in comparison to purely hardware devices, such as hubs and switches, routers are slow. Consequently, collapsed backbones might actually introduce a performance penalty not present with Layer 2-only LA backbone solutions.
he parallel backbone topology is a modification of the collapsed backbone. Much like the collapsed yackbone, this backbone topology can create multiple media access and MAC broadcast domains. The <ey distinction is that this topology can achieve a finer degree of segmentation than a collapsed backbon ‘an provide.
he parallel backbone topology is a modification of the collapsed backbone. Much like the collapsed yackbone, this backbone topology can create multiple media access and MAC broadcast domains. The <ey distinction is that this topology can achieve a finer degree of segmentation than a collapsed backbon ‘an provide.
The access control list example presented in Figure 4-1 and Table 4-1 is based on port-level and application-level permissions. It is possible to program access based on IP addresses, too. Y ou can explicitly allow or deny access based on an individual IP address or an entire range of addresses. Table 4-1: Access C ontrol Lists for the Network in Figure 4-1
The access control list example presented in Figure 4-1 and Table 4-1 is based on port-level and application-level permissions. It is possible to program access based on IP addresses, too. Y ou can explicitly allow or deny access based on an individual IP address or an entire range of addresses. Table 4-1: Access C ontrol Lists for the Network in Figure 4-1
A n exterior router is one that lies beyond the boundaries of any given network. In Figure 4-1, the Interne s depicted as a featureless cloud. In reality, this cloud has a specific topology. Figure 4-3, although not oretending to depict the Internet's actual topology, presents a highly simplified Internet topology that is solely intended to demonstrate what an exterior router is. Figure 4-2: Interior routers in a network Figure 4-2 illustrates a small network and identifies those devices that function as interior routers.
A n exterior router is one that lies beyond the boundaries of any given network. In Figure 4-1, the Interne s depicted as a featureless cloud. In reality, this cloud has a specific topology. Figure 4-3, although not oretending to depict the Internet's actual topology, presents a highly simplified Internet topology that is solely intended to demonstrate what an exterior router is. Figure 4-2: Interior routers in a network Figure 4-2 illustrates a small network and identifies those devices that function as interior routers.
The TCP/IP Reference Model was developed long after the protocol it explains. This model offers significantly more flexibility than its OSI counterpart because it emphasizes the hierarchical arrangemen of functions rather than strict functional layering.
The TCP/IP Reference Model was developed long after the protocol it explains. This model offers significantly more flexibility than its OSI counterpart because it emphasizes the hierarchical arrangemen of functions rather than strict functional layering.
Note A concentrator is a device that aggregates multiple LAN connections on to a common electrical backplane. The most common type of LAN concentrator is known as a hub. Concentrators can also be dual attached. Consequently, it would be correct to refer to both concentrators and stations with the phrase dual attached (DA) without specifically identifying the devices.
Note A concentrator is a device that aggregates multiple LAN connections on to a common electrical backplane. The most common type of LAN concentrator is known as a hub. Concentrators can also be dual attached. Consequently, it would be correct to refer to both concentrators and stations with the phrase dual attached (DA) without specifically identifying the devices.
Figure 6-3: A wraparound dual-ring FDDI. Figure 6-2: Single-attached stations in a tree topology.
Figure 6-3: A wraparound dual-ring FDDI. Figure 6-2: Single-attached stations in a tree topology.
[tis important to note that FDDI is equally capable of recovering from failures of physical devices on tt network, as well as just cable breaks.
[tis important to note that FDDI is equally capable of recovering from failures of physical devices on tt network, as well as just cable breaks.
Balanced against this minimization of access facilities cost is a reduction in performance relative to o0int-to- point leased lines. Frame Relay introduces a significant amount of overhead in terms of framing and protocol, which is added to the overheads of the point-to-point leased line. The rule of thumb that juides engineering the DLCI and CIRs on a Frame Relay connection is to subscribe a maximum of 1.02: Mbps of the 1.544 Mbps of available bandwidth. This guarantees that each DLCI receives its committed nformation rate, and that there is a margin of extra bandwidth for temporarily bursting beyond this oreset rate. Frame Relay supports bursting beyond the CIR, up to the amount of unused bandwidth currently on the transmission facility.
Balanced against this minimization of access facilities cost is a reduction in performance relative to o0int-to- point leased lines. Frame Relay introduces a significant amount of overhead in terms of framing and protocol, which is added to the overheads of the point-to-point leased line. The rule of thumb that juides engineering the DLCI and CIRs on a Frame Relay connection is to subscribe a maximum of 1.02: Mbps of the 1.544 Mbps of available bandwidth. This guarantees that each DLCI receives its committed nformation rate, and that there is a margin of extra bandwidth for temporarily bursting beyond this oreset rate. Frame Relay supports bursting beyond the CIR, up to the amount of unused bandwidth currently on the transmission facility.
In this simple example, the networks’ administrators have collaborated on a route redistribution scheme that they believe will minimize their workload as well as network traffic loads. The internetwork is relatively small, consisting of three different networks, one of which supports a stub network. Each network uses its own address space and a different dynamic routing protocol. Given the innate incompatibility of the three different routing protocols, the administrators chose not to redistribute routing information among their networks. Rather, they aggregated the routes into network numbers, and statically defined paths for them. Table 7-1 summarizes the routing tables of the three gateway routers. Router D connects a small, stub network to the other networks. As such, this router uses its serial port as a default gateway for all packets addressed to any IP address that does not belong to 192.168.126.
In this simple example, the networks’ administrators have collaborated on a route redistribution scheme that they believe will minimize their workload as well as network traffic loads. The internetwork is relatively small, consisting of three different networks, one of which supports a stub network. Each network uses its own address space and a different dynamic routing protocol. Given the innate incompatibility of the three different routing protocols, the administrators chose not to redistribute routing information among their networks. Rather, they aggregated the routes into network numbers, and statically defined paths for them. Table 7-1 summarizes the routing tables of the three gateway routers. Router D connects a small, stub network to the other networks. As such, this router uses its serial port as a default gateway for all packets addressed to any IP address that does not belong to 192.168.126.
[he effect of this failure is that end systems in networks 10 and 192.168 cannot communicate with each other, even though a valid route exists through Router B! Table 7-2 summarizes the effects of this type of failure on the routing tables.
[he effect of this failure is that end systems in networks 10 and 192.168 cannot communicate with each other, even though a valid route exists through Router B! Table 7-2 summarizes the effects of this type of failure on the routing tables.
lable 7-3: The Number of Hops with the Distance-V ector Protocol Figure 7-3: An internetwork using a distance-vector routing protocol. In this example, Network 1 is in New Y ork, Network 2 is in Seattle, Network 3 is in Philadelphia, and Network 4 is in Minneapolis. The distance-vector routing protocol uses a statically assigned cost of 1 fo each hop, regardless of the distance of the link or even its bandwidth. Table 7-3 summarizes the number of hops to each of the destination network numbers. Notice that the routers do not have to create separat entries in their routing tables for every known end system. They can do so, but instead usually summari: routes. Route summarization is the truncation of the host portion of an IP address; only the network address is stored. In theory, the same path can be used to get to all the hosts or end systems on any giver network. Therefore, nothing is gained by creating separate entries for each host address.
lable 7-3: The Number of Hops with the Distance-V ector Protocol Figure 7-3: An internetwork using a distance-vector routing protocol. In this example, Network 1 is in New Y ork, Network 2 is in Seattle, Network 3 is in Philadelphia, and Network 4 is in Minneapolis. The distance-vector routing protocol uses a statically assigned cost of 1 fo each hop, regardless of the distance of the link or even its bandwidth. Table 7-3 summarizes the number of hops to each of the destination network numbers. Notice that the routers do not have to create separat entries in their routing tables for every known end system. They can do so, but instead usually summari: routes. Route summarization is the truncation of the host portion of an IP address; only the network address is stored. In theory, the same path can be used to get to all the hosts or end systems on any giver network. Therefore, nothing is gained by creating separate entries for each host address.
In any intemnetwork with redundant routes, it is better to use a distance-vector protocol than to use static routes. This is because distance-vector routing protocols can automatically detect and correct failures in the network. Unfortunately, they aren't perfect. Consider the routing table entries for Gateway Router A for example. This is the New Y ork gateway. From its perspective, the Minneapolis gateway is two hops away, regardless of whether it goes through Philadelphia or Seattle. In other words, this router would be indifferent to accessing Minneapolis through either Philadelphia or Seattle.
In any intemnetwork with redundant routes, it is better to use a distance-vector protocol than to use static routes. This is because distance-vector routing protocols can automatically detect and correct failures in the network. Unfortunately, they aren't perfect. Consider the routing table entries for Gateway Router A for example. This is the New Y ork gateway. From its perspective, the Minneapolis gateway is two hops away, regardless of whether it goes through Philadelphia or Seattle. In other words, this router would be indifferent to accessing Minneapolis through either Philadelphia or Seattle.
‘igure 7-4 features another fairly simple, four-node internetwork with some route redundancy. Table 7- summarizes the routing tables of the four routers. For the sake of this example, consider this table to be yreconvergence routing table information.
‘igure 7-4 features another fairly simple, four-node internetwork with some route redundancy. Table 7- summarizes the routing tables of the four routers. For the sake of this example, consider this table to be yreconvergence routing table information.
Figure 7-5: The link between Routers C and D is unusable. Similarly, if router D had failed completely, all the LA N-attached resources at that location would be isolated from the rest of the network. If the failure was either a partial failure of that router, or elsewhe in the network, however, there might still be a way to reach Server 192.168.253.2. Finding a new route to 192.168. 253.2 requires the network's routers to recognize and agree on which piece of th network failed. In effect, subtracting this component from the network changes the network's topology lote For the purposes of this chapter, this example uses an intentionally generic method of convergence
Figure 7-5: The link between Routers C and D is unusable. Similarly, if router D had failed completely, all the LA N-attached resources at that location would be isolated from the rest of the network. If the failure was either a partial failure of that router, or elsewhe in the network, however, there might still be a way to reach Server 192.168.253.2. Finding a new route to 192.168. 253.2 requires the network's routers to recognize and agree on which piece of th network failed. In effect, subtracting this component from the network changes the network's topology lote For the purposes of this chapter, this example uses an intentionally generic method of convergence
As evident in Table 7-8, all the routers in the internetwork eventually agree that the link between C and D is unusable, but that destinations in each autonomous system are still reachable via an alternative route Convergence Time It is virtually impossible for all routers in a network to simultaneously detect a topology change. In fac depending on the routing protocol in use, as well as numerous other factors, a considerable time delay may pass before all the routers in that network reach a consensus, or agreement, on what the new topology is. This delay is referred to as convergence time. The important thing to remember is that convergence is not immediate. The only uncertainty is how much time is required for convergence to occur.
As evident in Table 7-8, all the routers in the internetwork eventually agree that the link between C and D is unusable, but that destinations in each autonomous system are still reachable via an alternative route Convergence Time It is virtually impossible for all routers in a network to simultaneously detect a topology change. In fac depending on the routing protocol in use, as well as numerous other factors, a considerable time delay may pass before all the routers in that network reach a consensus, or agreement, on what the new topology is. This delay is referred to as convergence time. The important thing to remember is that convergence is not immediate. The only uncertainty is how much time is required for convergence to occur.
The University of California at Berkeley was another pioneer of distance-vector routing protocols. Its variant was called routed. routed was developed for Release 4.3 of Berkeley UNIX. routed was closely modeled after X erox's RIP, but it incorporated some important distinctions.
The University of California at Berkeley was another pioneer of distance-vector routing protocols. Its variant was called routed. routed was developed for Release 4.3 of Berkeley UNIX. routed was closely modeled after X erox's RIP, but it incorporated some important distinctions.
The IP Address field can contain either the address of its originator or a series of IP addresses that the originator has in its routing table. Request packets contain a single entry and include the originator's address. Response packets can include up to 25 entries of a RIP router's routing table. Figure 8-3: The RIP packet format with two table entries. [he overall size limitation of a RIP packet is 512 octets. Therefore, in larger RIP networks, a request fc a full routing table update may require the transmission of several RIP packets. No provisions were ma for the resequencing of the packets on arrival at their destination; individual routing table entries are no split among RIP packets. The contents of any given RIP packet are complete unto themselves, even though they may only be a subset of a complete routing table. The recipient node is free to process the updates as the packets are received without having to resequence them. Figure 8-2 illustrates a RIP packet with routing information fields for just a single destination. RIP packets can support up to 25 occurrences of the AFI, IP Address, and Metric fields within a single packet. This enables one RIP packet to be used to update multiple entries in other routers’ routing tables RIP packets that contain multiple routing entries just repeat the packet structure from the A FI through tl Metric field, including all Zero fields. The repeated structures are appended to the end of the structure depicted in Figure 8-2. Figure 8-3 shows a RIP packet with two table entries.
The IP Address field can contain either the address of its originator or a series of IP addresses that the originator has in its routing table. Request packets contain a single entry and include the originator's address. Response packets can include up to 25 entries of a RIP router's routing table. Figure 8-3: The RIP packet format with two table entries. [he overall size limitation of a RIP packet is 512 octets. Therefore, in larger RIP networks, a request fc a full routing table update may require the transmission of several RIP packets. No provisions were ma for the resequencing of the packets on arrival at their destination; individual routing table entries are no split among RIP packets. The contents of any given RIP packet are complete unto themselves, even though they may only be a subset of a complete routing table. The recipient node is free to process the updates as the packets are received without having to resequence them. Figure 8-2 illustrates a RIP packet with routing information fields for just a single destination. RIP packets can support up to 25 occurrences of the AFI, IP Address, and Metric fields within a single packet. This enables one RIP packet to be used to update multiple entries in other routers’ routing tables RIP packets that contain multiple routing entries just repeat the packet structure from the A FI through tl Metric field, including all Zero fields. The repeated structures are appended to the end of the structure depicted in Figure 8-2. Figure 8-3 shows a RIP packet with two table entries.
Figure 8-6 presents a slightly modified version of the WAN depicted in Figure 8-5. This illustration add: low-bandwidth redundant links to the topology depicted in Figure 8-5. The network administrator, to ensure that the alternate routes remained alternate routes, set the metric value of these alternate routes to 10. These higher costs preserve the bias toward the higher- bandwidth T1 transmission facilities. In the event of a failure of one of those T1 lines, the internetwork can continue to function normally; although there may be some degraded performance levels due to the lower available bandwidth on the 56 kbps backup facility. Figure 8-7 illustrates how the internetwork will react to a failure of a T1 line between th gateway and Router A.
Figure 8-6 presents a slightly modified version of the WAN depicted in Figure 8-5. This illustration add: low-bandwidth redundant links to the topology depicted in Figure 8-5. The network administrator, to ensure that the alternate routes remained alternate routes, set the metric value of these alternate routes to 10. These higher costs preserve the bias toward the higher- bandwidth T1 transmission facilities. In the event of a failure of one of those T1 lines, the internetwork can continue to function normally; although there may be some degraded performance levels due to the lower available bandwidth on the 56 kbps backup facility. Figure 8-7 illustrates how the internetwork will react to a failure of a T1 line between th gateway and Router A.
In Figure 8-9, host 172 .31.253.5 needs to transmit an IP packet to host number 192.168.125.10. This address is unknown to Router C. The router checks the subnet mask and finc Figure 8-9: RIP can deliver datagrams to gateways. In real-world networks, it is almost always preferable to summarize routes instead of explicitly identifying each potential destination. If each host on any given network (or subnet) is accessible throug! the same gateway(s), for example, the routing table can just define that gateway as a destination IP address. All datagrams addressed to hosts within that network or subnetwork will be forwarded to that gateway. That gateway will then assume responsibility for forwarding it on to its ultimate destination. Figure 8-9 illustrates this point; it preserves the topology of the previous few illustrations, but uses more conventional IP addresses.
In Figure 8-9, host 172 .31.253.5 needs to transmit an IP packet to host number 192.168.125.10. This address is unknown to Router C. The router checks the subnet mask and finc Figure 8-9: RIP can deliver datagrams to gateways. In real-world networks, it is almost always preferable to summarize routes instead of explicitly identifying each potential destination. If each host on any given network (or subnet) is accessible throug! the same gateway(s), for example, the routing table can just define that gateway as a destination IP address. All datagrams addressed to hosts within that network or subnetwork will be forwarded to that gateway. That gateway will then assume responsibility for forwarding it on to its ultimate destination. Figure 8-9 illustrates this point; it preserves the topology of the previous few illustrations, but uses more conventional IP addresses.
Figure 8-11: Only Router D is aware of the link failure.
Figure 8-11: Only Router D is aware of the link failure.
The amount of time that will elapse before convergence completes is not easy to determine. It will vary greatly from network to network, based on a wide variety of factors that include the robustness of the routers and transmission facilities, amount of traffic, and so on.
The amount of time that will elapse before convergence completes is not easy to determine. It will vary greatly from network to network, based on a wide variety of factors that include the robustness of the routers and transmission facilities, amount of traffic, and so on.
With the failure of Router D, all the hosts within its network are no longer accessible from the outside. Router C, after missing six consecutive updates from D, will invalidate its C-D route and advertise its unavailability. Figure 8-14 illustrates this. Routers A and B will remain ignorant of the route's failure until notified bv C.
With the failure of Router D, all the hosts within its network are no longer accessible from the outside. Router C, after missing six consecutive updates from D, will invalidate its C-D route and advertise its unavailability. Figure 8-14 illustrates this. Routers A and B will remain ignorant of the route's failure until notified bv C.
In the event that Router D fails, Router A may believe that B can still access D. Router B may believe that C can still access D, and C may believe that A can still access D. The net effect is a continuous loop to infinity. Figure 8-19 illustrates this.
In the event that Router D fails, Router A may believe that B can still access D. Router B may believe that C can still access D, and C may believe that A can still access D. The net effect is a continuous loop to infinity. Figure 8-19 illustrates this.
TP-2 nodes that receive a response message with authentication must verify that the password is valid efore accepting the routing entries contained in that message. Authentication Concerns
TP-2 nodes that receive a response message with authentication must verify that the password is valid efore accepting the routing entries contained in that message. Authentication Concerns
Multicasting is a technique for simultaneously advertising routing information to multiple RIP or RIP-2 devices. Multicasting is beneficial whenever multiple destinations must receive the identical information. The conventional solution to this problem would be to generate separate packets containing identical payloads specifically addressed to each machine. Multicasting enables packets to be simultaneously delivered to multiple machines. This reduces overall network traffic and reduces the processing load of the source machine.
Multicasting is a technique for simultaneously advertising routing information to multiple RIP or RIP-2 devices. Multicasting is beneficial whenever multiple destinations must receive the identical information. The conventional solution to this problem would be to generate separate packets containing identical payloads specifically addressed to each machine. Multicasting enables packets to be simultaneously delivered to multiple machines. This reduces overall network traffic and reduces the processing load of the source machine.
on the assumption that it is never a good idea to send routing information received from a given sourc back to that source. Figure 10-1 illustrates this point.
on the assumption that it is never a good idea to send routing information received from a given sourc back to that source. Figure 10-1 illustrates this point.
Table 11-2: A Summary of Router C's Network Topology
Table 11-2: A Summary of Router C's Network Topology
lable 11-3: A Summary of Router C's Network Topology, after a Link Failure In this example, all that used the link between Routers C and B become active in the topology table. Other routes, including those that pass through Router B via Router A, remain passive and unaffected by the topology change.
lable 11-3: A Summary of Router C's Network Topology, after a Link Failure In this example, all that used the link between Routers C and B become active in the topology table. Other routes, including those that pass through Router B via Router A, remain passive and unaffected by the topology change.
he consequences of this failure are that all routes that used B as a next hop go active in the EIGRP copology table. The effects of this failure, as documented in the topology table, are summarized in Tab! L1-3,
he consequences of this failure are that all routes that used B as a next hop go active in the EIGRP copology table. The effects of this failure, as documented in the topology table, are summarized in Tab! L1-3,
The preceding examples demonstrate, at a high level, how communications work within an OSPF network. However, OSPF can also be used to communicate routing information between OSPF network rather than just areas within a single network. This use of OSPF is examined in the following section.
The preceding examples demonstrate, at a high level, how communications work within an OSPF network. However, OSPF can also be used to communicate routing information between OSPF network rather than just areas within a single network. This use of OSPF is examined in the following section.
A subtle implication of Figure 12-6 is that convergence can occur quite rapidly. There are two reasons Figure 12-6: LSA flooding within Area 1.
A subtle implication of Figure 12-6 is that convergence can occur quite rapidly. There are two reasons Figure 12-6: LSA flooding within Area 1.
One of the reasons OSPF is so scalable is its routing update mechanism. OSPF uses an LSA to share routing information among OSPF nodes. These advertisements are propagated completely throughout an area, but not beyond an area. Therefore, each router within a given area knows the topology of their area The topology of any given area is not known outside of that area, however. Given that there are actually four different types of OSPF routers---internal area router, area border router, ASBR, and backbone router---it is clear that each router type has a different set of peers with which LSAs must be exchanged.
One of the reasons OSPF is so scalable is its routing update mechanism. OSPF uses an LSA to share routing information among OSPF nodes. These advertisements are propagated completely throughout an area, but not beyond an area. Therefore, each router within a given area knows the topology of their area The topology of any given area is not known outside of that area, however. Given that there are actually four different types of OSPF routers---internal area router, area border router, ASBR, and backbone router---it is clear that each router type has a different set of peers with which LSAs must be exchanged.
Another of the performance-enhancing features of OSPF is route summarization. Topological information about an area is not shared with other routers outside that area. Instead, the area border router summarizes all the addresses contained in all the areas to which it is connected. This summarizé routing data is then shared, via Type 3 LSAs, with peer routers in each of the areas it interconnects.
Another of the performance-enhancing features of OSPF is route summarization. Topological information about an area is not shared with other routers outside that area. Instead, the area border router summarizes all the addresses contained in all the areas to which it is connected. This summarizé routing data is then shared, via Type 3 LSAs, with peer routers in each of the areas it interconnects.
In Figure 12-9, the cost of the WAN route between a host in network 193.1.3.0 and an end system in network 193.1.4.0 is 138. This cost is the sum of the two T1 links between those networks, each witt a cost of 64, plus the cost of the Ethernet interface to network 193.1.4.0. The cost of the Ethemet interfaces at the origination and destination points are not included in the OSPF cost calculation because the OSPF calculates only the costs of outbound router interfaces.
In Figure 12-9, the cost of the WAN route between a host in network 193.1.3.0 and an end system in network 193.1.4.0 is 138. This cost is the sum of the two T1 links between those networks, each witt a cost of 64, plus the cost of the Ethernet interface to network 193.1.4.0. The cost of the Ethemet interfaces at the origination and destination points are not included in the OSPF cost calculation because the OSPF calculates only the costs of outbound router interfaces.
In this example, there are two possible routes to network 193.1.6.07. The one route contains fewer hops, but has a much higher cost due to the low-speed serial link between Routers 2 and 6. The alterna route has a higher hop count, but a much lower overall cost. In this case, OSPF would discard the higher-cost route and use the lower-cost route exclusively. If these two redundant routes had the same overall cost, OSPF would have maintained both routes as separate entries in its routing table and balanced the traffic as equally as possible between them.
In this example, there are two possible routes to network 193.1.6.07. The one route contains fewer hops, but has a much higher cost due to the low-speed serial link between Routers 2 and 6. The alterna route has a higher hop count, but a much lower overall cost. In this case, OSPF would discard the higher-cost route and use the lower-cost route exclusively. If these two redundant routes had the same overall cost, OSPF would have maintained both routes as separate entries in its routing table and balanced the traffic as equally as possible between them.
A ring-shaped WAN constructed with point-to-point transmission facilities can be used to interconnect small number of sites and provide route redundancy at a potentially minimal incremental cost. The existence of redundant routes through the network means that the use of a dynamic routing protocol affords flexibility not available with static routing. Dynamic routing protocols can automatically detect and recover from adverse changes in the WAN's operating condition by routing around the impacted links. A ring topology can be fairly easily developed from a peer-to-peer network by adding one transmission facility and an extra port on two routers. This minor increment in cost provides route redundancy that ca afford small networks the opportunity to implement dynamic routing protocols. Given that the cost of most transmission facilities is mileage sensitive, it would be wise to design the ring to minimize overall distances of those facilities. Figure 13-2 illustrates this WAN topology.
A ring-shaped WAN constructed with point-to-point transmission facilities can be used to interconnect small number of sites and provide route redundancy at a potentially minimal incremental cost. The existence of redundant routes through the network means that the use of a dynamic routing protocol affords flexibility not available with static routing. Dynamic routing protocols can automatically detect and recover from adverse changes in the WAN's operating condition by routing around the impacted links. A ring topology can be fairly easily developed from a peer-to-peer network by adding one transmission facility and an extra port on two routers. This minor increment in cost provides route redundancy that ca afford small networks the opportunity to implement dynamic routing protocols. Given that the cost of most transmission facilities is mileage sensitive, it would be wise to design the ring to minimize overall distances of those facilities. Figure 13-2 illustrates this WAN topology.
This approach absolutely minimizes the number of hops between any two network-connected machines Figure 13-5: A fully meshed WAN.
This approach absolutely minimizes the number of hops between any two network-connected machines Figure 13-5: A fully meshed WAN.
A two-tiered WAN constructed with dedicated facilities offers improved fault tolerance over the simple star topology without compromising scalability. This topology can be implemented in a number of minor variations primarily by manipulating the number of concentrator routers and the manner with which they
A two-tiered WAN constructed with dedicated facilities offers improved fault tolerance over the simple star topology without compromising scalability. This topology can be implemented in a number of minor variations primarily by manipulating the number of concentrator routers and the manner with which they
A three-tiered WAN constructed with dedicated facilities offers even greater fault tolerance and
A three-tiered WAN constructed with dedicated facilities offers even greater fault tolerance and
An effective hybrid topology may be developed in a multitiered WAN by using a fully meshed topology for the backbone nodes only. This affords fault tolerance to the network's backbone and can provide some of the hop-minimization of a full mesh network without experiencing all its costs or incurring its limitations on scalability.
An effective hybrid topology may be developed in a multitiered WAN by using a fully meshed topology for the backbone nodes only. This affords fault tolerance to the network's backbone and can provide some of the hop-minimization of a full mesh network without experiencing all its costs or incurring its limitations on scalability.
Gateways can be almost any type of computer. The only criterion is that the gateway device be capable of translating between the two protocols' address architectures and data structures. This requires that the gateway computer have the necessary NICs, device drivers, and conversion software to function as a gateway. Of course, it would also be beneficial if this computer also had the processing power needed t accommodate the loads that will be placed on it! Figure 14-3; Using a gateway to translate between dissimilar routed protocols.
Gateways can be almost any type of computer. The only criterion is that the gateway device be capable of translating between the two protocols' address architectures and data structures. This requires that the gateway computer have the necessary NICs, device drivers, and conversion software to function as a gateway. Of course, it would also be beneficial if this computer also had the processing power needed t accommodate the loads that will be placed on it! Figure 14-3; Using a gateway to translate between dissimilar routed protocols.
Redistribution from Network B to Network A
Redistribution from Network B to Network A
Figure 14-10 illustrates this form of route redistribution.
Figure 14-10 illustrates this form of route redistribution.
This arrangement offers the same types of benefits and uses as the preceding one-way arrangement. T he only difference is direction. As with the preceding example, some means of supporting bidirectional communications must be established. A gain, this can be either a static or default route.
This arrangement offers the same types of benefits and uses as the preceding one-way arrangement. T he only difference is direction. As with the preceding example, some means of supporting bidirectional communications must be established. A gain, this can be either a static or default route.
The Mechanics of Route Redistribution Route redistribution is one of the more powerful, yet complex, of a router's capabilities. In essence, route redistribution is a fairly simple concept. The gateway routers participate in route calculation and convergence for the networks of which they are members. Routing information for that network is summarized and shipped to a neighboring network (albeit one that runs a different routing protocol). In practice, configuring a route redistribution scheme is fairly complicated.
The Mechanics of Route Redistribution Route redistribution is one of the more powerful, yet complex, of a router's capabilities. In essence, route redistribution is a fairly simple concept. The gateway routers participate in route calculation and convergence for the networks of which they are members. Routing information for that network is summarized and shipped to a neighboring network (albeit one that runs a different routing protocol). In practice, configuring a route redistribution scheme is fairly complicated.
SAs are little more than the mechanisms that enable IPSec to function. The actual security protocols, AH and ESH, warrant further examination.
SAs are little more than the mechanisms that enable IPSec to function. The actual security protocols, AH and ESH, warrant further examination.
Related topics:
Computer Networks
580 California St., Suite 400
San Francisco, CA, 94104
© 2025 Academia. All rights reserved