CIW, internetworking professional: study guide 9780782140835, 0-7821-4083-1

--Become a Certified Internet Webmaster, one of the hottest new certifications around. --Based upon official CIW coursew

226 108 3MB

English Pages 573 Year 2002

Report DMCA / Copyright

DOWNLOAD PDF FILE

Recommend Papers

CIW, internetworking professional: study guide
 9780782140835, 0-7821-4083-1

  • 0 0 0
  • Like this paper and download? You can publish your own PDF file online for free in a few minutes! Sign Up
File loading please wait...
Citation preview

Using Your Sybex Electronic Book To realize the full potential of this Sybex electronic book, you must have Adobe Acrobat Reader with Search installed on your computer. To find out if you have the correct version of Acrobat Reader, click on the Edit menu—Search should be an option within this menu file. If Search is not an option in the Edit menu, please exit this application and install Adobe Acrobat Reader with Search from this CD (doubleclick rp500enu.exe in the Adobe folder).

Navigation Navigate through the book by clicking on the headings that appear in the left panel; the corresponding page from the book displays in the right panel.

Search

To search, click the Search Query button on the toolbar or choose Edit >Search > Query to open the Search window. In the Adobe Acrobat Search dialog’s text field, type the text you want to find and click Search. Use the Search Next button (Control+U) and Search Previous button (Control+Y) to go to other matches in the book. The Search command also has powerful tools for limiting and expanding the definition of the term you are searching for. Refer to Acrobat's online Help (Help > Plug-In Help > Using Acrobat Search) for more information.

Click here to begin using your Sybex Elect ronic Book!

www.sybex.com

CIW™: Internetworking Professional Study Guide

Patrick T. Lane, Rod Hauser

San Francisco • London Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Associate Publisher: Neil Edde Acquisitions and Developmental Editor: Heather O’Connor Editor: Suzanne Goraj Production Editor: Teresa L. Trego Technical Editor: Rod Jackson, Warren Wyrostek Graphic Illustrator: Tony Jonick, Rappid Rabbit Electronic Publishing Specialist: Jill Niles Proofreaders: Dave Nash, Nelson Kim, Emily Hsuan Indexer: Ted Laux CD Coordinator: Dan Mummert CD Technician: Kevin Ly Book Designer: Bill Gibson Cover Designer: Archer Design Cover Illustrator/Photographer: Jeremy Woodhouse, PhotoDisc This book was developed and published by Sybex Inc., under a license from ProsoftTraining. All Rights Reserved. Original Advanced E-Commerce and Site Design training material © 2001 ComputerPREP, Inc. Copyright © 2002 Sybex Inc. 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. No part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way.including but not limited to photocopy, photograph, magnetic, or other record, without the prior agreement and written permission of the publisher. Library of Congress Card Number: 2002104177 ISBN: 0-7821-4083-1 SYBEX and the SYBEX logo are either registered trademarks or trademarks of SYBEX Inc. in the United States and/or other countries. The CIW logo and ComputerPREP, Inc. are trademarks of ProsoftTraining.com Some screen reproductions made using Jasc® Paint Shop Pro®. Copyright © 1992-2002 Jasc Software, Inc. All Right Reserved. Some screen reproductions produced with FullShot 99. FullShot 99 © 1991-1999 Inbit Incorporated. All rights reserved. FullShot is a trademark of Inbit Incorporated. The CD interface was created using Macromedia Director, COPYRIGHT 1994, 1997-1999 Macromedia Inc. For more information on Macromedia and Macromedia Director, visit http://www.macromedia.com. Netscape Communications, the Netscape Communications logo, Netscape, and Netscape Navigator are trademarks of Netscape Communications Corporation. Netscape Communications Corporation has not authorized, sponsored, endorsed, or approved this publication and is not responsible for its content. Netscape and the Netscape Communications Corporate Logos are trademarks and trade names of Netscape Communications Corporation. All other product names and/or logos are trademarks of their respective owners. Internet screen shots using Microsoft Internet Explorer 5.5 reprinted by permission from Microsoft Corporation. TRADEMARKS: SYBEX has attempted throughout this book to distinguish proprietary trademarks from descriptive terms by following the capitalization style used by the manufacturer. The author and publisher have made their best efforts to prepare this book, and the content is based upon final release software whenever possible. Portions of the manuscript may be based upon pre-release versions supplied by software manufacturer(s). The author and the publisher make no representation or warranties of any kind with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not limited to performance, merchantability, fitness for any particular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this book. Photographs and illustrations used in this book have been downloaded from publicly accessible file archives and are used in this book for news reportage purposes only to demonstrate the variety of graphics resources available via electronic access. Text and images available over the Internet may be subject to copyright and other rights owned by third parties. Online availability of text and images does not imply that they may be reused without the permission of rights holders, although the Copyright Act does permit certain unauthorized reuse as fair use under 17 U.S.C. Section 107. Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

To Our Valued Readers: The Certified Internet Webmaster (CIW) program from ProsoftTraining™ has established itself as one of the leading Internet certifications in the IT industry. Sybex has partnered with ProsoftTraining to produce Study Guideslike the one you hold in your handfor the Associate, Master Administrator, and Master Designer tracks. Each Sybex book is based on official courseware and is exclusively endorsed by ProsoftTraining. Just as ProsoftTraining is committed to establishing measurable standards for certifying IT professionals working with Internet technologies, Sybex is committed to providing those professionals with the skills and knowledge needed to meet those standards. It has long been Sybex’s desire to help bridge the knowledge and skills gap that currently confronts the IT industry. The authors and editors have worked hard to ensure that this CIW Study Guide is comprehensive, indepth, and pedagogically sound. We’re confident that this book will meet and exceed the demanding standards of the certification marketplace and help you, the CIW certification candidate, succeed in your endeavors. Good luck in pursuit of your CIW certification!

Neil Edde Associate Publisher—Certification Sybex, Inc.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Software License Agreement: Terms and Conditions The media and/or any online materials accompanying this book that are available now or in the future contain programs and/or text files (the "Software") to be used in connection with the book. SYBEX hereby grants to you a license to use the Software, subject to the terms that follow. Your purchase, acceptance, or use of the Software will constitute your acceptance of such terms. The Software compilation is the property of SYBEX unless otherwise indicated and is protected by copyright to SYBEX or other copyright owner(s) as indicated in the media files (the “Owner(s)”). You are hereby granted a single-user license to use the Software for your personal, noncommercial use only. You may not reproduce, sell, distribute, publish, circulate, or commercially exploit the Software, or any portion thereof, without the written consent of SYBEX and the specific copyright owner(s) of any component software included on this media. In the event that the Software or components include specific license requirements or end-user agreements, statements of condition, disclaimers, limitations or warranties ("End-User License"), those End-User Licenses supersede the terms and conditions herein as to that particular Software component. Your purchase, acceptance, or use of the Software will constitute your acceptance of such End-User Licenses. By purchase, use or acceptance of the Software you further agree to comply with all export laws and regulations of the United States as such laws and regulations may exist from time to time. Software Support Components of the supplemental Software and any offers associated with them may be supported by the specific Owner(s) of that material, but they are not supported by SYBEX. Information regarding any available support may be obtained from the Owner(s) using the information provided in the appropriate read.me files or listed elsewhere on the media. Should the manufacturer(s) or other Owner(s) cease to offer support or decline to honor any offer, SYBEX bears no responsibility. This notice concerning support for the Software is provided for your information only. SYBEX is not the agent or principal of the Owner(s), and SYBEX is in no way responsible for providing any support for the Software, nor is it liable or responsible for any support provided, or not provided, by the Owner(s). Warranty SYBEX warrants the enclosed media to be free of physical defects for a period of ninety (90) days after purchase. The Software is not available from SYBEX in any other form or media than that enclosed herein or posted to www.sybex.com. If you discover a defect in the media during this warranty

period, you may obtain a replacement of identical format at no charge by sending the defective media, postage prepaid, with proof of purchase to: SYBEX Inc. Product Support Department 1151 Marina Village Parkway Alameda, CA 94501 Web: http://www.sybex.com After the 90-day period, you can obtain replacement media of identical format by sending us the defective disk, proof of purchase, and a check or money order for $10, payable to SYBEX. Disclaimer SYBEX makes no warranty or representation, either expressed or implied, with respect to the Software or its contents, quality, performance, merchantability, or fitness for a particular purpose. In no event will SYBEX, its distributors, or dealers be liable to you or any other party for direct, indirect, special, incidental, consequential, or other damages arising out of the use of or inability to use the Software or its contents even if advised of the possibility of such damage. In the event that the Software includes an online update feature, SYBEX further disclaims any obligation to provide this feature for any specific duration other than the initial posting. The exclusion of implied warranties is not permitted by some states. Therefore, the above exclusion may not apply to you. This warranty provides you with specific legal rights; there may be other rights that you may have that vary from state to state. The pricing of the book with the Software by SYBEX reflects the allocation of risk and limitations on liability contained in this agreement of Terms and Conditions. Shareware Distribution This Software may contain various programs that are distributed as shareware. Copyright laws apply to both shareware and ordinary commercial software, and the copyright Owner(s) retains all rights. If you try a shareware program and continue using it, you are expected to register it. Individual programs differ on details of trial periods, registration, and payment. Please observe the requirements stated in appropriate files. Copy Protection The Software in whole or in part may or may not be copyprotected or encrypted. However, in all cases, reselling or redistributing these files without authorization is expressly forbidden except as specifically provided for by the Owner(s) therein.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Acknowledgments I would like to thank my wife Nancee for all of her support and encouragement, and compliment the patience of my sons Owen, Malcolm and Reece during this project. Maybe now that this project is over, I’ll connect Owen and Malcolm's computers to the network. I hope that this book helps developing professionals grow both technically and professionally, because ongoing learning is important. I would like to thank several individuals for guiding my learning, most of all my parents, Richard and Alice, and also several teachers and professors: Bob Graves, Rollie Freel, Harlan Graber, Ed Hill and Tony deLaubenfels. You have all helped me appreciate concise thinking and expand my enjoyment of the relationships between the abstract and real, and the synergy between humanity and technology. Thanks to the staff at CIW and Sybex, and the whole project crew. Many thanks to GNU contributors everywhere, to Linus Torvalds and the entire Linux community for keeping computers fun for the next few decades. --Rod Hauser I would like to thank his wife, Susan, for her support and ability to make him see the lighter side of life during the time-consuming development of the CIW Foundations, CIW Internetworking Professional, and CIW Security Professional books. I would also like to thank Jud Slusser for his wisdom and long-view approach toward certification, and James Stanger for his technical expertise. I would also like to thank Heather O’Connor for the opportunity to author CIW books for Sybex. --Patrick Lane

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Introduction The Prosoft CIW (Certified Internet Webmaster) certification affirms that you have the essential skills to create, run, and update a website. These skills are exactly what employers in today’s economy are looking for, and you need to stay ahead of the competition in the current job market. CIW certification will prove to your current or future employer that you are serious about expanding your knowledge base. Obtaining CIW certification will also provide you with valuable skills, including basic networking, web page authoring, internetworking, maintaining security, and website design, and expose you to a variety of vendor products made for web design and implementation. This book is meant to help you prepare for the Certified Internet Webmaster Internetworking Professional Exam 1D0-460. The Internetworking Professional exam is one of the exams that make up the Master CIW Administrator Certification. The Internetworking Professional exam focuses on network architecture; identifying infrastructure components; monitoring and analyzing network performance; and designing, managing, and troubleshooting enterprise TCP/IP networks. Each element of the Master CIW Administrator Certification validates your expertise in key skills that are cross-platform. Windows NT and Windows 2000 are widely used in businesses, and enterprise and midsize businesses continue to rely on commercial Unix while deploying Linux in test and production environments. For the best study preparation for the CIW Master Administrator sequence, you will want to have both a Windows system and a Linux system, to configure, perform exercises, and generally learn to use. You may already have two or more systems as a home network. Although those new to internetworking may focus on the differences between versions of Windows, versions of commercial Unix, and different Linux distributions, the skills and knowledge of a Master Administrator—both certifiable knowledge and realworld skills—are based on utilities and concepts that remain the same regardless of version or revision. Throughout this series, Windows 2000 and Linux are used.

The Certified Internet Webmaster Program The CIW Internet skills certification program is aimed at professionals who design, develop, administer, secure, and support Internet- or intranet-related services. The CIW certification program offers industry-wide recognition of

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

xxii

Introduction

an individual’s Internet and web knowledge and skills, and certification is frequently a factor in hiring and assignment decisions. It also provides tangible evidence of a person’s competency as an Internet professional; holders of this certification can demonstrate to potential employers and clients that they have passed rigorous training and examination requirements that set them apart from non-certified competitors. All CIW certifications are endorsed by the International Webmasters Association (IWA) and the Association of Internet Professionals (AIP).

CIW Associate The first step toward CIW certification is the CIW Foundations exam. A candidate for the CIW Associate certification and the Foundations exam has the basic hands-on skills and knowledge that an Internet professional is expected to understand and use. Foundations skills include basic knowledge of Internet technologies, network infrastructure, and web authoring using HTML. The CIW Foundations program is designed for all professionals who use the Internet. The job expectations of a CIW Associate, or person who has completed the program and passed the Foundations exam, include: 

Understanding Internet, networking, and web page authoring basics



Application of Foundations skills required for further specialization

There are a few prerequisites for becoming a CIW Associate. For instance, although you need not have Internet experience in order to start Foundations exam preparation, you should have an understanding of Microsoft Windows.

Table I.1 shows the CIW Foundations exam and the corresponding Sybex Study Guide that covers the CIW Associate certification. TABLE I.1

The CIW Associate Exam and Corresponding Sybex Study Guide Exam Name

Exam Number

Sybex Study Guide

Foundations

1D0-410

CIW: Foundations Study Guide (ISBN 0-7821-4081-5)

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Introduction

xxiii

CIW accepts score reports from CIW Associate candidates who have passed the entry-level CompTIA i-Net+ exam (IKO-001) and will award Foundations certification to these individuals. For more information regarding the i-Net+ and other CompTIA exams, visit www.comptia.org/.

After passing the Foundations exam, students become CIW Associates and can choose from four Master CIW certification tracks, by choosing a path of interest and passing the required exams: 

Master CIW Designer



Master CIW Administrator



CIW Web Site Manager



Master CIW Enterprise Developer



CIW Security Analyst

Master CIW Designer The Master Designer track is composed of two exams, each of which represents a specific aspect of the Internet job role: 

Site Designer



E-Commerce Designer

Site Designer Exam The CIW Site Designer applies human-factors principles to designing, implementing, and maintaining hypertext-based publishing sites. The Site Designer uses authoring and scripting languages, as well as digital media tools, plus provides content creation and website management. E-Commerce Designer Exam The CIW E-Commerce Designer is tested on e-commerce setup, human-factor principles regarding product selection and payment, and site security and administration. Table I.2 shows the CIW Site Designer and E-Commerce Designer exams and the corresponding Sybex Study Guide for each of these steps toward the CIW Master Designer certification.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

xxiv

Introduction

TABLE I.2

Table I.2 The Master Designer Exams and Corresponding Sybex Study Guides Exam Names

Exam Numbers

Sybex Study Guide

Site Designer

1D0-420

CIW: Site and E-Commerce Design Study Guide (ISBN 0-7821-4082-3)

E-Commerce Designer

1D0-425

CIW: Site and E-Commerce Design Study Guide (ISBN 0-7821-4082-3)

Master CIW Administrator The CIW Administrator is proficient in three areas of administration: 

Server



Internetworking



Security

In each of these areas, specific skills are tested in the context of Windows and Unix or Linux. After passing each test, you become a CIW Professional in that specific area. Server Administrator Exam The CIW Server Administrator manages and tunes corporate e-business infrastructure, including web, FTP, news, and mail servers for midsize to large businesses. Server administrators configure, manage, and deploy e-business solutions servers. Internetworking Professional Exam The Internetworking Professional defines network architecture, identifies infrastructure components, and monitors and analyzes network performance. The CIW Internetworking Professional is responsible for the design and management of enterprise TCP/IP networks. Security Professional Exam The CIW Security Professional implements policy, identifies security threats, and develops countermeasures using firewall systems and attack-recognition technologies. As a CIW Security Professional, you are responsible for managing the deployment of e-business transactions and payment security solutions.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Introduction

xxv

The Exams in the Master Administrator track are listed in Table I.3. TABLE I.3

The Master Administrator Exams and Corresponding Sybex Study Guides. Exam Names

Exam Numbers

Sybex Study Guide

Server Administrator

1D0-450

CIW: Server Administrator Study Guide (ISBN 0-7821-4085-8)

Internetworking Professional

1D0-460

CIW: Internetworking Professional Study Guide (ISBN 0-7821-4083-1)

Security Professional

1D0-470

CIW: Security Professional Study Guide (ISBN 0-7821-4084-X)

Other CIW Certifications Prosoft also offers three additional certification series in website management, enterprise development, and security analysis. Master CIW Web Site Manager The Web Site Manager certification is composed of two Internet job role series exams (Site Designer 1D0-420 and Server Administrator 1D0-450) and two additional language exams (JavaScript 1D0-435 and Perl Fundamentals 1D0-437) from the CIW Web Languages series. Master CIW Enterprise Developer The Enterprise Developer certification is composed of three Internet job role series (Application Developer 1D0-430, Database Specialist 1D0-441, and Enterprise Specialist 1D0442) and three additional language/theory series (Web Languages, Java Programming, and Object-Oriented Analysis). CIW Security Analyst The Security Analyst certification recognizes those who have already attained a networking certification and demonstrated (by passing the CIW Security Professional 1D0-470 exam) that they have the in-demand security skills to leverage their technical abilities against internal and external cyber threats. For more information regarding all of Prosoft’s certifications and exams, visit www.ciwcertified.com.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

xxvi

Introduction

Special Features in This Book What makes a Sybex Study Guide the book of choice for over 500,000 certification candidates across numerous technical fields? We take into account not only what you need to know to pass the exam, but what you need to know to apply what you’ve learned in the real world. Each book contains the following: Objective Information Each chapter lists at the outset which CIW objective groups are going to be covered within. Assessment Test Directly following this Introduction is an Assessment Test that you can take to help you determine how much you already know about networking protocols, network management, and advanced TCP/IP concepts and practices. Each question is tied to a topic discussed in the book. Using the results of the Assessment Test, you can figure out the areas where you need to focus your study. Of course, we do recommend you read the entire book. Exam Essentials To review what you’ve learned, you’ll find a list of Exam Essentials at the end of each chapter. The Exam Essentials section briefly highlights the topics that need your particular attention as you prepare for the exam. Key Terms and Glossary Throughout each chapter, you will be introduced to important terms and concepts that you will need to know for the exam. These terms appear in italic within the chapters, and a list of the Key Terms appears just after the Exam Essentials. At the end of the book, a detailed glossary gives definitions for these terms, as well as other general terms you should know. Review Questions, complete with detailed explanations Each chapter is followed by a set of Review Questions that test what you learned in the chapter. The questions are written with the exam in mind, meaning that they are designed to have the same look and feel as what you’ll see on the exam. Hands-on Exercises Throughout the book, you’ll find exercises designed to give you the important hands-on experience that is critical for your exam preparation. The exercises support the topics of the chapter, and they walk you through the steps necessary to perform a particular function.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Introduction

xxvii

Interactive CD Every Sybex Study Guide comes with a CD complete with additional questions, flashcards for use with a palm device or PC, and a complete electronic version of this book. Details are in the following section.

What’s on the CD? Sybex’s CIW: Internetworking Professional Study Guide companion CD includes quite an array of training resources and offer numerous test simulations, bonus exams, and flashcards to help you study for the exam. We have also included the complete contents of the study guide in electronic form. The CD’s resources are described here: The Sybex E-book for the CIW Internetworking Professional Study Guide Many people like the convenience of being able to carry their whole study guide on a CD. They also like being able to search the text via computer to find specific information quickly and easily. For these reasons, the entire contents of this study guide are supplied on the CD, in PDF format. We’ve also included Adobe Acrobat Reader, which provides the interface for the PDF contents as well as search capabilities. The Sybex CIW Edge Tests The Edge Tests are a collection of multiplechoice questions that will help you prepare for your exam. There are three sets of questions: 





Two bonus exams designed to simulate the actual live exam. All the Review Questions from the Study Guide, presented in an electronic test engine. You can review questions by chapter or by objective area, or you can take a random test. The Assessment Test.

Sybex CIW Flashcards for PCs and Palm Devices The “flashcard” style of question offers an effective way to quickly and efficiently test your understanding of the fundamental concepts covered in the exam. The Sybex CIW Flashcards set consists of 100 questions presented in a special engine developed specifically for this study guide series. We have also developed, in conjunction with Land-J Technologies, a version of the flashcard questions that you can take with you on your Palm OS PDA (including the Palm and Visor PDAs).

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

xxviii

Introduction

White Papers Network technology continues to evolve at a fast pace, and as a CIW Internetworking Professional, you will often find others looking to you for information regarding emerging technologies. Four white papers have been included on the CD, including information on Voice over IP, multicasting, and ongoing SNMP developments. None of these white papers are testable material; rather, they extend the tested skills of a CIW Internetworking Professional with knowledge of what technologies are just now arriving. Supplemental Files Some of the Exercises in this book reference downloadable software, open source utilities, and Request for Comment information. All of these have been included on the CD, for your convenience should you need them when Internet access is not available.

How to Use This Book This book provides a solid foundation for the serious effort of preparing for the exam. To best benefit from this book, you may wish to use the following study method: 1. Take the Assessment Test to identify your weak areas. 2. Study each chapter carefully. Do your best to fully understand the

information. 3. Study the Exam Essentials and Key Terms to make sure you are familiar

with the areas you need to focus on. 4. Answer the review questions at the end of each chapter. If you prefer

to answer the questions in a timed and graded format, install the Edge Tests from the book’s CD and answer the chapter questions there instead of in the book. 5. Take note of the questions you did not understand, and study the cor-

responding sections of the book again. 6. Go back over the Exam Essentials and Key Terms. 7. Go through the study guide’s other training resources, which are

included on the book’s CD. These include electronic flashcards, the electronic version of the chapter review questions (try taking them by objective), and the two bonus exams.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Introduction

xxix

To learn all the material covered in this book, you will need to study regularly and with discipline. Try to set aside the same time every day to study, and select a comfortable and quiet place in which to do it. If you work hard, you will be surprised at how quickly you learn this material. Good luck!

Exam Registration CIW certification exams are administered by Prometric, Inc. through Prometric Testing Centers and by Virtual University Enterprises (VUE) testing centers. You can reach Prometric at (800) 380-EXAM or VUE at (952) 9958800, to schedule any CIW exam.

You may also register for your exams online at www.prometric.com or www.vue.com.

Exams cost $125 (U.S.) each and must be paid for in advance. Exams must be taken within one year of payment. Candidates can schedule exams up to six weeks in advance or as late as one working day prior to the date of the exam. To cancel or reschedule an exam, contact the center at least two working days prior to the scheduled exam date. Same-day registration is available in some locations, subject to space availability. Where same-day registration is available, registration must occur a minimum of two hours before test time. When you schedule the exam, the testing center will provide you with instructions regarding appointment and cancellation procedures, ID requirements, and information about the testing center location. In addition, you will receive a registration and payment confirmation letter from Prometric or VUE.

Tips for Taking the CIW Internetworking Professional Exam Here are some general tips for achieving success on your certification exam: 



Arrive early at the exam center so that you can relax and review your study materials. During this final review, you can look over tables and lists of exam-related information. Read the questions carefully. Don’t be tempted to jump to an early conclusion. Make sure you know exactly what the question is asking.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

xxx

Introduction





For questions you’re not sure about, use a process of elimination to get rid of the obviously incorrect answers first. This improves your odds of selecting the correct answer when you need to make an educated guess. Mark questions that you aren’t sure of and return to them later. Quite often something in a later question will act as a reminder or give you a clue to the correct answer of the earlier one.

Contacts and Resources Here are some handy websites to keep in mind for future reference: Prosoft Training and CIW Exam Information

www.CIWcertified.com

Prometric

www.prometric.com

VUE Testing Services

www.vue.com

Sybex Computer Books

www.sybex.com

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Assessment Test 1. In the Internet architecture model, routing occurs at which layer? A. Transport B. Network C. Internet D. Network Access 2. Which message will be sent by a node to indicate its Data-Link layer

address? A. Neighbor Solicitation B. Neighbor Advertisement C. Router Advertisement D. Redirect 3. Which of the following utilities uses ICMP? A. dig B. nslookup C. ping D. telnet 4. ARP is used to perform which of the following functions? A. ARP verifies uniqueness of a given IP address. B. ARP determines the MAC address for a given IP address. C. ARP converts a 48-bit MAC address into a 32-bit IP address. D. ARP resolves a given MAC address to an IP address. 5. Which DHCP header field denotes whether a packet is a request or a reply? A. Transaction ID B. Operation C. Flags D. Options

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

xxxii

Assessment Test

6. Which packet will be sent by an IPv6 host attempting stateless

autoconfiguration? A. Router Solicitation B. Router Advertisement C. Neighbor Advertisement D. Group Membership Query 7. What is the hexadecimal value for 255 (decimal), or

11111111 11111111 11111111 11111111 (binary)? A. B9 B. A0 C. CE D. FF 8. What is the default algorithm for the Encrypted Security Payload? A. MD5 B. DES C. DES-CBC D. SPI 9. Which of the following is a description of the WarmStart trap? A. The sending agent reinitialized, but neither the agent’s configuration

nor the protocol entity implementation was altered. B. A communication link opened. C. The sending agent reinitialized, but the agent’s configuration and

protocol entity implementation changed. D. A nongeneric trap occurred, identified with information in the

Specific Trap Type field and the Enterprise field.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Assessment Test

xxxiii

10. Which of the following protocols is used by FTP? A. UDP B. TCP C. ICMP D. IGMP 11. Which type of record is used to resolve a reverse DNS lookup? A. A B. CNAME C. PTR D. SOA 12. What is the purpose of a redirect message? A. To redirect traffic to a closer gateway B. To redirect queries to another name server C. To redirect traffic to another network D. To redirect a client connection to another host 13. Which of the following IP addresses is a valid Internet host address? A. 127.69.201.11 B. 206.255.101.49 C. 29.201.54.0 D. 123.45.69.101 14. What is the command to send a single ping from a Windows system to

10.1.2.3? A. ping -c 1 10.1.2.3 B. ping -i 10.1.2.3 C. ping -i 1 10.1.2.3 D. ping -n 1 10.1.2.3

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

xxxiv

Assessment Test

15. Which of the following RFCs stipulates that the official way to name

the OID is to refer to it by its number? A. RFC 1155 B. RFC 1215 C. RFC 1157 D. RFC 1850 16. How many blocks of the IP address space have been reserved by the

ICANN for private networks? A. Four B. Three C. Two D. Seven 17. Which value is incremented on the primary server each time records

are updated? A. serial B. refresh C. retry D. expire 18. What defines a managed node? A. The device supports SNMP. B. The node has an agent installed. C. A managed node works with the chosen management protocol. D. The device has the ability to trigger automatic responses. 19. How many hosts could exist on the network

208.142.34.32/255.255.255.224? A. 16 B. 14 C. 30 D. 32

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Assessment Test

xxxv

20. Which of the following is a step in fault management? A. Isolate the problem. B. Provide a solution. C. Provide root cause. D. Determine symptoms. 21. Which field in an OSPF header contains the source address for the

originating router? A. Authentication B. Router Identification C. Area ID D. Authentication Type 22. Select the binary representation of the subnet mask 255.255.240.0. A. 11111111 11111111 11111000 00000000 B. 11111111 11111111 11110000 00000000 C. 11111111 11111111 11000000 00000000 D. 11111111 11111111 00011111 00000000 23. What type of traffic typically traverses port 1080? A. HTTPS B. HTTP C. SOCKS D. ICP 24. What defines a managed node? A. The device supports SNMP. B. The node has an agent installed. C. A managed node works with the chosen management protocol. D. The device has the ability to trigger automatic responses.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

xxxvi

Assessment Test

25. What is an active close? A. An ACK sent by a server initiating a session closure B. A SYN sent by a client requesting a new session to replace an

existing session C. A FIN sent by a server to initiate a session closure D. A FIN sent by a client to initiate a session closure 26. Which of the following is a feature of the ttcp utility? A. It uses only TCP. B. It avoids the three-way handshake. C. It functions at both the Network and Data-Link layers. D. It contains authentication information. 27. At which layer of the OSI/RM does RMON operate? A. The Application layer B. The Network layer C. The Data-Link layer D. The Transport layer 28. Which of the following is NOT an IP header field? A. Flags B. Time To Live C. Header Length D. Datagram Checksum 29. What is NOT a feature of TCP? A. Data delivery in sequence B. Guaranteed delivery of data C. Data redundancy D. Session management between source and destination

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Assessment Test

xxxvii

30. Why is SNMP so widely used? A. Low resource requirements, portability, wide vendor support B. It is required for enterprise networks C. The root servers authenticate IP addresses using SNMP D. Network Management is not widely used 31. Which of the following ping6 command lines would be used with

Windows 2000 to specify eight ping packets, with DNS resolution, to fe80::280:5fff:fee2:dd33? A. ping6 –a –n 8 fe80::280:5fff:fee2:dd33 B. ping6 –n –t 8 fe80::280:5fff:fee2:dd33 C. ping6 –a –t 8 fe80::280:5fff:fee2:dd33 D. ping6 –a –l 8 fe80::280:5fff:fee2:dd33 32. Convert 1001001001001001 to hexadecimal. A. A249 B. A24A C. 9249 D. 9429 33. Which command-line utility is used on Windows 2000 to determine IP

address and Ethernet MAC information? A. winipcfg B. ifconfig -a C. ifconfig /all D. ipconfig /all 34. Name one significant performance improvement between HTTP

version 1.0 and 1.1. A. Data compression B. Improved authentication C. Persistent connections D. Support for more graphics formats

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

xxxviii

Assessment Test

35. Mobile IP support was contributed from which developmental

ancestor of IPv6? A. SIP B. PIP C. CATNIP D. CLNP 36. Which header is the “last” unencrypted header? A. Authentication extension header B. Routing extension header C. Encrypted Security Payload header D. Security Parameters Index header 37. Which of the following protocols uses UDP? A. SMTP B. SNMP C. FTP D. Telnet 38. What is SMTP an abbreviation for? A. Simple Mail Transfer Protocol B. Simple Management Tool Protocol C. Simple Modem Telnet Protocol D. Simple Mail Transit Protocol 39. Which of the following is NOT used to abbreviate an IPv6 address? A. Drop all leading zeros. B. Replace each null integer with a single zero. C. Replace each null integer with a double colon. D. Replace null integers with a double colon.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Assessment Test

xxxix

40. Why would you choose to implement IPv6 with stateful configuration

when stateless autoconfiguration does not require a server? A. Stateful configuration is easier to implement. B. Stateful configuration can pass additional configuration information. C. Stateful configuration offers less security. D. Stateful configuration requires more router configuration. 41. A system has an Ethernet MAC address of 00-04-76-48-9A-CA. What

is its IEEE EUI address? A. 00-04-76-FF-FE-48-9A-CA B. 00-04-76-48-FF-FE-9A-CA C. 02-04-76-48-FF-FE-9A-CA D. 02-04-76-FF-FE-48-9A-CA 42. What role did the U.S. Department of Defense play in the evolution of

the Internet? A. It increased the connection speeds between various sites to

1.5Mbps. B. It created the ARPANET in 1968, which later came under the

jurisdiction of the National Science Foundation. C. It expanded Internet access to universities and businesses by

installing 56Kbps telephone lines in strategic areas. D. It offered financial incentives to private companies to join the

Internet. 43. Internetworking professionals should be most familiar with which

branch of the MIB tree? A. 1.3.6.1 B. 1.3.1.6 C. 1.3.6.1.3 D. 1.3.1.1.6

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

xl

Assessment Test

44. Where is the hosts file located on Windows 2000? A. %systemroot\system32\drivers\hosts B. %systemroot\system32\drivers\etc\hosts C. %systemroot\system32\etc\hosts D. %systemroot\system32\hosts 45. Which of the following will display open network sockets on a Unix

or Linux host? A. netstat -s B. netstat -a C. ping -s D. ping -c 46. Since TCP is reliable, why would an application use UDP? A. UDP offers superior packet sequencing with fixed header length. B. UDP is less prone to congestion. C. UDP provides a more efficient use of network bandwidth. D. UDP is used only by older applications. 47. What makes File Transfer Protocol an efficient method of transferring files? A. On-the-fly data compression B. FTP uses two TCP ports, one for control and one for data C. FTP’s encrypted authentication headers D. No additional encoding or decoding of data is required

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Answers to Assessment Test 1. C. Routing occurs at the Internet layer of the Internet Architecture

model. The Network layer is responsible for routing in the OSI/RM model, but there is no layer named “Network” in the IA model. See Chapter 1 for more information. 2. B. The Neighbor Advertisement is sent by routers or hosts to show

Data-Link layer address, either in response to a Neighbor Solicitation or unsolicited, to indicate a Data-Link layer address change. See Chapter 11 for more information. 3. C. Ping uses ICMP. See Chapter 1 for more information. 4. C. ARP resolves an IP address to a MAC address, logical to physical.

IP is OSI/RM Layer 3, and MAC is OSI/RM Layer 2. See Chapter 2 for more information. 5. B. The Operation field in both DHCP and BootP denotes request or

reply. See Chapter 2 for more information. See Chapter 2 for more information. 6. A. The Router Solicitation message is broadcast to attempt stateless

autoconfiguration. The Router Advertisement and Group Membership Query are sent by the router, not the host, and the Neighbor Advertisement is a response to Data-Link layer address queries, not part of autoconfiguration. See Chapter 11 for more information. 7. D. FF is the hexadecimal equivalent of 32 bits, all set to one, or 255

decimal, one less than 232. See Chapter 2 for more information. 8. C. The Data Encryption Standard (DES) has several modes. The

Cipher Block Chaining mode, DES-CBC, is the default encryption algorithm for the security payload. See Chapter 10 for more information. 9. A. The WarmStart indicates that the agent has reinitialized, but no

configuration or protocol changes occurred. See Chapter 7 for more information.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

xlii

Assessment Test

10. B. File Transfer Protocol uses TCP on ports 21 and 20, by default.

See Chapter 1 for more information. 11. C. The PTR record is used to resolve an IP address to a host name.

See Chapter 5 for more information. 12. A. The ICMP redirect sends traffic to a closer gateway to the

destination IP address. See Chapter 6 for more information. 13. D. The other addresses are network, loopback, and broadcast

addresses, not valid IP addresses. See Chapter 2 for more information. 14. D. On Windows, the -n option is used to specify the number of pings

to send, while on Unix and Linux, the -c performs the same function. See Chapter 6 for more information. 15. A. RFC 1155 stipulates that the official way to name the OID is by

number. See Chapter 8 for more information. 16. B. ICANN has reserved three ranges, 10.0.0.0 through

10.255.255.255, 172.16.0.0 through 172.31.255.255, and 192.168.0.0 through 192.168.255.255. See Chapter 7 for more information. 17. A. The serial value is incremented with each change, indicating to

secondary servers that they need to get the update. See Chapter 5 for more information. 18. B. The agent makes a node managed. This does not require SNMP,

and may even vary from the selected management protocol, using a gateway agent. See Chapter 7 for more information. 19. C. Five bits are used for the host portion, and 25 = 32, but two

addresses are not available, the network (all zeros) and broadcast (all ones) combinations, resulting in 30 usable addresses. See Chapter 7 for more information. 20. C . All of these are steps in fault management except root-cause

analysis, although a managed system may help to determine root cause. See Chapter 7 for more information.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Answers to Assessment Test

xliii

21. B. Router Identification is the 32-bit IP address of the router sending

the OSPF packet. See Chapter 7 for more information. 22. B. The octets of 255 are sets of eight ones, while 240 = 128 + 64 + 32 + 16,

represented by ones in the first four bits of the next octet. See Chapter 7 for more information. 23. C. Port 1080 is for SOCKS proxy servers. See Chapter 4 for more

information. 24. B. The agent makes a node managed. This does not require SNMP,

and may even vary from the selected management protocol, using a gateway agent. See Chapter 7 for more information. 25. C. The active close is performed by the server, using the FIN flag. See

Chapter 4 for more information. 26. B. The ttcp utility can use UDP or TCP (default) and functions at the

Network and Transport layers with no additional security features. See Chapter 9 for more information. 27. A. RMON operates at the Application layer, but monitors layers 1

and 2 of the OSI/RM. RMON-2 adds support for monitoring of all levels between 3 and 7. See Chapter 8 for more information. 28. D. The only checksum in an IP packet is the Header Checksum. See

Chapter 7 for more information. 29. C. No duplicate data is carried by TCP. See Chapter 4 for more

information. 30. A. SNMP is widely used because it is simple both as a protocol and

to implement, and supported by many vendors. It is not required, has nothing to do with root servers, and is used in small medium and large businesses. See Chapter 1 for more information. 31. A. The –t option is used to repeatedly ping an address, not to specify

a number of pings, and –l is used to specify send buffer size. See Chapter 9 for more information.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

xliv

Assessment Test

32. C. Consider each four-bit component of the 16-bit value, as each

four bits can be expressed as a single hexadecimal digit: 1001=9, 0010=2, 0100=4, 1001=9 resulting in 9249 hexadecimal. See Chapter 10 for more information. 33. D. Winipcfg is used on Windows 95/98 and ifconfig is a Linux or

Unix command. Ipconfig is used on Windows NT and 2000. See Chapter 2 for more information. 34. C. HTTP 1.1 uses persistent connections, rather than creating a connec-

tion for each page requested. This improves performance by reducing unnecessary Internet traffic. See Chapter 1 for more information. 35. B. PIP contained efficient routing and Mobile IP support. See Chapter 9

for more information. 36. C. The Encrypted Security Payload extension header is the last unen-

crypted information, followed by payload data and authentication data. The Authentication extension header and Routing extension header both come before the ESP, and therefore must be unencrypted, while the Security Parameters Index is a field of the ESP, not a header. See Chapter 10 for more information. 37. B. Simple Network Management Protocol uses UDP. See Chapter 1

for more information. 38. A. SMTP is the Internet standard for transferring e-mail messages

between mail servers. E-mail clients would not use SMTP, but often POP or IMAP for a client-to-server connection. See Chapter 1 for more information. 39. C. You may not replace each null integer with a double colon, as this

could result in using more than one double colon, which is not allowed. See Chapter 10 for more information. 40. B. Gateway, DNS server, and other information can be passed to

hosts with stateful configuration. Although stateless autoconfiguration is easier to implement, it offers less security, and requires little or no router configuration. See Chapter 11 for more information.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Answers to Assessment Test

xlv

41. D. The IEEE EUI address conversion changes a 48-bit MAC address

to a 64-bit EUI address by inserting the FF-FE values between the third and fourth bytes of the 48-bit address. In addition, the first byte must not be zero, as it is reserved, so the EUI conversion makes this byte 02. See Chapter 10 for more information. 42. B. The Department of Defense Advanced Research Projects Agency

(ARPA) provided funding in 1968 to connect four universities with what was then dubbed ARPANET. See Chapter 1 for more information. 43. A. The iso.org.dod.internet node is 1.3.6.1 of the MIB tree. See

Chapter 8 for more information. 44. B. The ..\drivers\etc\ directory contains the hosts file, and is off

the %systemroot\system32 directory. See Chapter 5 for more information. 45. B. The netstat command will show network status, the -a option

will show specific protocols and ports, and those that are open will be marked as LISTEN. A netstat -s will display usage statistics. See Chapter 6 for more information. 46. C. UDP can provide for a faster, unreliable delivery of data, without

the overhead of session management. See Chapter 4 for more information. 47. D. FTP’s binary mode for transferring files requires no encoding or

decoding of data, unlike MIME email attachments. While some FTP servers support compression, this does not make the protocol efficient, and although FTP uses ports 20 and 21 for control and data connections, that has no bearing on throughput or efficiency of the transfer. FTP does not use encryption. See Chapter 1 for more information.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Chapter

1

The Internet and TCP/IP CIW EXAM OBJECTIVE AREAS COVERED IN THIS CHAPTER:  Define the Internet infrastructure, including but not limited to: the National Science Foundation network (NSFnet), the Internet Society (ISOC), key internetworking protocols.  Identify essential elements of the Internet and locate Requests for Comments (RFCs) that define them, including but not limited to: the Open Systems Interconnection (OSI) reference model, the Internet architecture model, Transmission Control Protocol/Internet Protocol (TCP/IP), various Internet protocols.  Define the functions of application-layer Internet protocols, including but not limited to: Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Simple Network Management Protocol (SNMP).

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

T

he success of many businesses, academic institutions, hospitals, and even governments can be chalked up to networks. Networks provide an efficient system of connections so that users can file-share, communicate, create, research, and learn together, even though the associated users are miles or even continents apart. Networks are extremely popular for a very basic reason: they allow users to share data quickly. In the past, users had to place files on a floppy disk or print them and physically deliver them to the destination. Such “sneakernet” solutions may be appropriate or necessary in some situations, but when it comes to organizing and expediting the daily operation of a business, no better means exists than a well-run network. Networks allow information to be distributed quickly and easily between two or more computers. This is achieved with a system of protocols, cables, hardware, and (in some instances) other media, such as wireless technology. A network is two or more computers that share information via a physical medium and a protocol. Networking can include a small business network in one building, for instance, which is called a local area network (LAN), and a network can also connect many different LANs over a long distance in a wide area network (WAN). A series of WANs can extend to a worldwide “internetwork” that connects millions of users, such as the Internet. Before you learn more about the Internet, internetworking, and the protocols involved with networking, you must understand how networks have traditionally functioned.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Networking Past and Present

3

Networking Past and Present

Traditionally, whenever an organization chose a network, it tried to ensure that it chose and used only one type of network product. Such choices began the era of homogeneous, vendor-centric networks. Most organizations chose one vendor, such as Novell, IBM, or Microsoft, to provide their networking solution because a one-vendor network ensures a minimum of training for employees and IT professionals. The reasoning was that using the same network type made network communication as simple as possible. As you pursue your career, it is quite possible that you will work with many different types of networks, such as Unix, Novell NetWare, Windows NT, and Windows 2000. At one time, you would probably have used only one type of network at each company. Thus, you would have had to familiarize yourself with the new network and networking protocol or topology with each new job. After learning the latest protocols in order to pass the CIW Internetworking Professional exam, however, you will have learned all you need to know to apply yourself to any available network. Over the past decade, a fundamental change has occurred in networking. Before, you would have had to learn each networking system separately in order to run any one of them; now, many different types of networks can be connected to ensure that different organizations and divisions can communicate directly with one another in a timely way. The task of working with different, or heterogeneous, systems such as the Internet has been given its own name: internetworking. This type of networking represents quite a change. With a traditional networking solution, an organization could communicate with itself on its own network. However, to communicate with others, it had to resort to non-network delivery methods, such as traditional mail. The motivation behind the developments that allow networks to connect with one another has been the need for different organizations to transfer information across large geographic areas as rapidly as possible. Given this change in how organizations operate with various networks, you will probably have to connect different types of networks into a single logical network in which each type can communicate with the others.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

4

Chapter 1



The Internet and TCP/IP

Overview of TCP/IP

TCP/IP (Transmission Control Protocol/Internet Protocol) is a set of

rules that allows computers from different vendors with various operating systems and capabilities (mainframes to desktop computers) to communicate. Since it was adopted in 1983 by the major networks that made up the Internet, TCP/IP has far exceeded expectations. Today, it is the most widely used networking protocol suite in the world and is the protocol that powers the Internet, the world’s largest WAN. In this section, we’ll discuss Internet architecture and common protocols used on the Internet, including more about TCP/IP and serial link protocols. We will also discuss and analyze Request for Comments (RFC) documents, which define and reference Internet protocols.

TCP/IP and Interoperability Even though TCP/IP is the most popular network protocol, many networks today use protocols other than TCP/IP. The default networking protocol for Novell NetWare networks was IPX/SPX until Novell NetWare 5 was released and the default became TCP/IP. Many Novell networks still use both IPX/SPX and TCP/IP and are very productive as a result, but non-TCP/ IP networks need not completely abandon the networking protocol they have traditionally used in order to function with other networks. In fact, they can use one protocol internally and use TCP/IP as the protocol that will transport information between their network and another. If one network used a networking protocol such as NetBEUI and another used IPX/SPX, they could not communicate with each other. Networks in this situation could employ special devices, called gateways, to translate between different networking protocols, but a much more effective solution would be to adopt TCP/IP to help the two networks communicate. As you can see in Figure 1.1, TCP/IP can allow different types of networks to communicate with one another. Using something as simple as a router, TCP/IP allows your existing LAN or WAN to operate with another. It may also function in parallel with other protocols operating through the same NIC. Because of this, it serves as an ideal bridge that allows existing LANs and WANs to act as backbones for an enterprise.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Overview of TCP/IP

FIGURE 1.1

5

TCP/IP and interoperability VAX IBM SNA Network IBM Compatible Workstation

Server

IBM AS/400

Micro VAX

Standard Ethernet Router Macintosh

Laser printer

FDDI Ring

Token Ring

Internetworking and the Corporate Network TCP/IP has emerged as the dominant internetworking protocol because it allows different systems to work together. Such cross-platform capability means that legacy systems, such as IBM SNA, can communicate with newer client/server solutions, such as Unix, Windows NT, Windows 2000, Macintosh, and Novell networks. Older mainframe networks and the latest PC-based networks can communicate with one another, as well. Because it is vendor-neutral, TCP/IP allows internetworking professionals to connect each system without sacrificing the strengths inherent in any operating system or networking method. TCP/IP for internetworking has been attractive because it allows corporations and networks to use past investments as wisely as possible. Therefore, even though the Internet and internetworking are revolutionary, this protocol presents an attractive alternative to businesses that do not want to discard an entire system. With careful planning and problem solving, organizations can make sure that their older systems can communicate with any other system on their internetwork.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

6

Chapter 1



The Internet and TCP/IP

Evolution of the Internet

The Internet was formed in 1968, when the U.S. Department of Defense Advanced Research Projects Agency (ARPA) funded what would become the first global computer network, the Advanced Research Projects Agency Network (ARPANET). The ARPANET was launched in 1969 and connected four universities: two University of California campuses, the Stanford Research Institute, and the University of Utah. The network allowed university and government engineers to research and work from any location on the network. ARPANET’s design featured multiple hosts and multiple connections among those hosts (see Figure 1.2), which greatly reduced the chances of total network failure. There was no central hub, which would have created a point of vulnerability; rather, control was spread throughout the network. This decentralization resulted in a robust and reliable network that would continue to function even if many of the hosts were incapacitated. FIGURE 1.2

Multiple connections among hosts

In the early 1980s, the Unix operating system from University of California, Berkeley, supported TCP/IP, and in 1981 TCP/IP became an official Internet standard. On January 1, 1983, TCP/IP was adopted as the Internet’s official protocol. In the late 1980s, the Department of Defense decommissioned the ARPANET, and all sites transferred to the National Science Foundation (NSF) network, called the NSFnet. The NSF is an independent agency of the U.S. government that promotes the advancement of science and engineering. The NSF increased the number of NSFnet supercomputers to five in 1986 and added access to more networks, expanding the range of sites for businesses, universities, and government and military installations. These centers were

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Evolution of the Internet

7

connected with 56Kbps telephone lines that created regional networks, with each supercomputing “center” as a hub for connections in a given region. In 1987, the NSFnet became known as the Internet. Traffic on the network increased significantly. In 1989, the NSFnet was upgraded to support a 1.5Mbps connection speed by contracting Merit Network, Inc. In the years that followed, more private companies joined the Internet, and now technologies exist to reach speeds over 1Gbps. The hardware and communications links required to connect to the Internet were funded by a combination of private and government money. In 1995, the NSF decommissioned the NSFnet and gradually turned the Internet over to a consortium of private telecommunication companies, including Sprint, UUNet, PSINet, and MCI.

If you want to expand on the history of the Internet, a good resource is a book by Katie Hafner and Matthew Lyon, “Where Wizards Stay Up Late: The Origins of the Internet” (Simon & Schuster, 1996; also available in several e-book formats). The book focuses on the people, universities, and technologies that helped create the Internet.

Internet-Related Authorities The authority for the Internet rests with the Internet Society (ISOC). ISOC is a voluntary membership organization whose objective is to promote global information exchange using Internet technology. You can visit the Internet Society at www.isoc.org. ISOC elects volunteers who are responsible for the technical management and direction of the Internet; these volunteers are called the Internet Architecture Board (IAB). Another volunteer organization, called the Internet Engineering Task Force (IETF), meets regularly to discuss operational and near-term Internet technical problems. Recommendations made via working groups within the IETF can be sent to the IAB to be declared Internet standards. The IETF chairman and the area managers form the Internet Engineering Steering Group (IESG). Another organization, called the Internet Research Task Force (IRTF), is responsible for network research and the development of new technology. The Internet Research Steering Group (IRSG) sets priorities and coordinates research activities. Figure 1.3 displays the ISOC structure.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

8

Chapter 1



The Internet and TCP/IP

FIGURE 1.3

ISOC structure ISOC IAB Organization IRTF

IETF BOARD

IRSG

IESG Working Groups Research Groups

Area 1

Area 8

Requests for Comments (RFCs) Requests for Comments (RFCs) are published documents of interest to the Internet community. They include detailed information about standardized Internet protocols, such as IP and TCP, and those in various stages of development. They also include informational documents regarding protocol standards, assigned numbers (e.g., port numbers), host requirements (e.g., Data-Link, Network, Transport, and Application OSI layers), and router requirements. RFCs are identified by number. The higher the number, the more recent the RFC. Be sure you are viewing the most recent RFC during your research. A recommended RFC reference site is located at www.rfc-editor.org/ rfc.html.

If an RFC has been updated, the index listing (i.e., the RFC editor query results) will state the replacement RFC number. Be aware that not all sites update RFCs regularly, so verify that your mirror site is current, or go directly to rfc-editor.org.

Protocol States Before a protocol becomes a standard, it passes through several maturitylevel states: experimental, proposed, draft, and standard. If a protocol becomes obsolete, it is classified as historic. To progress through the steps,

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Evolution of the Internet

9

the protocol must be recommended by the Internet Engineering Steering Group (IESG) of the Internet Engineering Task Force (IETF). Maturity-Level Protocol States Maturity level of protocol states simply indicates the level of review and testing that has been performed with a protocol state. Like many other characteristics of the Internet, there are no hard and fast rules regarding how long or how many people review a protocol before it moves from one state to another. Experimental Protocols that should be used only in a lab situation. They are not intended for operation on systems other than those participating in the experiment. Proposed Protocols that may be considered for future standardization. Testing and research are encouraged—optimally, by several groups. These protocols will most likely be revised before progressing to the next stage. Draft Protocols being seriously considered by the IESG to become Internet standards. Testing is encouraged, test results are analyzed, and feedback is requested. All input should be sent to the IESG. Changes are often made at the draft stage; the protocol must then return to the proposal stage. Standard Protocols determined by the IESG to be official standard protocols on the Internet. Standard protocols are of two types: those that apply to the entire Internet and those that apply only to certain networks. Additional Protocol States The Additional Protocol States are ones that exist distinct from maturity level, but are not directly tied to developmental state. Historic Protocols that have been replaced by more recent ones or that never received enough interest to develop. Historic protocols are very unlikely to become Internet standards. Informational Protocols developed outside of the IETF/IESG (e.g., protocols developed by vendors or other standardization organizations). These protocols are posted for the benefit of the Internet community.

Internet Standards A protocol, or set of related protocols, that has been standardized is indexed as an STD (Standard), such as STD 5. All protocols, even STDs, are indexed as RFCs because RFCs are never deleted, but only change protocol states. For

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

10

Chapter 1



The Internet and TCP/IP

instance, TCP is STD 7, as well as RFC 793. In some cases, several RFCs may become one STD. For instance, IP, ICMP, and IGMP are indexed as STD 5, even though three RFCs exist: RFCs 791, 792, and 1112, respectively. You will learn about these protocols in the next section.

Reference RFCs You should be familiar with the following important reference RFCs. Internet Official Protocol Standards, RFC 2800, STD 1 Lists the current Internet protocol standards, as well as the current protocol state of all RFCs. Assigned Numbers, RFC 1700 Lists the current status of parameters, such as numbers and keywords, used on the Internet. It includes the assigned Internet protocol numbers for Internet protocols. For instance, IP is represented by the decimal number four. It also includes well-known and registered port assignments. You will learn about assigned numbers throughout the book. Requirements for Internet Hosts, RFC 1122 and 1123 A pair of RFCs that define Internet host software requirements. They define the unique requirements of protocols within the Internet architecture and list the features and implementation details of the protocols, (e.g., protocol specifications identified as must, must not, should, should not, and may). Requirements for IP Version 4 Routers, RFC 1812 Defines the unique requirements of IPv4 Internet routers. It updates the historic RFC 1716, Router Requirements, to include current router technology.

OSI Reference Model

T

he Open Systems Interconnection reference model (OSI/RM) was defined by the International Organization for Standardization (ISO). Introduced in 1983, the OSI/RM has three practical functions: 



It gives developers necessary, universal concepts so they can develop and perfect protocols. It explains the framework used to connect heterogeneous systems. In other words, it allows clients and servers to communicate even if they are using different applications and operating systems. All they need is a common protocol, such as TCP/IP or IPX/SPX.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

OSI Reference Model



11

It describes the process of packet creation. You will learn more about packet creation shortly.

Network function can be described using the OSI model, and network protocols can be created to function as described by the model, just as a building is constructed from a blueprint. For instance, Novell NetWare, Microsoft Windows NT, Windows 2000, and Unix are network operating systems supporting various protocol suites that can be described using the OSI/RM. This common framework allows these network operating systems (NOSs) to interoperate, and may help an internetworking professional to architect a network or troubleshoot a problem. Also, when protocols, such as IP and IPX, are discussed, they are usually linked to their OSI layer. For example, both IP and IPX are found at the OSI/RM Network layer. The OSI/ RM provides the concepts and nomenclature you need to be able to discuss packet creation and networking protocols. Table 1.1 lists the seven layers of the OSI/RM and describes each layer’s function. TABLE 1.1

Layers of the OSI/RM

Layer

Layer Number

Application

7

The interface to the end user in an OSI environment; supports file transfer, network management, and other services.

Presentation

6

Responsible for providing useful transformations on data to support a standardized application interface and general communication services. For example, it converts text from American Standard Code for Information Interchange (ASCII) to Extended Binary Coded Decimal Interchange Code (EBCDIC).

Session

5

Establishes, manages, and terminates connections (sessions) between cooperating applications. This layer adds traffic flow information, as well.

Description

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

12

Chapter 1



The Internet and TCP/IP

TABLE 1.1

Layers of the OSI/RM (continued)

Layer

Layer Number

Transport

4

Provides reliable, transparent transportation between end points (i.e., the source and destination hosts). It also supports end-to-end error recovery and flow control. Connectionoriented (stateful) protocols reside at this layer.

Network

3

Responsible for forwarding and routing datagrams. Connectionless (stateless) protocols reside at this layer.

Data-Link

2

Provides reliable data transfer across the physical link. Frames are transmitted with the necessary synchronization, error control, and flow control. In short, it prepares the information so that it can be sent to the physical wire.

Description

In the IEEE 802 series of LAN standards (a group of popular network standards that you will learn about in this book), the Data-Link layer is divided into two sublayers, the Logical Link Control (LLC) layer and the Media Access Control (MAC) layer. The LLC is responsible for error and flow control and the MAC layer is responsible for placing data on the wire. Physical

1

Concerned with transmission of unstructured bit stream over a physical link. Responsible for the mechanical, electrical, and procedural characteristics to establish, maintain, and deactivate the physical link.

How the Layers Communicate As shown in Figure 1.4, the OSI model describes interaction between the individual layers, as well as between hosts on a network.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

OSI Reference Model

FIGURE 1.4

13

OSI model layers

Client

Server

Application

Application

Presentation

Presentation

Session

Session

Transport

Transport

Network

Network

Data Link

Data Link

Physical

Physical

A client/server example will be used to explain how the OSI/RM typically works. In the figure, the left column contains the seven OSI/RM layers that exist on the client. The right column contains the same seven layers that exist on the server. If the client sends a request to the server, the request might begin with a mouse click by the user on a web page hyperlink (Application layer). The request travels down the OSI/RM until it reaches the Data-Link layer, where it is placed onto a wire, cable, or whatever network medium is used (the Physical layer). The client’s request travels across the wire until it reaches the server. The server’s Data-Link layer pulls the request off the wire (Physical layer) and sends it up the server’s OSI/RM. When the request arrives at the server’s Application layer, the request is processed. The server then returns a response—for instance, a new web page—to the client, using the same method. In networking, information such as the client’s request and the server’s response is sent across the network in packets. Packets are discussed in the next section.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

14

Chapter 1



The Internet and TCP/IP

Packets

A

packet is a fixed piece of information sent across a network. Whenever you send information across any network, you begin the packet creation process. A packet consists of three elements: a header, the actual data, and a trailer.

Many networking professionals use the terms “packet,” “datagram,” and “frame” interchangeably. Although this usage is accurate most of the time, “packet” is a generic term for any piece of information passed through a network. A datagram is a packet at the Network layer of the OSI/RM. A frame is a packet at the Data-Link layer (used to traverse an Ethernet network). Although they have distinct, strict meanings, these terms are used synonymously, even by networking professionals. It may be important to infer correct meaning from context, or to verify usage by another professional by referring to the appropriate OSI layer.

As shown in Figure 1.5, the header contains several different pieces of information, such as addressing information or an alert signal to the incoming computer. FIGURE 1.5

Packet structure

Header

Data

Trailer

The preceding figure also shows that the packet contains the original data, such as a portion of an e-mail message. The trailer usually contains information

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Packets

15

that validates the packet. For example, it could contain cyclic redundancy check (CRC) information.

Cyclic Redundancy Check A CRC is a mathematical calculation that allows the receiving computer to verify that the packet is valid. When a sending host transmits a packet, it calculates a CRC, then adds this information to the trailer. When the receiving host reads the packet, it runs its own CRC, then compares it with the CRC stored in the trailer. If the two match, the packet is not damaged, and the receiving host processes the packet. If the CRCs do not match, the receiving host discards the entire packet.

Packet Creation: Adding Headers The packet creation process begins with Layer 7 of the OSI/RM (the Application layer), and continues through Layer 1 (the Physical layer). For example, when you send an e-mail message or transfer a file from one computer to another, this message or file undergoes a transformation from a discrete (i.e., complete) file into smaller pieces of information called packets. Beginning with the Application layer of the OSI/RM, the file continues to be divided until the initial, discrete message becomes a number of smaller, more manageable pieces of information sent at the Physical layer. As shown in Figure 1.6, each layer adds its own information, called a header, to the packet. This information enables each layer to communicate with the others, and also allows the receiving computer to process the message. FIGURE 1.6

Headers added at each level of OSI/RM Application

Application Data

Presentation

Application Data + AH

Session

AH PH

Application Data + AH + PH

SH

Transport

Application Data + AH + PH + SH

Network

Application Data + AH + PH + SH + TH

Data Link

Application Data + AH + PH + SH + TH + NH

Physical

Bits (1 and 0s)

TH NH

Copyright ©2002 SYBEX, Inc., Alameda, CA

DLH

www.sybex.com

16

Chapter 1



The Internet and TCP/IP

Packet Creation: Removing Headers You have already seen how a sending host creates a packet. When a receiving host processes a packet, it reverses the packet creation process and removes each header, beginning with Layer 1 (the Physical layer) and ending with Layer 7. All that is left at the end of this process is the original, unaltered data, which the host can then use. This procedure of network communication by packet creation, transmission, and processing is similar regardless of network topology or protocol. Many networking protocol suites exist that follow this process of network packet creation, and models for both general and specific network technologies exist. However, the OSI reference model is just that, a reference model that may be applied to any other specific model or protocol.

TCP/IP

On January 1, 1983, the major networks that made up the Internet adopted the Transmission Control Protocol/Internet Protocol (TCP/IP) suite as the Internet’s official protocol. One reason for the Internet’s explosive growth and powerful communication ability is its adoption of this suite, which was originally developed in Berkeley, California. TCP/IP is the default protocol for the following network operating systems: 

Windows NT 4.0, 2000



Unix



NetWare 5 and newer

Currently, the Internet fully supports TCP/IP version 4. However, TCP/IP version 6 (known as IPv6) is being tested and is expected to gain full support in the coming decade. You will learn more about TCP/IP in future chapters, but some of its basic principles are discussed in the following section.

A Collection of Protocols TCP/IP is a suite of protocols that includes Transmission Control Protocol (TCP), Internet Protocol (IP), User Datagram Protocol (UDP), Internet Control Message Protocol (ICMP), Address Resolution Protocol (ARP), and many

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Internet Architecture and Protocols

17

others that will be discussed later in this book. Each of these protocols has a specific function. TCP TCP ensures reliable communication and uses ports to deliver packets. It also fragments and reassembles messages, using a sequencing function to ensure that packets are reassembled in the correct order. IP IP is a connectionless protocol responsible for providing addresses of each computer and for performing routing. IP version 4 uses 32-bit addresses. The address scheme falls into five classes, only three of which are available for standard network addressing. The original plan was to assign Class A addresses to large networks, Class B to medium-sized networks, and Class C to smaller networks. Class D addresses are used for multicasting, and Class E addresses are experimental. You will learn more about these classes later in this book. Thirty-two-bit IP addresses are divided into halves: the network portion and the host portion. The subnet mask helps determine which bits form the network and host portions.

An Open Standard TCP/IP is not tied to any one vendor, and therefore allows heterogeneous networks to communicate efficiently. It uses the Internet architecture model that divides its protocols into four layers. Each layer is responsible for specific communication tasks and coincides with layers in the OSI/RM. Note that several Internet architecture models exist, each slightly different from the others. A four-layer version was selected for this book.

Throughout this book we will often refer to the OSI reference model. Both the OSI/RM and the Internet model are often referenced by internetworking professionals. The CIW Internetworking Professional exam references the Internet model.

Internet Architecture and Protocols

Similar to other networking models, the Internet architecture model divides protocols into layers. Each layer is responsible for specific communication tasks. The Internet architecture model consists of four layers, each

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

18

Chapter 1



The Internet and TCP/IP

coinciding with layers in the Open Systems Interconnection (OSI) reference model. Figure 1.7 illustrates the Internet architecture model, and Table 1.2 describes the OSI reference model and the Internet architecture equivalents. FIGURE 1.7

Internet architecture model Application Layer Transport Layer Internet Layer Network Access Layer

TABLE 1.2

OSI Reference Model Layers and Internet Architecture Equivalents OSI Reference Model Layer

Internet Architecture Equivalent

Application

Application

Presentation Session

Transport

Transport Network

Internet

Data-Link

Network Access

Physical

Each layer of the Internet architecture involves protocols, and each protocol has an associated RFC. This section describes common protocols used on the Internet by layer. These protocols will be discussed in detail throughout the book. Each protocol is listed with its respective RFC(s). Figure 1.8 illustrates their relationships within the Internet architecture.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Internet Architecture and Protocols

FIGURE 1.8

19

Internet protocols and Internet architecture

Network Access Layer The Network Access layer corresponds to the Physical and Data-Link layers of the OSI reference model. The Network Access layer accepts higher-layer packets and transmits them over the attached network, handling all the hardware details of interfacing with the network media. This layer usually consists of: 

The operating system’s device driver



The corresponding interface card



The physical connections

For Ethernet-based local area networks, the data sent over the media is referred to as Ethernet frames, which range in size from 64 to 1,518 bytes (1,514 bytes without the cyclic redundancy check). The Network Access layer components can vary considerably, depending on the technologies that are responsible for placing data on the network media and pulling data off. Examples include: Local area networks (LANs) uted Data Interface (FDDI)

Ethernet, Token Ring, and Fiber Distrib-

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

20

Chapter 1



The Internet and TCP/IP

Wide area networks (WANs) nous transfer mode (ATM)

Frame Relay, serial lines, and asynchro-

Internet Layer The Internet layer corresponds to the Network layer of the OSI model. It is responsible for addressing and routing packets on TCP/IP networks. A packet received from the Transport layer is encapsulated in an IP packet. Based on the destination host information, the Internet layer uses a routing algorithm to determine whether to deliver the packet locally or send it to a default gateway. The following are protocols used at the Internet layer: 

Internet Protocol (IP)



Internet Control Message Protocol (ICMP)



Internet Group Management Protocol (IGMP)



Address Resolution Protocol (ARP)



Reverse Address Resolution Protocol (RARP)

The Internet layer of the Internet architecture uses the following protocols to address and route packets on TCP/IP networks.

Internet Protocol (IP)—RFC 791, STD 5 The Internet Protocol (IP) is the basic data-transfer method used throughout the Internet. It is responsible for IP addressing and performs the routing function, which selects a path to send data to the destination IP address. Data is sent in the form of packets, also called datagrams. A packet is selfcontained, independent of other packets; it does not require an acknowledgment and carries information sufficient for routing from the originating host to the destination host. IP defines how routers are to process packets, when error messages are to be generated, and under what conditions packets are to be discarded.

Internet Control Message Protocol (ICMP)—RFC 792, STD 5 The Internet Control Message Protocol (ICMP) is the troubleshooting protocol of TCP/IP. ICMP is specified in RFCs 844, 1256, and 1788. It allows

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Internet Architecture and Protocols

21

Internet hosts and gateways to report errors through ICMP messages. If a problem occurs on a TCP/IP network, an ICMP message will probably be generated.

Internet Group Management Protocol (IGMP)— RFC 1112, STD 5 The Internet Group Management Protocol (IGMP) is used for multicasting. In multicasting, one source sends a message to a group of subscribers (multicast groups). For multicast delivery to be successful, members must identify themselves and the groups that interest them to local multicast-enabled routers. IGMP allows users to join and maintain membership in multicast groups.

Address Resolution Protocol (ARP)—RFC 826, STD 37 The Address Resolution Protocol (ARP) translates Internet addresses to physical addresses, such as an Ethernet’s 48-bit physical address, also called Media Access Control, or MAC, addresses. For example, assume two hosts are on a network, node1 and node2. Node1 knows the IP address of node2. However, if node1 wants to send a packet to node2, it must know the physical, or hardware, address of node2. To resolve the IP address to the hardware address, ARP sends a local broadcast and obtains the hardware address. Once the address resolution is complete, ARP stores the information in an ARP cache for future requests. The ARP cache entry remains in the ARP cache for different lengths of time, depending on the operating system.

Reverse Address Resolution Protocol (RARP)— RFC 903, STD 38 The Reverse Address Resolution Protocol (RARP) performs (as its name implies) the reverse function of ARP. It uses a node’s hardware address to request an IP address. RARP is generally used during initialization for diskless workstations to obtain an IP address. For example, when a diskless workstation initializes, RARP reads the node’s unique hardware address and broadcasts a RARP request over the network, asking for an IP address. A RARP server responds to the request and provides an IP address.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

22

Chapter 1



The Internet and TCP/IP

Transport Layer The Transport layer of the Internet architecture corresponds to the Transport and Session layers of the OSI model. The Transport layer accepts Application layer data and provides the flow of information between two hosts. The following two protocols are found at the Transport layer: 

Transmission Control Protocol (TCP)



User Datagram Protocol (UDP)

The Transport layer also divides the data received from the Application layer into smaller pieces (i.e., packets) before passing them to the Internet layer.

The Transport layer is also known as the Host-to-Host layer, the End-to-End layer, or the Source-to-Destination layer.

The Transport layer of the Internet architecture uses the following protocols to provide a flow of information between hosts.

Transport Control Protocol (TCP)—RFC 793, STD 7 The Transport Control Protocol (TCP) provides session management between the source and destination systems. It ensures that data is delivered in sequence, and that no duplicate data is sent. TCP is used with applications that communicate by establishing a session before transferring data, such as FTP and Telnet.

User Datagram Protocol (UDP)—RFC 768, STD 6 The User Datagram Protocol (UDP) provides a simple packet form of communication. One UDP packet is created for each output operation by an application, and a session is not necessary. Unlike TCP, UDP does not provide congestion control or packet sequencing, or send acknowledgments. It also does not retransmit lost packets or guarantee reliability. UDP is a connectionless protocol that is used by the Trivial File Transfer Protocol (TFTP) and the Simple Network Management Protocol (SNMP).

Application Layer The Application layer of the Internet architecture corresponds to the Presentation and Application layers of the OSI model. The Application layer interacts with the Transport layer protocols to send or receive data.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Internet Architecture and Protocols

23

Users can invoke application programs such as remote terminal protocol (Telnet), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP) or Simple Network Management Protocol (SNMP) for access to nodes on the Internet.

The Application layer is also referred to as the Process layer.

The Application layer of the Internet architecture uses the following protocols to process and transmit data.

Hypertext Transfer Protocol (HTTP)—RFCs 1945 and 2616 The Hypertext Transfer Protocol (HTTP) is used to transport HTML documents (web pages) across the Internet. HTTP requires a client program on one end (a browser) and a web server on the other, both running TCP/IP. HTTP establishes a web server session and transmits HTML pages to a client browser. HTTP 1.0 establishes a new protocol connection for each page requested, which creates unnecessary Internet traffic. HTTP 1.1 uses persistent connections, which allow multiple downloads with one connection. Both the client and server must support HTTP 1.1 to benefit.

File Transfer Protocol (FTP)—RFC 959, STD 9 The File Transfer Protocol (FTP) is a system for transferring files between computers on a TCP/IP network. FTP offers an efficient and quick way to transfer files because it does not require the encoding and decoding data, which is necessary when using other methods such as sending files as e-mail attachments. FTP allows files to be uploaded to a server. HTTP usually allows only client downloads from the server.

Trivial File Transfer Protocol (TFTP)—RFC 1350, STD 33 Trivial File Transfer Protocol (TFTP) is used for initializing diskless systems. It works with the Bootstrap Protocol (BootP). TFTP uses UDP, whereas FTP uses TCP. Because TFTP is simple and small, it can be embedded in ROM, which is ideal for diskless workstations seeking network configurations upon initialization.

Telnet (Remote Terminal Protocol)—RFCs 854 and 855, STD 8 Telnet is a terminal emulation protocol developed for ARPANET. It allows a user to log on and run programs from a remote system. Telnet is normally used by a client terminal, or terminal emulator software on a PC.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

24

Chapter 1



The Internet and TCP/IP

Network News Transfer Protocol (NNTP)—RFC 977 The Network News Transfer Protocol (NNTP) allows sites on the Internet to exchange Usenet news articles, which are organized into topics such as “programming in C++” or “international trade issues.” To use newsgroups, you must have access to an NNTP server with which you are authorized to read and post news.

Gopher—RFC 1436 Gopher is a menu-based program used to find resources on the Internet. It is very similar in concept and practice to today’s Web: Users follow links from site to site in search of information. It was one of the first tools developed to pull the Internet together so users could access the entire Internet rather than just one site. Gopher servers have been largely replaced by web servers.

Simple Mail Transfer Protocol (SMTP)—RFC 821, STD 10 The Simple Mail Transfer Protocol (SMTP) is the Internet standard protocol for transferring e-mail messages from one computer to another. It specifies how two mail systems interact. SMTP is often used with Post Office Protocol 3 (POP3), which is a standard Internet mail server that uses SMTP’s messaging protocol. POP3 stores incoming e-mail until users authenticate and download it. POP3 is defined in RFC 1939 and STD 53.

Simple Network Management Protocol (SNMP)— RFC 1157, STD 15 The Simple Network Management Protocol (SNMP) is used for managing TCP/IP networks. It is a standardized management scheme that vendors can support. Thus all SNMP-compliant network devices can be centrally managed by an SNMP manager. SNMP also offers low resource requirements, portability, and wide acceptance.

Domain Name System (DNS)—RFCs 1034 and 1035, STD 13 The Domain Name System (DNS) is a mechanism used on the Internet to translate host computer names into Internet (IP) addresses. It is one of the most universal methods of centralized name resolution. For example, when a user requests the fully qualified domain name (FQDN) www.companyname .com, DNS servers translate the name to the IP address 201.198.24.108.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

OSI/RM Protocol Examples

25

Bootstrap Protocol (BootP)—RFCs 951 and 2132 The Bootstrap Protocol (BootP) is an alternative to RARP. BootP allows diskless workstations to determine not only their IP addresses but also additional parameters, such as default gateways, and the addresses of particular servers, such as a DNS server. RARP provides only an IP address.

Dynamic Host Configuration Protocol (DHCP)—RFC 2131 The Dynamic Host Configuration Protocol (DHCP) is based on BootP. Like BootP, it is designed to assign Internet addresses and additional parameters, such as default gateways and DNS servers, to nodes on a TCP/IP network. Unlike BootP’s, DHCP addresses and parameters can change with time (hence the term “dynamic”). DHCP servers can temporarily lease addresses and parameters for a fixed period of time to a client, then reassign the information to another client when the lease expires.

OSI/RM Protocol Examples

T

he networking protocols listed in this section are examples of common protocols that operate within the OSI/RM layers. It is important to recognize that each of these protocols exists in the Internet architecture model. They are provided here in the context of the OSI reference model for the additional detail provided by that model.

Application Layer Protocols Application layer protocols, often called Upper-Layer protocols, allow applications to speak to one another across a network. More common Application layer protocols include: Simple Mail Transfer Protocol (SMTP) from host to host.

Used to send e-mail messages

Bootstrap Protocol (BootP) Responsible for sending TCP/IP address configuration information to hosts. File Transfer Protocol (FTP)

Used to transfer files between two hosts.

Hypertext Transfer Protocol (HTTP) TCP/IP suite protocol to interconnect World Wide Web servers with browsers requesting web pages.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

26

Chapter 1



The Internet and TCP/IP

AppleTalk Filing Protocol (AFP) Used exclusively in AppleTalk networks; allows such networks to exchange files. Simple Network Management Protocol (SNMP) TCP/IP protocol suite for troubleshooting and managing networks, regardless of architecture. Server Message Block (SMB) Protocol Used in Microsoft networks; allows clients to work closely with servers. Specifically, it allows clients and servers to access files and request other services. X.500 Protocol Manages online directories of users and resources; an OSI directory protocol. The Lightweight Directory Access Protocol (LDAP) is used to access X.500 directories. NetWare Core Protocol (NCP) on a Novell NetWare network.

Allows files and printers to be shared

Network File System (NFS) Protocol Allows files and printers to be shared on a Unix network.

Transport Layer Protocols The Transport layer provides reliable data delivery. Protocols used at this layer include: Transmission Control Protocol (TCP) Part of the TCP/IP suite; helps provide reliable delivery and manages sessions. Sequenced Packet Exchange (SPX) Protocol Part of the IPX/SPX protocol suite; similar to TCP in that it manages communication sessions. NWLink Protocol

The Microsoft implementation of IPX/SPX protocol.

AppleTalk Transaction Protocol (ATP) Part of the AppleTalk networking suite; provides reliable transmissions between hosts. NetBEUI Protocol Allows different applications on different computers using NetBIOS to communicate with one another; a nonroutable protocol.

Network Layer Protocols Network layer protocols provide routing information to routers and addresses to hosts. Network protocols include: Internet Protocol (IP) Part of the TCP/IP suite; responsible for addressing hosts and routing packets in any network running TCP/IP, including the Internet.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Major Networking Protocols Suites

Internetwork Packet Exchange (IPX) the Novell IPX/SPX suite. NWLink Protocol

27

Provides addressing services for

The Microsoft implementation of IPX/SPX.

Datagram Delivery Protocol (DDP) Part of the AppleTalk networking suite; a best-effort packet (also called datagram) delivery protocol. NetBEUI Allows different applications on different computers using NetBIOS to communicate with one another; a nonroutable protocol.

Data-Link Layer Protocols Data-Link layer protocols provide reliable data transfer across the physical link. Data-Link layer protocols include: Ethernet This LAN protocol was created by Xerox, Digital Equipment Corporation, and Intel. It is the most popular LAN technology. Frame Relay This WAN protocol uses variable-length packets and allows high-speed connections using shared network facilities. X.25 This WAN protocol is a precursor to Frame Relay technology. It was developed in the early 1970s and was the first packet-switching network standard. You will learn more about many of these protocols throughout this book.

Major Networking Protocols Suites

S

everal networking protocols and architectures exist, all based on the OSI/RM. You were introduced to TCP/IP and IPX/SPX briefly in a previous section; however, many additional protocols are used for networking. This section will explain several important networking protocol properties. Following are some important networking protocols: 

TCP/IP



IPX/SPX



NetBEUI



AppleTalk



Data-Link Control (DLC)



Systems Network Architecture (SNA)

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

28

Chapter 1



The Internet and TCP/IP

Protocol Characteristics Understanding TCP/IP is central to internetworking, and is dealt with throughout this book. This section will deal with the other identified major networking protocols. There are some characteristics that can be used to classify and differentiate the behavior and use of protocols.

Connection-Oriented (Stateful) and Connectionless (Stateless) Protocols Some network protocols require that a host establish a connection, or session, before it transfers information. Because of this requirement, sessionoriented (i.e., connection-oriented) protocols are often called stateful protocols. A state is the name given to a session. Connection-oriented protocols are more reliable because they first gain a system’s attention, prepare it to receive information, then send the information. However, connection-oriented protocols require more system overhead, and are not always appropriate for certain networking tasks. An example of a connection-oriented protocol is TCP. Other network protocols do not require a previously established session; they rely on a “best-effort” technology that sends the information, hoping that it will reach the other system. This protocol type is called connectionless, or stateless. An example of a stateless protocol is IP, which provides addresses for the TCP/IP suite. Many connectionless protocols send information by means of short messages called datagrams. Receiving a phone call, for example, is a connection-oriented activity, mainly because it requires you to establish a continuous session before you can communicate. You can also immediately acknowledge that you received the information a caller has sent you, and this acknowledgment is part of that session. Sending a message via the U.S. Postal Service, however, is a connectionless activity because you do not initiate a continuous connection to transmit the message. You simply send the message and hope that it arrives. Rather than being able to send an immediate acknowledgment that the package was received, the recipient would have to send another message indicating that your message arrived. Although it might be tempting to regard a connection-oriented protocol as more important or reliable, this is not necessarily the case. Each protocol type has its own use in a network.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Major Networking Protocols Suites

29

Routable and Nonroutable Protocols Some protocols can travel through LANs and WANs and beyond because they can pass through a router. Routable protocols include TCP/IP and IPX/SPX. Nonroutable protocols use predefined, or static, routes that cannot be changed. Some protocols are nonroutable because they do not use the functions of the OSI/RM Network layer. Nonroutable protocols include NetBEUI, NetBIOS, Systems Network Architecture (SNA), Local Area Transport (LAT), and the Data-Link Control (DLC) protocols. You will learn more about routing later in the book. To effectively use a nonroutable protocol, you can add a bridge (discussed later in the book) to your network or encapsulate the nonroutable protocol within a routable protocol, such as TCP/IP. Encapsulation is also called tunneling.

IPX/SPX Novell, Inc. developed this once-dominant LAN and WAN protocol. Like TCP/IP, IPX/SPX is a protocol suite rather than a single protocol. Microsoft also supports IPX/SPX, although the corporation has renamed it NWLink (NetWare Link).

IPX Internetwork Packet Exchange (IPX) is a connectionless protocol that resides at the Network layer of the OSI/RM. It is responsible for network addressing and forwarding packets to their destination, an action called routing.

SPX Sequenced Packet Exchange (SPX) is a connection-oriented Transport layer protocol that uses services provided by IPX. SPX provides reliability to IPX: It ensures that packets arrive intact at their destination. Because this protocol resides at the Transport layer, it ensures reliable data delivery and manages sessions.

IPX/SPX Advantages and Disadvantages IPX/SPX is not a vendor-neutral protocol. It was developed by Novell and is used mostly with Novell NetWare networks. TCP/IP has eclipsed IPX/SPX

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

30

Chapter 1



The Internet and TCP/IP

as the standard enterprise protocol due to its open nature. However, IPX/ SPX is still common and it has always performed better than TCP/IP. Although IPX/SPX is not supported on the Internet, thousands of IPX/ SPX WANs use private networks or virtual private networks (VPNs) to communicate over long distances (you will learn about WANs, private networks, and VPNs later in this book). Novell has adopted TCP/IP as its default protocol in Novell NetWare 5, although the company still supports IPX/SPX. IPX/SPX Frame Type IPX/SPX can use different frame types. Administrators can choose between the IEEE 802.2 or IEEE 802.3 frame types (you will learn about IEEE standards later in this book). Novell NetWare 3.12 and later default to the IEEE 802.2 frame type. Previous versions defaulted to IEEE 802.3. If you are using IPX/SPX and cannot make a connection, check to see whether your system’s frame type is compatible with those used by the rest of the network.

Novell NetWare Layers Novell NetWare protocols can be classified using the Internet architecture model. Each layer includes the following protocols: Network Access layer protocols Ethernet, token ring, and ARCNET Internet layer protocol IPX Transport layer protocols SPX and Packet Exchange Protocol (PEP) Application layer protocols Error, Echo, Service Advertisement Protocol (SAP) and others Figure 1.9 lists several Novell NetWare protocols. FIGURE 1.9

Novell NetWare protocols NCP RIP

ERROR

ECHO

PEP

SPX

SAP

IPX Ethernet

Logical Link Control Ethernet

ARCNET

ARCNET

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Major Networking Protocols Suites

31

NetBEUI NetBEUI (pronounced “Net-boo-ee”) is an acronym for Network Basic Input/Output System (NetBIOS) Enhanced User Interface. It was first developed by IBM, but Microsoft has since implemented it as a solution for its peer-to-peer networks. NetBEUI is a nonroutable protocol, which limits its usefulness to small non-routed networks.

NetBIOS NetBIOS stands for Network Basic Input/Output System. It was originally designed as a standard to let computers communicate with a local area network. NetBEUI extended this standard, hence the name NetBIOS Enhanced, or Extended, User Interface. Because NetBEUI is declining in popularity, NetBIOS is mainly used as a programming interface for applications. It resides at the Session layer (Layer 5) of the OSI/RM. NetBIOS can operate over NetBEUI, as well as over routable protocols such as TCP/IP and IPX/SPX. Microsoft Windows computers up to and including NT use NetBIOS names to identify one another and communicate on a network. Windows 2000 includes support for NetBIOS but does not require it.

AppleTalk AppleTalk is used only in Apple networks, and is thus proprietary. AppleTalk Phase II allows this protocol to work with others. Rather than using the term “domain” or “network,” AppleTalk divides groups of computers into zones.

Data-Link Control (DLC) IBM originally developed DLC to enable client machines to work with mainframes. However, Hewlett-Packard for a period of time had adopted DLC as a means to connect its laser printers to LANs.

Systems Network Architecture (SNA) IBM introduced SNA in 1974 as a mainframe network architecture. Because it is an architecture, it includes a network topology and a series of protocols. The SNA model is quite similar to the OSI/RM. In fact, SNA inspired the creation of the OSI/RM.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

32

Chapter 1



The Internet and TCP/IP

The SNA market is valued at about $20 billion per year. Even though it is an older architecture, it is still widely used within mainframe networks, in some AS-400 implementations, and on many Unix platforms that connect to these networks.

Multiprotocol Networks

Networks commonly use two routable protocols, such as TCP/IP and IPX/SPX, although this combination could cause problems with system overhead in large, heavily visited sites. Such a combination provides system redundancy and can speed connectivity. Sometimes routable and nonroutable protocols should be combined, even in a routed network. A nonroutable protocol such as NetBEUI could be quite useful in a LAN and WAN situation because it can deliver traffic to local computers without the overhead associated with TCP/IP. If a user sends a message to an employee in the same LAN, NetBEUI will handle all of this transaction. However, if someone sends a message to a recipient on another LAN (activity that involves a router), the system will automatically use a routable protocol such as TCP/IP.

You should also consider, however, that using multiple protocols can increase the time it takes to maintain and troubleshoot a network. In addition, the more protocols you use, the more system overhead you create.

De-multiplexing De-multiplexing is the process a destination computer uses to strip each layer of headers from the incoming packet resulting in the payload. It is an excellent way to show how the Internet protocols work within the Internet architecture. Figure 1.10 displays the de-multiplexing process. You can refer to this diagram throughout the book.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Multiprotocol Networks

FIGURE 1.10

33

De-multiplexing of protocols Telnet

FTP

TFTP

TCP

SNMP UDP

IGMP

ICMP

RARP

IP

ARP

Ethernet

As a packet is received by a network operating system, each layer’s header is removed, and the packet is passed to the appropriate protocol at the next layer. Thus, although many Ethernet datagrams may be received, some will be RARP or ARP, while others will be IP. While each of these would have a similar header at the Physical layer, the uncovered layers further define which protocols and applications receive each type of communication.

Specialized Serial Interface Protocols Many users access the Internet from home using a modem. The point of presence (POP) is the location where a user dials into the Internet via a modem. Usually the POP is an Internet Service Provider (ISP). The term may also be used to denote the point where a long-distance carrier connects to a local telephone company. If a local company does not exist, the POP is the line connected to the user. Modem connections are often made over a standard telephone and use the Point-to-Point Protocol (PPP) or Serial Line Internet Protocol (SLIP) to connect to an ISP. The following sections describe these protocols. Serial Line Internet Protocol (SLIP) is a protocol devised to allow a computer with a modem to connect to the Internet over a phone line. Point-to-Point Protocol (PPP) is an improved version of SLIP that includes more options for authentication and more robust communication control.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

34

Chapter 1



The Internet and TCP/IP

Point-to-Point Protocol (PPP)—RFC 1661, STD 51 Point-to-Point Protocol (PPP) is an encapsulation method for sending IP packets over a serial link. It was created in 1991 by the IETF and supports both asynchronous and synchronous links. Therefore, it can run on standard phone lines, full-duplex links such as Integrated Services Digital Networks (ISDNs), and high-speed T1 and T3 lines. PPP uses the Link Control Protocol (LCP) to establish, configure, and test a connection during the logon process. This protocol allows both computers to negotiate, and provides greater reliability. PPP also enables password protection using the Password Authentication Protocol (PAP) and the Challenge Handshake Authentication Protocol (CHAP). PPP has a family of specific Network layer protocols, called Network Control Protocols (NCPs). NCPs exist for IP, AppleTalk, and DECnet. For example, the NCP for IP allows hosts to negotiate compression headers. Figure 1.11 displays the basic components and process for PPP and SLIP, which is discussed in the next section. FIGURE 1.11

Connecting to the Internet via SLIP or PPP

Internet Router Ethernet SLIP/PPP

Modem Workstation

Modem Service Provider

Multilink Point-to-Point Protocol (PPP-MP)—RFC 1990 If a user connects to his or her ISP using a standard ISDN line, PPP typically uses one 64Kbps B channel for transmission. To obtain a higher transmission speed, two or more B channels can be bridged using Multilink PPP. For example, two ISDN 64Kbps B channels can be combined for a transmission rate of 128Kbps.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Summary

35

Serial Line Internet Protocol (SLIP)—RFC 1055, STD 47 Serial Line Internet Protocol (SLIP) is a simple form of encapsulation for sending IP packets over serial lines. SLIP can be used on RS-232 serial ports and is usually used to connect home users to the Internet with a standard phone line. SLIP supports asynchronous links. Automated scripts are generally used to automate the logon process. SLIP is an older protocol that has been widely replaced by PPP for the following reasons: 



SLIP supports only IP, whereas PPP has implementations that support protocols in addition to IP. SLIP does not support authentication. Authentication is the process of identifying a user who is logging on to a system. It usually requires a username and a password.

Summary

I

n this chapter, you defined the term “internetwork” and compared it with traditional networking. You learned about the importance of TCP/IP and the corporate environment, and how TCP/IP can use your existing LANs and WANs as backbones for interoperability. Next, you studied the evolution of the Internet and its organizations, including the ISOC, IAB, IETF, and IRTF, as well as how TCP/IP relates to standards such as the OSI/RM and IPX/SPX. You reviewed the four layers of the Internet architecture model: Application, Transport, Internet, and Network Access, and aligned the Internet architecture model with the OSI reference model. You reviewed RFCs, including the different states of protocols, STDs versus RFCs, and reference RFCs. You also defined common Internet protocols and matched them to their corresponding Internet layers as well as to the RFC/STD for each. You identified key internetworking protocols and explained the need for multiprotocol networks.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

36

Chapter 1



The Internet and TCP/IP

Key Terms

Before you take the exam, be certain you are familiar with the following terms: ARP

NCP

ARPANET

NetBEUI

BootP

NetBIOS

Challenge Handshake Authentication Protocol (CHAP)

network

cyclic redundancy check (CRC)

NFS

de-multiplexing

NNTP

DHCP

nonroutable

DNS

NOS

draft

NSFnet

Ethernet

OSI/RM

experimental

packet

Frame Relay

Password Authentication Protocol (PAP)

FTP

Point-to-Point Protocol (PPP)

fully qualified domain name (FQDN)

POP

Gopher

proposed

header

RARP

HTTP

Requests for Comments (RFCs)

ICMP

routable

IGMP

Serial Line Internet Protocol (SLIP)

Internet architecture

SMB

Internet Architecture Board (IAB)

SMTP

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Exam Essentials

Internet Engineering Steering Group (IESG)

37

SNA

Internet Engineering Task Force (IETF) SNMP Internet Research Steering Group (IRSG)

SPX

Internet Research Task Force (IRTF)

standard

Internet Society (ISOC)

STD

internetworking

TCP

IP

TCP/IP

IPX

Telnet

ISO

TFTP

ISP

UDP

Link Control Protocol (LCP)

X.25

Exam Essentials Be able to define “internetwork” and explain this concept’s importance in today’s data communications marketplace. An internetwork is a group of several LANs and WANs that operate under different network operating systems and are connected and function together, sharing information between corporate, government, or individual entities. Internetworking has eliminated the need for IS administrators to learn networking protocols for all network operating systems, allowing them to communicate using TCP/IP. Understand how TCP/IP can use your existing LANs and WANs as backbones for interoperability. TCP/IP can function in parallel with existing protocols, allowing heterogeneous equipment and protocols to speak a common language and communicate. Be able to relate internetworks to the concept of the corporate enterprise network. A series of WANs may create an “internetwork” consisting of private or public networks. Historically, a corporate enterprise network

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

38

Chapter 1



The Internet and TCP/IP

was private, with leased lines connecting corporate network nodes. With the rise of the Internet, corporations use public Internet connections to quickly and inexpensively expand corporate network access points, and individuals have personal access to published information. Know the evolution of the Internet. The Internet grew from ARPANET, which connected four universities in 1969, into a global research network in the 1980s, called NSFnet until it was dubbed “the Internet” in 1987. In 1995 the National Science Foundation network was decommissioned, as a consortium of private telecommunications companies provided global connectivity that continues to expand. Be able to define and discuss Internet-related organizations, such as ISOC, IAB, IETF, and IRTF. These are all volunteer organizations dedicated to maintaining and enhancing the Internet and promoting global information exchange. The Internet Society (ISOC) is the global authority for the Internet. The Internet Architecture Board (IAB) is responsible for managing long-term technical direction of the Internet, while the Internet Engineering Task Force (IETF) focuses on solving operational and shortterm technical problems. The Internet Research Task Force (IRTF) researches and develops new network technologies. Understand how TCP/IP relates to standards such as SNA, OSI, and IPX/SPX. TCP/IP is an open standard, while SNA and IPX/SPX are proprietary standards. The OSI reference model is the basis for all of these networking protocols. Be able to identify key internetworking protocols and explain the need for multiprotocol networks. TCP/IP can function in parallel with other protocols such as SNA, IPX/SPX, and NetBEUI, allowing for interoperability between heterogeneous systems. Each protocol has strengths and weaknesses, although TCP/IP has been shown to be extremely robust and flexible. In some situations, a proprietary protocol such as SNA or IPX is desired or offers advantages, which results in multiprotocol networks. Be able to define and describe the Internet architecture model. The Internet architecture model uses four layers to describe the relationship and communication of different network elements. The Application layer includes both layers 6 and 7 of the OSI/RM. The Transport layer includes both layers 4 and 5 of the OSI/RM.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Exam Essentials

39

Know the nature, purpose, and operational essentials of TCP/IP. TCP/ IP is an open set of protocols that uses ports and Internet addresses to allow computers with different operating systems, network topologies, and protocols to communicate. Important elements of IP are TCP, UDP, and ICMP. TCP and UDP reside at Layer 4 of the OSI/RM while ICMP is at Layer 3. Be able to define and describe various Internet protocols. DNS associates a fully qualified domain name with an IP address. ARP resolves an IP address to a Media Access Control (MAC) address. RARP resolves a Media Access Control (MAC) address to an IP address. Understand the operation of Point-to-Point Protocol (PPP) and Multilink PPP. PPP is an encapsulation method for sending IP packets over a serial link, either synchronously or asynchronously. PPP uses Link Control Protocol (LCP) to establish and configure a connection, including authenticating with PAP or CHAP. After connecting, PPP uses Network Control Protocols (NCPs) to negotiate communication with various protocols (e.g., IP). PPP can also bridge ISDN B channels in order to attain a higher transmission rate. Be able to find RFCs and download them from the Internet. Requests for Comment can be found at www.rfc-editor.org/rfc.html. Some important RFCs are 2800, 1700, 1122, 1123, and 1812. Many other RFCs are important in various contexts.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

40

Chapter 1



The Internet and TCP/IP

Review Questions 1. Internetworking is defined as: A. the application of vendor-centric networking principles. B. the drive to simplify network communication. C. the method used by an organization to communicate with itself. D. the task of working with different, or heterogeneous, systems. 2. Which of the following items does TCP/IP use to allow a LAN to operate

with another LAN? A. A network interface card B. A router C. A repeater D. A protocol gateway 3. Which of the following statements describes the advantages TCP/IP

offers to corporate networks? A. TCP/IP encourages corporate networks to rely on single platforms. B. TCP/IP discourages corporations from relying on older mainframe

networks. C. TCP/IP requires corporations to rely on a single vendor. D. TCP/IP allows corporations to use legacy systems to communicate

with any other system on their internetwork. 4. What was the purpose of ARPANET? A. It was designed to allow government and researchers to interact

and to work from any location on the network. B. It was designed to decrease the number of connections among

hosts in a network. C. It was designed to concentrate network control within a central hub. D. It was designed to safely shut down a network in which many of

the hosts were incapacitated.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Review Questions

41

5. When did the NSFnet become known as the Internet? A. 1969 B. 1980 C. 1986 D. 1987 6. Which of the following protocols is often used with POP and IMAP

on a server? A. HTTP B. FTP C. SMTP D. SNMP 7. Which of the following statements accurately describes the relation-

ship of TCP/IP to IPX/SPX? A. TCP/IP and IPX/SPX are both networking protocols. B. TCP/IP and IPX/SPX are both vendor-neutral protocols. C. TCP/IP and IPX/SPX are both vendor-specific protocols. D. TCP/IP provides better performance than IPX/SPX. 8. The packet creation process begins with: A. Layer 2 (the Data-Link layer) of the OSI/RM. B. Layer 4 (the Transport layer) of the OSI/RM. C. Layer 1 (the Physical layer) of the OSI/RM. D. Layer 7 (the Application layer) of the OSI/RM.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

42

Chapter 1



The Internet and TCP/IP

9. Which of the following features accurately describes multiprotocol

networks? A. They decrease the time it takes to troubleshoot a network. B. They combine routable protocols only. C. They increase the time it takes to maintain a network. D. They combine nonroutable protocols only. 10. The Internet architecture divides protocols into: A. packets B. layers C. nodes D. Ethernet frames 11. Which of the following terms is used to classify a protocol being

seriously considered as an Internet Standard? A. Proposed B. Informational C. Draft D. Common 12. Which of the following Internet architecture layers is responsible for

addressing and routing packets on TCP/IP networks? A. The Internet layer B. The Application layer C. The Transport layer D. The Network Access layer

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Review Questions

43

13. Which of the following protocols is known as the troubleshooting

protocol of TCP/IP? A. File Transfer Protocol (FTP) B. Hypertext Transfer Protocol (HTTP) C. Address Resolution Protocol (ARP) D. Internet Control Message Protocol (ICMP) 14. Which of the following statements accurately describes the Point-to-

Point Protocol (PPP)? A. It supports only asynchronous links. B. It uses the Dynamic Host Configuration Protocol (DHCP) to

establish and test a connection during the logon process. C. It supports both asynchronous and synchronous links. D. It is designed to assign Internet addresses. 15. Requests for Comments (RFCs) are identified by: A. length B. number C. content D. author 16. In the Internet architecture model, the physical media exists at

which layer? A. Transport B. Network C. Internet D. Network Access

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

44

Chapter 1



The Internet and TCP/IP

17. Which group holds authority for the Internet? A. IAB B. IETF C. ISOC D. IRTF 18. Which group creates Internet standards? A. IAB B. ISOC C. IETF D. IRTF 19. Which RFC governs behavior of multicasting? A. 1112 B. 792 C. 1945 D. 1256 20. RFC 793 pertains to which OSI and Internet architecture layers? A. Network Access B. Transport C. Application D. Internet

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Answers to Review Questions

45

Answers to Review Questions 1. D. Internetworking deals with connecting different systems, or con-

necting networks that communicate using different protocols, often crossing vendor-centric and vendor-neutral principles, sometimes making the network more complex rather than simpler. 2. B. A router is used to connect LANs, while a network interface card

connects to a LAN, and a repeater extends a single LAN. A protocol gateway performs a specific function between networks, but does not connect the LANs at the network level like a router does. 3. D. TCP/IP allows multiprotocol networks to communicate, using an

open standard that is implemented by many vendors in order to communicate between single-vendor, proprietary systems. 4. A. ARPANET originally connected four universities in California,

Utah, and Connecticut, so that university and government researchers could work collaboratively from any of those locations. 5. D. In 1980 the ARPANET was decommissioned and turned over to

the National Science Foundation, and renamed NSFnet. The network expanded with regional hubs and 56Kbps connections, and became known as the Internet in 1987. 6. C. Simple Mail Transport Protocol (SMTP) is used to transfer e-mail

between servers, and is often run in conjunction with POP3 and IMAP, protocols for client e-mail access. 7. A. Both are networking protocols, but it is important to recognize

the errors in the other answers. IPX/SPX is vendor-specific and comes from Novell, while TCP/IP is vendor-neutral. Absolute statements about performance are never absolutely true, and case studies and research can be usually be found to support opposing sides, but IPX/ SPX typically outperforms TCP/IP. 8. D. Applications initiate packets, thus packet creation begins at Layer 7

of the OSI/RM.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

46

Chapter 1



The Internet and TCP/IP

9. C. Multiprotocol or heterogeneous networks have become common,

combining both routable and nonroutable protocols, increasing both troubleshooting and maintenance time for networks. 10. B. The Internet architecture defines four layers: Network Access,

Internet, Transport, and Application. 11. C. The Draft stage of RFCs immediately precedes the Standard stage.

However, if changes are made during consideration as a Draft RFC, the RFC must return to Proposal stage. 12. A. The Internet layer is responsible for addressing and routing packets.

This should not be confused with its peer in the OSI/RM, the Network layer, which is not analogous to the Internet architecture Network Access layer. 13. D. ICMP operates at the Internet layer of the Internet architecture

model, below the Transport layer, so that ICMP messages may pass information about errors in the Transport layer. 14. C. PPP supports synchronous and asynchronous links over modems

and other connection methods. 15. B. RFCs are sequentially numbered. 16. D. The Physical layer and Data-Link layer reside within the Network

Access layer of the Internet architecture model. 17. C. The Internet Society (ISOC) is a voluntary membership organiza-

tion whose objective is to promote global information exchange using Internet technology. 18. C. The Internet Engineering Task Force (IETF), creates standards,

known as Request for Comments (RFCs), which progress through Experimental, Proposed, Draft, and Standard stages. 19. A. IGMP, Internet Group Management Protocol is RFC 1112, STD 5. 20. B. RFC 793 governs the Transport Control Protocol, TCP, in the

Transport layer.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Chapter

2

The OSI Logical and Network Access Layers CIW EXAM OBJECTIVE AREAS COVERED IN THIS CHAPTER:  Identify and define Internet Protocol version 4 (IPv4) addressing concepts, including but not limited to: the concept of uniqueness, IP address classes, reserved addresses and networks, subnet address calculation, IEEE LAN standards, packet analysis, Address Resolution Protocol (ARP).  Define the functions and roles of the Bootstrap Protocol (BootP) and the Dynamic Host Configuration Protocol (DHCP) server and client.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

W

hether you are architecting a new network, connecting networks, or troubleshooting a network problem, it is vital that you understand what happens at the lowest layers of the network, the physical and logical link layers of the OSI reference model. Distances between hubs and switches are important to building a stable network that performs as specified. Troubleshooting a network problem, whether a performance problem or a loss of connectivity, often requires determining whether there is a problem with the physical medium or the physical-logical address resolution. The Network Access layer of the Internet architecture model is equivalent to the OSI reference model’s layers 1 and 2, Physical and Data-Link, respectively. Common LAN standards that exist at the Network Access layer include Ethernet. It is important to understand how an Ethernet network (typically 10BaseT or 10/100) running TCP/IP resolves Media Access Control (MAC) addresses to IP addresses. To explain this process, we will study the Address Resolution Protocol (ARP) in detail. This process happens at the Network layer of the OSI, which is equivalent to the Internet layer of the Internet Architecture model. Although ARP can be discussed in the context of network protocols of the Internet layer because of the information that it passes to those protocols, it is important to recognize that ARP works at the Network Access layer, allowing TCP/IP to function on an Ethernet network. The chapter will begin with a brief discussion of Institute of Electrical and Electronics Engineers (IEEE) LAN standards. Then you will study Ethernet headers, including the header fields and addressing scheme. Finally, you will learn about ARP and how it relates to Ethernet, and how Reverse Address Resolution Protocol (RARP) functions. Internet Protocol addressing, uniqueness, and reserved addresses will also be explained, providing important information for planning IP address allocation. BootP and DHCP are services for providing dynamic allocation of IP addresses, but must themselves be allocated IP addresses to dole out. They will be covered in detail for managing IP address allocation.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Determining Ethernet Addresses

49

Ethernet

The Institute of Electrical and Electronics Engineers, Inc., or IEEE, establishes standards on several electrical and information technologies. The IEEE 802 series of standards specifies various local area network (LAN) and metropolitan area network (MAN) technologies. For example, IEEE 802.3 is a MAC standard that is used with IEEE 802.2 Logical Link Control (LLC) to describe a specification that is based on and is very close to the original Ethernet standard. The IEEE 802.2/802.3 standard is defined in RFC 1042. Ethernet, a predecessor to the IEEE 802.2/802.3, was developed by DEC, Intel, and Xerox (DIX) in 1973 as a broadcast system for communication between systems. The first version, referred to as experimental Ethernet, operated at 3Mbps and used eight-bit addresses. This version was later upgraded to Ethernet version 1 and then to Ethernet version 2. The current version was developed in 1982, transmits at 10Mbps, and uses 48-bit, often represented as 12 hexadecimal digits, for its MAC addresses. Ethernet is defined in RFC 894.

The CIW Internetworking certification focuses on Ethernet, because it is the most widely used and one of the most successful LAN technologies.

To transmit data on an Ethernet or IEEE 802 series network, a station must make sure no other transmission is already in progress. If no other station is transmitting, the sender can begin immediately. Collisions occur when two or more stations sense the channel is idle and begin to transmit simultaneously. In the event of a collision, all transmission ceases while the colliding stations are notified. The colliding stations then wait a random amount of time before transmitting. This access method is called Carrier Sense Multiple Access with Collision Detection (CSMA/CD).

Determining Ethernet Addresses

T

his section discusses how to locate Ethernet address information on Linux, Windows NT/2000/XP, and Windows 95/98/Me. You will learn the commands used to gather the information as well as the results of obtaining

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

50

Chapter 2



The OSI Logical and Network Access Layers

your node’s hardware address. A node is a network connection capable of transmitting and receiving network information, typically a network interface card (NIC) or a network interface on a router. Note that a server or workstation may have more than one network interface, and a router will usually have multiple interfaces. The hardware address is a 48-bit value encoded on the network card by the manufacturer. The hardware or physical address is usually expressed in hexadecimal, as a 12-character, colon-delimited value such as 00:10:4B:9C:27:13. Hexadecimal-to-decimal conversions and decimal-to-hexadecimal conversions are covered in detail in Chapter 10. A brief review should suffice at this point in the book. Hexadecimal is a base-16 counting system, where each digit carries a value between zero and 15, for a total of 16 digits. The familiar decimal system is base-10, and the binary system is base-2. It is important to know these fundamentals, as equivalent amounts of information are often expressed in other formats. Each digit in hexadecimal is represented by either a number or a letter: 0 through 9 followed by A through F. The hexadecimal values of 0 through 9 are the decimal values 0 through 9, respectively, and the hexadecimal values of A through F are the decimal values 10 through 15, respectively. Hence the hexadecimal number 54CE can be converted to the decimal numbers 5, 4, 12, and 14 for each place—but remember that each place carries a base-16 value, so the 12 value from the C, in the second place from the right, is 12 ×16, not the familiar 12 × 10 or “twelve tens” from the base-10 decimal system. Any two-digit hexadecimal can be represented by four binary bits; therefore, 48 bits binary are equivalent to 12 digits hexadecimal. So 54CE in hexadecimal has a value of 21710. For more details on the arithmetic, look at Chapter 10. The first six hexadecimal digits (the first three bytes) of a hardware address are always the same for a single hardware manufacturer, such as 3com. The hardware address on the network card does not change over time or even if the NIC is moved, because it is coded onto a chip on the NIC at the factory, by the manufacturer. The method for determining MAC address varies by operating system.

Linux There are many instances when you will need to determine the hardware address of a system or NIC. If you are troubleshooting a DHCP-assigned IP address, you will need to know a system’s hardware address (also called the

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Determining Ethernet Addresses

51

MAC address) in order to identify the DHCP request and reply. How do you determine a system’s MAC address? In Linux, you can determine the Ethernet address of your system by using the ifconfig (interface configuration) command. For most configurations in Linux, you must be logged on as root for the Ethernet address to be displayed. The following is an example of using the ifconfig command. At the Linux shell prompt (#), enter: # ifconfig Results similar to the following will appear, depending on your NIC and network configuration: eth0 Link encap:Ethernet HWaddr 00:A0:24:55:29:E8 inet addr:10.1.3.1 Bcast:10.1.3.255 mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:17 errors:0 dropped:0 overruns:0 frame:0 TX packets:95 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:9 Base address:0x300 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:22 errors:0 dropped:0 overruns:0 frame:0 TX packets:22 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 As you can see, the Ethernet address is 00.A0.24.55.29.E8.

If the information is not displayed as above, try issuing ifconfig -a in order to display all interface information. Also, note that the loopback address does not have a hardware address, as it is a logical address and not a physical one. If your system has multiple interfaces, you will see: eth0, eth1, eth2 . . . etc.

Windows 2000 Whether you are troubleshooting a server or a client, there are many scenarios when you will need to use a hardware address to resolve a problem or to answer a question. You can use the ipconfig (IP configuration) command to determine your network card’s Ethernet address in Windows 2000,

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

52

Chapter 2



The OSI Logical and Network Access Layers

as well as in Windows NT and Windows XP. Execute the ipconfig command with the /all option. At the command prompt, enter: ipconfig /all Results similar to the following will appear in Windows 2000, depending on your NIC and network configuration: Windows 2000 IP Configuration: Host Name Primary DNS Suffix Node Type IP Routing Enabled WINS Proxy Enabled

sybex Hybrid No No

Ethernet adapter Local Area Connection: Connection-specific DNS Suffix Description 3COM EtherLink XL 10/100 PCI Physical Address 00-00-1C-3A-62-BD DHCP Enabled No IP Address 192.168.3.13 Subnet Mask 255.255.255.0 Default Gateway 192.168.3.1 DNS Servers The Ethernet address appears as 00-00-1C-3A-62-BD.

As a future internetworking professional, you may encounter client workstations running one of these versions of Windows: Windows 95/98/Me. You can use the winipcfg (Windows IP configuration) command to determine your network card’s Ethernet address in Windows 95/98/Me. Select the Start button and choose Run. The run command line will appear. Enter Winipcfg.

It is important to see the difference between ipconfig and ifconfig, for Windows 2000/NT/XP and Linux or Unix, respectively, as well as remembering ipconfig’s cousin winipcfg for Windows 95/98/Me. Try these configurations on your own system and see for yourself.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Ethernet Headers

53

Ethernet Headers

The Ethernet header encapsulates data before sending it across the physical network wire. Recall from our earlier discussion of packet creation in the OSI reference model that each layer adds header information to the packet as it is created, and removes it as the packet is received. The Ethernet header is the last header to be added, and it uses a hardware address to locate the destination node. A set of rules called Address Resolution Protocol, or ARP, discovers the hardware address of the destination computer, used in the destination field of the Ethernet header. We’ll discuss ARP after examining the Ethernet header fields. Figure 2.1 describes the Ethernet header, followed by an explanation of each field. When the Ethernet header encapsulates a data packet, the resulting packet is called an Ethernet frame. FIGURE 2.1

Ethernet header and data Destination Hardware Address

Source Hardware Address

Type

Data

CRC

Ethernet Header Fields Following is a description of Ethernet header fields. Destination hardware address (six bytes) The target’s hardware address. Remember that six bytes is 48 bits, the length of a NIC card’s hardware or MAC address. Source hardware address (six bytes) The sender’s hardware address. Type (two bytes) Identifies the data type, in hexadecimal format, following the Ethernet header. For example: IP packet

0800

ARP request/reply

0806

RARP request/reply

8035

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

54

Chapter 2



The OSI Logical and Network Access Layers

Data (46 to 1500 bytes) The data itself, which will vary depending on the type, such as an IP packet. The minimum data size is 46 bytes. Padding bytes are included to ensure the minimum size is always reached. Cyclic redundancy check, or CRC (four bytes) A checksum that checks for errors in the Ethernet frame.

Protocol Analyzers Protocol analyzers allow network administrators to analyze data sent across a network. The data is “captured” by the protocol analyzer as it is transmitted across the network. Once captured, it can be closely studied. For instance, the Ethernet header, which indicates the hardware addresses of both the source and the destination nodes, can be viewed. In the following exercises, you will install a protocol analyzer and analyze Ethernet headers. EXERCISE 2.1

Installing a protocol analyzer on Linux In this exercise, you will install a protocol analyzer called Ethereal, a network analyzer, on Linux. Installation procedures will vary depending on the version. These instructions were written for ethereal-0.8.9-4.

1. Locate the ethereal-0.8.9-4.i386.rpm installation file. Obtain it from the CD or download the RPM from either http://www.ethereal .com or http://ss1.ciwcertified.com/internetworking.

2. To install the RPM, enter the following command: Host# rpm –i ethereal-0.8.9-4.i386.rpm

Exercise 2.2 and Exercise 2.4 require two computers on an Ethernet network in order to capture and view Ethernet packets. Exercises 2.2 and 2.4 will refer to System A and System B. Throughout the rest of this book, System A will refer to a system running Linux and System B will refer to a system running Windows 2000. These could be connected with an Ethernet hub or with a crossover cable. If you have only one system, you may do all of the steps except for capturing packets. While it is possible to perform nearly all of the exercises in the book using a single system that dual-boots either Linux or Windows 2000, it is recommended that a networking professional have one of each system for these exercises.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Ethernet Headers

55

EXERCISE 2.2

Capturing and viewing Ethernet headers using Ethereal on Linux In this exercise, you will use the Ethereal Network Analyzer on Linux to capture network packets and analyze the Ethernet headers.

1. On System A, start the X Window System, if the graphical display is not already enabled, by entering: Host# startx

2. To start Ethereal, open a terminal and enter: Host# ethereal –n

3. Ethereal will open. The –n option will display only IP addresses in your results, because you have not configured DNS.

4. To generate packets, open a new terminal and enter: Host # ping [System B's IP address]

5. Capture network packets by selecting the Capture menu and choosing Start. The Preferences window will appear. Select OK, which causes Ethereal to capture all packets on the network by default.

6. The Capture/Playback window will appear. It displays the number of packets captured as well as a general breakdown by protocol.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

56

Chapter 2



The OSI Logical and Network Access Layers

EXERCISE 2.2 (continued)

7. To view the packets you captured, click the Stop button in the Capture/ Playback window. Your screen may resemble the example below.

8. When you have captured packets, open the terminal window by issuing the ping command and select Ctrl+C to stop the ping process. Close the terminal.

9. Save the Ethereal file as Ethernet-linux in your root folder. 10. Select the File menu and choose Close.

Ethereal Network Analyzer captures all packets on the network from all nodes. To view only the packets sent between System A and System B, you must create and apply a filter.

Steps 1 through 4 below are useful only if your systems are on a network with other computers generating network traffic. If your two systems are the only computers on the network, you do not need to perform these steps.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Ethernet Headers

57

EXERCISE 2.3

Creating a Capture Filter in Ethereal 1. To create a filter before capturing packets, select the Capture menu and choose Start. The Preferences window will appear.

2. Select the Filter button. In the Filter Name field, enter Linux Capture. In the Filter String field, enter the following: [System B's IP address] and [System A’s IP address]

3. Select the New button. Your new capture’s filter name will appear in the window, as shown in the example below.

4. Select Save and OK twice to begin the capture. 5. The Capture/Playback window will appear. Ping System A from System B. After several replies, view the packets you captured by clicking the Stop button. Only the packets between System A and System B will be captured on the network.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

58

Chapter 2



The OSI Logical and Network Access Layers

EXERCISE 2.3 (continued)

6. To analyze an Ethernet header, select the first ICMP Echo packet, which is an Echo request. Next, scroll to the top of the middle window. You will find the Ethernet II header. The Ethernet II header provides the services required by the OSI/RM Data-Link layer. In an Ethernet network, the destination and source hardware address, as well as the data type, are found in the Ethernet header, as shown below.

7. To locate the destination hardware information, expand the Ethernet header by clicking the + sign next to Ethernet II in the middle pane. It will change to a – sign and display the data. Note the Ethernet header information for source and destination hardware addresses, and note the protocol type.

8. Notice which computer is the destination computer and which computer is the source.

9. Select the first ICMP Echo reply packet (usually the second ICMP packet) from your capture. Note the Ethernet header information for source and destination hardware addresses, and note the protocol type.

10. Note again which computer is the destination computer and which computer is the source.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Internet Addressing

59

Note that every packet has an Ethernet header. It is required on an Ethernet network because the Ethernet 48-bit address (not the 32-bit IP address) is used to locate the actual destination at the Network Access layer. Later in the chapter, you will see how ARP resolves IP addresses to Ethernet addresses.

Introduction to Internet Addressing

You have already seen Internet Protocol addresses in use, in the previous exercises. It is important to recognize the rules and limitations of IP addressing in order to architect a network or to merge existing networks. For a host to communicate with a remote host over the Internet, it must know the remote host’s Internet address. Each host, or node, has its own 32-bit Internet address, or IP address, that identifies it as distinct from any other host on the Internet. This section discusses the current version of Internet Protocol (IP) addressing used on the Internet and most TCP/IP networks today, IPv4, and the fundamental concepts that make up IPv4: Internet address structure, binary versus decimal format, address classes, addressing rules, reserved addresses, and address ranges.

Internet Addressing

T

o ensure that each user on the Internet has a unique IP address, a central authority called the International Corporation of Assigned Names and Numbers (ICANN) issues all Internet addresses. The organization that previously handled this responsibility, the Internet Assigned Numbers Authority (IANA), was funded and overseen by the United States government. The ICANN is a private, nongovernment organization that performs the same tasks: Internet address space allocation, protocol parameter assignments, DNS management, and root server management. To learn more about the ICANN, visit www.icann.org.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

60

Chapter 2



The OSI Logical and Network Access Layers

Most Internet addresses contain the network portion and the host portion. The network portion precedes the host portion: network portion. host portion Internet addresses are specified by four fields, also called octets, separated by periods: field1.field2.field3.field4 They are typically written in dotted decimal notation. Each field has a value ranging from 0 to 255, as demonstrated by the following Internet address: 208.157.24.111 In this example, the network portion is 208.157.24, and the host portion is 111. To help distinguish the network portion from the host portion, Internet addresses are divided into classes, which are described later in this chapter.

Decimal vs. Binary Format IP addresses are called “32-bit addresses” because each field is actually a byte, and a byte equals eight bits. An IP address has four bytes; hence the total is 32 bits. 8 + 8 + 8 + 8 = 32

The term “octet” is often used to identify IP address fields. It originated during early TCP/IP experimentation on computers that did not use eight-bit bytes, such as DEC-10 systems. Because most systems now use bytes, this book will refer to the IP address fields as bytes.

To determine the bit value of an Internet address, the address must be converted from decimal to binary format. Binary format is a combination of zeros and ones that computers use to process information. The binary equivalent is determined by calculating the value of each bit within each byte, from left to right, as shown in Figure 2.2. Spend a few minutes memorizing these bit values, as they will be used throughout this chapter.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Internet Address Classes

FIGURE 2.2

61

Decimal value of each bit Bit Value

128

64

32

16

8

4

2

1

If an IP address’s binary value is 01111001, you can determine the decimal value by adding the corresponding bit values that equal 1 (using Figure 2.2). For example: 01111001 = 0 + 64 + 32 + 16 + 8 + 0 + 0 + 1 = 121 The arithmetic shown above can be understood in more detail as each binary digit’s value is calculated, as shown below, and the results added. (0x128) + (1x64) + (1x32) + (1x16) + (1x8) + (0x4) + (0x2) + (1x1) = 121 Table 2.1 illustrates this process more graphically. TABLE 2.1

Converting binary 01111001 to decimal 128

64

32

16

8

4

2

1

Binary bits

0

1

1

1

1

0

0

1

Bit value

0

64

32

16

8

0

0

1

You can do this for each byte in the 32-bit Internet address. For example: 10000011 11100010 00001000 11001000 = 131.226.8.200

Internet Address Classes

W

ithout a classification system, the 3,720,314,628 possible Internet addresses would have no structure. To provide structure, IP addresses are categorized into classes. Classes can be determined by looking at the first byte of an Internet address.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

62

Chapter 2



The OSI Logical and Network Access Layers

Internet addresses are divided into five classes: A, B, C, D, and E. The characteristics of each class are detailed in Figure 2.3, followed by an explanation of each. FIGURE 2.3

Address classes Class A: Range 0.0.0.0 to 127.255.255.255 Starting Binary Value

0

Network (1 byte)

Host (3 bytes)

126 Networks

16,777,214 Hosts

Class B: Range 128.0.0.0 to 191.255.255.255 Starting Binary Value

1

0

Network (2 bytes)

Host (2 bytes)

16,384 Networks

65,534 Hosts

Class C: Range 192.0.0.0 to 223.255.255.255 Starting Binary Value

1

1

0

Network (3 bytes)

Host (1 byte)

2,097,152 Networks

254 Hosts

Class D: Range 224.0.0.0 to 239.255.255.255 Starting Binary Value

1

1

1

0

Multicasting—network (4 bytes)

Class E: Range 240.0.0.0 to 247.255.255.255 Starting Binary Value

1

1

1

1

0

Experimental/reserved for future use

Before learning about address classes, note that neither the entire network nor the entire host portion of an IP address can contain all binary zeros or ones. In decimal values, 255 usually means “broadcast” and a 0 value means “this network.” You will learn more about IP addressing rules later in this chapter.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Internet Address Classes

63

Class A Addresses Class A addresses use the first eight bits for the network portion and the remaining 24 bits for the host portion. They provide the potential for 126 networks with 16,777,214 hosts each. The first byte specifies the network number and class; it can range from 1 to 126 (127 is a reserved loopback address). The first bit of a Class A network address is always a 0 bit. The following is an example of a Class A address (the first byte is the network address): 121.1.1.32 The bit equivalent is: 01111001 00000001 00000001 00100000

Class B Addresses Class B addresses use 16 bits each for the network and host portions. They provide the potential for 16,384 networks with up to 65,534 hosts each. The first two bytes specify the network number and class; the first byte can range from 128 to 191. The first two bits of a Class B network address are always 10. The following is an example of a Class B address (the first two bytes are the network address): 168.100.1.32 The bit equivalent is: 10101000 01100100 00000001 00100000

Class C Addresses Class C addresses use 24 bits for the network portion and eight bits for the host portion. They provide the potential for 2,097,152 networks with up to 254 hosts each. The first three bytes specify the network number and class; the first byte can range from 192 to 223. The first three bits of a Class C network address are always 110. The following is an example of a Class C address (the first three bytes are the network address): 205.96.224.32 The bit equivalent is: 11001101 01100000 11100000 00100000

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

64

Chapter 2



The OSI Logical and Network Access Layers

Class D Addresses Class D addresses support multicasting. With multicasting, a datagram is targeted to a group that is identified by a network address only (no host portion exists). The first byte can range from 224 to 239. The first four bits of a Class D network address are always 1110. The following is an example of a Class D address (all four bytes are the network address): 230.5.124.62 The bit equivalent is: 11100110 00000101 01111100 00111110

Class E Addresses Class E addresses are reserved for future use. The first byte can range from 240 to 247. The first five bits of a Class E network address are always 11110. While it might seem logical to allow the Class E reserved addresses to range from 240 to 254, this address range remains reserved, and different RFCs have been proposed regarding how to finish allocating these addresses, which is fundamentally done bit by bit. You will see the importance of the host portion and network portion again in the next chapter, as it applies to routing. The 32-bit Internet address must be unique. It is typically written in dotted decimal notation. The following is an example of the address notation. Dotted decimal:

131.226.8.200

32-bit address:

10000011 11100010 00001000 11001000

Notice that this is a Class B address because the first byte is between 128 and 191. Also, the address contains four bytes: The first and second bytes (131.226) refer to the network portion of the address, and the third and fourth bytes (.8.200) refer to the host portion.

IP Addressing Rules

I

nternet addresses must follow several guidelines to function properly. Although you have learned about the ranges of Class A, B, and C addresses, not all addresses within these ranges can be used as network node addresses. This section describes the exceptions.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

IP Addressing Rules

65

All IP addressing rules are based on the fundamental rule that the network and host portions cannot be all binary ones or zeros.

Broadcast Addresses Broadcast addresses are used to send messages to all network nodes. The network and/or host IP address portions are all binary ones, which usually coincide with the decimal 255 value. Broadcast addresses are used only for destination addresses, and cannot be used for source addresses. The following four types exist: Limited broadcast Both the network and the host portions consist of binary ones. This type is used for configuring hosts when they boot up, broadcasting to all hosts on the segment, with 255.255.255.255. For example, a computer without an IP address can broadcast this address to obtain an IP address (e.g., from a DHCP or BootP server, described later). Net-directed broadcast This address is used to broadcast to all hosts in a network. For example, if the network portion of your IP address is 192.34.200 and the host portion is 12, your computer can broadcast messages to all network hosts by using the destination address 192.34.200.255. Subnet-directed broadcast If a network is divided into several subnets, a broadcast can be limited to the hosts within a subnet. You will learn about subnets in the next chapter. All-subnets-directed broadcast If a network is divided into several subnets, a broadcast can be sent to all hosts within all network subnets. This type of broadcast has become obsolete; multicasting (see Class D addresses) is preferred.

Network Addresses Network addresses are used by routers to identify a network. The network portion consists of the network address, but the host portion consists of binary zeros (netid.0.0.0). For instance, the network address 192.168.3.0 could not be used as a host address.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

66

Chapter 2



The OSI Logical and Network Access Layers

Special-Case Source Addresses The special-case source address is used when a computer does not have an IP address. It is used only during the initialization process. In one type of specialcase source address, the network and host IP address portions are all binary zeros (0.0.0.0). This address is used when a computer initializes and requests an IP address (e.g., from a DHCP or BootP server) for itself. Although the computer broadcasts a request for an IP address, its source address is initially 0.0.0.0, until it is assigned a network IP address.

Loopback Address The loopback address, 127, cannot be used as a network address. This address allows a client and server on the same host to communicate with each other. The loopback address is ideal for testing and troubleshooting. For example, if your computer hosts a web server and you enter http:// 127.0.0.1 in your web browser’s address field (as a client), you will access the website even though the server is on the same system. The loopback address can also be used to test local TCP/IP functionality with the ping utility. For Unix and Windows NT/2000 systems, the loopback address is listed in the /etc/hosts file and is typically 127.0.0.1 with the assigned name localhost. The loopback range actually spans 127.0.0.1 through 127.255.255.254, with 127.0.0.0 and 127.255.255.255 being broadcast addresses.

Reserved IP Addressing

T

he ICANN has reserved three blocks of the IP address space for private networks (as defined in RFC 1918): 

10.0.0.0 through 10.255.255.255



172.16.0.0 through 172.31.255.255



192.168.0.0 through 192.168.255.255

Reserved or private IP addresses are often used for company networks for a number of reasons. Public IP addresses are limited in number, and have a cost. The majority of computers used in business networks do not require a uniquely addressable IP, and security and management of services provided to the company’s internal network can be easily managed with appropriate

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Address Resolution Protocol

67

gateways. The ICANN suggests that companies use these network IDs if the company fits into one of the following categories: 1. Its hosts do not require access to other enterprise or Internet hosts. 2. Its hosts’ Internet needs can be handled by mediating gateways (e.g.,

Application-layer gateways). For example, its hosts might require only limited Internet services, such as e-mail, FTP, newsgroups, and web browsing. These private network addresses have no global meaning. Therefore, Internet routers are expected to reject (filter) routing information about them (the rejection will not be treated as a routing protocol error). The benefits of using private network addresses include: 





Conservation of globally unique IP addresses when global uniqueness is not required. More flexibility in enterprise design because of availability of large address space—a company may purchase only a Class C range, a small number of IP addresses, but may choose to use a Class B or Class A private range for their internal network, for flexibility and growth Prevention of IP address clashes when an enterprise gains Internet connectivity without receiving addresses from the ICANN.

The drawbacks of using private network addresses include: 



Possible reduction of an enterprise’s flexibility to access the Internet. If your company eventually decides to provide Internet connectivity to some or all of your hosts, you will need to renumber part or all of your company. If your company merges with another company and all hosts use private network addresses, you will probably need to combine several private networks into one. Addresses within the combined private network may not be unique, and you will need to renumber hosts to accommodate identical IP addresses.

Address Resolution Protocol

The Address Resolution Protocol (ARP) is used to resolve hardware addresses (MAC) from software addresses (IP). Within the OSI reference model, ARP allows a Layer 2 address to be resolved, or matched to a given

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

68

Chapter 2



The OSI Logical and Network Access Layers

Layer 3 address, an IP address. This process is dynamic: A node (a computer, whether client or server) can replace its NIC (which will give the node a new hardware address) and ARP will still resolve the same IP address to the new hardware address, assuming the same IP address is used with the new NIC. Assume there are two hosts, node1 and node2, on a TCP/IP Ethernet network. Node1 knows the IP address of node2. However, node1 cannot send data to node2 because TCP/IP and Ethernet use different address schemes. For node1 and node2 to communicate, a protocol is needed to resolve IP addresses to Ethernet addresses. ARP is this protocol. As shown in Figure 2.4, ARP resolves OSI/RM Layer 3 (Network) addresses to OSI/RM Layer 2 (Data-Link) addresses—for example, a 32-bit IP address to an Ethernet 48-bit physical address. ARP is defined in RFC 826. FIGURE 2.4

Resolving IP addresses to Ethernet addresses IP address (32-bit)

Ethernet address (48-bit)

When a user executes a TCP/IP command, such as Telnet or FTP, the system usually generates ARP messages. Only after the local system knows the destination system’s physical address will Telnet or FTP connections be established.

ARP Description Dynamic binding or resolution is used with ARP to solve the mapping problem. The following is an example of how resolution with ARP works. 



When host node1 needs to resolve the Internet address for host node2 to a MAC address, it broadcasts a special packet that asks node2 to respond with its physical address. This message is known as the ARP request packet. Although all hosts on the network receive the request, only the node that recognizes its Internet address responds with its physical address. This message is referred to as an ARP reply.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Address Resolution Protocol

69

Hosts that use ARP maintain a cache of recently acquired Internet-tophysical-address bindings so they do not have to use ARP repeatedly. The average time an ARP entry remains in a Unix ARP cache is 20 minutes. On Windows NT/2000, the average time is two minutes. However, if an ARP entry in an NT/2000 machine’s ARP cache is queried within the two-minute period, it will stay in the cache for 10 minutes. The command for viewing the ARP cache on Windows is: arp –a This command generates the following result: Interface: 192.168.3.13 Internet Address 192.168.3.11 192.168.3.15 192.168.3.1

on Interface 0x1000003 Physical Address 00-60-83-7c-24-a2 00-60-97-24-db-df 00-aa-00-38-e7-c3

Type dynamic dynamic dynamic

The command for viewing the ARP cache on Linux is: arp This command generates the following result: Address 192.168.3.11 192.168.3.15 192.168.3.1

HWtype ether ether ether

HWaddress Flags Mask 00-60-83-7c-24-a2 C 00-60-97-24-db-df C 00-aa-00-38-e7-c3 C

Iface eth0 eth0 eth0

The sender’s Internet-to-physical-address binding is included in every ARP broadcast. Thus, receivers update the Internet-to-physical-address binding information in their caches before processing an ARP packet.

ARP Header The ARP header is 28 bytes long. Figure 2.5 displays the ARP header, followed by a description of each field. Note that the header format consists of 32-bit “words.” This format is used for illustrative purposes, so the header can be understood and explained. The ARP header consists of seven 32-bit words, which equals 28 bytes.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

70

Chapter 2



The OSI Logical and Network Access Layers

FIGURE 2.5

ARP header 0

31 Hardware Type Hardware Length

Protocol Type

Protocol Length

Operation

Source Hardware Address Source Hardware Address

Source IP Address

Source IP Address

Destination Hardware Address

Destination Hardware Address Destination IP Address

ARP Header Fields An ARP message is encapsulated in an Ethernet frame. The Ethernet header frame type field for ARP packets is set to hexadecimal 0806. Destination Hardware Address (16 bits) Target’s hardware address (six bytes for Ethernet). Source Hardware Address (16 bits) Sender’s hardware address (continued). Hardware Type (16 bits) Defines the hardware address type (one for Ethernet). Protocol Type (16 bits) Defines the protocol address type (0x0800 for IP addresses). It is the same value as the Ethernet frame’s Type field. Hardware Length (eight bits) Size, in bytes, of the hardware address (the value is six bytes [48 bits] for Ethernet). Protocol Length (eight bits) Size, in bytes, of the protocol address (the value is four bytes [32 bits] for IP). Operation (16 bits) Defines the ARP type: 1=ARP request 2=ARP reply

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Address Resolution Protocol

71

Source Hardware Address (32 bits) Sender’s hardware address (six bytes for Ethernet). Source IP Address (16 bits) Sender’s protocol address (four bytes for IP). Source IP Address (16 bits) Sender’s protocol address (continued). Destination Hardware Address (32 bits) Target’s hardware address (continued). Destination IP Address (32 bits) Target’s protocol address (four bytes for IP). EXERCISE 2.4

Viewing the ARP cache in Linux In this exercise, you will view the ARP cache, then add and delete ARP entries.

1. At the Linux bash (#) prompt, enter: arp

2. View the ARP entries in your ARP cache. If an entry does not exist for System B’s computer, create one by entering the following command at the bash prompt: ping [System B’s IP address]

3. Press Ctrl+C to stop the ping process. View the ARP cache again by entering: arp An ARP entry should exist for System B in the ARP cache.

4. Note System B’s ARP entry, the IP and hardware addresses. Note: If you have additional entries in your ARP cache, try to determine what nodes may be represented. For example, are there other computers on your network? If so, create additional entries, use the ping command to reach other systems on the network besides System B.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

72

Chapter 2



The OSI Logical and Network Access Layers

EXERCISE 2.4 (continued)

5. To delete an ARP entry, use the -d option. At the bash prompt, enter: arp –d [System B's IP address]

6. View the ARP cache by entering: arp System B’s ARP entry will no longer display the hardware address. It should state Hwaddress (incomplete).

EXERCISE 2.5

Viewing the ARP cache in Windows 2000 In this exercise, you will view the ARP cache, then add and delete ARP entries.

1. Open the Command Prompt window and enter: arp –a

2. View the ARP entries in your ARP cache. If an entry does not exist for System A’s computer, create one by entering the following command at the command prompt: ping [System A's IP address]

3. View the ARP cache again by entering: arp -a An ARP entry should exist for your System A in the ARP cache.

4. Note your System A’s ARP entry, the IP and hardware addresses. Note: If you have additional entries in your ARP cache, try to determine what nodes may be represented. Do you have other computers on your network? To create additional entries, use the ping command to reach other systems on the network besides System A.

5. To delete an ARP entry, use the -d option. At the command prompt, enter: arp –d [System A's IP address]

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Reverse Address Resolution Protocol (RARP)

73

EXERCISE 2.5 (continued)

6. View the ARP cache by entering: arp –a Your System A’s ARP entry should no longer exist.

Reverse Address Resolution Protocol (RARP)

R

everse Address Resolution Protocol (RARP) is used to resolve MAC addresses to IP addresses, the reverse of ARP. The most common use of this is by diskless systems to find their Internet addresses on the network. The diskless system broadcasts a RARP request, which provides its physical hardware address on the network. A RARP server then sends a RARP reply, usually unicast, which specifies the diskless station’s IP address, as shown in Figure 2.6. FIGURE 2.6

Specifying a diskless station’s IP address Ethernet address (48-bit)

IP address (32-bit)

Typically, diskless systems rely on RARP during initialization. Support for RARP can be provided in ROM because it is small and simple. At least one RARP server must be on the network for RARP to work.

RARP Description The RARP header has the same length as the ARP header (28 bytes) and is also encapsulated in the data field portion of the Ethernet frame. It allows a machine to determine not only its own Internet address, but also those of other systems. All machines receive the request, but only the RARP server processes the request and sends a reply. The RARP header is similar to the ARP header. The differences are as follows: 

The Ethernet header frame type field for RARP request and replay packets is set to hexadecimal 8035.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

74

Chapter 2



The OSI Logical and Network Access Layers



The operation field defines RARP message types: 3=RARP request 4=RARP reply

Address and Parameter Allocation Overview

F

or a TCP/IP network administrator, two critical tasks are assigning and managing IP addresses and parameters. Central management of TCP/IP network configurations for hosts—such as IP addresses, subnet masks, and default gateways—can drastically reduce the amount of time and effort spent on network management. With centralized address and parameter allocation, client systems do not require manual TCP/IP configuration. Instead, they get their TCP/IP configuration parameters during initialization, or when they release and renew their TCP/IP network configurations. In this chapter, you will learn about two popular address and parameter allocation protocols: Bootstrap Protocol (BootP) and Dynamic Host Configuration Protocol (DHCP). Both DHCP and BootP allow you to manage IP addresses from a central location. DHCP is an extension of BootP that supports several mechanisms to allocate addresses.

Bootstrap Protocol (BootP)

B

ootP provides a means for diskless workstations to determine IP addresses and parameters. It is defined in RFC 951. BootP requests and replies are encapsulated in UDP headers that are, in turn, encapsulated in IP headers for delivery. Replies have the same format as requests. BootP is usually used with Trivial File Transfer Protocol (TFTP). BootP was created as an alternative to RARP. It is often used instead of RARP because RARP has two fundamental problems: 



Only IP addresses are assigned using RARP. Routers do not forward RARP requests. RARP servers must reside on all physical network segments where their functionality is needed.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Dynamic Host Configuration Protocol (DHCP)

75

BootP can return information such as IP addresses, subnet masks, default gateway addresses, and name server addresses. It can also traverse routers, provided the router is BootP-enabled (most routers support BootP). The BootP header is illustrated in Appendix E. Like other TCP/IP applications, BootP is a client/server program. The server application runs on the designated BootP server system, and the client is typically in ROM on diskless systems. Most client systems use BootP to discover their IP addresses, then use TFTP to obtain the operating system or X server software.

Dynamic Host Configuration Protocol (DHCP)

D

HCP is the most popular protocol designed to assign Internet configuration information dynamically on TCP/IP networks. It is defined in RFC 2131. DHCP is an extension of BootP. DHCP users can interoperate with BootP systems; this interoperability is described in RFCs 1534 and 2132. The differences between DHCP and BootP are as follows: 





DHCP offers finite address leases, allowing network addresses to be reused. DHCP offers additional configuration options. DHCP has a variable vendor-specific data field, called the Options field, which must be 312 bytes or larger. BootP allows only 64 bytes for vendor-specific data. Many applications require a larger area, so DHCP is often the best choice.

Like BootP, DHCP can also traverse routers, providing the router is DHCP enabled (routers support DHCP using a DHCP relay agent).

DHCP Relay Agents In order for a router to forward DHCP and/or BootP packets, the router must be RFC 1542–compliant. RFC 1542 specifies the clarifications and extensions of BootP, which also apply to DHCP. If a router complies with RFC 1542, the router will forward DHCP and BootP packets. If a router is not RFC 1542–compliant, DHCP and BootP packets will not travel beyond the local network. Therefore, clients that do not reside on the

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

76

Chapter 2



The OSI Logical and Network Access Layers

same network as the DHCP server will be unable to receive IP configurations via DHCP or BootP. A DHCP relay agent can solve this problem. One DHCP relay agent can be placed on each network that is behind a router that is not RFC 1542–compliant. When a DHCP client on the network requests an IP address, the request is forwarded to the DHCP relay agent on that network. The DHCP relay agent is configured to forward the request directly to the DHCP server that resides on another network.

How DHCP Works At boot time, the client system sends a DHCP message, called a discover message. This broadcast message is processed by all nodes on the local segment. It may be forwarded to all DHCP server systems if the routers are BootP enabled, or if a DHCP relay agent exists on the network. This action is known as the initializing state. Each DHCP server that receives this message responds with an offer message. The offer message contains only an IP address. Each DHCP server reserves the address it offers so that another client cannot be given the same address (however, DHCP servers may have several outstanding offers at any given time). The client system collects all configuration offerings from DHCP servers and enters a selecting state. The client chooses a configuration on a first-come, first-served basis and sends a request message that identifies the DHCP server for the selected offer. This action is known as the requesting state. Each DHCP server that received the original discover message receives the request message. However, only the selected DHCP server sends a DHCP acknowledgment message. This message contains the address sent earlier to the client, along with additional TCP/IP configuration parameters and a valid lease for the address. The lease also includes the expiration date and time of the DHCP lease. Other DHCP servers return the offered addresses to their free address pools. The DHCP client receives the acknowledgment and enters a bound state. The client can now complete its startup process and communicate with other nodes on the TCP/IP network. Figure 2.7 illustrates the DHCP process during DHCP client initialization.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Dynamic Host Configuration Protocol (DHCP)

FIGURE 2.7

77

DHCP initialization process Discover Offer Request Acknowledgment

DHCP Implementation As a part of configuring the DHCP server, administrators need to specify a pool of IP addresses that the server can choose from and lease to the DHCP client. Each implementation will depend entirely on your network’s needs. In the Windows 2000 Server system environment, an administrator can configure DHCP parameters by working with the DHCP snap-in. In Linux, configurations are accomplished using the /etc/dhcpd.conf file. These tools allow you to configure address allocations, leases, and many other options. Two common types of DHCP address allocation are dynamic and manual allocation. Networks often use a combination of the following allocation types: Dynamic allocation A temporary IP address is assigned to a client. The address either expires or is released by the client. Therefore, one address can be reused by multiple clients over time. Manual allocation (client reservation) An IP address is assigned to a client by the network administrator. DHCP is merely used to transmit that specific assigned address and parameter configuration to the client.

DHCP Header The DHCP header is very similar to the BootP header. The differences are that the BootP Vendor Extensions field has been renamed the Options field in DHCP. The Options field was enlarged to be at least 312 bytes and have a variable length. This enlargement allows many more configuration options. Also, the unused BootP field became the DHCP Flags field. Figure 2.8 illustrates the DHCP header.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

78

Chapter 2



The OSI Logical and Network Access Layers

FIGURE 2.8

DHCP header format Operation

Hardware Type

Hardware Length

Hops

Transaction ID Seconds

Flags Client IP Address Your IP Address Server IP Address Gateway IP Address

Client Hardware Address (16 bytes) Server Host Name (64 bytes) Boot Filename (128 bytes) Options (variable)

Following is a description of the DHCP header fields. Operation (eight bits) Specifies whether the message is a BootP request (1) or a reply (2). DHCP continues to use the BOOTREQUEST and BOOTREPLY message types. Hardware Type (eight bits) The type of network hardware interface. This field is set to 1 for 10MB Ethernet. Hardware Length (eight bits) Length of the hardware address. The length is six for 10MB Ethernet. Hops (eight bits) Initially set to zero by the client. Relay agents use this field if they forward the message. Transaction ID (32 bits) A random number set by the client. It is used by the client to match a request message with a reply. Seconds (16 bits) Clocked by the client as it starts the address acquisition process. It may be used by a secondary DHCP server to respond after a certain amount of time, which may indicate the primary DHCP server is not responding.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Dynamic Host Configuration Protocol (DHCP)

79

Flags (16 bits) Allows clients that cannot accept unicast DHCP messages before TCP/IP is configured to accept them. Client IP Address (32 bits) If the client system knows its IP address, it enters it in this field. Otherwise this field is set to zero. Your IP Address (32 bits) Set by the server; specifies the client system’s IP address. Server IP Address (32 bits) IP address of the DHCP server. Gateway IP Address (32 bits) IP address of a relay agent. Used when initializing through a relay agent. Client Hardware Address (16 bytes) The client’s hardware address; for example, the 48-bit Ethernet address of the system sending the DHCP request message. Server Host Name (64 bytes) Host name of the server’s IP address. Boot Filename (128 bytes) Path name of the file from which the client system needs to boot. Options (variable length) Contains vendor-specific options for DHCP. EXERCISE 2.6

Configuring a DHCP server with Linux In this exercise, you will install the DHCP server for Linux on System A. The dhcpd (DHCP daemon) is designed to answer requests from DHCP and BootP clients. However, BootP clients will retain their TCP/ IP configurations indefinitely because “leases” do not exist in BootP. Note: The DHCP server must have a static IP address. Note: For the exercises in this chapter to function efficiently, remove all existing DHCP servers that your network may be using. Either disconnect your network from the existing DHCP server, or stop (or disable) the DHCP server.

1. Log on to System A as root. 2. Ensure that the DHCP RPMs are installed on your system. To determine whether they are installed, enter: Host#: rpm –qa | grep dhcp

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

80

Chapter 2



The OSI Logical and Network Access Layers

EXERCISE 2.6 (continued)

3. If they’re not installed, locate the RPMs on the Red Hat Linux CD or on the supplemental CD, and enter the following (RPM versions will vary depending on the version of Red Hat Linux installed): rpm –i dhcp-2.0-12.i386.rpm dhcpcd-1.3.18pl8-6.i386.rpm

4. DHCP is configured in the etc/dhcpd.conf file, which you need to create. Whenever you make changes to this file, you must restart dhcpd. To create the file, enter: Host#: touch /etc/dhcpd.conf

5. DHCP keeps a list of assigned leases in the dhcpd.leases file, which you also need to create. This file enables dhcpd to track leases through system restarts and server reboots because the file’s contents are flushed to disk when a lease is assigned. The empty dhcpd.leases file must exist before the service can start. To create the file, enter: Host#: touch /var/lib/dhcp/dhcpd.leases

6. To configure DHCP, open the dhcpd.conf file you created. For example, enter: Host#: vi /etc/dhcpd.conf

7. Enter the network address and the subnet mask of the network that the DHCP server will be allocating. This entry is called a declaration. Enter: subnet [your network address] netmask 255.255.255.0

8. Enter the range of IP addresses that System A’s DHCP server will allocate. This entry is also called a declaration. For this exercise, your range will consist of only System B’s IP address with 100 added, and System A’s IP address with 100 added. For example, if System B’s IP address is 192.168.3.11 and yours is 192.168.3.13, enter range 192.168.3.111 192.168.3.113. The range should consist of lower to higher addresses. Enter: subnet [System A’s network address]

netmask 255.255.255.0 { range [System B's adjusted IP address] [System A’s adjusted IP address];

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Dynamic Host Configuration Protocol (DHCP)

81

EXERCISE 2.6 (continued)

9. Enter the default and maximum lease time, in seconds, for the leases allocated by this DHCP server. Common values are 86400 (24 hours), 604800 (one week), and 2592000 (30 days). For example, enter: subnet [System A’s IP address] netmask 255.255.255.0 { range [System B's adjusted IP address] [System A’s adjusted IP address]; default-lease-time 86400; max-lease-time 604800;

10. You can enter parameters to be allocated to your DHCP client. In this exercise, you will allocate a subnet mask and default gateway to the client. You can also add domain name servers using the option domain-name-servers parameter. To learn about additional parameters, access the dhcpd.conf manual. To allocate a subnet mask and default gateway, enter: subnet [System A’s IP address] netmask 255.255.255.0 { range [System B's adjusted IP address] [System A’s adjusted IP address]; default-lease-time 86400; max-lease-time 604800; option subnet-mask 255.255.255.0; option routers [default gateway]; }

11. Save the file. The following is a sample file: subnet 192.168.3.0 netmask 255.255.255.0 { range 192.168.3.111 192.168.3.113; default-lease-time 86400; max-lease-time 604800; option subnet-mask 255.255.255.0; option routers 192.168.3.1; }

12. Start the DHCP server by entering: Host#: /etc/rc.d/init.d/dhcpd start

13. Verify that the server is working by entering: Host# /etc/rc.d/init.d/dhcpd status

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

82

Chapter 2



The OSI Logical and Network Access Layers

EXERCISE 2.6 (continued)

14. View the dhcpd.leases file on the DHCP server to determine whether the DHCP server allocated a DHCP lease to a client. Enter: Host#: vi /var/lib/dhcp/dhcpd.leases

15. If your DHCP server allocated a lease, it will be listed in the file. 16. Quit the dhcpd.leases file.

EXERCISE 2.7

Creating a DHCP reservation with Linux In this exercise, you will create a DHCP reservation on the DHCP server (System A) for System B, the client.

1. To create a reservation, you will add information to the dhcpd.conf file. The reservation will not be part of the range you specified in the previous exercise. Instead, it will be the next available IP address after your range (you can reserve an IP address in the range if you prefer). For example, if your range is range 192.168.3.111 192.168.3.113, the reserved address will be 192.168.3.114. Add the following to the dhcpd.conf file (note that you must remove the last curly bracket from your previous entry): } host [System B's host name] { hardware Ethernet [System B's hardware address]; fixed-address [an IP address outside your range]; } }

2. Save the file. The following is a sample file. Remember to use colons in the hardware address: subnet 192.168.3.0 netmask 255.255.255.0 { range 192.168.3.111 192.168.3.113; default-lease-time 86400; max-lease-time 604800; option subnet-mask 255.255.255.0; option routers 192.168.3.1; host student11 { hardware Ethernet 00:80:5F:EA:C6:10; fixed-address 192.168.3.114; } }

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Dynamic Host Configuration Protocol (DHCP)

83

EXERCISE 2.7 (continued)

3. Restart the DHCP server by entering: Host#: /etc/rc.d/init.d/dhcpd restart

4. Verify that the server is working by entering: Host# /etc/rc.d/init.d/dhcpd status

5. Renew System B’s DHCP client configuration by issuing ipconfig /renew at the Windows command prompt. It should be configured with the reserved IP address specified in the dhcpd.conf file.

6. View the dhcpd.leases file to determine whether the DHCP server allocated the DHCP reservation to the client. Enter: Host#: vi /var/lib/dhcp/dhcpd.leases

7. Note that reservations do not appear in the dhcpd.leases file. Only addresses allocated from the range appear in the dhcpd.leases file, even if the reserved address exists in the range. You must track your reservations separately.

8. Quit the dhcpd.leases file.

EXERCISE 2.8

Installing the DHCP service on Windows 2000 In this exercise, you will install the DHCP server for Windows 2000 on System B. Note: You will need to turn off the DHCP server on System A, and change the configuration for System A to DHCP instead of static.

1. To add the DHCP service, select Start  Settings  Control Panel  Add/Remove Programs. Click Add/Remove Windows Components from the left-hand menu. The Windows Components Wizard opens.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

84

Chapter 2



The OSI Logical and Network Access Layers

EXERCISE 2.8 (continued)

2. Scroll down and highlight Networking Services and click the Details button. Select the Dynamic Host Configuration Protocol (DHCP) Server and select OK.

3. Click the Next button. The DHCP service installs. When the Wizard is complete, click Finish. Select the Close button to exit the Add/ Remove Programs window. No restart is required. Your computer is a DHCP server.

EXERCISE 2.9

Configuring the DHCP server on Windows 2000 In this exercise, System A—the DHCP server in Exercise 2.6—becomes the DHCP client, while System B—formerly the client system— becomes the DHCP server and distributes IP addresses.

1. Select the Start menu, then choose Programs  Administrative Tools  DHCP.

2. By default, your system is identified as a DHCP server. Your host name and IP address will appear in the DHCP window. If the service is not running, select your host name in the left pane. The Status in the right-hand pane should change to Running. Note: The DHCP server must have a static IP address.

3. Next, you must create a scope, or range, or IP address that the DHCP server will allocate. Right-click your host name and select New Scope. You can also select the Action menu and select New Scope. The New Scope Wizard will appear. Select Next.

4. In the Scope Name window, provide a name and description for your scope. For instance, enter your system’s name, Student13 Scope, with a description (optional).

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Dynamic Host Configuration Protocol (DHCP)

85

EXERCISE 2.9 (continued)

5. In the IP Address Range window, you will determine the scope of IP addresses that the DHCP server will allocate to systems. Use System A’s current IP address for the start address and the IP address that is one higher for the end address. For example, if System A’s IP address is 192.168.3.11, your IP address range will be: Start Address:

192.168.3.11

End Address:

192.168.3.12

Enter the start address and end address in the proper fields. Then enter the subnet mask of your network, which is 255.255.255.0. Your screen should appear similar to the example below (the IP addresses will vary).

6. Select Next. 7. In the Add Exclusions window, you can add any range of addresses to exclude from the range you defined in the previous window. For this exercise, leave the fields blank. You need not exclude any addresses. Select Next.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

86

Chapter 2



The OSI Logical and Network Access Layers

EXERCISE 2.9 (continued)

8. In the Lease Duration window, notice the default lease of eight days. This duration can be set depending on your network needs. For this exercise, use the default lease. Select Next.

9. The Configure DHCP Options window will appear. You will configure additional DHCP options, such as a default gateway, later in this chapter. Select No, I Will Configure These Options Later. Click Next.

10. To complete the New Scope Wizard, select Finish. 11. To activate the new scope, right-click Scope in the left pane and select Activate. You can also highlight the scope, select the Action menu, and choose Activate.

12. The DHCP window will display the new scope you created. 13. To create a reservation, expand the Scope folder in the left pane. Right-click Reservations and choose New Reservation. The New Reservation window will appear. Fill in the fields listed in Table 2.2. Your screen will appear similar to the example below (the data will vary).

14. Select Add and Close. You might receive a dialog box stating that the reservation may not be correct. If so, make sure System A’s hardware address is correct. Leave the DHCP window open.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Dynamic Host Configuration Protocol (DHCP)

TABLE 2.2

87

Reserving a DHCP Client Field

Data Description

Reservation Name

Enter the name of System A. This entry is used for your information only. For example, enter SystemA.

IP Address

Enter the IP address you want to reserve for System A. In this case, enter an IP address from the scope you created. Note: Select an IP address other than System A’s current static IP address. This will help you confirm that the DHCP client actually received an IP address from the DHCP server. For example, if System A’s IP address is 192.168.3.11, then enter 192.168.3.12, which is the “End Address” of your scope (see step 5 of Exercise 2.8).

MAC Address

Enter System A’s hardware address. Do not use hyphens or colons. For example, enter 00805EAC652. Note: Hyphens are not allowed in the MAC address field.

Description

Enter additional information about System A. For example, enter Reserved IP Address for System A.

In the next exercise, you will configure System B as a DHCP client. EXERCISE 2.10

Configuring a DHCP client on Windows 2000 In this exercise, you will configure a DHCP client to accept an IP configuration automatically. Note: Complete this exercise on the computer that does not have the DHCP server installed.

1. To become a DHCP client, right-click the My Network Places icon on the Desktop and select Properties. The Network And Dial-up Connections window will open. Right-click the Local Area Connection icon and select Properties. Highlight the Internet Protocol (TCP/IP) component and choose the Properties button. The Internet Protocol (TCP/IP) Properties window will appear.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

88

Chapter 2



The OSI Logical and Network Access Layers

EXERCISE 2.10 (continued)

2. Notice that your computer has a static IP address. You have at least a manually configured IP address, subnet mask, and default gateway, as shown below.

3. Note your IP address, subnet mask, and default gateway. You will need this information to reconfigure your machine later.

4. To become a DHCP client and obtain your TCP/IP network configurations dynamically, select the Obtain An IP Address Automatically and the Obtain DNS Server Address Automatically radio buttons. The Obtain DNS Server Address Automatically radio button will appear after you select the Obtain An IP Address Automatically radio button. Select OK.

5. To exit the Internet Protocol (TCP/IP) Properties window, select OK twice.

6. To view your new TCP/IP network configurations, open the Command Prompt window and enter:

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Dynamic Host Configuration Protocol (DHCP)

89

EXERCISE 2.10 (continued)

ipconfig /all You should obtain an IP address from the DHCP server’s scope. Note that you do not have a default gateway. The DHCP server was not configured to allocate a default gateway. Your screen will resemble the one below (the IP address will vary).

Notice that the DHCP server address is System A’s IP address, because System A is the DHCP server and System B is the DHCP client.

7. To release the TCP/IP network configuration, enter the following at the command prompt: ipconfig /release The TCP/IP network configuration will be released. What is your TCP/IP network configuration now? To find out, enter: ipconfig /all

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

90

Chapter 2



The OSI Logical and Network Access Layers

EXERCISE 2.10 (continued)

You will receive data similar to the response shown below.

8. Your computer no longer has a valid IP address. It is using the special-case source address (0.0.0.0). Notice that your subnet mask is also set to 0.0.0.0. Also note that the DHCP server address is no longer System A’s IP address. Instead, it is a broadcast address. The broadcast address is used to obtain the DHCP client network configuration upon initialization and renewal (after a release). To receive new TCP/IP network configurations, enter: ipconfig /renew The valid configuration will automatically appear. In the next exercise, you will configure System B’s DHCP server to allocate additional TCP/IP network configuration data: the default gateway. Leave the Command Prompt window open.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Dynamic Host Configuration Protocol (DHCP)

91

EXERCISE 2.11

Configuring a DHCP server to allocate a default gateway on Windows 2000 In this exercise, you will configure your DHCP server to allocate a default gateway to the DHCP client.

1. Open the DHCP snap-in (select Start  Programs  Administrative Tools  DHCP). To add additional configuration parameters for your DHCP clients, right-click Server Options in the left pane and select Configure Options. The Server Options window will open. This window will allow you to select options for the scope you created in Exercise 2.8, such as adding a default gateway or DNS servers to the configuration data.

2. To add a default gateway, select the 003 Router check box. 3. To select the IP address for the default gateway, enter the IP address of your network’s default gateway in the Data Entry IP address section. For example, if your network is 192.168.3.0, enter 192.168.3.1. Select the Add button. Your screen will resemble the example below.

4. Select OK. The Router IP address will appear in the DHCP snap-in. Close the DHCP snap-in.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

92

Chapter 2



The OSI Logical and Network Access Layers

Whether the DHCP client or server is running on Linux, Windows, or another operating system, the server can be configured to send additional parameters, such as gateway address or DNS servers. DHCP clients can receive and use that information, regardless of whether or not the client OS is the same as the DHCP server OS. EXERCISE 2.12

Removing the DHCP server using Windows 2000 In this exercise, you will remove the DHCP server. You need not reconfigure the computer to its original static IP address because it never changed. A DHCP server must always have a static IP address.

1. To remove the DHCP server service, select Start  Settings  Control Panel  Add/Remove Programs. Click Add/Remove Windows Components from the left-hand menu. The Windows Components Wizard will open.

2. Scroll down and highlight Networking Services and then click the Details button. Deselect the Dynamic Host Configuration Protocol (DHCP) Server and select OK.

3. Click the Next button. When the Wizard is complete, click Finish. Select the Close button to exit the Add/Remove Programs window. No restart is required. The DHCP service is removed. You are no longer a DHCP server.

Summary

I

n this chapter, you learned about the Ethernet standard, including an analysis of the Ethernet header and its function. You installed a protocol analyzer and captured packets on a TCP/IP 10BaseT Ethernet network, taking note that every packet needs an Ethernet header because IP addresses have a different address scheme from Ethernet MAC addresses. This chapter covered the basics of IP addressing and reserved addresses, and you noted the importance of IP address allocation, whether public or private ranges.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Key Terms

93

You have seen the importance of mapping logical to physical addresses, learning that Address Resolution Protocol (ARP) is used to resolve IP addresses to Ethernet MAC addresses. Reverse Address Resolution Protocol (RARP) was also detailed in this chapter, for resolving MAC addresses to IP addresses. You learned that the two protocols used for centrally managing address and parameter allocation for TCP/IP hosts are BootP and DHCP, and that DHCP is an important configuration service to offer on a LAN, but it must be allocated IP addresses for it to dynamically assign them. BootP is an alternative to RARP that allows parameters other than IP addresses to be allocated, and provides the ability to traverse routers. DHCP is an extension to BootP that allows even more parameters to be allocated, as well as giving the ability to offer finite address leases that can be reused when they expire. Finally, in installing, configuring, and experimenting with a DHCP server and client using both Windows 2000 and Linux, you gained hands-on experience with a vital skill, configuring dynamic host IP allocation services. The key elements of this chapter—the concepts of physical and logical addressing at Layer 2 and Layer 3 of the OSI model, and IP addressing, public and private ranges, and netmasks—are concepts that you will internalize as you continue to use them in your career as an internetworking professional.

Key Terms

Before you take the exam, be certain you are familiar with the following terms: Address Resolution Protocol

Institute of Electrical and Electronics Engineers (IEEE)

ARP

MAC

Carrier Sense Multiple Access with Collision Detection

Media Access Control

CSMA/CD

network interface card (NIC)

Ethernet

RARP

IEEE 802.2

Reverse Address Resolution Protocol

IEEE 802.3

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

94

Chapter 2



The OSI Logical and Network Access Layers

Exam Essentials Be able to identify the Institute of Electrical and Electronics Engineers (IEEE) LAN standards. The IEEE LAN standards include 802.2 and 802.3 frame types for Ethernet LANs. Be able to identify fields in the Address Resolution Protocol (ARP) header. Fields in the ARP header include: Hardware Type, Protocol Type, Hardware Length, Protocol Length, Operation, Source Hardware Address, Source IP Address, Destination Hardware, and Destination IP Address. Understand IP addressing and the concept of uniqueness. IPv4 addressing assigns a 32-bit number, often noted as a dotted decimal, to a specific Internet host interface. Each IP address is unique, with address blocks assigned by ICANN. Be able to define IP address classes currently used on the Internet. Class A addresses use eight bits for network and 24 bits for host, the first byte ranging from 1 to 126. Class B addresses use the first 16 bits for network and 16 bits for host, the first byte ranging from 128 to 191. Class C addresses use the first 24 bits for network and eight bits for host, the first byte ranging from 193 to 223. Class D addresses use the entire 32 bits for network, and are for multicast networks, with the first byte ranging from 224 to 239. Class E addresses are reserved for future use, the first byte ranging from 240 to 247. Be able to determine reserved IP addressing. ICANN has reserved three ranges for private networks. These address ranges are not valid Internet host IP addresses, although they may exist on networks connected to the Internet. 

10.0.0.0 through 10.255.255.255



172.16.0.0 through 172.31.255.255



192.168.0.0 through 192.168.255.255

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Exam Essentials

95

Know the function of Reverse Address Resolution Protocol (RARP). RARP is a protocol by which a diskless workstation may request an IP address and have it assigned. Know the function and roles of the BootP server and client. A BootP server provides IP addresses to clients, providing a single IP address for each MAC address. The clients request and receive their IP address as they initialize, reducing client configuration and administration. Know the function and roles of the DHCP server and client. DHCP servers provide IP addresses to clients for a period of time called a lease. When a lease expires, the IP address may be renewed or a new IP address issued. DHCP may also provide additional information, such as gateway and DNS server. The DHCP client initiates the transaction with a broadcast message called a discover message, to which the server replies. Be able to compare and contrast RARP, BootP, and DHCP. RARP allowed diskless workstations to automatically obtain an IP address and configuration, but was very limited. BootP allowed administrators to pass extended gateway and DNS server information, but did not provide a mechanism for reallocating IP addresses, once assigned. DHCP extended BootP to provide lease time and further information fields. Understand the difference between manual and dynamic address allocation. Manual address allocation is performed workstation by workstation, with a single IP address assigned and manually configured at each workstation. Dynamic address allocation is performed by setting all workstations to dynamically request an IP address. A server, typically a DHCP server, is configured to service requests and provide IP addresses, as well as gateway and DNS server information, to each workstation at boot time.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

96

Chapter 2



The OSI Logical and Network Access Layers

Review Questions 1. Which series of Institute of Electrical and Electronics Engineers (IEEE)

standards specifies various LAN technologies? A. The 207 series B. The 803 series C. The 702 series D. The 802 series 2. What is the purpose of protocol analyzers? A. They are used to resolve hardware addresses to software addresses. B. They are used to analyze data sent across a network. C. They are used to execute TCP/IP commands. D. They are used to encapsulate ARP messages in an Ethernet frame. 3. What is the name of the data packet once it is encapsulated by the

Ethernet header? A. Destination node B. Frame C. ARP packet D. Ethernet address 4. How long is the ARP header? A. 28 bytes B. 32 bytes C. 16 bytes D. 56 bytes

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Review Questions

97

5. Which of the following fields belongs to the ARP header? A. Cyclic redundancy check B. ARP reply C. Destination Hardware Address D. ARP request 6. Which of the following accurately describes ARP? A. ARP resolves OSI/RM Layer 1 addresses to OSI/RM Layer 2

addresses. B. ARP resolves Internet architecture model Layer 2 addresses to OSI/

RM Layer 4 addresses. C. ARP resolves OSI/RM Layer 3 addresses to OSI/RM Layer 2

addresses. D. ARP resolves Internet architecture model Layer 4 addresses to

Internet architecture model Layer 3 addresses. 7. How is the RARP header similar to the ARP header? A. RARP and ARP headers have the same length. B. Both RARP and ARP headers allow a machine to determine its

Internet address. C. The Ethernet header frame type field for both RARP and ARP

packets is set to hexadecimal 0806. D. The operation field defines both ARP and RARP types as follows:

1=ARP and RARP request; 4=ARP and RARP reply. 8. In order for a router to forward DHCP packets, the router must be: A. RFC 915–compliant B. RFC 951–compliant C. RFC 1105–compliant D. RFC 1542–compliant

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

98

Chapter 2



The OSI Logical and Network Access Layers

9. Which of the following statements accurately characterizes BootP? A. BootP was created as an alternative to RARP. B. BootP is never used with TFTP. C. BootP replies are formatted differently than BootP requests. D. Very few routers support BootP. 10. What is the name of a DHCP message sent by a client system at

boot time? A. A request message B. An acknowledgment message C. An initializing message D. A discover message 11. Which of the following fields is a part of the DHCP header and

contains the address of the DHCP relay agent? A. Server Hardware Address B. Server IP Address C. Gateway IP Address D. Gateway Hardware Address 12. Which of the following characteristics accurately describes dynamic

address allocation in DHCP? A. A permanent IP address is assigned to a client. B. One address can be reused by multiple clients over time. C. An IP address is assigned to a client by the network administrator. D. The allocated address never expires.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Review Questions

99

13. Which of the following characteristics accurately describes the

Operation field of the DHCP header? A. The Operation field specifies the type of network hardware

interface. B. The Operation field specifies the client’s hardware address. C. The Operation field specifies whether the message is a request or

a reply. D. The Operation field specifies the host name of the server’s

IP address. 14. Which of the following is an example of a dotted quad notation? A. www.passivE.energy.org B. 1F:07:74:AC C. 206.196.96.4 D. ftp://kernel.org:21 15. What is the network portion of the IP address 150.199.1.11? A. 11 B. 150 C. 150.199 D. 150.199.1 16. What is the network portion of the IP address 209.163.190.74? A. 74 B. 190.74 C. 209.163 D. 209.163.190

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

100

Chapter 2



The OSI Logical and Network Access Layers

17. What is the host portion of the IP address 101.121.54.69? A. 69 B. 54.69 C. 101.121 D. 121.54.69 18. The first two bits of a Class B IP address are always: A. 10. B. 01. C. 00. D. 11. 19. Which of the following does not describe a broadcast address? A. The binary host or network portion is all zeros. B. The address is not a valid source address. C. Broadcast addresses are used to send to multiple hosts. D. The decimal value is usually 255. 20. Why cache ARP replies? A. In order to dynamically reassign IP addresses B. So that the results may be passed to ARP servers C. To improve disk performance D. Because caching reduces broadcast network traffic

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Answers to Review Questions

101

Answers to Review Questions 1. D. The 802 series of IEEE standards defines various LAN technologies,

including 802.3 and 802.2 Ethernet frame types and 802.11 wireless networking. 2. B. Protocol analyzers capture raw data sent across the network and

perform packet analysis. 3. B. The Ethernet header creates the frame for datagram transmission

on Ethernet. 4. A. Seven 32-bit words make up the 28-byte ARP header. 5. C. The destination hardware address must be in the ARP header. 6. C. ARP resolves an IP address to a MAC address. IP is OSI/RM

Layer 3, and MAC is OSI/RM Layer 2. 7. A. The frame types and operation fields differ from ARP to RARP,

while header length remains the same. B is obviously incorrect since ARP and RARP do not perform the same function, but rather complementary functions. 8. D. RFC 1542 specifies the extensions of BootP, which apply to

DHCP and are necessary for DHCP requests to be forwarded. 9. A. BootP was created as an alternative to RARP, with more

functionality. 10. D. A DHCP client sends a discover message that is broadcast to the

local network. 11. C. The Gateway IP Address field contains the address of the

relay agent.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

102

Chapter 2



The OSI Logical and Network Access Layers

12. B. One key concept behind DHCP is that the assignment is dynamic,

and can change over time. This makes for more efficient use of IP address space, because permanent allocations are not needed, and one IP address may be used by several clients, although not simultaneously. 13. C. DHCP requests and replies are very similar. The Operation field

defines which type the packet represents. 14. C. A dotted quad is an IP address, expressed as four octets separated

by decimal points. 15. C. The address given is a Class B address, with a possible 65,534

hosts, specified by the last two octets. The network portion is the first two octets. 16. D. The IP address given is a Class C address, therefore the host

portion is 74 and the network portion is 209.163.190. 17. D. The last three octets are the host portion of a Class A address. 18. A. Class B IP addresses always begin with a binary 10, the first byte

ranging from 128 to 191. 19. A. The binary host/network portion is all ones in a broadcast

address. 20. D. Broadcast messages are inefficient, requiring each node to receive

the packet, but they are the only way to resolve Ethernet addresses from IP addresses. Caching ARP results allows hosts to avoid using ARP repeatedly.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Chapter

3

Subnetting and Routing CIW EXAM OBJECTIVE AREAS COVERED IN THIS CHAPTER:  Identify and define Internet Protocol version 4 (IPv4) addressing concepts, including subnet addressing.  Define the processes of routing, including but not limited to: direct versus indirect routing, static versus dynamic routing, interior versus exterior protocols and gateways.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

M

any networks, large and small, make up the Internet, and not all networks, small or large, have the same organization. Most networks are divided into subnetworks that make up one network. Subnetting and routing go hand in hand. Subnetworks are a useful way to organize hosts within a network into logical groups. Thus, one network can be divided into several “sub” networks. Many companies have a different subnetwork for each department in their organization. Subnetworks are also useful when network standards limit your network’s ability to grow. For instance, a 10BaseT Ethernet network allows a segment length of only 100 meters, or 328 feet. To extend the network, you can create several subnetworks from the existing network address and connect each subnetwork’s nodes to a router. Then configure the router to forward packets between the subnetworks. A well-designed set of subnetworks may also make more efficient use of network bandwidth, reducing congestion or utilization level, and resulting in fewer collisions and better network performance. The only way to identify the network, subnetwork, and host portions of an IP address is to introduce a second element, called the subnet mask. The subnet mask is a mandatory element of TCP/IP. It is always configured with an IP address; they work as a pair on a system. A system’s IP address and subnet mask is the minimum requirement for TCP/IP configuration. Subnet routing allows numerous subnetworks to exist within a network. The host bits are divided into two groups: subnetwork and host. For example, subnetting would borrow from the lower-order 16 bits (the host bits) for a Class B network and the lower-order eight bits for a Class C network. A subnetwork address consists of the following three portions: network portion | subnetwork portion | host portion

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Subnet Masks

105

In this chapter, you will learn more about subnets and subnet masks. You will also learn how routing fits into IP’s functions. Finally, we will cover advanced routing protocols. You’ll discover that the tasks detailed in this chapter require more arithmetic than those in other chapters as well as some calculation. You may find these exercises challenging or tedious as you see them for the first time, but you will need to learn and internalize the concepts of subnet masks and routing in your future as an Internetworking Professional. These formulas for finding subnets are fundamental to internetworking. Jumping into this material headfirst and completing these tasks thoroughly will really help establish your confidence and leadership in a real-world administration role. As pointed out earlier, most real-world networking scenarios involve heterogeneous platforms. Some exercises in this chapter are designed to give you experience working with both Windows and Linux platforms. Many of the exercise steps need to be performed on Linux, designated as System A, or performed on Windows, designated System B. For many exercises, a single system booting both operating systems is sufficient, while for certain steps it is useful to have both Linux and Windows systems connected at the same time. Throughout, System A will refer to a Linux system and System B will refer to a Windows system.

Subnet Masks

A subnet mask, also called a net mask, is a 32-bit number (similar to an IP address) with a one-to-one correspondence between each of the 32 bits in the Internet address. Subnet masks serve two main purposes. First, subnet masks distinguish the network and host portions of an IP address. Because the system does not know which bits in the host field are to be interpreted as the subnetwork part of the Internet address, the system refers to the subnet mask for this information. Second, the subnet mask tells the system which bits of the Internet address should be interpreted as the network, subnetwork, and host address. The simplest type of subnet mask is the default subnet mask. By default, each eight-bit field is turned on (255—all binary ones) or off (0—all binary zeros), depending on the address class (A, B, or C).

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

106

Chapter 3



Subnetting and Routing

The following list identifies the default subnet masks for Class A, B, and C addresses. Class D and E addresses do not have hosts, and therefore do not require subnet masks. 255.0.0.0

Class A (default)

255.255.0.0

Class B (default)

255.255.255.0

Class C (default)

Subnet masks specify whether a destination address is local or remote. Note that the subnet mask is used to “mask” the network address, so only the host address remains. In routing, this is extremely important. It allows a computer to determine whether a destination address is intended for a computer on the same (local) or a different (remote) network. If the destination address is on the same network, the information can be transmitted locally. If the destination address is on a different network, the information must be sent to a router, which can locate the remote network. Remember that although we represent IP addresses and net masks in decimal form, that is for human convenience—routers and hosts actually use the binary values consisting of ones and zeros. Each binary bit has a value of one or zero, and when a router or host performs a comparison or calculation, it will use Boolean arithmetic, somewhat different from our familiar decimal math. The subnet mask identifies whether the destination address is local or remote through a process called ANDing. The network portion of an Internet address can be determined by using the Boolean AND operation with the Internet address and the subnet mask. This process is internal to TCP/IP, but understanding its function is important. When the computer is initialized, it uses the ANDing function with its local IP address and local subnet mask. Whenever it sends information to a destination address, it uses the ANDing function again with the destination address and the local subnet mask. If the value matches the initial ANDing function result, it is a local destination. If the value is different, it is a remote address. The ANDing function compares two bits, and gives a single bit as a result. The result is only “1” if both the IP address bit and the subnet mask are “1.” To use the ANDing function, convert your local IP address and subnet mask into binary form. For the following example, your IP address is 131.226.85.1 and your subnet mask is 255.255.0.0. Calculate each corresponding bit using the following rules: 

1 and 1 = 1



Any other combination = 0

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Subnet Masks

107

When your computer initializes, the ANDing process calculates the following result: Local IP address

10000011 11100010 01010101 00000001

Local subnet mask

11111111 11111111 00000000 00000000

First ANDing result

10000011 11100010 00000000 00000000

By converting the ANDing result to decimal value, the process reveals that the network portion of the address is 131.226. Your computer uses the ANDing result from the initialization process to determine whether all future destination addresses are local or remote. For example, you are sending information to the destination address 131.226.50.4. Destination IP address

10000011 11100010 00110010 00000100

Local subnet mask

11111111 11111111 00000000 00000000

Second ANDing result

10000011 11100010 00000000 00000000

The network address found is 131.226. Compare the first and second ANDing results. Because they are the same, the data is sent locally, and the router will not be used. If they were different, the data would be sent through a router to the remote network. This understanding of IP address and subnet masks is vital to network design. One of the most important parts of designing a network is properly calculating the custom subnet masks.

Custom Subnet Masks As a network administrator, suppose you obtain one network address from the ICANN, but you need several networks in your corporation. You can divide the one network address into several subnets by creating a custom subnet mask. Unlike the default subnet mask, the custom subnet mask borrows bits from the host portion of the IP address. This section will explain the procedure for subnetting a network address into multiple subnets. In the following section, you will learn how to create X number of subnets for a network. Assume that your company has a network address assigned by the ICANN, and you must divide that one network address into several subnetworks. Determining custom subnet masks is a step-by-step process. The first step is to determine the number of subnets required.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

108

Chapter 3



Subnetting and Routing

Step 1: Determine the Number of Subnets Needed In order to determine the number of subnets needed, you should consider departmental and organizational needs. Although it is possible that an entire organization could be on a single subnet, for this example we are going to say that you need to create six subnets to separate departments. Suppose the ICANN assigns you the following Class C network address: 210.199.10.0 Because your company has only 100 employees, the Class C address should be adequate (recall that Class C addresses can have up to 254 hosts). The network address uses the first three bytes, and the host addresses are limited to the last byte: netid.netid.netid.hostid The custom subnet mask borrows bits from the host portion of the IP address and uses these bits in the creation of subnets. Keep in mind that as you borrow from the host bits, you are going to be using some of the address space to create the subnets, and you will no longer get the entire 254 hosts from your Class C address. To determine the number of host bits to borrow, use Step 2.

Step 2: Determine the Number of Bits to Borrow To determine the number of bits to borrow from the host portion, you must know the number of subnetworks required for your network. In this example, the number of subnetworks is six. Use the following formula to determine the number of bits required if your network uses a classless routing protocol, such as Open Shortest Path First (OSPF) or Border Gateway Protocol version 4 (BGPv4): 2n ≥ number of subnetworks required n = number of bits to borrow from the host address In this example, the value 3 fits the equation: 2n ≥ 6 23 ≥ 6 In order to arrive at the value of 3, consider n=2 and n=3. For n=2, the value of 22 (i.e., 4) is insufficient for the number of networks that we need. For n=3, the value of 23 (i.e., 8) is greater than (and must be greater than or equal to) the desired number of networks, six. Therefore, at least three bits

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Subnet Masks

109

must be borrowed from the host address. Most routing protocols today are classless, and support the Classless Interdomain Routing (CIDR) protocol, explained in detail later in this chapter. Classless routing protocols supply the prefix-length (subnet mask) with each route. If you implement classful routing protocols on your network, you must subtract 2 in the equation. Classful routing protocols, such as the Routing Information Protocol version 1 (RIPv1), do not supply the subnet mask or prefix-length with each route. 2n – 2 ≥ number of subnetworks required n = number of bits to borrow from the host address Earlier we said that borrowing host bits to create subnets “uses” some of the available address space that is being divided. The –2 in the equation reflects that usage, and is derived from the fact that the first and last subnets cannot be used. The first subnet cannot be used because it contains the address of the network from which the subnets are created. The last subnet cannot be used because it contains the broadcast address for the whole network. Once again, the value 3 fits this equation so at least three bits must be borrowed from the host address, as follows: 2n – 2 ≥ 6 23 – 2 ≥ 6

Subtracting 2 in the formula ensures that both classless and classful routing protocols will function on your networks.

Why? Why did you have to subtract 2 in the equation to support classful routing protocols? To answer this question, you can reference RFC 950, which first defined subnetting. RFC 950 prohibited the use of the all-zeros and all-ones subnet. However, since the introduction of classless routing protocols, subnetting has changed. Nowadays, routers require that routing table updates include both the route and the prefix-length (subnet mask) pair. This inclusion allows the router to distinguish between the route to the entire network and the route to the all-zeros subnet. It also allows the router to distinguish between a broadcast to the entire network and a broadcast to the all-ones subnet.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

110

Chapter 3



Subnetting and Routing

Because a classful routing protocol does not recognize a prefix-length (subnet mask) when advertising routes, it can become easily confused. For example, the routing entries 210.199.10.0/24 and 210.199.10.0/27 would be identified as the same network address 210.199.10.0. To avoid this problem, the all-zeros and all-ones subnets are removed from networks implementing classful routing protocols. These are the largest portions of the address space that is made unavailable by creating subnets. Also, the first and last addresses of a subnet serve as network and broadcast addresses for that subnet, so they are no longer available for host addresses. To understand how the all-zeros and all-ones subnets are determined, you must look at the binary value of the host portion of the network address 210.199.10.0, which is all zeros. 0 0 0 0 0 0 0 0 We have already determined that because you need six subnetworks, you must borrow three bits from the host portion to use for the network portion. Another way to look at this is to calculate the bit value of how many subnets you need—in this case, six—and to note how many bits are required to specify that number. Examine Figure 3.1 to determine the bit value of six: 0 0 0 0 0 1 1 0 FIGURE 3.1

Octet bit values Bit Value

128

64

32

16

8

4

2

1

This is really just another method of arriving at the number of bits needed for a specific subnetting scenario, the same number that we arrived at using the formula 2n – 2 ≥ 6.

Although you calculated the number of bits needed (three) using the lowerorder bits, they are borrowed from the higher-order bits because the network portion is borrowing them.

Three bits are required to determine the value of six. Therefore, you will borrow three bits from the host address for your subnet mask, as determined by the equation. This explains why three bits were chosen, but we must go one step further to understand why 2 was subtracted in the equation.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Subnet Masks

111

The maximum number of networks or hosts in an IP address is determined by computing the total number of bit combinations. Three bits allow eight combinations of binary ones and zeros in those three bits, but we will show the entire last octet, focusing on the three bits borrowed for the network portion: 00000000 00100000 01000000 01100000 10000000 10100000 11000000 11100000 If you look at the list of combinations, which two cannot be used? Answer: the bit combinations with the binary values 000 and 111, because these subnets can confuse classful and classless routers when they interact. Therefore, two of the possible subnetworks are invalid, and must be subtracted in the equation. Keep in mind that although we’ve shown the entire last octet of the IP address, we’ve left the last five digits all zeros, but these five digits will take on varying values to represent hosts.

Step 3: Determine the Subnet Mask To determine the subnet mask, you must determine the value of the borrowed bits. Host bits are always borrowed from the highest-order bits (the left side of the byte). Switch the borrowed bits to binary ones: 1 1 1 0 0 0 0 0 Review Figure 3.1 to determine the bit value of the borrowed bits. The three highest-order bit values are: 128 + 64 + 32 + 0 + 0 + 0 + 0 + 0 = 224 The value of the borrowed bits is the value used for the host portion of the subnet mask. Because you are subnetting a Class C address, you will set the network portion of the subnet mask to binary ones (255.255.255), and the host portion to 224. The subnet mask is: 255.255.255.224

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

112

Chapter 3



Subnetting and Routing

Step 4: Determine the Maximum Number of Hosts To determine the maximum number of hosts per subnet, switch the host portion bits to binary ones. Because the subnet mask is using three bits of the host portion, five bits are left: 0 0 0 1 1 1 1 1 Use the following equation to determine the maximum number of hosts per subnetwork: 2n – 2 = maximum number of hosts per subnetwork n = number of host bits In this example, insert the number 5 for n: 25 – 2 = 30 Once again, the number 2 is subtracted in the equation because two of the possible hosts cannot be used: the host with the binary value 11111, and the host with the binary value 00000. The host and network addresses cannot be all binary ones or zeros. The maximum number of hosts per subnetwork is 30. This should work well with the conditions that we have been given, for six subnets and a total of 100 hosts. The six subnetworks of 30 hosts each will support 180 hosts. Unless more than 30 hosts need to be on the same subnet, we are in excellent shape, and have only a few more parameters to calculate.

Step 5: Determine the Subnetwork Addresses To determine the IP address ranges for each subnet, you must use the lowestorder bit borrowed from the host portion: 128 + 64 + 32 + 0 + 0 + 0 + 0 + 0 = 224 The value is 32. Therefore, the first subnetwork address will be 32. Each additional subnetwork will be a multiple of 32 until the subnet mask value, which is 224, is reached. Note that only six networks can be created until the subnet mask value is reached (the subnet mask value cannot be a network address). Network Network Network Network Network Network

address address address address address address

#1: #2: #3: #4: #5: #6:

210.199.10.32 210.199.10.64 210.199.10.96 210.199.10.128 210.199.10.160 210.199.10.192

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Subnet Masks

113

Why? To understand why 32 is used for determining the subnetwork addresses, you must analyze the value of the borrowed subnet bits. In this example, three bits are borrowed. The value of each of the possible combinations of the borrowed subnet bits provides the subnetwork addresses (excluding binary values of all ones and all zeros). 128 + 64 + 32 + 0 + 0 + 0 + 0 + 0 = 224 In binary, the possible combination values equal the valid subnetwork addresses: 000 001 010 011 100 101 110 111

00000 00000 00000 00000 00000 00000 00000 00000

= = = = = = = =

0 (not valid) 32 64 96 128 160 192 224 (not valid)

Note that these octets match exactly the octets identified at the end of Step 2.

Step 6: Determine the Address Ranges In Class C subnetworks, the host addresses will range between the subnetwork addresses (because two host addresses cannot be used), as shown in Table 3.1. Note that each range does not use all the available addresses because the network address cannot be the host address; it contains all binary zeros for the host portion. Similarly, the last address in each range is all binary ones, which would be interpreted as a subnet-directed broadcast. The address range represents all of the valid host addresses on the subnetwork. The subnet mask used in each of the subnets is 255.255.255.224. TABLE 3.1

IP address ranges for subnetworks

Subnet

Subnetwork Address

1

210.199.10.32

Address Range 210.199.10.33 through 210.199.10.62

Copyright ©2002 SYBEX, Inc., Alameda, CA

Broadcast Address 210.199.10.63

www.sybex.com

114

Chapter 3



Subnetting and Routing

TABLE 3.1

IP address ranges for subnetworks (continued)

Subnet

Subnetwork Address

2

210.199.10.64

210.199.10.65 through 210.199.10.94

210.199.10.95

3

210.199.10.96

210.199.10.97 through 210.199.10.126

210.199.10.127

4

210.199.10.128

210.199.10.129 through 210.199.10.158

210.199.10.159

5

210.199.10.160

210.199.10.161 through 210.199.10.190

210.199.10.191

6

210.199.10.192

210.199.10.193 through 210.199.10.222

210.199.10.223

Address Range

Broadcast Address

Why? In Step 5, you calculated the borrowed subnet bit values. To determine the address range of each subnetwork, determine the lowest and highest value of the remaining host bits (excluding binary values of all ones and all zeros), as displayed in Table 3.2. TABLE 3.2

Determining address ranges for each subnetwork Borrowed Subnet Bits

Host Bits Remaining, Range

Octet Value Range

001

00001 11110

001 00001 = 33 001 11110 = 62

010

00001 11110

010 00001 = 65 010 11110 = 94

011

00001 11110

011 00001 = 97 011 11110 = 126

100

00001 11110

100 00001 = 129 100 11110 = 158

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Classless Interdomain Routing (CIDR)

TABLE 3.2

115

Determining address ranges for each subnetwork (continued) Borrowed Subnet Bits

Host Bits Remaining, Range

Octet Value Range

101

00001 11110

101 00001 = 161 101 11110 = 190

110

00001 11110

110 00001 = 193 110 11110 = 222

EXERCISE 3.1

Developing IP addressing schemes for an intranet using reserved IP addresses In this exercise, plan an intranet addressing scheme with two subnets using the reserved IP network address 172.16.0.0. Each subnet should have five computers. The subnets should be connected with a router (default gateways are optional for this exercise). Draw a diagram of the network, clearly identifying each computer’s IP address and subnet mask.

In addition to reserved IP addresses and subnetting, another way to conserve IP addresses is a technique called Classless Interdomain Routing (CIDR).

Classless Interdomain Routing (CIDR)

C

IDR is a way to minimize the number of routing table entries. It is specified in RFCs 1519, 1520, and 1877. CIDR is also referred to as supernetting, as described in RFC 1518. The basic concept in CIDR is to allocate multiple IP addresses so they can be summarized into a smaller number of routing table entries. CIDR consists of the following two basic procedures: 



Distributing the allocation of Internet address space to ISPs Providing a mechanism for the aggregation of routing information through supernetting

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

116

Chapter 3



Subnetting and Routing

Before CIDR was introduced, each Internet address needed its own routing table entry in the Internet backbone’s routing table. To keep the routing table from growing too large as the Internet grew, the Internet Engineering Task Force (IETF) created CIDR. CIDR relies on supernetting to summarize multiple Internet addresses into one routing table entry. This strategy allows entire blocks of Internet address space to be condensed into one routing table entry. Not only does this simplify routing tables, it allows routers to operate more efficiently, handling more routes in the same number of entries in the routing table, or regaining space in their routing table. These blocks of Internet address space were issued to different ISPs. The ISPs were then responsible for allocating Internet addresses to clients. This hierarchical sub-allocation of addresses implies that clients that are allocated addresses from an ISP are, for routing purposes, part of that ISP and will be routed within its infrastructure. Therefore, each ISP and all the address space it allocates to clients can be represented on the Internet backbone’s routing table as one supernetted address. For routers to understand the supernetted address formats, each router must support CIDR. CIDR is meant as an intermediate fix for the eventual depletion of Internet addresses and the unmanageable growth of the routing table. When a router’s hardware (processor and memory) is unable to handle additional routing table entries, network growth is halted, and routers that are handling large amounts of traffic while their routing table is full may drop packets and lose traffic. This fix will continue to be implemented until it is replaced by a long-term solution, such as IPv6, a topic we will discuss later in this text. When you summarize multiple Internet addresses into one routing table entry, you can address a site that has 14 different IP addresses, or address 10 different sites in that one routing table entry. For example, if a company needs 2,000 host IDs, the ICANN could save a Class B address and use CIDR to assign eight Class C addresses instead (254 × 8 = 2,032). This method preserves 63,502 unique IP addresses. Furthermore, these eight Class C addresses can be collapsed into one routing entry. This strategy relieves routers of additional workload by reducing routing table entries. Subnetting borrows bits from the host ID and masks them as a network ID. Conversely, CIDR supernetting borrows bits from the network ID and masks them as the host IDs. Suppose a company requests 4,000 hosts. Because that company is unlikely to receive a Class B address, you can determine the number of Class C addresses that will be needed, which is 16 (because 254 × 16 = 4,064).

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

IP and Routing

117

The ICANN might fulfill the request by giving the company 16 Class C network addresses, such as 208.138.4.1 through 208.138.19.254. What subnet mask will work to supernet these Class C addresses? One way is to determine the value (a power of 2) that will achieve the needed number of hosts. In this case, 212 – 2 = 4,094, which will accommodate the requested 4,000 hosts. Therefore, 12 bits are needed for the host ID. We’ve been allocated Class C addresses, which already have eight bits available for host id, but we need 12 bits to address all 4,000 hosts with one supernetted set of our Class Cs. We borrow these four bits from the network portion, for a total of 12 bits for the host portion. As these four bits are removed from the third octet of the Class C, consider how the value of the third octet changes. Initially, the net mask for the Class C is 255.255.255.0, so the third octet starts out as all ones, but borrowing the last four bits makes it 11110000. The value of the third octet, leaving four bits remaining for the network ID, is 240 (128 + 64 + 32 + 16 = 240). The subnet mask used to supernet this block of 16 Class C addresses is 255.255.240.0. Instead of distributing the network address as multiple Class C addresses, the ICANN will distribute one network address in CIDR notation (currently, all network addresses are assigned this way): 208.138.4.0/20 In this address, 20 is the number of bits used for the subnet mask, as follows: 255.255.240.0 = 11111111 11111111 11110000 00000000 CIDR notation displays the first network address, followed by the subnet mask bits used. It is important to recognize the relationship between subnetting and routing, and how the design of IP relates to routing. We will now focus on IP’s role in the routing process and the IP header, as well as how to capture and analyze IP packets.

IP and Routing

I

P performs the routing function, which determines the path that data will travel across networks. This data is sent in packets, also called datagrams. A packet is self-contained, independent of other packets, and does not require an acknowledgment. It carries sufficient information for routing from the originating host to the destination host. Packets might traverse several networks before reaching their destination host.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

118

Chapter 3



Subnetting and Routing

Packets are routed transparently, and not necessarily reliably, to the destination host. The Transport or Application layer is responsible for ensuring reliability. Because no explicit connection-establishment phase exists, IP is said to be a connectionless protocol. IP can be summarized as a best-effort service that is: 

Connectionless



Not necessarily reliable

Routing can be summarized as: 



One of the most important IP functions The process that determines the path that packets will travel across networks

The current version of IP, version four (IPv4), has a header that consists of 10 fixed header fields, two addresses, and options. The length of an IPv4 packet header is usually 160 bits (20 bytes) unless options are present. Figure 3.2 illustrates an IPv4 packet header. The figure consists of six 32-bit words, which is 24 bytes (options are present). If data does not fill a 32-bit word, bit “padding” is often used to complete it. FIGURE 3.2

IPv4 packet header O

16 Hdr. Lth.

Ver.

Service

Datagram Length Flags

Datagram Identification # TTL

31

Protocol

Fragment Offset Header Checksum

Source Address Destination Address Options

The IP packet header contains several important fields. Version (four bits) Identifies the IP version, currently version 4.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

IP and Routing

119

Header Length (four bits) Specifies the length of the IP packet header. Header length values are expressed in the number of 32-bit words in the header, which is usually five unless options are present. Service (eight bits) Indicates reliability, precedence delay, and throughput parameters. Also known as the Type Of Service (TOS) field. Datagram Length (16 bits) Defines the total packet length, including the header, in bytes. The datagram length does not include the header used at the Network Access layer (e.g., Ethernet header). Datagram Identification Number (16 bits) Uniquely identifies a packet for fragmentation and assembly purposes. This unique number is copied into each fragment of a particular datagram so it can be assembled. Flags (three bits) Used for fragmentation and reassembly. Fragment Offset (13 bits) Indicates where in the packet this fragment belongs. Time To Live (eight bits) Measured in one-second intervals, with a maximum of 255 seconds. This field is also known as the TTL field. Routers usually remove one second from the TTL field for each second that they retain a packet before passing it on. Even if the packet is passed on in less than a second, the TTL field is decremented by a minimum of one, so the TTL field is sometimes called the “hop” field. Protocol (eight bits) Defines the next protocol level that is to receive the data field at the destination. If the protocol field is set to 1, it is an ICMP packet; if 6, it is TCP; if 17, it is UDP.

Even though ICMP and IGMP are incorporated at the Internet layer, they are encapsulated in IP packets.

Header Checksum (16 bits) Used for error detection. The checksum calculates only the IP header. Source Address (32 bits) Identifies the source system’s IP address. Destination Address (32 bits) Identifies the IP address of the final or destination system.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

120

Chapter 3



Subnetting and Routing

Options Indicates optional information for the packet, such as: 

Security



Loose or strict source routing



Error reporting



Timestamping



Debugging

For example, the source-routing option enables the sender to specify the path that a packet should traverse over the Internet. Both loose and strict source routing specify a routing path. Loose source routing allows multiple network hops between successive Internet addresses on the list. Strict source routing implies that the Internet addresses specify the exact path the packet must follow to get to the destination host; an error results if a router cannot forward the packet to the specified node. EXERCISE 3.2

Capturing IP packets using Ethereal for Linux In this exercise, you will generate and capture packets using Ethereal and Linux. You will capture packets using System A, running Linux, and generate network traffic for the capture from System B. You will analyze the packets to determine the source and destination addresses, and to determine various packet header values.

1. In an X session, open a terminal and enter: Host# ethereal -n Warning: If you are on a busy network, you may need to apply a filter to focus your capture.

2. Select the Capture menu and choose Start. Select OK to begin the capture.

3. Ping System A from System B. After several replies, view the packets you captured by clicking the Stop button.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

IP and Routing

121

EXERCISE 3.2 (continued)

4. Ethereal will display the packets captured in the connectivity test. You will have a screen capture similar or identical to the Ethernet capture from the previous chapter. However, now you will focus on the Internet layer, not the Network Access layer.

5. Locate the first ICMP packet and highlight it. In the middle window, expand the Internet Protocol section, as shown in the example below.

Now that you’ve gained insights into subnetting and the structure of the IP header, we’ll cover routing. Routing is an extremely important function of IP. It is the process of choosing a path over which to send packets. The device that performs this task is called a router, which forwards packets from one physical network to another. Your knowledge of IP will enable you to see the correlation between IP, subnetting, and routing.

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

122

Chapter 3



Subnetting and Routing

Routing

Routing is the process of selecting a path that data will travel across networks. The Internet layer, or the Network layer (Layer 3) of the Open Systems Interconnection reference model (OSI/RM), performs the routing function. A packet, or datagram, carries sufficient information for routing from the originating host to the destination host (for example, IP or IPX address). Packets may traverse several networks before reaching their destination host. Packets are routed transparently, and not necessarily reliably, to the destination host. The term “transparent,” when applied to routing, means that after the routing hardware and software are installed, changes are undetectable by users because the routing process is largely automated. The complexity of routing is not visible to the user. The Transport or Application layer is responsible for reliability, which ensures that the data arrives at the other end. Routing can be summarized as: 



One of the most important IP functions The process that determines the path that packets will travel across networks

Routing can be divided into two general classifications: direct and indirect. If two computers on the same physical network need to communicate, the packets do not require a router. The computers are considered to be on the same local network. In an Ethernet/802.3 TCP/IP network, the sending entity encapsulates the packet in an Ethernet frame, binds the destination Internet address to an Ethernet address, and transmits the resulting frame directly to its destination. This process is referred to as direct routing. The Address Resolution Protocol (ARP) is an example of a direct routing protocol. The destination system is on the same physical network if the network portions of the source and destination addresses are the same. This example holds true with a single network connected by hubs or switches. If two computers that are not on the same physical network need to communicate, they must send the IP packet to a router for delivery. They are located on remote networks. Whenever a router is involved in communication, the activity is considered indirect routing. In the next exercise, you will use a TCP/IP command called traceroute that can determine whether direct or indirect routing is used to reach a destination

Copyright ©2002 SYBEX, Inc., Alameda, CA

www.sybex.com

Routing

123

node. If the destination node is on the same local network, the packets will be delivered by direct routing, but if default gateway is used to send the packet to a remote network, indirect routing will be used. The traceroute command can determine the path between source and destination systems. It also provides information on round-trip propagation time between each router and the source system. Users can gain an understanding of local and remote networks by studying information returned by this command. The command format for Windows 2000 is: tracert ip_address In this command, ip_address identifies the destination system. For example, if your IP address is 192.168.3.13, then you would use the following command prompt entry: tracert 192.168.3.11 Because the destination host is on the local network, this command will result in the following one-hop response: Tracing route to 192.168.3.11 over a maximum of 30 hops: 1