CCNA
WHAT
I'm trying to study to get my CCNA (640-802) degree :D I'm using my wiki to note what I'm trying to learn ! Much of the stuff here are from SYBEX CCNA Study guide (6th edition). Hope it'll help other people.
Software
I'm using GNS3 to emulate a Cisco environment. Get it from GNS3 Homepage
Internetworking Devices
Switches
They work at Layer 2
They break up "collision domains" only.
The main purpose of a switch is to make a LAN work better - optimized speed, they don't forward packets to other networks (like routers do) they just switch frames from one port to another
Routers (Layer 3 switches)
They work at Layer 3
- Use the logical address in a Network Layer header to determine the next hop router to forward the packet to.
- Can use access lists to control security on types of packets that are allowed to enter or exit an interface.
- Can provide connections between virtual LANs
- Can provide packet filtering by using ACLs
- Can provide QoS ( Quality of Service ) for specific types of network traffic.
- Can provide layer 2 bridging functions if needed and can simultaneously route through the same interface.
- They don't care where a particular host is located. They're only concerned about ehere networks are located and the best way to reach them, including remote ones !
Advantages:
- They break up "broadcast domains" by default ( 1 broadcast domain per interface ).
- They break up "collision domains".
- Can filter network based on Layer 3 ( Network Layer ) information ( e.g., IP Address )
- They don't forward any broadcast or multicast packets.
Useful at:
- Packet switching
- Packet filtering
- Internetwork communication
- Path selection
Bridges
They break up collision domains.
Hubs
Also called a multiport repeater.
They keep all hosts in the same collision domain. They don't segment a network. They connect network segments together.
They often cause traffic congestion if on a busy network.
All hosts in a hub are on the same broadcast domain as well as the same collision domain.
Traffic Congestion
Can be caused by:
- Too many hosts in a broadcast domain
- Broadcast storms
- Multicasting
- Low bandwidth
- Hubs
- ARP or IPX traffic ( a very chatty protocol made by NOVEL that is like IP )
Basics
If Bob has Sally's IP address, in order for Bob to be able to connect to Sally it just needs to broadcast a request to find out her hardware address ( MAC ). If it doesn't have it's IP address it needs to find out from a DNS server or if they are on the same network it just needs to broadcast a request to find it. The same goes the other way around. This is IPv4 and basic networking in Windows ( no routers yet ! )
In the future you might want to break up a big network into smaller ones because as the network grows it'll get slower and slower. This is done by network segmentation using routers, switches and bridges.
It is very important to break up collision domains (using switches) and broadcast domains ( using routers ).
OSI Layered Reference Model
L1-L4 Define how data is transmitted end to end
L5-L7 Define how applications within the end stations will communicate with each other and with users.
Physical Layer (L1)
Function: Physical topology
- Moves bits between devices
- Specifies voltage, wire speed and pin-out of cables
It just receives bits and sends bits.
It communicates directly with various types of actual communication media. Different types of media represent the bits in different ways (audio tons .. state transitions). Specific protocols are needed to describe the proper bit patterns to be used, how data is encoded in media signals and various qualities of the physical media's attachment interface.
It specifies electrical, mechanical, procedural and functional for activating, maintaining and deactivating a physical link between systems.
The connectors and topologies are defined OSI as standards.
Hubs at the Physical Layer
It only receives a digital signal and reamplifies or regenerates the signal and the forwards te signal out all the active ports without looking at any data.
Every device connected to a hub must listen if another device transmits.
Data Link Layer (L2)
Function: Framing
- Combines packets into bytes and bytes into frames
- Provides access to media using MAC address
- Performs error detection not correction
It provides the physical transmission of the data and handles error notification, network topology and flow control.
It ensures that the messages are delivered to the proper device on a LAN using hardware addresses and will translate messages from the Network layer into bits for the Physical layer to transmit.
It formats the messages into pieces - data frames - and ads a customized header containing the hardware destination and source address.
It's responsible for the unique identification of each device that resides on a local network.
It uses hardware addressing for hosts to be able to send packets to other local hosts as well as between routers. When a packet is send between routers it's framed with control information by the Data Link Layer but the data is stripped off so only the original packet remains at the receiving router. This is done from router to router (on each hop) 'till it reaches the destination. The packet isn't altered in any way along the route it is only encapsulated with the type of control information required for it to be properly passed on to different media types.
Switches and Bridges work at this layer and use MAC addresses.
Media Access Control (MAC) 802.3 defines how packets are placed on the media. First come/First served is used and everybody shares the same bandwidth. It defines Physical Addressing (signal path through a physical topology) as well as Logical Topologies. This sublayer can use Line Discipline, error notification (not correction), ordered delivery frames and optional flow control.
Logical Link Control (LLC) 802.2 is responsible for identifying Network Layer protocols and encapsulate them. The LLC header tells the Data Link Layer what to do with a packet once a frame is received. Example: once a host receives a frame, it'll look at the LLC header to find out where the packet is destined, IP protocol at the Network Layer for example. It can also provide flow control and sequencing of control bits.
Switches and Bridges at the Data Link Layer
Switches use ASIC (application-specific-integrated circuit) which can run at gigabit speeds with very low latency rates.
Latency is the time measured from when a frame enters a port to the time it exits a port
Switches and Bridges read each frame as it passes the network, a layer 2 device adds the source hardware address to a filter table and keeps track of which port the frame was received on.
Layer 3 devices ( ex. routers ) are interested in locating networks, Layer 2 (switches and bridges) devices are interested in locating specific devices. Routing tables that "map" the internetwork are for routers as filter tables that "map" individual devices are for switches and bridges.
After a filter table is built on a Layer 2 device it will forward frames only on the segment where the destination address is located. If the destination is on the same segment as the frame the layer 2 device will block the frame from going on any other segment. If the destination is on another segment the frame can be transmited only to that segment.
When a switch interface receives a frame with a destination hardware address not in its filter table it will forward the frame on all connected segments. If the unknown device that received the frame replies to the forwarding action, the switch updates its filter table for that device location. If the destination of the frame is a broadcast address, the switch will forward all broadcasts to every connected segment by default.
All devices that the broadcast is forwarded to are considered to be in the same broadcast domain. The problem here is that layer 2 devices propagate layer 2 broadcast storms and that can choke performance and the only way to stop/interrupt this is a layer 3 device ( a router ).
Network Layer (L3)
Function: Routing
- Provides logical addressing, which routers use for path determination
The Network Layer manages device addressing, tracks the location of the devices on the network and determines the best way to move data which means that the Network layer must transport traffic between devices that aren't locally attached.
It happens like this: When a packet is received on a router interface, the destination IP address is checked. If the packet isn't destined for that particular router, it will look up the destination network address in the routing table. Once the router chooses an exit interface, the packet will be sent to that interface to be framed and sent out on the local network. If the router can't find an entry for the packets destination network in the routing table the router drops the packet.
Two types of packets are used at the Network Layer: data and route updates.
Data packets Used to transport user data through the internetwork. Protocols used to support data traffic are called routed protocols. Examples of routed protocols are IP and IPv6.
Route update packets Used to update neighboring routers about the networks connected to all routers within the internetwork. Protocols that send route update packets are called routing protocols. Examples: RIP, RIPv2, EIGRP and OSPF. Route update packets are used to help build and maintain routing tables and each router.
Error creating thumbnail: File missing
Network addresses Protocol-specific network addresses. A router must maintain a routing table for individual routing protocols because each routing protocol keeps track of a network with a different addressing scheme (IP, IPv6, and IPX, for example).
Interface The exit interface a packet will take when destined for a specific network.
Metric The distance to the remote network. Different routing protocols use different ways of computing this distance. Know that some routing protocols (namely RIP) use something called a hop count (the number of routers a packet passes through en route to a remote network), while others use bandwidth, delay of the line, or even tick count (1/18 of a second).
Transport Layer (L4)
Function: End-to-end connection
- Provides reliable or unreliable delivery
- Performs error correction before retransmit
The Transport layer segments and reassembles data into a data stream.
UDP and TCP protocols work at this layer. UDP is a unreliable service. Reliable means that acknowledgments, sequencing and flow control will be used.
The Transport layer is responsible for providing mechanisms for multiplexing upper-layer applications, establishing sessions and tearing down virtual circuits.
It hides details of any network-dependent information from the higher layers by providing transparent data transfer.
Can be connectionless or connection-oriented.
Flow Control
Ensures Data integrity.
Prevents a sending host on one side of the connection from overflowing the buffers on the receiving host.
The purpose is to provides the means for the receiver to govern the amount of data sent by the sender.
Connection-Oriented Communication
In reliable transport operation, a device that wants to transmit sets up a connection-oriented communication with a remote device by creating a session. This is the only concerned with the connection-oriented portion of the Transport layer.
Error creating thumbnail: File missing
- The first "connection agreement" segment is a request for synchronization.
- The second and third segments acknowledge the request and establish connection parameters—the rules—between hosts. These segments request that the receiver's sequencing is synchronized here as well so that a bidirectional connection is formed.
- The final segment is also an acknowledgment. It notifies the destination host that the connection agreement has been accepted and that the actual connection has been established. Data transfer can now begin.
Error creating thumbnail: File missing
A service is considered connection-oriented if it has the following characteristics:
- A virtual circuit is set up ( e.g., a three-way handshake )
- It uses sequencing.
- It uses acknowledgements.
- It uses flow control.
The types of flow control are buffering, windowing and congestion avoidance.
Windowing
The quantity of data segments ( measured in bytes) that the transmitting machine is allowed to send without receiving an acknowledgement for them is called a window
Windows are used to control the amount of outstanding, unacknowledged data segments.
If a receiving host fails to receive all the segments that it should acknowledge, the host can improve the communication session by decreasing the window size
Error creating thumbnail: File missing
Acknowledgements
Positive acknowledgement with retransmission ensures the integrity of a stream of data, it ensures the data won't be duplicated or lost.
Error creating thumbnail: File missing
Session Layer (L5)
Function: Dialog control
- Keeps different applications' data separate
The Session Layer is responsible for setting up, managing and then tearing down sessions between Presentation layer entities.
It serves to organize the communication between systems in different modes: simplex, half duplex and full duplex
The Session Layer basically keeps different applications' data separate from other applications' data.
Presentation Layer (L6)
Function: Data encryption, compression and translation services
- Presents data
- Handles processing such as encryption
The Presentation layer presents data to the Application layer and is responsible for data translation and code formating.
Application Layer (L7)
Function: File, print, message, database and application services
- Provides a user interface
Applications residing in the Application Layer: FTP, TFTP
The Application layer is acting as an interface between the actual application programs
Converting Binary to Decimal and Hexadecimal
The digits are limited to 1-s and 0-s. Each digit is called a bit. Usually they are counted 4 bits ( nibble ) or 8 bits ( byte ) at a time. Each digit is placed in a value spot starting from the right and moving left with each spot having double the value of the one before. We only count the values that have 1 in the spot
Nibbles have a max value of 15. Bytes have a max value of 255.
Nibble values : 8 4 2 1
Bytes values: 128 64 32 16 8 4 2 1
Examples (see if you can calculate some more alone !):
1111 -> 8 + 4 + 2 + 1 = 15
1010 -> 8 + 0 + 2 + 0 = 10
1100 -> 8 + 4 = 12 (notice I didn't count the 0 values )
1001 -> 8 + 1 = 9
11111111 -> 128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255
10101010 -> 128 + 0 + 32 + 0 + 8 + 0 + 2 + 0 = 170
01010101 -> 64 + 16 + 4 + 1 = 85
11001100 -> 128 + 64 + 8 + 4 = 200
00110011 -> 32 + 16 + 2 + 1 = 51
10010110 -> 128 + 16 + 4 + 2 = 150
01101100 -> 64 + 32 + 8 + 4 = 108
11101000 -> 128 + 64 + 32 + 8 = 232
11001100 -> 128 + 64 + 8 + 4 = 204
10110101 -> 128 + 32 + 16 + 4 + 1 = 181
This is a table you should remember before continuing.
10000000 -> 128
11000000 -> 192
11100000 -> 224
11110000 -> 240
11111000 -> 248
11111100 -> 252
11111110 -> 254
11111111 -> 255
Converting to HEX is done by reading nibbles. Here's a table of hex->bin->dec values.
0 -> 0000 -> 0
1 -> 0001 -> 1
2 -> 0010 -> 2
3 -> 0011 -> 3
4 -> 0100 -> 4
5 -> 0101 -> 5
6 -> 0110 -> 6
7 -> 0111 -> 7
8 -> 1000 -> 8
9 -> 1001 -> 9
A -> 1010 -> 10
B -> 1011 -> 11
C -> 1100 -> 12
D -> 1101 -> 13
E -> 1110 -> 14
F -> 1111 -> 15
To convert from bin to hex just take a byte and split it into 2 nibbles. Examples:
01010101 -> 0101 0101 -> 5 5 -> 0x55 ( the 0x means it's a hex value ! It doesn't have any other meaning )
01101010 -> 0110 1010 -> 6 10(A) -> 0x6A
11001100 -> 1100 1100 -> 12(C) 12(C) -> 0xCC
10110101 -> 1011 0101 -> 11(B) 5-> 0xB5
Ethernet Networking
Ethernet is a contention access method that allows all hosts on a network to share the same bandwidth of a link.
Ethernet is very popular because it's readily scalable and easy to implement in the first place.
It uses both Data Link Layer (L2) and Physical Layer (L1) specifications.
It uses CSMA/CD (Carrier Sense Multiple Access with Collision Detection), a protocol that helps devices share the bandwidth evenly without having two devices transmit at the same time on the media.
CSMA/CD was created to overcome the problem of those collisions that appear when packets are transmitted simultaneously from different nodes. In a CSMA/CD network when a node transmits, all other nodes on the network receive and examine the transmission. Only bridges and routers can prevent the transmission to propagate throughout the network.
CSMA/CD works like this: a host (when it wants to transmit) first checks the presence of a digital signal on the wire. If it's clear will proceed with its transmission. The transmitting host is constantly monitoring the wire to make sure no other hosts begin transmitting. If it detects another signal on the wire it sends out an extended JAM signal that causes all hosts on the segment to stop sending data. The other nodes respond to this signal by waiting a while before transmitting using backoff algorithms to determine when the colliding stations can retransmit (all hosts have the same priority to transmit after the timers have expired). If after 15 retries the collision still happens it'll time out.
When a CSMA/CD network sustains heavy collisions the effects are : delay, low throughput, congestion.
Half and Full Duplex Ethernet
Half Duplex is defined in the original 802.3 Ethernet. Cisco says it only uses one wire pair with a digital signal running on both directions of the wire but IEEE specifications discuss the process a little bit different, Cisco referring to the general sense of what's happening here with Ethernet.
It also uses CSMA/CD. If a hub is attached to a switch it must operate in Half Duplex mode in order to be able to detect collisions.
Cisco sees Half Duplex Ethernet - 10BaseT - as being only 30 - 40% effective because the network will only have 3 - 4 Mbps at most in a large environment.
Full Duplex uses two pairs of wires. It is supposed to offer 100% efficiency. The data transfer is faster because one pair is used for transmitting and another one for receiving using a point-to-point connection between the transmitter of the transmitting device and the receiver of the receiving device. Because of this no collisions will occur.
It can be used in three situations:
- switch to host
- switch to switch
- host to host ( cross over cable )
When a Full Duplex port is powered on it connects to the other end of the Fast Ethernet link and tries to negotiate ( using an auto-detect mechanism ) first deciding on the exchange capability ( 10 or 100 Mbps ) then it checks if it can run full duplex, if it can't it'll run half duplex.
Stuff to remember here would be:
- Collisions in Full Duplex mode don't exist !
- Each Full Duplex node requires a dedicated switch port.
- Both switch port and host network card must be capable of operating in Full Duplex mode.
